Contracts
- Terms of Use
- Cookies Policy
- Wiz Anti-Corruption and Bribery Policy
- Wiz Code of Conduct
- Data Processing Agreement
- U.S. Government Customer Addendum
- Service and Support Levels Agreement (SLA)
- Tech Integration Agreement
- Wiz Cooperation Agreement
- Master Subscription Agreement
- Wiz Acceptable Use Policy
- Wiz Communities Terms of Service
- Wiz Privacy Addendum
- Wiz Security Addendum
- Modern Slavery Act Transparency Statement
- Sub Processor List
- Wiz Subscription Agreement
- Preview Terms
- Privacy Policy
- Privacy Notice for Wiz Employees, Contractors, and Workers
- Wiz for US Government Subscription Addendum
- Wiz Vendor Code of Conduct
- Wiz Vendor Security and Data Protection Minimum Requirements
- Purchase Order Terms and Conditions
- Wiz Certified Program Terms and Conditions
Terms of Use
Effective June 20th 2024
DownloadTable of Contents
Wiz Website Terms of Use
Welcome to https://www.wiz.io/ (together with its subdomains, Content, Marks and services, the “Website”). Please read the following Terms of Use carefully before using this Website so that you are aware of your legal rights and obligations with respect to Wiz Inc. ("Wiz", "we", "our" or "us"). By accessing or using the Website, you expressly acknowledge and agree that you are entering a legal agreement with us and have understood and agree to comply with, and be legally bound by, these Terms of Use, together with our Privacy Policy (collectively the "Terms"). If you do not agree to be bound by these Terms please do not access or use the Website.
PLEASE ALSO READ THESE TERMS OF USE CAREFULLY, AS THEY AFFECT YOUR LEGAL RIGHTS AND OBLIGATIONS. PLEASE NOTE THAT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THESE TERMS REQUIRE THE USE OF ARBITRATION ON AN INDIVIDUAL BASIS TO RESOLVE DISPUTES, RATHER THAN COURTS OR JURY TRIALS, AND LIMIT THE REMEDIES AVAILABLE IN THE EVENT OF A DISPUTE.
1. Background. The Website is intended to provide you with information related to our products and services and to enable you to contact us via the Website.
2. Modification. We reserve the right, at our discretion, to change these Terms at any time. Such change will be effective ten (10) days following the posting of the revised Terms on the Website, and your continued use of the Website thereafter means that you accept those changes.
3. Ability to Accept Terms. The Website is only intended for individuals aged eighteen (18) years or older. If you are under eighteen (18) years old please do not visit or use the Website.
4. Website Access. For such time as these Terms are in effect, we hereby grant you permission to visit and use the Website, provided that you comply with these Terms and applicable laws.
5. Restrictions. You shall not: (i) copy, distribute or modify any part of the Website without our prior written authorization; (ii) use, modify, create derivative works of, transfer (by sale, resale, license, sublicense, download or otherwise), reproduce, distribute, display or disclose Content (defined below), except as expressly authorized herein; (iii) disrupt servers or networks connected to the Website; (iv) use or launch any automated system (including without limitation, "robots" and "spiders") to access the Website; and/or (v) circumvent, disable or otherwise interfere with security-related features of the Website or features that prevent or restrict use or copying of any Content or that enforce limitations on use of the Website.
6. Intellectual Property Rights.
6.1. Content and Marks. The (i) content on the Website, including without limitation, the text, documents, articles, brochures, descriptions, products, software, graphics, photos, sounds, videos, interactive features, and services (collectively, the "Content"), and (ii) the trademarks, service marks and logos contained therein ("Marks"), are the property of Wiz and/or its licensors and may be protected by applicable copyright or other intellectual property laws and treaties. “Wiz”, the Wiz logo, and other marks are Marks of Wiz or its affiliates. All other trademarks, service marks, and logos used on the Website are the trademarks, service marks, or logos of their respective owners. We reserve all rights not expressly granted in and to the Website and the Content.
6.2. Use of Content. Content on the Website is provided to you for your information and personal use only and may not be used, modified, copied, distributed, transmitted, broadcast, displayed, sold, licensed, de-compiled, or otherwise exploited for any other purposes whatsoever without our prior written consent. If you download or print a copy of the Content you must retain all copyright and other proprietary notices contained therein.
6.3. Spam. You agree not to, and will not, use the communication systems provided by the Website to send unauthorized commercial communications and you shall be solely responsible and liable for any such unauthorized communications.
7. Information Description. We attempt to be as accurate as possible. However, we cannot and do not warrant that the Content available on the Website is accurate, complete, reliable, current, or error-free. We reserve the right to make changes in or to the Content, or any part thereof, in our sole judgment, without the requirement of giving any notice prior to or after making such changes to the Content. Your use of the Content, or any part thereof, is made solely at your own risk and responsibility.
8. Links.
8.1. The Website may contain links, and may enable you to post content, to third party websites that are not owned or controlled by Wiz. We are not affiliated with, have no control over, and assume no responsibility for the content, privacy policies, or practices of, any third party websites. You: (i) are solely responsible and liable for your use of and linking to third party websites and any content that you may send or post to a third party website; and (ii) expressly release Wiz from any and all liability arising from your use of any third party website. Accordingly, we encourage you to read the terms and conditions and privacy policy of each third party website that you may choose to visit.
8.2. Wiz permits you to link to the Website provided that: (i) you link to but do not replicate any page on this Website; (ii) the hyperlink text shall accurately describe the Content as it appears on the Website; (iii) you shall not misrepresent your relationship with Wiz or present any false information about Wiz and shall not imply in any way that we are endorsing any services or products, unless we have given you our express prior consent; (iv) you shall not link from a website ("Third Party Website") which prohibits linking to third parties; (v) such Third Party Website does not contain content that (a) is offensive or controversial (both at our discretion), or (b) infringes any intellectual property, privacy rights, or other rights of any person or entity; and/or (vi) you, and your website, comply with these Terms and applicable law.
9. Privacy. We will use any personal information that we may collect or obtain in connection with the Website in accordance with our privacy policy which is available at: https://www.wiz.io/legal/privacy.
10. Warranty Disclaimers.
10.1. This section applies whether or not the services provided under the Website are for payment. Applicable law may not allow the exclusion of certain warranties, so to that extent certain exclusions set forth herein may not apply.
10.2. THE WEBSITE IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS, AND WITHOUT WARRANTIES OF ANY KIND EITHER EXPRESS OR IMPLIED. WIZ HEREBY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND THOSE ARISING BY STATUTE OR FROM A COURSE OF DEALING OR USAGE OF TRADE. WIZ DOES NOT GUARANTEE THAT THE WEBSITE WILL BE FREE OF BUGS, SECURITY BREACHES, OR VIRUS ATTACKS. THE WEBSITE MAY OCCASIONALLY BE UNAVAILABLE FOR ROUTINE MAINTENANCE, UPGRADING, OR OTHER REASONS. YOU AGREE THAT WIZ WILL NOT BE HELD RESPONSIBLE FOR ANY CONSEQUENCES TO YOU OR ANY THIRD PARTY THAT MAY RESULT FROM TECHNICAL PROBLEMS OF THE INTERNET, SLOW CONNECTIONS, TRAFFIC CONGESTION OR OVERLOAD OF OUR OR OTHER SERVERS. WE DO NOT WARRANT, ENDORSE OR GUARANTEE ANY CONTENT, PRODUCT, OR SERVICE THAT IS FEATURED OR ADVERTISED ON THE WEBSITE BY A THIRD PARTY.
10.3. EXCEPT AS EXPRESSLY STATED IN OUR PRIVACY POLICY, WIZ DOES NOT MAKE ANY REPRESENTATIONS, WARRANTIES OR CONDITIONS OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE SECURITY OF ANY INFORMATION YOU MAY PROVIDE OR ACTIVITIES YOU ENGAGE IN DURING THE COURSE OF YOUR USE OF THE WEBSITE.
11. Limitation of Liability.
11.1. TO THE FULLEST EXTENT PERMISSIBLE BY LAW, WIZ SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, EXEMPLARY, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES OF ANY KIND, OR FOR ANY LOSS OF DATA, REVENUE, PROFITS OR REPUTATION, ARISING UNDER THESE TERMS OR OUT OF YOUR USE OF, OR INABILITY TO USE, THE WEBSITE, EVEN IF WIZ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES. Some jurisdictions do not allow the limitation or exclusion of liability for incidental or consequential damages, so the above limitations may not apply to you.
11.2. IN NO EVENT SHALL THE AGGREGATE LIABILITY OF WIZ FOR ANY DAMAGES ARISING UNDER THESE TERMS OR OUT OF YOUR USE OF, OR INABILITY TO USE THE WEBSITE, EXCEED THE TOTAL AMOUNT OF FEES, IF ANY, PAID BY YOU TO WIZ FOR USING THE WEBSITE DURING THE THREE (3) MONTHS PRIOR TO BRINGING THE CLAIM.
12. Indemnity. You agree to defend, indemnify and hold harmless Wiz and our affiliates, and our respective officers, directors, employees and agents, from and against any and all claims, damages, obligations, losses, liabilities, costs and expenses (including but not limited to attorney's fees) arising from: (i) your use of, or inability to use, the Website; (ii) your interaction with any Website user; or (iii) your violation of these Terms.
13. Dispute Resolution: PLEASE READ THIS “DISPUTE RESOLUTION” SECTION CAREFULLY, AS IT MAY SIGNIFICANTLY AFFECT YOUR LEGAL RIGHTS, INCLUDING YOUR RIGHT TO FILE OR PARTICIPATE IN A LAWSUIT FILED IN COURT.
13.1. Informal dispute resolution procedure. If a dispute arises between you and Wiz, we are committed to working with you to reach a reasonable resolution. For any such dispute, both parties acknowledge and agree that they will first make a good faith effort to resolve it informally before initiating any formal dispute resolution proceeding in arbitration or otherwise. This requires first sending a written description of the dispute to the other party. For any dispute you initiate, you agree to send the written description of the dispute along with the email address associated with your account, if any, to the following email address: legalnotices@wiz.io. For any dispute that Wiz initiates, we will send our written description of the dispute to the email address associated with your Wiz account (if any) or to any email address we have on file for you. The written description must be on an individual basis and provide, at minimum, the following information: your name; a description of the nature or basis of the claim or dispute; and the specific relief sought. If the dispute is not resolved within sixty (60) days after receipt of the written description of the dispute, you and Wiz agree to the further dispute resolution provisions below.
The above process for an informal dispute resolution process is required before you may commence any formal dispute resolution proceeding. The parties agree that any relevant limitations period and filing fees or other deadlines will be tolled while the parties engage in this informal dispute resolution process.
13.2. Mutual arbitration agreement. You and Wiz agree that all claims, disputes, or disagreements that may arise out of the interpretation or performance of these Terms (including its formation, performance, and breach) or payments by or to Wiz, or that in any way relate to the provision or use of the Website, your relationship with Wiz, or any other dispute with Wiz, shall be resolved exclusively through binding arbitration in accordance with this Section 13 (collectively, the “Arbitration Agreement”). This includes claims that arose, were asserted, or involve facts occurring before the existence of this Arbitration Agreement or any prior agreement as well as claims that may arise after the termination of this Arbitration Agreement, in accordance with the notice and opt-out provisions set forth in Sections 13.10 and 13.11). This Arbitration Agreement is governed by the Federal Arbitration Act (“FAA”) in all respects and evidences a transaction involving interstate commerce. You and Wiz expressly agree that the FAA shall exclusively govern the interpretation and enforcement of this Arbitration Agreement. If for whatever reason the rules and procedures of the FAA cannot apply, the state law governing arbitration agreements in the state in which you reside shall apply.
Except as set forth in this Section 13.2, the arbitrator or arbitration body, and not any federal, state or local court or agency, shall have exclusive authority to resolve all disputes arising out of or relating to the interpretation, applicability, enforceability or formation of the Agreement (including these Terms) and this Arbitration Agreement, including, but not limited to any claim that all or any part thereof are void or voidable, whether a claim is subject to arbitration, and any dispute regarding the payment of administrative or arbitrator fees (including the timing of such payments and remedies for nonpayment). The arbitrator or arbitration body shall be empowered to grant whatever relief would be available in a court under law or in equity.
Notwithstanding the parties' decision to resolve all disputes through arbitration, each party retains the right to (i) elect to have any claims resolved in small claims court on an individual basis for disputes and actions within the scope of such court's jurisdiction, regardless of what forum the filing party initial chose; (ii) bring an action in state or federal court to protect its intellectual property rights (“intellectual property rights” in this context means patents, copyrights, moral rights, trademarks, and trade secrets and other confidential or proprietary information, but not privacy or publicity rights); and (iii) seek a declaratory judgment, injunction, or other equitable relief in a court of competent jurisdiction regarding whether a party's claims are time-barred or may be brought in small claims court. Seeking such relief shall not waive a party's right to arbitration under this agreement, and any filed arbitrations related to any action filed pursuant to this paragraph shall automatically be stayed pending the outcome of such action.
You and Wiz agree to submit to the personal jurisdiction of any federal or state court in New York, NY in order to compel arbitration, to stay proceedings pending arbitration, or to confirm, modify, vacate, or enter judgment on the award entered by the arbitrator; and in connection with any such proceeding, further agree to accept service of process by U.S. mail and hereby waive any and all jurisdictional and venue defenses otherwise available.
Except as set forth in Section 13.3 below, if any provision of this Arbitration Agreement is found by an arbitrator or court of competent jurisdiction to be invalid, the parties nevertheless agree that the arbitrator or court should endeavor to give effect to the parties’ intentions as reflected in the provision, and the other provisions thereof remain in full force and effect.
THE PARTIES UNDERSTAND THAT ARBITRATION MEANS THAT AN ARBITRATOR AND NOT A JUDGE OR JURY WILL DECIDE THE CLAIM, AND THAT RIGHTS TO PREHEARING EXCHANGE OF INFORMATION AND APPEALS MAY BE LIMITED IN ARBITRATION. YOU HEREBY ACKNOWLEDGE AND AGREE THAT YOU AND Wiz ARE EACH WAIVING THE RIGHT TO A TRIAL BY JURY TO THE MAXIMUM EXTENT PERMITTED BY LAW.
13.3. Class arbitration and collective relief waiver. YOU AND WIZ ACKNOWLEDGE AND AGREE THAT, TO THE MAXIMUM EXTENT ALLOWED BY LAW, EXCEPT AS SET OUT OTHERWISE IN THIS SECTION 13.3 AND SECTION 13.7 BELOW, ANY ARBITRATION SHALL BE CONDUCTED IN AN INDIVIDUAL CAPACITY ONLY AND NOT AS A CLASS OR OTHER CONSOLIDATED ACTION AND THE ARBITRATOR MAY AWARD RELIEF ONLY IN FAVOR OF THE INDIVIDUAL PARTY SEEKING RELIEF AND ONLY TO THE EXTENT NECESSARY TO RESOLVE AN INDIVIDUAL PARTY'S CLAIM, UNLESS WIZ PROVIDES ITS CONSENT TO CONSOLIDATE IN WRITING.
If there is a final judicial determination that either the Class Arbitration Action and Collective Relief Waiver or the provisions in Section 13.7 are not enforceable as to a particular claim or request for relief, then the parties agree that that particular claim or request for relief may proceed in court but shall be severed and stayed pending arbitration of the remaining claims. This provision does not prevent you or Wiz from participating in a class-wide settlement of claims.
13.4. Arbitration rules. The arbitration will be administered by National Arbitration and Mediation (“NAM”) and resolved before a single arbitrator. If NAM is not available to arbitrate, the parties will select an alternative arbitration provider, but in no event shall any arbitration be administered by the American Arbitration Association. Except as modified by this “Dispute Resolution” provision, NAM will administer the arbitration in accordance with the NAM Comprehensive Dispute Resolution Rules and Procedures, Fees For Disputes When One of the Parties is a Consumer and the Mass Filing Dispute Resolution Rules and Procedures in effect at the time any demand for arbitration is filed with NAM, excluding any rules or procedures governing or permitting class or representative actions. The applicable NAM rules and procedures are available at www.namadr.com or by emailing National Arbitration and Mediation's Commercial Dept at commercial@namadr.com.
13.5. Initiating arbitration. Only after the parties have engaged in a good-faith effort to resolve the dispute in accordance with the Informal Dispute Resolution Procedure provision, and only if those efforts fail, then either party may initiate binding arbitration as the sole means to resolve claims using the procedures set forth in the applicable NAM rules. If you are initiating arbitration, a copy of the demand shall also be emailed to legalnotices@wiz.io. If Wiz is initiating arbitration, it will serve a copy of the demand to the email address associated with your Wiz account or the email that Wiz has on file for you. The arbitrator has the right to impose sanctions in accordance with the NAM rules and procedures for any frivolous claims or submissions the arbitrator determines have not been filed in good faith, as well as for a party's failure to comply with the Informal Dispute Resolution Procedure contemplated by this Agreement.
13.6. Arbitration location and procedure. If you are a resident of the United States the arbitration will be conducted in the county where you reside, and if you are not a resident of the United States the arbitration shall be conducted in New York, New York, United States of America, unless you and Wiz otherwise agree or unless the designated arbitrator determines that such venue would be unreasonably burdensome to any party, in which case the arbitrator shall have the discretion to select another venue. If the amount in controversy does not exceed $10,000 and you do not seek injunctive or declaratory relief, then the arbitration will be conducted solely on the basis of documents you and Wiz submit to the arbitrator, unless the arbitrator determines that a hearing is necessary. If the amount in controversy exceeds $10,000 or seeks declaratory or injunctive relief, either party may request (or the arbitrator may determine) to hold a hearing, which shall be via videoconference or telephone conference unless the parties agree otherwise.
Subject to the applicable NAM rules and procedures, the parties agree that the arbitrator will have the discretion to allow the filing of dispositive motions if they are likely to efficiently resolve or narrow issues in dispute. Unless otherwise prohibited by law, all arbitration proceedings will be confidential and closed to the public and any parties other than you and Wiz (and each of the parties’ authorized representatives and agents), and all records relating thereto will be permanently sealed, except as necessary to obtain court confirmation of the arbitration award (provided that the party seeking confirmation shall seek to file such records under seal to the extent permitted by law).
13.7. Batch arbitration. To increase the efficiency of administration and resolution of arbitrations, in the event 100 or more similar arbitration demands (those asserting the same or substantially similar facts or claims, and seeking the same or substantially similar relief) presented by or with the assistance or coordination of the same law firm(s) or organization(s) are submitted to NAM (or another arbitration provider selected in accordance with Section 13.4 if NAM is unavailable) against Wiz within reasonably close proximity (“Mass Filing”), the parties agree (i) to administer the Mass Filing in batches of 100 demands per batch (to the extent there are fewer than 100 arbitration demands left over after the batching described above, a final batch will consist of the remaining demands) with only one batch filed, processed, and adjudicated at a time; (ii) to designate one arbitrator for each batch; (iii) to accept applicable fees, including any related fee reduction determined by NAM (or another arbitration provider selected in accordance with 13.4 if NAM is unavailable) in its discretion; (iv) that no other demands for arbitration that are part of the Mass Filing may be filed, processed, or adjudicated until the prior batch of 100 is filed, processed, and adjudicated; (v) that fees associated with a demand for arbitration included in a Mass Filing, including fees owed by Wiz and the claimants, shall only be due after your demand for arbitration is included in a set of batch proceedings and that batch is properly designated for filing, processing, and adjudication; and (vi) that the staged process of batched proceedings, with each set including 100 demands, shall continue until each demand (including your demand) is adjudicated or otherwise resolved. Arbitrator selection for each batch shall be conducted to the greatest extent possible in accordance with the applicable NAM rules and procedures for such selection, and the arbitrator will determine the location where the proceedings will be conducted. You agree to cooperate in good faith with Wiz and the arbitration provider to implement such a “batch approach” or other similar approach to provide for an efficient resolution of claims, including the payment of combined reduced fees, set by NAM in its discretion, for each batch of claims. The parties further agree to cooperate with each other and the arbitration provider or arbitrator to establish any other processes or procedures that the arbitration provider or arbitrator believe will provide for an efficient resolution of claims. Any disagreement between the parties as to whether this provision applies or as to the process or procedure for batching shall be resolved by a procedural arbitrator appointed by NAM. This “Batch Arbitration” provision shall in no way be interpreted as increasing the number of claims necessary to trigger the applicability of NAM’s Mass Filing Supplemental Dispute Resolution Rules and Procedures or authorizing class arbitration of any kind. Unless Wiz otherwise consents in writing, Wiz does not agree or consent to class arbitration, private attorney general arbitration, or arbitration involving joint or consolidated claims under any circumstances, except as set forth in section 13.3 above and this section 13.7. If your demand for arbitration is included in the Mass Filing, your claims will remain tolled until your demand for arbitration is decided, withdrawn, or is settled.
13.8. Arbitrator's decision. The arbitrator will render an award within the time frame specified in the applicable NAM rules and procedures. The arbitrator's decision will include the essential findings and conclusions upon which the arbitrator based the award. Judgment on the arbitration award may be entered in any court having jurisdiction thereof. The arbitrator will have the authority to award monetary damages on an individual basis and to grant, on an individual basis, any non-monetary remedy or relief available to an individual to the extent available under applicable law, the arbitral forum's rules, and this Arbitration Agreement. The parties agree that the damages and/or other relief must be consistent with section 13.3 above and also must be consistent with the terms of the “Limitation of Liability” section of the Agreement as to the types and the amounts of damages or other relief for which a party may be held liable. No arbitration award or decision will have any preclusive effect as to issues or claims in any dispute with anyone who is not a named party to the arbitration. Attorneys’ fees will be available to the prevailing party in the arbitration only if authorized under applicable substantive law governing the claims in the arbitration.
13.9. Fees. You are responsible for your own attorneys’ fees unless the arbitration rules and/or applicable law provide otherwise. The parties agree that NAM has discretion to reduce the amount or modify the timing of any administrative or arbitration fees due under NAM’s Rules where it deems appropriate (including as specified in Section 13.7), provided that such modification does not increase the costs to you, and you further agree that you waive any objection to such fee modification. The parties also agree that a good-faith challenge by either party to the fees imposed by NAM does not constitute a default, waiver, or breach of this Section 13 while such challenge remains pending before NAM, the arbitrator, and/or a court of competent jurisdiction, and that any and all due dates for those fees shall be tolled during the pendency of such challenge.
13.10. Right to opt-out of the Arbitration Agreement. IF YOU DO NOT WISH TO BE BOUND BY THE “ARBITRATION AGREEMENT” AS SET FORTH IN THIS “DISPUTE RESOLUTION” SECTION 13, THEN: (1) you must notify Wiz in writing within thirty (30) days of the date that you first use the Website or otherwise become subject to this Arbitration Agreement (or any subsequent changes to the provisions of the section titled “Dispute Resolution”); (2) your written notification must be mailed to: Wiz, Inc. Attn: Legal, One Manhattan West, 52nd Floor, New York, NY 10001 or emailed to legalnotices@wiz.io; and (3) your written notification must include (a) your name, (b) your address, (c) the date you purchased the product, if applicable and (d) a clear statement that you wish to opt out of this Arbitration Agreement. Wiz will continue to honor any valid opt outs if you opted out of arbitration in a prior version of the Agreement pursuant to the requirements set forth in that version. If you do not timely opt out of this Arbitration Agreement, such action shall constitute mutual acceptance of the terms of these “Dispute Resolution” provisions by you and Wiz.
13.11. Changes. Wiz will provide thirty (30) days’ notice of any changes to this “Dispute Resolution” section by posting the change on Wiz's website, or providing any other notice in accordance with legal requirements. Any such changes will go into effect 30 days after Wiz provides this notice and apply to all claims not yet filed. If you reject any such changes by opting out of the Arbitration Agreement, you may exercise your right to a trial by jury or judge, as permitted by applicable law, but any prior existing agreement to arbitrate disputes under a prior version of the Arbitration Agreement will not apply to claims not yet filed. If Wiz changes this “Dispute Resolution” section after the date you first accepted this Agreement (or accepted any subsequent changes to this Agreement), you agree that your continued use of the Website 30 days after such change will be deemed acceptance of those changes. If you do not agree to such change, you may opt out by providing notice as described in Section 13.10.
14. Term and Termination. These Terms are effective until terminated by Wiz or you. Wiz, in its sole discretion, has the right to terminate these Terms and/or your access to the Website, or any part thereof, immediately at any time and with or without cause (including, without any limitation, for a breach of these Terms). Wiz shall not be liable to you or any third party for termination of the Website, or any part thereof. If you object to any term or condition of these Terms, or any subsequent modifications thereto, or become dissatisfied with the Website in any way, your only recourse is to immediately discontinue your use of the Website. Upon termination of these Terms, you shall cease all use of the Website. This Section (Section 14) and Sections 6 (Intellectual Property Rights), 9 (Privacy), 10 (Warranty Disclaimers), 11 (Limitation of Liability), 12 (Indemnity), 13 (Dispute Resolution) and Sections 15 (Independent Contractors) to 18 (General) shall survive termination of these Terms.
15. Independent Contractors. You and Wiz are independent contractors. Nothing in these Terms creates a partnership, joint venture, agency, or employment relationship between you and Wiz. You must not under any circumstances make, or undertake, any warranties, representations, commitments or obligations on behalf of Wiz.
16. Assignment. These Terms, and any rights and licenses granted hereunder, may not be transferred or assigned by you but may be assigned by Wiz without restriction or notification to you. Any prohibited assignment shall be null and void.
17. Governing Law. Wiz reserves the right to discontinue or modify any aspect of the Website at any time. These Terms and the relationship between you and Wiz shall be governed by and construed in accordance with the laws of the State of New York, without regard to its principles of conflict of laws. You agree to submit to the personal and exclusive jurisdiction of the courts located in New York City, New York and waive any jurisdictional, venue, or inconvenient forum objections to such courts, provided that Wiz may seek injunctive relief in any court of competent jurisdiction.
18. General. These Terms shall constitute the entire agreement between you and Wiz concerning the Website. If any provision of these Terms is deemed invalid by a court of competent jurisdiction, the invalidity of such provision shall not affect the validity of the remaining provisions of these Terms, which shall remain in full force and effect. No waiver of any term of these Terms shall be deemed a further or continuing waiver of such term or any other term, and a party's failure to assert any right or provision under these Terms shall not constitute a waiver of such right or provision. YOU AGREE THAT ANY CAUSE OF ACTION THAT YOU MAY HAVE ARISING OUT OF OR RELATED TO THE WEBSITE MUST COMMENCE WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES. OTHERWISE, SUCH CAUSE OF ACTION IS PERMANENTLY BARRED.
Last updated: February 23, 2023
Effective October 9th 2023 to June 20th 2024
DownloadTable of Contents
Wiz Website Terms of Use
Welcome to https://www.wiz.io/ (together with its subdomains, Content, Marks and services, the “Website”). Please read the following Terms of Use carefully before using this Website so that you are aware of your legal rights and obligations with respect to Wiz Inc. ("Wiz", "we", "our" or "us"). By accessing or using the Website, you expressly acknowledge and agree that you are entering a legal agreement with us and have understood and agree to comply with, and be legally bound by, these Terms of Use, together with our Privacy Policy (collectively the "Terms"). If you do not agree to be bound by these Terms please do not access or use the Website.
PLEASE ALSO READ THESE TERMS OF USE CAREFULLY, AS THEY AFFECT YOUR LEGAL RIGHTS AND OBLIGATIONS. PLEASE NOTE THAT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THESE TERMS REQUIRE THE USE OF ARBITRATION ON AN INDIVIDUAL BASIS TO RESOLVE DISPUTES, RATHER THAN COURTS OR JURY TRIALS, AND LIMIT THE REMEDIES AVAILABLE IN THE EVENT OF A DISPUTE.
1. Background. The Website is intended to provide you with information related to our products and services and to enable you to contact us via the Website.
2. Modification. We reserve the right, at our discretion, to change these Terms at any time. Such change will be effective ten (10) days following the posting of the revised Terms on the Website, and your continued use of the Website thereafter means that you accept those changes.
3. Ability to Accept Terms. The Website is only intended for individuals aged eighteen (18) years or older. If you are under eighteen (18) years old please do not visit or use the Website.
4. Website Access. For such time as these Terms are in effect, we hereby grant you permission to visit and use the Website, provided that you comply with these Terms and applicable laws.
5. Restrictions. You shall not: (i) copy, distribute or modify any part of the Website without our prior written authorization; (ii) use, modify, create derivative works of, transfer (by sale, resale, license, sublicense, download or otherwise), reproduce, distribute, display or disclose Content (defined below), except as expressly authorized herein; (iii) disrupt servers or networks connected to the Website; (iv) use or launch any automated system (including without limitation, "robots" and "spiders") to access the Website; and/or (v) circumvent, disable or otherwise interfere with security-related features of the Website or features that prevent or restrict use or copying of any Content or that enforce limitations on use of the Website.
6. Intellectual Property Rights.
6.1. Content and Marks. The (i) content on the Website, including without limitation, the text, documents, articles, brochures, descriptions, products, software, graphics, photos, sounds, videos, interactive features, and services (collectively, the "Content"), and (ii) the trademarks, service marks and logos contained therein ("Marks"), are the property of Wiz and/or its licensors and may be protected by applicable copyright or other intellectual property laws and treaties. “Wiz”, the Wiz logo, and other marks are Marks of Wiz or its affiliates. All other trademarks, service marks, and logos used on the Website are the trademarks, service marks, or logos of their respective owners. We reserve all rights not expressly granted in and to the Website and the Content.
6.2. Use of Content. Content on the Website is provided to you for your information and personal use only and may not be used, modified, copied, distributed, transmitted, broadcast, displayed, sold, licensed, de-compiled, or otherwise exploited for any other purposes whatsoever without our prior written consent. If you download or print a copy of the Content you must retain all copyright and other proprietary notices contained therein.
6.3. Spam. You agree not to, and will not, use the communication systems provided by the Website to send unauthorized commercial communications and you shall be solely responsible and liable for any such unauthorized communications.
7. Information Description. We attempt to be as accurate as possible. However, we cannot and do not warrant that the Content available on the Website is accurate, complete, reliable, current, or error-free. We reserve the right to make changes in or to the Content, or any part thereof, in our sole judgment, without the requirement of giving any notice prior to or after making such changes to the Content. Your use of the Content, or any part thereof, is made solely at your own risk and responsibility.
8. Links.
8.1. The Website may contain links, and may enable you to post content, to third party websites that are not owned or controlled by Wiz. We are not affiliated with, have no control over, and assume no responsibility for the content, privacy policies, or practices of, any third party websites. You: (i) are solely responsible and liable for your use of and linking to third party websites and any content that you may send or post to a third party website; and (ii) expressly release Wiz from any and all liability arising from your use of any third party website. Accordingly, we encourage you to read the terms and conditions and privacy policy of each third party website that you may choose to visit.
8.2. Wiz permits you to link to the Website provided that: (i) you link to but do not replicate any page on this Website; (ii) the hyperlink text shall accurately describe the Content as it appears on the Website; (iii) you shall not misrepresent your relationship with Wiz or present any false information about Wiz and shall not imply in any way that we are endorsing any services or products, unless we have given you our express prior consent; (iv) you shall not link from a website ("Third Party Website") which prohibits linking to third parties; (v) such Third Party Website does not contain content that (a) is offensive or controversial (both at our discretion), or (b) infringes any intellectual property, privacy rights, or other rights of any person or entity; and/or (vi) you, and your website, comply with these Terms and applicable law.
9. Privacy. We will use any personal information that we may collect or obtain in connection with the Website in accordance with our privacy policy which is available at: https://www.wiz.io/legal/privacy.
10. Warranty Disclaimers.
10.1. This section applies whether or not the services provided under the Website are for payment. Applicable law may not allow the exclusion of certain warranties, so to that extent certain exclusions set forth herein may not apply.
10.2. THE WEBSITE IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS, AND WITHOUT WARRANTIES OF ANY KIND EITHER EXPRESS OR IMPLIED. WIZ HEREBY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND THOSE ARISING BY STATUTE OR FROM A COURSE OF DEALING OR USAGE OF TRADE. WIZ DOES NOT GUARANTEE THAT THE WEBSITE WILL BE FREE OF BUGS, SECURITY BREACHES, OR VIRUS ATTACKS. THE WEBSITE MAY OCCASIONALLY BE UNAVAILABLE FOR ROUTINE MAINTENANCE, UPGRADING, OR OTHER REASONS. YOU AGREE THAT WIZ WILL NOT BE HELD RESPONSIBLE FOR ANY CONSEQUENCES TO YOU OR ANY THIRD PARTY THAT MAY RESULT FROM TECHNICAL PROBLEMS OF THE INTERNET, SLOW CONNECTIONS, TRAFFIC CONGESTION OR OVERLOAD OF OUR OR OTHER SERVERS. WE DO NOT WARRANT, ENDORSE OR GUARANTEE ANY CONTENT, PRODUCT, OR SERVICE THAT IS FEATURED OR ADVERTISED ON THE WEBSITE BY A THIRD PARTY.
10.3. EXCEPT AS EXPRESSLY STATED IN OUR PRIVACY POLICY, WIZ DOES NOT MAKE ANY REPRESENTATIONS, WARRANTIES OR CONDITIONS OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE SECURITY OF ANY INFORMATION YOU MAY PROVIDE OR ACTIVITIES YOU ENGAGE IN DURING THE COURSE OF YOUR USE OF THE WEBSITE.
11. Limitation of Liability.
11.1. TO THE FULLEST EXTENT PERMISSIBLE BY LAW, WIZ SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, EXEMPLARY, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES OF ANY KIND, OR FOR ANY LOSS OF DATA, REVENUE, PROFITS OR REPUTATION, ARISING UNDER THESE TERMS OR OUT OF YOUR USE OF, OR INABILITY TO USE, THE WEBSITE, EVEN IF WIZ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES. Some jurisdictions do not allow the limitation or exclusion of liability for incidental or consequential damages, so the above limitations may not apply to you.
11.2. IN NO EVENT SHALL THE AGGREGATE LIABILITY OF WIZ FOR ANY DAMAGES ARISING UNDER THESE TERMS OR OUT OF YOUR USE OF, OR INABILITY TO USE THE WEBSITE, EXCEED THE TOTAL AMOUNT OF FEES, IF ANY, PAID BY YOU TO WIZ FOR USING THE WEBSITE DURING THE THREE (3) MONTHS PRIOR TO BRINGING THE CLAIM.
12. Indemnity. You agree to defend, indemnify and hold harmless Wiz and our affiliates, and our respective officers, directors, employees and agents, from and against any and all claims, damages, obligations, losses, liabilities, costs and expenses (including but not limited to attorney's fees) arising from: (i) your use of, or inability to use, the Website; (ii) your interaction with any Website user; or (iii) your violation of these Terms.
13. Dispute Resolution: PLEASE READ THIS “DISPUTE RESOLUTION” SECTION CAREFULLY, AS IT MAY SIGNIFICANTLY AFFECT YOUR LEGAL RIGHTS, INCLUDING YOUR RIGHT TO FILE OR PARTICIPATE IN A LAWSUIT FILED IN COURT.
13.1. Informal dispute resolution procedure. If a dispute arises between you and Wiz, we are committed to working with you to reach a reasonable resolution. For any such dispute, both parties acknowledge and agree that they will first make a good faith effort to resolve it informally before initiating any formal dispute resolution proceeding in arbitration or otherwise. This requires first sending a written description of the dispute to the other party. For any dispute you initiate, you agree to send the written description of the dispute along with the email address associated with your account, if any, to the following email address: legalnotices@wiz.io. For any dispute that Wiz initiates, we will send our written description of the dispute to the email address associated with your Wiz account (if any) or to any email address we have on file for you. The written description must be on an individual basis and provide, at minimum, the following information: your name; a description of the nature or basis of the claim or dispute; and the specific relief sought. If the dispute is not resolved within sixty (60) days after receipt of the written description of the dispute, you and Wiz agree to the further dispute resolution provisions below.
The above process for an informal dispute resolution process is required before you may commence any formal dispute resolution proceeding. The parties agree that any relevant limitations period and filing fees or other deadlines will be tolled while the parties engage in this informal dispute resolution process.
13.2. Mutual arbitration agreement. You and Wiz agree that all claims, disputes, or disagreements that may arise out of the interpretation or performance of these Terms (including its formation, performance, and breach) or payments by or to Wiz, or that in any way relate to the provision or use of the Website, your relationship with Wiz, or any other dispute with Wiz, shall be resolved exclusively through binding arbitration in accordance with this Section 13 (collectively, the “Arbitration Agreement”). This includes claims that arose, were asserted, or involve facts occurring before the existence of this Arbitration Agreement or any prior agreement as well as claims that may arise after the termination of this Arbitration Agreement, in accordance with the notice and opt-out provisions set forth in Sections 13.10 and 13.11). This Arbitration Agreement is governed by the Federal Arbitration Act (“FAA”) in all respects and evidences a transaction involving interstate commerce. You and Wiz expressly agree that the FAA shall exclusively govern the interpretation and enforcement of this Arbitration Agreement. If for whatever reason the rules and procedures of the FAA cannot apply, the state law governing arbitration agreements in the state in which you reside shall apply.
Except as set forth in this Section 13.2, the arbitrator or arbitration body, and not any federal, state or local court or agency, shall have exclusive authority to resolve all disputes arising out of or relating to the interpretation, applicability, enforceability or formation of the Agreement (including these Terms) and this Arbitration Agreement, including, but not limited to any claim that all or any part thereof are void or voidable, whether a claim is subject to arbitration, and any dispute regarding the payment of administrative or arbitrator fees (including the timing of such payments and remedies for nonpayment). The arbitrator or arbitration body shall be empowered to grant whatever relief would be available in a court under law or in equity.
Notwithstanding the parties' decision to resolve all disputes through arbitration, each party retains the right to (i) elect to have any claims resolved in small claims court on an individual basis for disputes and actions within the scope of such court's jurisdiction, regardless of what forum the filing party initial chose; (ii) bring an action in state or federal court to protect its intellectual property rights (“intellectual property rights” in this context means patents, copyrights, moral rights, trademarks, and trade secrets and other confidential or proprietary information, but not privacy or publicity rights); and (iii) seek a declaratory judgment, injunction, or other equitable relief in a court of competent jurisdiction regarding whether a party's claims are time-barred or may be brought in small claims court. Seeking such relief shall not waive a party's right to arbitration under this agreement, and any filed arbitrations related to any action filed pursuant to this paragraph shall automatically be stayed pending the outcome of such action.
You and Wiz agree to submit to the personal jurisdiction of any federal or state court in New York, NY in order to compel arbitration, to stay proceedings pending arbitration, or to confirm, modify, vacate, or enter judgment on the award entered by the arbitrator; and in connection with any such proceeding, further agree to accept service of process by U.S. mail and hereby waive any and all jurisdictional and venue defenses otherwise available.
Except as set forth in Section 13.3 below, if any provision of this Arbitration Agreement is found by an arbitrator or court of competent jurisdiction to be invalid, the parties nevertheless agree that the arbitrator or court should endeavor to give effect to the parties’ intentions as reflected in the provision, and the other provisions thereof remain in full force and effect.
THE PARTIES UNDERSTAND THAT ARBITRATION MEANS THAT AN ARBITRATOR AND NOT A JUDGE OR JURY WILL DECIDE THE CLAIM, AND THAT RIGHTS TO PREHEARING EXCHANGE OF INFORMATION AND APPEALS MAY BE LIMITED IN ARBITRATION. YOU HEREBY ACKNOWLEDGE AND AGREE THAT YOU AND Wiz ARE EACH WAIVING THE RIGHT TO A TRIAL BY JURY TO THE MAXIMUM EXTENT PERMITTED BY LAW.
13.3. Class arbitration and collective relief waiver. YOU AND WIZ ACKNOWLEDGE AND AGREE THAT, TO THE MAXIMUM EXTENT ALLOWED BY LAW, EXCEPT AS SET OUT OTHERWISE IN THIS SECTION 13.3 AND SECTION 13.7 BELOW, ANY ARBITRATION SHALL BE CONDUCTED IN AN INDIVIDUAL CAPACITY ONLY AND NOT AS A CLASS OR OTHER CONSOLIDATED ACTION AND THE ARBITRATOR MAY AWARD RELIEF ONLY IN FAVOR OF THE INDIVIDUAL PARTY SEEKING RELIEF AND ONLY TO THE EXTENT NECESSARY TO RESOLVE AN INDIVIDUAL PARTY'S CLAIM, UNLESS WIZ PROVIDES ITS CONSENT TO CONSOLIDATE IN WRITING.
If there is a final judicial determination that either the Class Arbitration Action and Collective Relief Waiver or the provisions in Section 13.7 are not enforceable as to a particular claim or request for relief, then the parties agree that that particular claim or request for relief may proceed in court but shall be severed and stayed pending arbitration of the remaining claims. This provision does not prevent you or Wiz from participating in a class-wide settlement of claims.
13.4. Arbitration rules. The arbitration will be administered by National Arbitration and Mediation (“NAM”) and resolved before a single arbitrator. If NAM is not available to arbitrate, the parties will select an alternative arbitration provider, but in no event shall any arbitration be administered by the American Arbitration Association. Except as modified by this “Dispute Resolution” provision, NAM will administer the arbitration in accordance with the NAM Comprehensive Dispute Resolution Rules and Procedures, Fees For Disputes When One of the Parties is a Consumer and the Mass Filing Dispute Resolution Rules and Procedures in effect at the time any demand for arbitration is filed with NAM, excluding any rules or procedures governing or permitting class or representative actions. The applicable NAM rules and procedures are available at www.namadr.com or by emailing National Arbitration and Mediation's Commercial Dept at commercial@namadr.com.
13.5. Initiating arbitration. Only after the parties have engaged in a good-faith effort to resolve the dispute in accordance with the Informal Dispute Resolution Procedure provision, and only if those efforts fail, then either party may initiate binding arbitration as the sole means to resolve claims using the procedures set forth in the applicable NAM rules. If you are initiating arbitration, a copy of the demand shall also be emailed to legalnotices@wiz.io. If Wiz is initiating arbitration, it will serve a copy of the demand to the email address associated with your Wiz account or the email that Wiz has on file for you. The arbitrator has the right to impose sanctions in accordance with the NAM rules and procedures for any frivolous claims or submissions the arbitrator determines have not been filed in good faith, as well as for a party's failure to comply with the Informal Dispute Resolution Procedure contemplated by this Agreement.
13.6. Arbitration location and procedure. If you are a resident of the United States the arbitration will be conducted in the county where you reside, and if you are not a resident of the United States the arbitration shall be conducted in New York, New York, United States of America, unless you and Wiz otherwise agree or unless the designated arbitrator determines that such venue would be unreasonably burdensome to any party, in which case the arbitrator shall have the discretion to select another venue. If the amount in controversy does not exceed $10,000 and you do not seek injunctive or declaratory relief, then the arbitration will be conducted solely on the basis of documents you and Wiz submit to the arbitrator, unless the arbitrator determines that a hearing is necessary. If the amount in controversy exceeds $10,000 or seeks declaratory or injunctive relief, either party may request (or the arbitrator may determine) to hold a hearing, which shall be via videoconference or telephone conference unless the parties agree otherwise.
Subject to the applicable NAM rules and procedures, the parties agree that the arbitrator will have the discretion to allow the filing of dispositive motions if they are likely to efficiently resolve or narrow issues in dispute. Unless otherwise prohibited by law, all arbitration proceedings will be confidential and closed to the public and any parties other than you and Wiz (and each of the parties’ authorized representatives and agents), and all records relating thereto will be permanently sealed, except as necessary to obtain court confirmation of the arbitration award (provided that the party seeking confirmation shall seek to file such records under seal to the extent permitted by law).
13.7. Batch arbitration. To increase the efficiency of administration and resolution of arbitrations, in the event 100 or more similar arbitration demands (those asserting the same or substantially similar facts or claims, and seeking the same or substantially similar relief) presented by or with the assistance or coordination of the same law firm(s) or organization(s) are submitted to NAM (or another arbitration provider selected in accordance with Section 13.4 if NAM is unavailable) against Wiz within reasonably close proximity (“Mass Filing”), the parties agree (i) to administer the Mass Filing in batches of 100 demands per batch (to the extent there are fewer than 100 arbitration demands left over after the batching described above, a final batch will consist of the remaining demands) with only one batch filed, processed, and adjudicated at a time; (ii) to designate one arbitrator for each batch; (iii) to accept applicable fees, including any related fee reduction determined by NAM (or another arbitration provider selected in accordance with 13.4 if NAM is unavailable) in its discretion; (iv) that no other demands for arbitration that are part of the Mass Filing may be filed, processed, or adjudicated until the prior batch of 100 is filed, processed, and adjudicated; (v) that fees associated with a demand for arbitration included in a Mass Filing, including fees owed by Wiz and the claimants, shall only be due after your demand for arbitration is included in a set of batch proceedings and that batch is properly designated for filing, processing, and adjudication; and (vi) that the staged process of batched proceedings, with each set including 100 demands, shall continue until each demand (including your demand) is adjudicated or otherwise resolved. Arbitrator selection for each batch shall be conducted to the greatest extent possible in accordance with the applicable NAM rules and procedures for such selection, and the arbitrator will determine the location where the proceedings will be conducted. You agree to cooperate in good faith with Wiz and the arbitration provider to implement such a “batch approach” or other similar approach to provide for an efficient resolution of claims, including the payment of combined reduced fees, set by NAM in its discretion, for each batch of claims. The parties further agree to cooperate with each other and the arbitration provider or arbitrator to establish any other processes or procedures that the arbitration provider or arbitrator believe will provide for an efficient resolution of claims. Any disagreement between the parties as to whether this provision applies or as to the process or procedure for batching shall be resolved by a procedural arbitrator appointed by NAM. This “Batch Arbitration” provision shall in no way be interpreted as increasing the number of claims necessary to trigger the applicability of NAM’s Mass Filing Supplemental Dispute Resolution Rules and Procedures or authorizing class arbitration of any kind. Unless Wiz otherwise consents in writing, Wiz does not agree or consent to class arbitration, private attorney general arbitration, or arbitration involving joint or consolidated claims under any circumstances, except as set forth in section 13.3 above and this section 13.7. If your demand for arbitration is included in the Mass Filing, your claims will remain tolled until your demand for arbitration is decided, withdrawn, or is settled.
13.8. Arbitrator's decision. The arbitrator will render an award within the time frame specified in the applicable NAM rules and procedures. The arbitrator's decision will include the essential findings and conclusions upon which the arbitrator based the award. Judgment on the arbitration award may be entered in any court having jurisdiction thereof. The arbitrator will have the authority to award monetary damages on an individual basis and to grant, on an individual basis, any non-monetary remedy or relief available to an individual to the extent available under applicable law, the arbitral forum's rules, and this Arbitration Agreement. The parties agree that the damages and/or other relief must be consistent with section 13.3 above and also must be consistent with the terms of the “Limitation of Liability” section of the Agreement as to the types and the amounts of damages or other relief for which a party may be held liable. No arbitration award or decision will have any preclusive effect as to issues or claims in any dispute with anyone who is not a named party to the arbitration. Attorneys’ fees will be available to the prevailing party in the arbitration only if authorized under applicable substantive law governing the claims in the arbitration.
13.9. Fees. You are responsible for your own attorneys’ fees unless the arbitration rules and/or applicable law provide otherwise. The parties agree that NAM has discretion to reduce the amount or modify the timing of any administrative or arbitration fees due under NAM’s Rules where it deems appropriate (including as specified in Section 13.7), provided that such modification does not increase the costs to you, and you further agree that you waive any objection to such fee modification. The parties also agree that a good-faith challenge by either party to the fees imposed by NAM does not constitute a default, waiver, or breach of this Section 13 while such challenge remains pending before NAM, the arbitrator, and/or a court of competent jurisdiction, and that any and all due dates for those fees shall be tolled during the pendency of such challenge.
13.10. Right to opt-out of the Arbitration Agreement. IF YOU DO NOT WISH TO BE BOUND BY THE “ARBITRATION AGREEMENT” AS SET FORTH IN THIS “DISPUTE RESOLUTION” SECTION 13, THEN: (1) you must notify Wiz in writing within thirty (30) days of the date that you first use the Website or otherwise become subject to this Arbitration Agreement (or any subsequent changes to the provisions of the section titled “Dispute Resolution”); (2) your written notification must be mailed to: Wiz, Inc. Attn: Legal, One Manhattan West, 57th Floor, New York, NY 10001 or emailed to legalnotices@wiz.io; and (3) your written notification must include (a) your name, (b) your address, (c) the date you purchased the product, if applicable and (d) a clear statement that you wish to opt out of this Arbitration Agreement. Wiz will continue to honor any valid opt outs if you opted out of arbitration in a prior version of the Agreement pursuant to the requirements set forth in that version. If you do not timely opt out of this Arbitration Agreement, such action shall constitute mutual acceptance of the terms of these “Dispute Resolution” provisions by you and Wiz.
13.11. Changes. Wiz will provide thirty (30) days’ notice of any changes to this “Dispute Resolution” section by posting the change on Wiz's website, or providing any other notice in accordance with legal requirements. Any such changes will go into effect 30 days after Wiz provides this notice and apply to all claims not yet filed. If you reject any such changes by opting out of the Arbitration Agreement, you may exercise your right to a trial by jury or judge, as permitted by applicable law, but any prior existing agreement to arbitrate disputes under a prior version of the Arbitration Agreement will not apply to claims not yet filed. If Wiz changes this “Dispute Resolution” section after the date you first accepted this Agreement (or accepted any subsequent changes to this Agreement), you agree that your continued use of the Website 30 days after such change will be deemed acceptance of those changes. If you do not agree to such change, you may opt out by providing notice as described in Section 13.10.
14. Term and Termination. These Terms are effective until terminated by Wiz or you. Wiz, in its sole discretion, has the right to terminate these Terms and/or your access to the Website, or any part thereof, immediately at any time and with or without cause (including, without any limitation, for a breach of these Terms). Wiz shall not be liable to you or any third party for termination of the Website, or any part thereof. If you object to any term or condition of these Terms, or any subsequent modifications thereto, or become dissatisfied with the Website in any way, your only recourse is to immediately discontinue your use of the Website. Upon termination of these Terms, you shall cease all use of the Website. This Section (Section 14) and Sections 6 (Intellectual Property Rights), 9 (Privacy), 10 (Warranty Disclaimers), 11 (Limitation of Liability), 12 (Indemnity), 13 (Dispute Resolution) and Sections 15 (Independent Contractors) to 18 (General) shall survive termination of these Terms.
15. Independent Contractors. You and Wiz are independent contractors. Nothing in these Terms creates a partnership, joint venture, agency, or employment relationship between you and Wiz. You must not under any circumstances make, or undertake, any warranties, representations, commitments or obligations on behalf of Wiz.
16. Assignment. These Terms, and any rights and licenses granted hereunder, may not be transferred or assigned by you but may be assigned by Wiz without restriction or notification to you. Any prohibited assignment shall be null and void.
17. Governing Law. Wiz reserves the right to discontinue or modify any aspect of the Website at any time. These Terms and the relationship between you and Wiz shall be governed by and construed in accordance with the laws of the State of New York, without regard to its principles of conflict of laws. You agree to submit to the personal and exclusive jurisdiction of the courts located in New York City, New York and waive any jurisdictional, venue, or inconvenient forum objections to such courts, provided that Wiz may seek injunctive relief in any court of competent jurisdiction.
18. General. These Terms shall constitute the entire agreement between you and Wiz concerning the Website. If any provision of these Terms is deemed invalid by a court of competent jurisdiction, the invalidity of such provision shall not affect the validity of the remaining provisions of these Terms, which shall remain in full force and effect. No waiver of any term of these Terms shall be deemed a further or continuing waiver of such term or any other term, and a party's failure to assert any right or provision under these Terms shall not constitute a waiver of such right or provision. YOU AGREE THAT ANY CAUSE OF ACTION THAT YOU MAY HAVE ARISING OUT OF OR RELATED TO THE WEBSITE MUST COMMENCE WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES. OTHERWISE, SUCH CAUSE OF ACTION IS PERMANENTLY BARRED.
Last updated: February 23, 2023
Cookies Policy
Effective November 17th 2023 to August 21st 2024
DownloadTable of Contents
Cookies Policy
Our website https://www.wiz.io/ ("Website") uses cookies and similar files or technologies to automatically collect and store information about your computer, device, and Website usage, in order to improve their performance and enhance your user experience. We use the general term "cookies" in this policy to refer to these technologies and all such similar technologies that collect information automatically when you are using our Website where this policy is posted. You can find out more about cookies and how to control them in the information below.
If you do not accept the use of these cookies, please disable them using the instructions in this Cookies Policy or by changing your browser settings so that cookies from this Website cannot be placed on your computer or mobile device. Important: disabling certain cookies on this Website may cripple the user experience and other features on the Website, to the point of rendering them useless.
In this Cookies Policy, we use the term Wiz (and "we", "us" and "our") to refer to Wiz Inc. and our affiliates. Our Privacy Policy is available at https://www.wiz.io/privacy-policy.
What is a cookie?
Cookies are computer files containing small amounts of information which are downloaded to your computer or mobile device when you visit a website. Cookies can then be sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies are widely used in order to make websites work, or to work more efficiently, as well as to provide information to the owners of the website.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences and generally improving the user experience. Cookies may tell us, for example, whether you have visited our Website before or whether you are a new visitor.
There are two broad categories of cookies:
- First Party cookies, served directly by us to your computer or mobile device.
- Third Party cookies, which are served by a third party on our behalf. We use third party cookies for functionality, performance / analytics, marketing, unclassified and other technologies, and social media purposes.
Cookies can remain on your computer or mobile device for different periods of time. Some cookies are 'session cookies', meaning that they exist only while your browser is open. These are deleted automatically once you close your browser. Other cookies are 'permanent cookies', meaning that they survive after your browser is closed. They can be used by websites to recognize your computer when you open your browser and browse the Internet again.
What are web beacons?
Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels" or "clear gifs"). These are small graphics files that contain a unique identifier that enable us to recognize when someone has visited our website. This allows us, for example, to monitor the traffic patterns of users from one page within our website to another, to deliver or communicate with cookies, to understand whether you have come to our website from an online advertisement displayed on a third party website, to improve website performance and to measure the success of email marketing campaigns. In most instances, these technologies are reliant on cookies to function, and therefore declining cookies prevents them from functioning.
If you don't want your cookie information to be associated with your visits to these pages, you can set your browser to turn off cookies as described further below. If you turn off cookies, web beacon and other technologies will still detect your visits to our Website; however, they will not be associated with information otherwise stored in cookies.
Targeted advertising
Third parties may drop cookies on your computer or mobile device to serve advertising through our Website. These companies may use information about your visits to this and other websites in order to provide relevant advertisements about goods and services that you may be interested in. They may also employ technology that is used to measure the effectiveness of advertisements. The information collected through this process does not enable us or them to identify your name, contact details or other personally identifying details unless you choose to provide these to us.
How do we use cookies?
We use cookies to:
- track traffic flow and patterns of travel and behavior in connection with our Website;
- understand the total number of visitors to our Websites on an ongoing basis and the types of internet browsers (e.g. Chrome, Firefox, Safari, or Internet Explorer) and operating systems (e.g. Windows or Mac) used by our visitors;
- monitor the performance of our Website and to continually improve it;
- in connection with our marketing and advertising efforts; and
- customize and enhance your online experience.
What types of cookies do we use?
The types of cookies used by us in connection with the Website can be considered “strictly necessary”, “performance or analytics cookies”, “marketing / targeting”, and “unclassified”. We've set out some further information below about each category.
Cookies strictly necessary for website purposes
These cookies are strictly necessary to provide you with services available through the Website and to use some of its features, such as access to secure areas. These cookies cannot be switched as without them we will not be able to provide essential website services.
Cookie Name | Type | Lifespan |
OptanonAlertBoxClosed | 1st Party | 1 year |
OptanonConsent | 1st Party | 1 year |
Performance / Analytics Cookies
We use performance/analytics cookies to analyze how the website is accessed, used, or is performing. We do this in order to provide you with a better user experience and to maintain, operate and continually improve the website. For example, these cookies allow us to:
- Better understand our website visitors so that we can improve how we present our content;
- Test different design ideas for particular pages, such as our homepage;
- Collect information about Website visitors such as where they are located and what browsers they are using;
- Determine the number of unique users of the website;
- Improve the website by measuring any errors that occur;
- Measuring campaign effectiveness; and
- Conduct research and diagnostics to improve product offerings.
Cookie Name | Type | Lifespan |
_ga | 1st Party | 730 days |
_gid | 1st Party | 1 day |
_biz_sid | 1st Party | 0 days |
_biz_uid | 1st Party | 364 days |
_biz_nA | 1st Party | 364 days |
_biz_pendingA | 1st Party | 364 days |
_uetvid | 1st Party | 389 days |
_clsk | 1st Party | 0 days |
_session_id | 3rd Party | 13 days |
_clck | 1st Party | 364 days |
JSESSIONID | 3rd Party | 1 day |
_ga_xxxxxxx | 1st Party | 729 days |
ARRAffinity | 3rd Party | 0 days |
_gclxxxx | 1st Party | 90 days |
Functionality Cookies
These cookies enable the Website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Cookie Name | Type | Lifespan |
_rdt_uuid | 1st Party | 90 days |
_gd_visitor | 1st Party | 730 days |
_gd_session | 1st Party | 0 days |
_mkto_trk | 1st Party | 730 days |
_an_uid | 1st Party | 6 days |
_gd_svisitor | 1st Party | 730 days |
vuid | 3rd party | 729 days |
__cf_bm | 3rd party | 0 days |
__cf_bm | 3rd party | 0 days |
__cf_bm | 3rd party | 0 days |
player | 3rd Party | 365 days |
__q_domainTest | 1st Party | 0 days |
Marketing / Targeting
We use marketing cookies to deliver many types of targeted digital marketing. We do this in order to provide you with a better user experience and to maintain, operate and continually improve the website. The cookie store user data and behavior information, which allows advertising services to target audience according to variables. For example, these cookies allow us to:
- Observe the Website performance and generate retargeting (Site retargeting, search retargeting, etc.).
- Maintain and improve the website and our products
Cookie Name | Type | Lifespan |
NO NAME | 3rd party | 0 days |
6suuid | 3rd party | 729 days |
lidc | 3rd party | 1 day |
_fbp | 1st Party | 90 days |
bcookie | 3rd party | 731 days |
bscookie | 3rd party | 731 days |
AnalyticsSyncHistory | 3rd party | 30 days |
UserMatchHistory | 3rd party | 30 days |
li_gc | 3rd party | 713 days |
_BUID | 3rd party | 364 days |
_biz_kvpA | 1st Party | 0 days |
_biz_dfsA | 1st Party | 0 days |
_BUID | 3rd party | 364 days |
VISITOR_INFO1_LIVE | 3rd party | 179 days |
YSC | 3rd party | 0 days |
CONSENT | 3rd party | 729 days |
_uetsid | 1st Party | 0 days |
ANONCHK | 3rd Party | 0 days |
SRM_B | 3rd Party | 389 days |
MUID | 3rd Party | 389 days |
SM | 3rd Party | 0 days |
muc_ads | 3rd Party | 729 days |
personalization_id | 3rd Party | 729 days |
in_or | 1st party | 0 days |
q_state_ubFjDH1QLqM69tJc | 1st Party | 3649 days |
_gat_UA-XXXXXX-X | 1st Party | 0 days |
_biz_flagsA | 1st Party | 364 days |
__cf_bm | 3rd Party | 0 days |
guest_id | 3rd Party | 729 days |
MR | 3rd Party | 6 days |
guest_id_ads | 3rd Party | 729 days |
_cfuvid | 3rd Party | 0 days |
li_sugr | 3rd Party | 89 days |
MUID | 3rd Party | 389 days |
guest_id_marketing | 3rd Party | 729 days |
ARRAffinitySameSite | 3rd Party | 0 days |
visitorId | 3rd Party | 364 days |
CLID | 3rd Party | 364 days |
MR | 3rd Party | 6 days |
CLID | 3rd Party | 364 days |
ARRAffinity | 3rd Party | 0 days |
MR | 3rd Party | 6 days |
How to control or delete cookies
Most browsers allow you to change your cookie settings. These settings will typically be found in the “options” or “preferences” menu of your browser. In order to understand these settings and learn how to use them, please consult the “Help” function of your browser, or the documentation published online for your particular browser type and version. However, please note that if you choose to refuse cookies you may not be able to use the full functionality of our Website.
Depending on where you are located, you may also be able to change your cookie preferences using the cookies banner on our Website.
The following pages have information on how to change your cookies settings for the different browsers:
- Cookie settings in Chrome
- Cookie settings in Firefox
- Cookie settings in Internet Explorer
- Cookie settings in Safari and iOS
Third Party Websites' Cookies
When using our Website you may be directed to other websites. These websites may use their own cookies. We do not have control over the placement of cookies by other websites you visit, even if you are directed to them from our Website.
If you use the buttons that allow you to share products and content with your friends via social networks like Google, Twitter and Facebook, these companies may set a cookie on your computer memory. Find out more about these here:
https://www.facebook.com/about/privacy http://twitter.com/privacy http://www.google.com/intl/en-GB/policies/privacy
Need More Information?
If you would like to find out more about cookies and their use on the Internet, you may find the following link useful: All About Cookies.
Cookies that have been set in the past
If you have disabled one or more Cookies, we may still use information collected from cookies prior to your disabled preference being set, however, we will stop using the disabled cookie to collect any further information.
Contact us
If you have any questions or comments about this cookies policy, or privacy matters generally, please contact us via email at privacy@wiz.io.
Updated 15 November 2023
Effective November 17th 2023 to November 17th 2023
DownloadTable of Contents
Cookies Policy
Our website https://www.wiz.io/ ("Website") uses cookies and similar files or technologies to automatically collect and store information about your computer, device, and Website usage, in order to improve their performance and enhance your user experience. We use the general term "cookies" in this policy to refer to these technologies and all such similar technologies that collect information automatically when you are using our Website where this policy is posted. You can find out more about cookies and how to control them in the information below.
If you do not accept the use of these cookies, please disable them using the instructions in this Cookies Policy or by changing your browser settings so that cookies from this Website cannot be placed on your computer or mobile device. Important: disabling certain cookies on this Website may cripple the user experience and other features on the Website, to the point of rendering them useless.
In this Cookies Policy, we use the term Wiz (and "we", "us" and "our") to refer to Wiz Inc. and our affiliates. Our Privacy Policy is available at https://www.wiz.io/privacy-policy.
What is a cookie?
Cookies are computer files containing small amounts of information which are downloaded to your computer or mobile device when you visit a website. Cookies can then be sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies are widely used in order to make websites work, or to work more efficiently, as well as to provide information to the owners of the website.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences and generally improving the user experience. Cookies may tell us, for example, whether you have visited our Website before or whether you are a new visitor.
There are two broad categories of cookies:
- First Party cookies, served directly by us to your computer or mobile device.
- Third Party cookies, which are served by a third party on our behalf. We use third party cookies for functionality, performance / analytics, marketing, unclassified and other technologies, and social media purposes.
Cookies can remain on your computer or mobile device for different periods of time. Some cookies are 'session cookies', meaning that they exist only while your browser is open. These are deleted automatically once you close your browser. Other cookies are 'permanent cookies', meaning that they survive after your browser is closed. They can be used by websites to recognize your computer when you open your browser and browse the Internet again.
What are web beacons?
Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels" or "clear gifs"). These are small graphics files that contain a unique identifier that enable us to recognize when someone has visited our website. This allows us, for example, to monitor the traffic patterns of users from one page within our website to another, to deliver or communicate with cookies, to understand whether you have come to our website from an online advertisement displayed on a third party website, to improve website performance and to measure the success of email marketing campaigns. In most instances, these technologies are reliant on cookies to function, and therefore declining cookies prevents them from functioning.
If you don't want your cookie information to be associated with your visits to these pages, you can set your browser to turn off cookies as described further below. If you turn off cookies, web beacon and other technologies will still detect your visits to our Website; however, they will not be associated with information otherwise stored in cookies.
Targeted advertising
Third parties may drop cookies on your computer or mobile device to serve advertising through our Website. These companies may use information about your visits to this and other websites in order to provide relevant advertisements about goods and services that you may be interested in. They may also employ technology that is used to measure the effectiveness of advertisements. The information collected through this process does not enable us or them to identify your name, contact details or other personally identifying details unless you choose to provide these to us.
How do we use cookies?
We use cookies to:
- track traffic flow and patterns of travel and behavior in connection with our Website;
- understand the total number of visitors to our Websites on an ongoing basis and the types of internet browsers (e.g. Chrome, Firefox, Safari, or Internet Explorer) and operating systems (e.g. Windows or Mac) used by our visitors;
- monitor the performance of our Website and to continually improve it;
- in connection with our marketing and advertising efforts; and
- customize and enhance your online experience.
What types of cookies do we use?
The types of cookies used by us in connection with the Website can be considered “strictly necessary”, “performance or analytics cookies”, “marketing / targeting”, and “unclassified”. We've set out some further information below about each category.
Cookies strictly necessary for website purposes
These cookies are strictly necessary to provide you with services available through the Website and to use some of its features, such as access to secure areas. These cookies cannot be switched as without them we will not be able to provide essential website services.
Cookie Name | Type | Lifespan |
OptanonAlertBoxClosed | 1st Party | 1 year |
OptanonConsent | 1st Party | 1 year |
Performance / Analytics Cookies
We use performance/analytics cookies to analyze how the website is accessed, used, or is performing. We do this in order to provide you with a better user experience and to maintain, operate and continually improve the website. For example, these cookies allow us to:
- Better understand our website visitors so that we can improve how we present our content;
- Test different design ideas for particular pages, such as our homepage;
- Collect information about Website visitors such as where they are located and what browsers they are using;
- Determine the number of unique users of the website;
- Improve the website by measuring any errors that occur;
- Measuring campaign effectiveness; and
- Conduct research and diagnostics to improve product offerings.
Cookie Name | Type | Lifespan |
_ga | 1st Party | 730 days |
_gid | 1st Party | 1 day |
_biz_sid | 1st Party | 0 days |
_biz_uid | 1st Party | 364 days |
_biz_nA | 1st Party | 364 days |
_biz_pendingA | 1st Party | 364 days |
_uetvid | 1st Party | 389 days |
_clsk | 1st Party | 0 days |
_session_id | 3rd Party | 13 days |
_clck | 1st Party | 364 days |
JSESSIONID | 3rd Party | 1 day |
_ga_xxxxxxx | 1st Party | 729 days |
ARRAffinity | 3rd Party | 0 days |
_gclxxxx | 1st Party | 90 days |
Functionality Cookies
These cookies enable the Website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Cookie Name | Type | Lifespan |
_rdt_uuid | 1st Party | 90 days |
_gd_visitor | 1st Party | 730 days |
_gd_session | 1st Party | 0 days |
_mkto_trk | 1st Party | 730 days |
_an_uid | 1st Party | 6 days |
_gd_svisitor | 1st Party | 730 days |
vuid | 3rd party | 729 days |
__cf_bm | 3rd party | 0 days |
__cf_bm | 3rd party | 0 days |
__cf_bm | 3rd party | 0 days |
player | 3rd Party | 365 days |
__q_domainTest | 1st Party | 0 days |
Marketing / Targeting
We use marketing cookies to deliver many types of targeted digital marketing. We do this in order to provide you with a better user experience and to maintain, operate and continually improve the website. The cookie store user data and behavior information, which allows advertising services to target audience according to variables. For example, these cookies allow us to:
- Observe the Website performance and generate retargeting (Site retargeting, search retargeting, etc.).
- Maintain and improve the website and our products
Cookie Name | Type | Lifespan |
NO NAME | 3rd party | 0 days |
6suuid | 3rd party | 729 days |
lidc | 3rd party | 1 day |
_fbp | 1st Party | 90 days |
bcookie | 3rd party | 731 days |
bscookie | 3rd party | 731 days |
AnalyticsSyncHistory | 3rd party | 30 days |
UserMatchHistory | 3rd party | 30 days |
li_gc | 3rd party | 713 days |
_BUID | 3rd party | 364 days |
_biz_kvpA | 1st Party | 0 days |
_biz_dfsA | 1st Party | 0 days |
_BUID | 3rd party | 364 days |
VISITOR_INFO1_LIVE | 3rd party | 179 days |
YSC | 3rd party | 0 days |
CONSENT | 3rd party | 729 days |
_uetsid | 1st Party | 0 days |
ANONCHK | 3rd Party | 0 days |
SRM_B | 3rd Party | 389 days |
MUID | 3rd Party | 389 days |
SM | 3rd Party | 0 days |
muc_ads | 3rd Party | 729 days |
personalization_id | 3rd Party | 729 days |
in_or | 1st party | 0 days |
q_state_ubFjDH1QLqM69tJc | 1st Party | 3649 days |
_gat_UA-XXXXXX-X | 1st Party | 0 days |
_biz_flagsA | 1st Party | 364 days |
__cf_bm | 3rd Party | 0 days |
guest_id | 3rd Party | 729 days |
MR | 3rd Party | 6 days |
guest_id_ads | 3rd Party | 729 days |
_cfuvid | 3rd Party | 0 days |
li_sugr | 3rd Party | 89 days |
MUID | 3rd Party | 389 days |
guest_id_marketing | 3rd Party | 729 days |
ARRAffinitySameSite | 3rd Party | 0 days |
visitorId | 3rd Party | 364 days |
CLID | 3rd Party | 364 days |
MR | 3rd Party | 6 days |
CLID | 3rd Party | 364 days |
ARRAffinity | 3rd Party | 0 days |
MR | 3rd Party | 6 days |
How to control or delete cookies
Most browsers allow you to change your cookie settings. These settings will typically be found in the “options” or “preferences” menu of your browser. In order to understand these settings and learn how to use them, please consult the “Help” function of your browser, or the documentation published online for your particular browser type and version. However, please note that if you choose to refuse cookies you may not be able to use the full functionality of our Website.
Depending on where you are located, you may also be able to change your cookie preferences using the cookies banner on our Website.
The following pages have information on how to change your cookies settings for the different browsers:
- Cookie settings in Chrome
- Cookie settings in Firefox
- Cookie settings in Internet Explorer
- Cookie settings in Safari and iOS
Third Party Websites' Cookies
When using our Website you may be directed to other websites. These websites may use their own cookies. We do not have control over the placement of cookies by other websites you visit, even if you are directed to them from our Website.
If you use the buttons that allow you to share products and content with your friends via social networks like Google, Twitter and Facebook, these companies may set a cookie on your computer memory. Find out more about these here:
https://www.facebook.com/about/privacy http://twitter.com/privacy http://www.google.com/intl/en-GB/policies/privacy
Need More Information?
If you would like to find out more about cookies and their use on the Internet, you may find the following link useful: All About Cookies.
Cookies that have been set in the past
If you have disabled one or more Cookies, we may still use information collected from cookies prior to your disabled preference being set, however, we will stop using the disabled cookie to collect any further information.
Contact us
If you have any questions or comments about this cookies policy, or privacy matters generally, please contact us via email at privacy@wiz.io.
Updated 15 November 2023
Effective November 17th 2023 to November 17th 2023
DownloadTable of Contents
Cookies Policy
Our website https://www.wiz.io/ ("Website") uses cookies and similar files or technologies to automatically collect and store information about your computer, device, and Website usage, in order to improve their performance and enhance your user experience. We use the general term "cookies" in this policy to refer to these technologies and all such similar technologies that collect information automatically when you are using our Website where this policy is posted. You can find out more about cookies and how to control them in the information below.
If you do not accept the use of these cookies, please disable them using the instructions in this Cookies Policy or by changing your browser settings so that cookies from this Website cannot be placed on your computer or mobile device. Important: disabling certain cookies on this Website may cripple the user experience and other features on the Website, to the point of rendering them useless.
In this Cookies Policy, we use the term Wiz (and "we", "us" and "our") to refer to Wiz Inc. and our affiliates. Our Privacy Policy is available at https://legal.wiz.io/#privacy-policy.
What is a cookie?
Cookies are computer files containing small amounts of information which are downloaded to your computer or mobile device when you visit a website. Cookies can then be sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies are widely used in order to make websites work, or to work more efficiently, as well as to provide information to the owners of the website.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences and generally improving the user experience. Cookies may tell us, for example, whether you have visited our Website before or whether you are a new visitor.
There are two broad categories of cookies:
- First Party cookies, served directly by us to your computer or mobile device.
- Third Party cookies, which are served by a third party on our behalf. We use third party cookies for functionality, performance / analytics, marketing, unclassified and other technologies, and social media purposes.
Cookies can remain on your computer or mobile device for different periods of time. Some cookies are 'session cookies', meaning that they exist only while your browser is open. These are deleted automatically once you close your browser. Other cookies are 'permanent cookies', meaning that they survive after your browser is closed. They can be used by websites to recognize your computer when you open your browser and browse the Internet again.
What are web beacons?
Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels" or "clear gifs"). These are small graphics files that contain a unique identifier that enable us to recognize when someone has visited our website. This allows us, for example, to monitor the traffic patterns of users from one page within our website to another, to deliver or communicate with cookies, to understand whether you have come to our website from an online advertisement displayed on a third party website, to improve website performance and to measure the success of email marketing campaigns. In most instances, these technologies are reliant on cookies to function, and therefore declining cookies prevents them from functioning.
If you don't want your cookie information to be associated with your visits to these pages, you can set your browser to turn off cookies as described further below. If you turn off cookies, web beacon and other technologies will still detect your visits to our Website; however, they will not be associated with information otherwise stored in cookies.
Targeted advertising
Third parties may drop cookies on your computer or mobile device to serve advertising through our Website. These companies may use information about your visits to this and other websites in order to provide relevant advertisements about goods and services that you may be interested in. They may also employ technology that is used to measure the effectiveness of advertisements. The information collected through this process does not enable us or them to identify your name, contact details or other personally identifying details unless you choose to provide these to us.
How do we use cookies?
We use cookies to:
- track traffic flow and patterns of travel and behavior in connection with our Website;
- understand the total number of visitors to our Websites on an ongoing basis and the types of internet browsers (e.g. Chrome, Firefox, Safari, or Internet Explorer) and operating systems (e.g. Windows or Mac) used by our visitors;
- monitor the performance of our Website and to continually improve it;
- in connection with our marketing and advertising efforts; and
- customize and enhance your online experience.
What types of cookies do we use?
The types of cookies used by us in connection with the Website can be considered “strictly necessary”, “performance or analytics cookies”, “marketing / targeting”, and “unclassified”. We've set out some further information below about each category.
Cookies strictly necessary for website purposes
These cookies are strictly necessary to provide you with services available through the Website and to use some of its features, such as access to secure areas. These cookies cannot be switched as without them we will not be able to provide essential website services.
Cookie Name | Type | Lifespan |
OptanonAlertBoxClosed | 1st Party | 1 year |
OptanonConsent | 1st Party | 1 year |
Performance / Analytics Cookies
We use performance/analytics cookies to analyze how the website is accessed, used, or is performing. We do this in order to provide you with a better user experience and to maintain, operate and continually improve the website. For example, these cookies allow us to:
- Better understand our website visitors so that we can improve how we present our content;
- Test different design ideas for particular pages, such as our homepage;
- Collect information about Website visitors such as where they are located and what browsers they are using;
- Determine the number of unique users of the website;
- Improve the website by measuring any errors that occur;
- Measuring campaign effectiveness; and
- Conduct research and diagnostics to improve product offerings.
Cookie Name | Type | Lifespan |
_ga | 1st Party | 730 days |
_gid | 1st Party | 1 day |
_biz_sid | 1st Party | 0 days |
_biz_uid | 1st Party | 364 days |
_biz_nA | 1st Party | 364 days |
_biz_pendingA | 1st Party | 364 days |
_uetvid | 1st Party | 389 days |
_clsk | 1st Party | 0 days |
_session_id | 3rd Party | 13 days |
_clck | 1st Party | 364 days |
JSESSIONID | 3rd Party | 1 day |
_ga_xxxxxxx | 1st Party | 729 days |
ARRAffinity | 3rd Party | 0 days |
_gclxxxx | 1st Party | 90 days |
Functionality Cookies
These cookies enable the Website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Cookie Name | Type | Lifespan |
_rdt_uuid | 1st Party | 90 days |
_gd_visitor | 1st Party | 730 days |
_gd_session | 1st Party | 0 days |
_mkto_trk | 1st Party | 730 days |
_an_uid | 1st Party | 6 days |
_gd_svisitor | 1st Party | 730 days |
vuid | 3rd party | 729 days |
__cf_bm | 3rd party | 0 days |
__cf_bm | 3rd party | 0 days |
__cf_bm | 3rd party | 0 days |
player | 3rd Party | 365 days |
__q_domainTest | 1st Party | 0 days |
Marketing / Targeting
We use marketing cookies to deliver many types of targeted digital marketing. We do this in order to provide you with a better user experience and to maintain, operate and continually improve the website. The cookie store user data and behavior information, which allows advertising services to target audience according to variables. For example, these cookies allow us to:
- Observe the Website performance and generate retargeting (Site retargeting, search retargeting, etc.).
- Maintain and improve the website and our products
Cookie Name | Type | Lifespan |
NO NAME | 3rd party | 0 days |
6suuid | 3rd party | 729 days |
lidc | 3rd party | 1 day |
_fbp | 1st Party | 90 days |
bcookie | 3rd party | 731 days |
bscookie | 3rd party | 731 days |
AnalyticsSyncHistory | 3rd party | 30 days |
UserMatchHistory | 3rd party | 30 days |
li_gc | 3rd party | 713 days |
_BUID | 3rd party | 364 days |
_biz_kvpA | 1st Party | 0 days |
_biz_dfsA | 1st Party | 0 days |
_BUID | 3rd party | 364 days |
VISITOR_INFO1_LIVE | 3rd party | 179 days |
YSC | 3rd party | 0 days |
CONSENT | 3rd party | 729 days |
_uetsid | 1st Party | 0 days |
ANONCHK | 3rd Party | 0 days |
SRM_B | 3rd Party | 389 days |
MUID | 3rd Party | 389 days |
SM | 3rd Party | 0 days |
muc_ads | 3rd Party | 729 days |
personalization_id | 3rd Party | 729 days |
in_or | 1st party | 0 days |
q_state_ubFjDH1QLqM69tJc | 1st Party | 3649 days |
_gat_UA-XXXXXX-X | 1st Party | 0 days |
_biz_flagsA | 1st Party | 364 days |
__cf_bm | 3rd Party | 0 days |
guest_id | 3rd Party | 729 days |
MR | 3rd Party | 6 days |
guest_id_ads | 3rd Party | 729 days |
_cfuvid | 3rd Party | 0 days |
li_sugr | 3rd Party | 89 days |
MUID | 3rd Party | 389 days |
guest_id_marketing | 3rd Party | 729 days |
ARRAffinitySameSite | 3rd Party | 0 days |
visitorId | 3rd Party | 364 days |
CLID | 3rd Party | 364 days |
MR | 3rd Party | 6 days |
CLID | 3rd Party | 364 days |
ARRAffinity | 3rd Party | 0 days |
MR | 3rd Party | 6 days |
How to control or delete cookies
Most browsers allow you to change your cookie settings. These settings will typically be found in the “options” or “preferences” menu of your browser. In order to understand these settings and learn how to use them, please consult the “Help” function of your browser, or the documentation published online for your particular browser type and version. However, please note that if you choose to refuse cookies you may not be able to use the full functionality of our Website.
Depending on where you are located, you may also be able to change your cookie preferences using the cookies banner on our Website.
The following pages have information on how to change your cookies settings for the different browsers:
- Cookie settings in Chrome
- Cookie settings in Firefox
- Cookie settings in Internet Explorer
- Cookie settings in Safari and iOS
Third Party Websites' Cookies
When using our Website you may be directed to other websites. These websites may use their own cookies. We do not have control over the placement of cookies by other websites you visit, even if you are directed to them from our Website.
If you use the buttons that allow you to share products and content with your friends via social networks like Google, Twitter and Facebook, these companies may set a cookie on your computer memory. Find out more about these here:
https://www.facebook.com/about/privacy http://twitter.com/privacy http://www.google.com/intl/en-GB/policies/privacy
Need More Information?
If you would like to find out more about cookies and their use on the Internet, you may find the following link useful: All About Cookies.
Cookies that have been set in the past
If you have disabled one or more Cookies, we may still use information collected from cookies prior to your disabled preference being set, however, we will stop using the disabled cookie to collect any further information.
Contact us
If you have any questions or comments about this cookies policy, or privacy matters generally, please contact us via email at privacy@wiz.io.
Updated 15 November 2023
Effective November 15th 2023 to November 17th 2023
DownloadTable of Contents
Cookies Policy
Our website https://www.wiz.io/ ("Website") uses cookies and similar files or technologies to automatically collect and store information about your computer, device, and Website usage, in order to improve their performance and enhance your user experience. We use the general term "cookies" in this policy to refer to these technologies and all such similar technologies that collect information automatically when you are using our Website where this policy is posted. You can find out more about cookies and how to control them in the information below.
If you do not accept the use of these cookies, please disable them using the instructions in this Cookies Policy or by changing your browser settings so that cookies from this Website cannot be placed on your computer or mobile device. Important: disabling certain cookies on this Website may cripple the user experience and other features on the Website, to the point of rendering them useless.
In this Cookies Policy, we use the term Wiz (and "we", "us" and "our") to refer to Wiz Inc. and our affiliates. Our Privacy Policy is available at https://www.wiz.io/legal/privacy-policy.
What is a cookie?
Cookies are computer files containing small amounts of information which are downloaded to your computer or mobile device when you visit a website. Cookies can then be sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies are widely used in order to make websites work, or to work more efficiently, as well as to provide information to the owners of the website.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences and generally improving the user experience. Cookies may tell us, for example, whether you have visited our Website before or whether you are a new visitor.
There are two broad categories of cookies:
- First Party cookies, served directly by us to your computer or mobile device.
- Third Party cookies, which are served by a third party on our behalf. We use third party cookies for functionality, performance / analytics, marketing, unclassified and other technologies, and social media purposes.
Cookies can remain on your computer or mobile device for different periods of time. Some cookies are 'session cookies', meaning that they exist only while your browser is open. These are deleted automatically once you close your browser. Other cookies are 'permanent cookies', meaning that they survive after your browser is closed. They can be used by websites to recognize your computer when you open your browser and browse the Internet again.
What are web beacons?
Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels" or "clear gifs"). These are small graphics files that contain a unique identifier that enable us to recognize when someone has visited our website. This allows us, for example, to monitor the traffic patterns of users from one page within our website to another, to deliver or communicate with cookies, to understand whether you have come to our website from an online advertisement displayed on a third party website, to improve website performance and to measure the success of email marketing campaigns. In most instances, these technologies are reliant on cookies to function, and therefore declining cookies prevents them from functioning.
If you don't want your cookie information to be associated with your visits to these pages, you can set your browser to turn off cookies as described further below. If you turn off cookies, web beacon and other technologies will still detect your visits to our Website; however, they will not be associated with information otherwise stored in cookies.
Targeted advertising
Third parties may drop cookies on your computer or mobile device to serve advertising through our Website. These companies may use information about your visits to this and other websites in order to provide relevant advertisements about goods and services that you may be interested in. They may also employ technology that is used to measure the effectiveness of advertisements. The information collected through this process does not enable us or them to identify your name, contact details or other personally identifying details unless you choose to provide these to us.
How do we use cookies?
We use cookies to:
- track traffic flow and patterns of travel and behavior in connection with our Website;
- understand the total number of visitors to our Websites on an ongoing basis and the types of internet browsers (e.g. Chrome, Firefox, Safari, or Internet Explorer) and operating systems (e.g. Windows or Mac) used by our visitors;
- monitor the performance of our Website and to continually improve it;
- in connection with our marketing and advertising efforts; and
- customize and enhance your online experience.
What types of cookies do we use?
The types of cookies used by us in connection with the Website can be considered “strictly necessary”, “performance or analytics cookies”, “marketing / targeting”, and “unclassified”. We've set out some further information below about each category.
Cookies strictly necessary for website purposes
These cookies are strictly necessary to provide you with services available through the Website and to use some of its features, such as access to secure areas. These cookies cannot be switched as without them we will not be able to provide essential website services.
Cookie Name | Type | Lifespan |
OptanonAlertBoxClosed | 1st Party | 1 year |
OptanonConsent | 1st Party | 1 year |
Performance / Analytics Cookies
We use performance/analytics cookies to analyze how the website is accessed, used, or is performing. We do this in order to provide you with a better user experience and to maintain, operate and continually improve the website. For example, these cookies allow us to:
- Better understand our website visitors so that we can improve how we present our content;
- Test different design ideas for particular pages, such as our homepage;
- Collect information about Website visitors such as where they are located and what browsers they are using;
- Determine the number of unique users of the website;
- Improve the website by measuring any errors that occur;
- Measuring campaign effectiveness; and
- Conduct research and diagnostics to improve product offerings.
Cookie Name | Type | Lifespan |
_ga | 1st Party | 730 days |
_gid | 1st Party | 1 day |
_biz_sid | 1st Party | 0 days |
_biz_uid | 1st Party | 364 days |
_biz_nA | 1st Party | 364 days |
_biz_pendingA | 1st Party | 364 days |
_uetvid | 1st Party | 389 days |
_clsk | 1st Party | 0 days |
_session_id | 3rd Party | 13 days |
_clck | 1st Party | 364 days |
JSESSIONID | 3rd Party | 1 day |
_ga_xxxxxxx | 1st Party | 729 days |
ARRAffinity | 3rd Party | 0 days |
_gclxxxx | 1st Party | 90 days |
Functionality Cookies
These cookies enable the Website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Cookie Name | Type | Lifespan |
_rdt_uuid | 1st Party | 90 days |
_gd_visitor | 1st Party | 730 days |
_gd_session | 1st Party | 0 days |
_mkto_trk | 1st Party | 730 days |
_an_uid | 1st Party | 6 days |
_gd_svisitor | 1st Party | 730 days |
vuid | 3rd party | 729 days |
__cf_bm | 3rd party | 0 days |
__cf_bm | 3rd party | 0 days |
__cf_bm | 3rd party | 0 days |
player | 3rd Party | 365 days |
__q_domainTest | 1st Party | 0 days |
Marketing / Targeting
We use marketing cookies to deliver many types of targeted digital marketing. We do this in order to provide you with a better user experience and to maintain, operate and continually improve the website. The cookie store user data and behavior information, which allows advertising services to target audience according to variables. For example, these cookies allow us to:
- Observe the Website performance and generate retargeting (Site retargeting, search retargeting, etc.).
- Maintain and improve the website and our products
Cookie Name | Type | Lifespan |
NO NAME | 3rd party | 0 days |
6suuid | 3rd party | 729 days |
lidc | 3rd party | 1 day |
_fbp | 1st Party | 90 days |
bcookie | 3rd party | 731 days |
bscookie | 3rd party | 731 days |
AnalyticsSyncHistory | 3rd party | 30 days |
UserMatchHistory | 3rd party | 30 days |
li_gc | 3rd party | 713 days |
_BUID | 3rd party | 364 days |
_biz_kvpA | 1st Party | 0 days |
_biz_dfsA | 1st Party | 0 days |
_BUID | 3rd party | 364 days |
VISITOR_INFO1_LIVE | 3rd party | 179 days |
YSC | 3rd party | 0 days |
CONSENT | 3rd party | 729 days |
_uetsid | 1st Party | 0 days |
ANONCHK | 3rd Party | 0 days |
SRM_B | 3rd Party | 389 days |
MUID | 3rd Party | 389 days |
SM | 3rd Party | 0 days |
muc_ads | 3rd Party | 729 days |
personalization_id | 3rd Party | 729 days |
in_or | 1st party | 0 days |
q_state_ubFjDH1QLqM69tJc | 1st Party | 3649 days |
_gat_UA-XXXXXX-X | 1st Party | 0 days |
_biz_flagsA | 1st Party | 364 days |
__cf_bm | 3rd Party | 0 days |
guest_id | 3rd Party | 729 days |
MR | 3rd Party | 6 days |
guest_id_ads | 3rd Party | 729 days |
_cfuvid | 3rd Party | 0 days |
li_sugr | 3rd Party | 89 days |
MUID | 3rd Party | 389 days |
guest_id_marketing | 3rd Party | 729 days |
ARRAffinitySameSite | 3rd Party | 0 days |
visitorId | 3rd Party | 364 days |
CLID | 3rd Party | 364 days |
MR | 3rd Party | 6 days |
CLID | 3rd Party | 364 days |
ARRAffinity | 3rd Party | 0 days |
MR | 3rd Party | 6 days |
How to control or delete cookies
Most browsers allow you to change your cookie settings. These settings will typically be found in the “options” or “preferences” menu of your browser. In order to understand these settings and learn how to use them, please consult the “Help” function of your browser, or the documentation published online for your particular browser type and version. However, please note that if you choose to refuse cookies you may not be able to use the full functionality of our Website.
Depending on where you are located, you may also be able to change your cookie preferences using the cookies banner on our Website.
The following pages have information on how to change your cookies settings for the different browsers:
- Cookie settings in Chrome
- Cookie settings in Firefox
- Cookie settings in Internet Explorer
- Cookie settings in Safari and iOS
Third Party Websites' Cookies
When using our Website you may be directed to other websites. These websites may use their own cookies. We do not have control over the placement of cookies by other websites you visit, even if you are directed to them from our Website.
If you use the buttons that allow you to share products and content with your friends via social networks like Google, Twitter and Facebook, these companies may set a cookie on your computer memory. Find out more about these here:
https://www.facebook.com/about/privacy http://twitter.com/privacy http://www.google.com/intl/en-GB/policies/privacy
Need More Information?
If you would like to find out more about cookies and their use on the Internet, you may find the following link useful: All About Cookies.
Cookies that have been set in the past
If you have disabled one or more Cookies, we may still use information collected from cookies prior to your disabled preference being set, however, we will stop using the disabled cookie to collect any further information.
Contact us
If you have any questions or comments about this cookies policy, or privacy matters generally, please contact us via email at privacy@wiz.io.
Updated 15 November 2023
Effective October 9th 2023 to November 15th 2023
DownloadTable of Contents
Cookies Policy
Our website https://www.wiz.io/ ("Website") uses cookies and similar files or technologies to automatically collect and store information about your computer, device, and Website usage, in order to improve their performance and enhance your user experience. We use the general term "cookies" in this policy to refer to these technologies and all such similar technologies that collect information automatically when you are using our Website where this policy is posted. You can find out more about cookies and how to control them in the information below.
If you do not accept the use of these cookies, please disable them using the instructions in this Cookies Policy or by changing your browser settings so that cookies from this Website cannot be placed on your computer or mobile device. Important: disabling certain cookies on this Website may cripple the user experience and other features on the Website, to the point of rendering them useless.
In this Cookies Policy, we use the term Wiz (and "we", "us" and "our") to refer to Wiz Inc. and our affiliates. Our Privacy Policy is available at https://www.wiz.io/privacy-policy.
åWhat is a cookie?
Cookies are computer files containing small amounts of information which are downloaded to your computer or mobile device when you visit a website. Cookies can then be sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies are widely used in order to make websites work, or to work more efficiently, as well as to provide information to the owners of the website.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences and generally improving the user experience. Cookies may tell us, for example, whether you have visited our Website before or whether you are a new visitor.
There are two broad categories of cookies:
- First Party cookies, served directly by us to your computer or mobile device.
- Third Party cookies, which are served by a third party on our behalf. We use third party cookies for functionality, performance / analytics, marketing, unclassified and other technologies, and social media purposes.
Cookies can remain on your computer or mobile device for different periods of time. Some cookies are 'session cookies', meaning that they exist only while your browser is open. These are deleted automatically once you close your browser. Other cookies are 'permanent cookies', meaning that they survive after your browser is closed. They can be used by websites to recognize your computer when you open your browser and browse the Internet again.
What are web beacons?
Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels" or "clear gifs"). These are small graphics files that contain a unique identifier that enable us to recognize when someone has visited our website. This allows us, for example, to monitor the traffic patterns of users from one page within our website to another, to deliver or communicate with cookies, to understand whether you have come to our website from an online advertisement displayed on a third party website, to improve website performance and to measure the success of email marketing campaigns. In most instances, these technologies are reliant on cookies to function, and therefore declining cookies prevents them from functioning.
If you don't want your cookie information to be associated with your visits to these pages, you can set your browser to turn off cookies as described further below. If you turn off cookies, web beacon and other technologies will still detect your visits to our Website; however, they will not be associated with information otherwise stored in cookies.
Targeted advertising
Third parties may drop cookies on your computer or mobile device to serve advertising through our Website. These companies may use information about your visits to this and other websites in order to provide relevant advertisements about goods and services that you may be interested in. They may also employ technology that is used to measure the effectiveness of advertisements. The information collected through this process does not enable us or them to identify your name, contact details or other personally identifying details unless you choose to provide these to us.
How do we use cookies?
We use cookies to:
- track traffic flow and patterns of travel and behavior in connection with our Website;
- understand the total number of visitors to our Websites on an ongoing basis and the types of internet browsers (e.g. Chrome, Firefox, Safari, or Internet Explorer) and operating systems (e.g. Windows or Mac) used by our visitors;
- monitor the performance of our Website and to continually improve it;
- in connection with our marketing and advertising efforts; and
- customize and enhance your online experience.
What types of cookies do we use?
The types of cookies used by us in connection with the Website can be considered “strictly necessary”, “performance or analytics cookies”, “marketing / targeting”, and “unclassified”. We've set out some further information below about each category.
Cookies strictly necessary for website purposes
These cookies are strictly necessary to provide you with services available through the Website and to use some of its features, such as access to secure areas. These cookies cannot be switched as without them we will not be able to provide essential website services.
Cookie Name | Type | Lifespan |
OptanonAlertBoxClosed | 1st Party | 1 year |
OptanonConsent | 1st Party | 1 year |
Performance / Analytics Cookies
We use performance/analytics cookies to analyze how the website is accessed, used, or is performing. We do this in order to provide you with a better user experience and to maintain, operate and continually improve the website. For example, these cookies allow us to:
- Better understand our website visitors so that we can improve how we present our content;
- Test different design ideas for particular pages, such as our homepage;
- Collect information about Website visitors such as where they are located and what browsers they are using;
- Determine the number of unique users of the website;
- Improve the website by measuring any errors that occur;
- Measuring campaign effectiveness; and
- Conduct research and diagnostics to improve product offerings.
| Cookie Name | Type | Lifespan |
|---|---|---|
| _ga | 1st Party | 730 days |
_gid | 1st Party | 1 day |
_biz_sid | 1st Party | 0 days |
_biz_uid | 1st Party | 364 days |
_biz_nA | 1st Party | 364 days |
_biz_pendingA | 1st Party | 364 days |
_uetvid | 1st Party | 389 days |
_clsk | 1st Party | 0 days |
_session_id | 3rd Party | 13 days |
_clck | 1st Party | 364 days |
JSESSIONID | 3rd Party | 1 day |
_ga_xxxxxxx | 1st Party | 729 days |
ARRAffinity | 3rd Party | 0 days |
Functionality Cookies
These cookies enable the Website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Cookie Name | Type | Lifespan |
_rdt_uuid | 1st Party | 90 days |
_gd_visitor | 1st Party | 730 days |
_gd_session | 1st Party | 0 days |
_mkto_trk | 1st Party | 730 days |
_an_uid | 1st Party | 6 days |
_gd_svisitor | 1st Party | 730 days |
vuid | 3rd party | 729 days |
__cf_bm | 3rd party | 0 days |
player | 3rd Party | 365 days |
__q_domainTest | 1st Party | 0 days |
Marketing / Targeting
We use marketing cookies to deliver many types of targeted digital marketing. We do this in order to provide you with a better user experience and to maintain, operate and continually improve the website. The cookie store user data and behavior information, which allows advertising services to target audience according to variables. For example, these cookies allow us to:
- Observe the Website performance and generate retargeting (Site retargeting, search retargeting, etc.).
- Maintain and improve the website and our products
Cookie Name | Type | Lifespan |
NO NAME | 3rd party | 0 days |
6suuid | 3rd party | 729 days |
lidc | 3rd party | 1 day |
_fbp | 1st Party | 90 days |
bcookie | 3rd party | 731 days |
bscookie | 3rd party | 731 days |
AnalyticsSyncHistory | 3rd party | 30 days |
UserMatchHistory | 3rd party | 30 days |
li_gc | 3rd party | 713 days |
_BUID | 3rd party | 364 days |
_biz_kvpA | 1st Party | 0 days |
_biz_dfsA | 1st Party | 0 days |
_BUID | 3rd party | 364 days |
VISITOR_INFO1_LIVE | 3rd party | 179 days |
YSC | 3rd party | 0 days |
CONSENT | 3rd party | 729 days |
_uetsid | 1st Party | 0 days |
ANONCHK | 3rd Party | 0 days |
SRM_B | 3rd Party | 389 days |
MUID | 3rd Party | 389 days |
SM | 3rd Party | 0 days |
muc_ads | 3rd Party | 729 days |
personalization_id | 3rd Party | 729 days |
in_or | 1st party | 0 days |
q_state_ubFjDH1QLqM69tJc | 1st Party | 3649 days |
_gat_UA-XXXXXX-X | 1st Party | 0 days |
_biz_flagsA | 1st Party | 364 days |
__cf_bm | 3rd Party | 0 days |
guest_id | 3rd Party | 729 days |
MR | 3rd Party | 6 days |
guest_id_ads | 3rd Party | 729 days |
_cfuvid | 3rd Party | 0 days |
li_sugr | 3rd Party | 89 days |
MUID | 3rd Party | 389 days |
guest_id_marketing | 3rd Party | 729 days |
ARRAffinitySameSite | 3rd Party | 0 days |
visitorId | 3rd Party | 364 days |
CLID | 3rd Party | 364 days |
MR | 3rd Party | 6 days |
How to control or delete cookies
Most browsers allow you to change your cookie settings. These settings will typically be found in the “options” or “preferences” menu of your browser. In order to understand these settings and learn how to use them, please consult the “Help” function of your browser, or the documentation published online for your particular browser type and version. However, please note that if you choose to refuse cookies you may not be able to use the full functionality of our Website.
Depending on where you are located, you may also be able to change your cookie preferences using the cookies banner on our Website.
The following pages have information on how to change your cookies settings for the different browsers:
- Cookie settings in Chrome
- Cookie settings in Firefox
- Cookie settings in Internet Explorer
- Cookie settings in Safari and iOS
Third Party Websites' Cookies
When using our Website you may be directed to other websites. These websites may use their own cookies. We do not have control over the placement of cookies by other websites you visit, even if you are directed to them from our Website.
If you use the buttons that allow you to share products and content with your friends via social networks like Google, Twitter and Facebook, these companies may set a cookie on your computer memory. Find out more about these here:
https://www.facebook.com/about/privacy http://twitter.com/privacy http://www.google.com/intl/en-GB/policies/privacy
Need More Information?
If you would like to find out more about cookies and their use on the Internet, you may find the following link useful: All About Cookies.
Cookies that have been set in the past
If you have disabled one or more Cookies, we may still use information collected from cookies prior to your disabled preference being set, however, we will stop using the disabled cookie to collect any further information.
Contact us
If you have any questions or comments about this cookies policy, or privacy matters generally, please contact us via email at privacy@wiz.io.
Updated 17 July 2023
Wiz Anti-Corruption and Bribery Policy
Effective September 27th 2024
DownloadTable of Contents
Anti Corruption and Bribery Policy
4. Facilitation Payments and Kickbacks
5. Gifts, Hospitality, and Expenses
11. Training and Communication
13. Potential Risk Scenarios: “Red Flags”
14. Document Ownership and Approval
1. Purpose and Scope
The purpose of this Policy is to:
- Set out our responsibilities, and the responsibilities of those working for and on our behalf, in observing and upholding our position on bribery and corruption; and
- Provide information and guidance to those working for and on our behalf on how to recognize and deal with bribery and corruption issues
The scope of this policy applies to all Wiz personnel. This policy applies to the corporate controls environment.
Policy
Wiz conducts all business in an honest and ethical manner. We take a zero-tolerance approach to bribery and corruption and are committed to acting professionally, fairly and with integrity in all our business dealings and relationships wherever we operate and implementing and enforcing effective systems to counter bribery and corruption.
We take our legal responsibilities very seriously. We will uphold all laws relevant to countering bribery and corruption in all the jurisdictions in which we operate.
Wiz may amend this policy from time to time and shall make the amended policy available to all individuals to which this policy applies.
Who does this policy apply to?
This policy applies to all persons working for Wiz or on Wiz's behalf in any capacity, including employees at all levels, directors, officers, agency workers, volunteers, interns, agents, contractors, external consultants, third-party representatives and business partners, sponsors, or any other person associated with us, wherever located.
Who is responsible for this policy?
Wiz's legal team has the overall responsibility for the effective operation of this policy. However, Wiz's management shall ensure the overall enforcement of this policy throughout the company. Suggestions for change should be reported to Wiz's legal team.
2. Definitions
2.1 Bribery is offering, promising, giving or accepting any financial or other advantage, to induce the recipient or any other person to act improperly in the performance of their functions, or to reward them for acting improperly, or where the recipient would act improperly by accepting the advantage.
2.1.1 An advantage includes money, gifts, loans, fees, hospitality, services, discounts, the award of a contract, or anything else of value.
2.1.2 A person acts improperly where they act illegally, unethically, or contrary to an expectation of good faith or impartiality, or where they abuse a position of trust. The improper acts may be in relation to any business or professional activities, public functions, acts in the course of employment, or other activities by or on behalf of any organization of any kind.
It is a criminal offence to offer, promise, give, request, or accept a bribe. Individuals found guilty can be punished with imprisonment and/or fines and employers that fail to prevent bribery can face an unlimited fine, exclusion from tendering for public contracts, and damage to its reputation.
EXAMPLES Offering a bribe: You offer tickets to a major sporting event to a potential client, but only if they agree to do business with Wiz. This would be an offence as you are making the offer to gain a commercial and contractual advantage. We may also be found to have committed an offence because the offer has been made to obtain business for Wiz. It may also be an offence for the potential client to accept your offer. Receiving a bribe: A supplier gives your nephew a job, but makes it clear that in return they expect you to use your influence at Wiz to ensure we continue to do business with them. It is an offence for a supplier to make such an offer. It would be an offence for you to accept the offer as you would be doing so to gain a personal advantage. Bribing a foreign official: You arrange for the business to pay an additional "facilitation" payment to a foreign official to speed up an administrative process for Wiz. The offence of bribing a foreign public official is committed as soon as the offer is made. This is because it is made to gain a business advantage for us. We may also be found to have committed an offence. |
2.3 Facilitation Payments, also known as “back-handers” or “grease payments,” are typically small, unofficial payments made to secure or expedite a routine or necessary action (for example, by a government official).
2.5 Third Party means any individual or organization you come into contact with during the course of your work for or with Wiz, and includes actual and potential clients, customers, suppliers, distributors, business contacts, agents, advisers, and government and public bodies, including their advisors, representatives and officials, politicians and political parties.
3. What You Must Not Do
It is not acceptable for you (or someone on your behalf) to:
- give, promise to give, or offer, a payment, gift or hospitality with the expectation or hope that a business advantage will be received, or to reward a business advantage already given;
- give or accept a gift or hospitality during any commercial negotiations or tender process, if this could be perceived as intended or likely to influence the outcome;
- accept a payment, gift or hospitality from a third party that you know or suspect is offered with the expectation that it will provide a business advantage for them or anyone else in return;
- offer or accept a gift to or from government officials or representatives, or politicians or political parties, without the prior approval of the legal team;
- threaten or retaliate against another individual who has refused to commit a bribery offence or who has raised concerns under this policy; or
- engage in any other activity that might lead to a breach of this policy.
4. Facilitation Payments and Kickbacks
We do not make, and will not accept, facilitation payments or "kickbacks" of any kind. See section 2 for definitions of these terms.
You must avoid any activity that might lead to a facilitation payment or kickback being made or accepted by us or on our behalf, or that might suggest that such a payment will be made or accepted. If you are asked to make a payment on our behalf, you should always be mindful of what the payment is for and whether the amount requested is proportionate to the goods or services provided. You should always ask for a receipt which details the reason for the payment. If you have any suspicions, concerns, or queries regarding a payment, you should raise these with Wiz's legal team.
5. Gifts, Hospitality, and Expenses
This policy allows reasonable and appropriate hospitality or entertainment given to or received from third parties, for the purposes of:
- establishing or maintaining good business relationships;
- improving or maintaining our image or reputation; or
- marketing or presenting our products and/or services effectively.
The giving and accepting of gifts is allowed if the following requirements are met:
- it is not made with the intention of influencing a third party to obtain or retain business or a business advantage, or to reward the provision or retention of business or a business advantage, or in explicit or implicit exchange for favors or benefits;
- it is appropriate in the circumstances, taking account of the reason for the gift, its timing and value;
- it is given openly, not secretly; and
- it complies with any applicable local law.
Promotional gifts of low value such to or from existing customers, suppliers and business partners will usually be acceptable.
Reimbursing a third party's expenses or accepting an offer to reimburse our expenses (for example, the costs of attending a business meeting) would not usually amount to bribery. However, in excess of genuine and reasonable business expenses (such as the cost of an extended hotel stay) is not acceptable.
We appreciate that practice varies between countries and regions and what may be normal and acceptable in one region may not be in another. The test to be applied is whether in all the circumstances the gift, hospitality or payment is reasonable and justifiable. The intention behind it should always be considered.
6. Donations
We do not make contributions to political parties.
We only make charitable donations that are legal and ethical under local laws and practices.
7. Record-Keeping
We must keep financial records and have appropriate internal controls in place which will evidence the business reason for making payments to third parties.
You must declare and keep a written record of all hospitality or gifts given or received, which will be subject to managerial review.
You must submit all expenses claims relating to hospitality, gifts, or payments to third parties in accordance with our expenses policy and record the reason for expenditure.
All accounts, invoices, and other records relating to dealings with third parties including suppliers and customers should be prepared with strict accuracy and completeness. Accounts must not be kept "off-book" to facilitate or conceal improper payments.
8. Your Responsibilities
You must ensure that you read, understand, and comply with this policy.
The prevention, detection and reporting of bribery and other forms of corruption are the responsibility of all those working for Wiz or under Wiz's control. You are required to avoid any activity that might lead to, or suggest, a breach of this policy.
You must notify the Wiz legal team as soon as possible if you believe or suspect that a conflict with this policy has occurred or may occur in the future. For example, if a customer or potential customer offers you something to gain a business advantage with us or indicates to you that a gift or payment is required to secure their business. Further "red flags" that may indicate bribery or corruption are set out in section 13.
9. How to Raise a Concern
You are encouraged to raise concerns about any issue or suspicion of bribery or corruption at the earliest possible stage.
If you are offered a bribe, or are asked to make one, or if you believe or suspect that any bribery, corruption, or other breach of this policy has occurred or may occur, you must notify your manager, the HR team, or the legal team as soon as possible.
If you are unsure about whether a particular act constitutes bribery or corruption, raise it with your manager, the HR team, or the legal team.
10. Protection
Individuals who refuse to accept or offer a bribe or who raise concerns or report another's wrongdoing are sometimes worried about possible repercussions. We aim to encourage openness and will support anyone who raises genuine concerns in good faith under this policy, even if they turn out to be mistaken.
We are committed to ensuring no one suffers any detrimental treatment as a result of refusing to take part in bribery or corruption, or because of reporting in good faith their suspicion that an actual or potential bribery or other corruption offence has taken place or may take place in the future. Damaging treatment includes dismissal, disciplinary action, threats, or other unfavorable treatment connected with raising a concern. If you believe that you have suffered any such treatment, you should inform the legal team immediately.
11. Training and Communication
Training on this policy will be provided as necessary.
Our zero-tolerance approach to bribery and corruption must be communicated to all suppliers, contractors, and business partners at the outset of our business relationship with them and as appropriate thereafter.
12. Breaches of this Policy
Any employee who breaches this policy will face disciplinary action, up to dismissal for misconduct or gross misconduct.
We may terminate our relationship with other individuals and organizations working on our behalf if they breach this policy.
13. Potential Risk Scenarios: “Red Flags”
The following is a list of possible red flags that may arise during the course of your work for or with Wiz and which may raise concerns under various anti-bribery and anti-corruption laws. The list is not intended to be exhaustive and is for illustrative purposes only.
If you encounter any of these red flags while working for or with Wiz, you must report them promptly to your manager, the HR team or legal team:
- you become aware that a third party engages in, or has been accused of engaging in, improper business practices;
- you learn that a third party has a reputation for paying bribes, or requiring that bribes are paid to them, or has a reputation for having a "special relationship" with foreign government officials;
- a third party insists on receiving a commission or fee payment before carrying out a government function or process for us;
- a third-party requests payment in cash and/or refuses to sign a formal commission or fee agreement, or to provide an invoice or receipt for a payment made;
- a third party requests that payment is made to a country or geographic location different from where the third party resides or conducts business;
- a third party requests an unexpected additional fee or commission to "facilitate" a service;
- a third party demands lavish entertainment or gifts before commencing or continuing contractual negotiations or provision of services;
- a third party requests that a payment is made to "overlook" potential legal violations;
- a third party requests that you provide employment or some other advantage to a friend or relative;
- you receive an invoice from a third party that appears to be non-standard or customized;
- a third party insists on the use of side letters or refuses to put terms agreed in writing;
- you notice that we have been invoiced for a commission or fee payment that appears large given the service stated to have been provided;
- a third party requests or requires the use of an agent, intermediary, consultant, distributor, or supplier that is not typically used by or known to us; or
- you are offered an unusually generous gift or lavish hospitality by a third party.
14. Document Ownership and Approval
14.2 This policy is designated as non-critical; the Wiz Legal team is responsible for ensuring the policy is reviewed and approved every second year.
14.3 The current version of this document is available to all staff on the internal policy management tool.
14.4 This Policy was approved by Mya Joel, Privacy Officer & Legal Counsel and is issued on a version-controlled basis.
Effective November 17th 2023 to September 27th 2024
DownloadTable of Contents
Anti Corruption and Bribery Policy
Contents
Purpose and Scope
The purpose of this Policy is to:
- Set out our responsibilities, and the responsibilities of those working for and on our behalf, in observing and upholding our position on bribery and corruption; and
- Provide information and guidance to those working for and on our behalf on how to recognize and deal with bribery and corruption issues
The scope of this policy applies to all Wiz personnel. This policy applies to the corporate controls environment.
Policy
Wiz conducts all business in an honest and ethical manner. We take a zero-tolerance approach to bribery and corruption and are committed to acting professionally, fairly and with integrity in all our business dealings and relationships wherever we operate and implementing and enforcing effective systems to counter bribery and corruption.
We take our legal responsibilities very seriously. We will uphold all laws relevant to countering bribery and corruption in all the jurisdictions in which we operate.
Wiz may amend this policy from time to time and shall make the amended policy available to all individuals to which this policy applies.
Who does this policy apply to?
This policy applies to all persons working for Wiz or on Wiz's behalf in any capacity, including employees at all levels, directors, officers, agency workers, volunteers, interns, agents, contractors, external consultants, third-party representatives and business partners, sponsors, or any other person associated with us, wherever located.
Who is responsible for this policy?
Wiz's legal team has the overall responsibility for the effective operation of this policy. However, Wiz's management shall ensure the overall enforcement of this policy throughout the company. Suggestions for change should be reported to Wiz's legal team.
Definitions
- Bribery is offering, promising, giving or accepting any financial or other advantage, to induce the recipient or any other person to act improperly in the performance of their functions, or to reward them for acting improperly, or where the recipient would act improperly by accepting the advantage. An advantage includes money, gifts, loans, fees, hospitality, services, discounts, the award of a contract, or anything else of value. A person acts improperly where they act illegally, unethically, or contrary to an expectation of good faith or impartiality, or where they abuse a position of trust. The improper acts may be in relation to any business or professional activities, public functions, acts in the course of employment, or other activities by or on behalf of any organization of any kind. It is a criminal offence to offer, promise, give, request, or accept a bribe. Individuals found guilty can be punished with imprisonment and/or fines and employers that fail to prevent bribery can face an unlimited fine, exclusion from tendering for public contracts, and damage to its reputation.
- Corruption is the abuse of entrusted power or position for private gain.
EXAMPLES Offering a bribe: You offer tickets to a major sporting event to a potential client, but only if they agree to do business with Wiz. This would be an offence as you are making the offer to gain a commercial and contractual advantage. We may also be found to have committed an offence because the offer has been made to obtain business for Wiz. It may also be an offence for the potential client to accept your offer. Receiving a bribe: A supplier gives your nephew a job, but makes it clear that in return they expect you to use your influence at Wiz to ensure we continue to do business with them. It is an offence for a supplier to make such an offer. It would be an offence for you to accept the offer as you would be doing so to gain a personal advantage. Bribing a foreign official: You arrange for the business to pay an additional "facilitation" payment to a foreign official to speed up an administrative process for Wiz. The offence of bribing a foreign public official is committed as soon as the offer is made. This is because it is made to gain a business advantage for us. We may also be found to have committed an offence. |
- Facilitation Payments, also known as “back-handers” or “grease payments,” are typically small, unofficial payments made to secure or expedite a routine or necessary action (for example, by a government official).
- Kickbacks are typically payments made in return for a business favor or advantage.
- Third Party means any individual or organization you come into contact with during the course of your work for or with Wiz, and includes actual and potential clients, customers, suppliers, distributors, business contacts, agents, advisers, and government and public bodies, including their advisors, representatives and officials, politicians and political parties.
What You Must Not Do
It is not acceptable for you (or someone on your behalf) to:
- give, promise to give, or offer, a payment, gift or hospitality with the expectation or hope that a business advantage will be received, or to reward a business advantage already given;
- give or accept a gift or hospitality during any commercial negotiations or tender process, if this could be perceived as intended or likely to influence the outcome;
- accept a payment, gift or hospitality from a third party that you know or suspect is offered with the expectation that it will provide a business advantage for them or anyone else in return;
- offer or accept a gift to or from government officials or representatives, or politicians or political parties, without the prior approval of the legal team;
- threaten or retaliate against another individual who has refused to commit a bribery offence or who has raised concerns under this policy; or
- engage in any other activity that might lead to a breach of this policy.
Facilitation Payments and Kickbacks
We do not make, and will not accept, facilitation payments or "kickbacks" of any kind. See section 2 for definitions of these terms.
You must avoid any activity that might lead to a facilitation payment or kickback being made or accepted by us or on our behalf, or that might suggest that such a payment will be made or accepted. If you are asked to make a payment on our behalf, you should always be mindful of what the payment is for and whether the amount requested is proportionate to the goods or services provided. You should always ask for a receipt which details the reason for the payment. If you have any suspicions, concerns, or queries regarding a payment, you should raise these with Wiz's legal team.
Gifts, Hospitality, and Expenses
This policy allows reasonable and appropriate hospitality or entertainment given to or received from third parties, for the purposes of:
- establishing or maintaining good business relationships;
- improving or maintaining our image or reputation; or
- marketing or presenting our products and/or services effectively.
The giving and accepting of gifts is allowed if the following requirements are met:
- it is not made with the intention of influencing a third party to obtain or retain business or a business advantage, or to reward the provision or retention of business or a business advantage, or in explicit or implicit exchange for favors or benefits;
- it is appropriate in the circumstances, taking account of the reason for the gift, its timing and value;
- it is given openly, not secretly; and
- it complies with any applicable local law.
Promotional gifts of low value such to or from existing customers, suppliers and business partners will usually be acceptable.
Reimbursing a third party's expenses or accepting an offer to reimburse our expenses (for example, the costs of attending a business meeting) would not usually amount to bribery. However, in excess of genuine and reasonable business expenses (such as the cost of an extended hotel stay) is not acceptable.
We appreciate that practice varies between countries and regions and what may be normal and acceptable in one region may not be in another. The test to be applied is whether in all the circumstances the gift, hospitality or payment is reasonable and justifiable. The intention behind it should always be considered.
Donations
We do not make contributions to political parties.
We only make charitable donations that are legal and ethical under local laws and practices.
Record-Keeping
We must keep financial records and have appropriate internal controls in place which will evidence the business reason for making payments to third parties.
You must declare and keep a written record of all hospitality or gifts given or received, which will be subject to managerial review.
You must submit all expenses claims relating to hospitality, gifts, or payments to third parties in accordance with our expenses policy and record the reason for expenditure.
All accounts, invoices, and other records relating to dealings with third parties including suppliers and customers should be prepared with strict accuracy and completeness. Accounts must not be kept "off-book" to facilitate or conceal improper payments.
Your Responsibilities
You must ensure that you read, understand, and comply with this policy.
The prevention, detection and reporting of bribery and other forms of corruption are the responsibility of all those working for Wiz or under Wiz's control. You are required to avoid any activity that might lead to, or suggest, a breach of this policy.
You must notify the Wiz legal team as soon as possible if you believe or suspect that a conflict with this policy has occurred or may occur in the future. For example, if a customer or potential customer offers you something to gain a business advantage with us or indicates to you that a gift or payment is required to secure their business. Further "red flags" that may indicate bribery or corruption are set out in section 13.
How to Raise a Concern
You are encouraged to raise concerns about any issue or suspicion of bribery or corruption at the earliest possible stage.
If you are offered a bribe, or are asked to make one, or if you believe or suspect that any bribery, corruption, or other breach of this policy has occurred or may occur, you must notify your manager, the HR team, or the legal team as soon as possible.
If you are unsure about whether a particular act constitutes bribery or corruption, raise it with your manager, the HR team, or the legal team.
Protection
Individuals who refuse to accept or offer a bribe or who raise concerns or report another's wrongdoing are sometimes worried about possible repercussions. We aim to encourage openness and will support anyone who raises genuine concerns in good faith under this policy, even if they turn out to be mistaken.
We are committed to ensuring no one suffers any detrimental treatment as a result of refusing to take part in bribery or corruption, or because of reporting in good faith their suspicion that an actual or potential bribery or other corruption offence has taken place or may take place in the future. Damaging treatment includes dismissal, disciplinary action, threats, or other unfavorable treatment connected with raising a concern. If you believe that you have suffered any such treatment, you should inform the legal team immediately.
Training and Communication
Training on this policy will be provided as necessary.
Our zero-tolerance approach to bribery and corruption must be communicated to all suppliers, contractors, and business partners at the outset of our business relationship with them and as appropriate thereafter.
Breaches of this Policy
Any employee who breaches this policy will face disciplinary action, up to dismissal for misconduct or gross misconduct.
We may terminate our relationship with other individuals and organizations working on our behalf if they breach this policy.
Potential Risk Scenarios: “Red Flags”
The following is a list of possible red flags that may arise during the course of your work for or with Wiz and which may raise concerns under various anti-bribery and anti-corruption laws. The list is not intended to be exhaustive and is for illustrative purposes only.
If you encounter any of these red flags while working for or with Wiz, you must report them promptly to your manager, the HR team or legal team:
- you become aware that a third party engages in, or has been accused of engaging in, improper business practices;
- you learn that a third party has a reputation for paying bribes, or requiring that bribes are paid to them, or has a reputation for having a "special relationship" with foreign government officials;
- a third party insists on receiving a commission or fee payment before carrying out a government function or process for us;
- a third-party requests payment in cash and/or refuses to sign a formal commission or fee agreement, or to provide an invoice or receipt for a payment made;
- a third party requests that payment is made to a country or geographic location different from where the third party resides or conducts business;
- a third party requests an unexpected additional fee or commission to "facilitate" a service;
- a third party demands lavish entertainment or gifts before commencing or continuing contractual negotiations or provision of services;
- a third party requests that a payment is made to "overlook" potential legal violations;
- a third party requests that you provide employment or some other advantage to a friend or relative;
- you receive an invoice from a third party that appears to be non-standard or customized;
- a third party insists on the use of side letters or refuses to put terms agreed in writing;
- you notice that we have been invoiced for a commission or fee payment that appears large given the service stated to have been provided;
- a third party requests or requires the use of an agent, intermediary, consultant, distributor, or supplier that is not typically used by or known to us; or
- you are offered an unusually generous gift or lavish hospitality by a third party.
Document Ownership and Approval
- The Wiz Legal team is the owner of this document.
- This policy is designated as non-critical; the Wiz Legal team is responsible for ensuring the policy is reviewed and approved every second year.
- The current version of this document is available to all staff on the internal policy management tool.
- This Policy was approved by Mya Joel, Privacy Officer & Legal Counsel and is issued on a version-controlled basis.
- Change Record
Version | Author | Approver | Approval Date | Description of Changes |
3 | Rosie Cramer | Mya Joel | 8 November 2023 | Template and formatting updates |
Effective November 8th 2023 to November 17th 2023
DownloadTable of Contents
Anti Corruption and Bribery Policy
Contents
Purpose and Scope
The purpose of this Policy is to:
- Set out our responsibilities, and the responsibilities of those working for and on our behalf, in observing and upholding our position on bribery and corruption; and
- Provide information and guidance to those working for and on our behalf on how to recognize and deal with bribery and corruption issues
The scope of this policy applies to all Wiz personnel. This policy applies to the corporate controls environment.
Policy
Wiz conducts all business in an honest and ethical manner. We take a zero-tolerance approach to bribery and corruption and are committed to acting professionally, fairly and with integrity in all our business dealings and relationships wherever we operate and implementing and enforcing effective systems to counter bribery and corruption.
We take our legal responsibilities very seriously. We will uphold all laws relevant to countering bribery and corruption in all the jurisdictions in which we operate.
Wiz may amend this policy from time to time and shall make the amended policy available to all individuals to which this policy applies.
Who does this policy apply to?
This policy applies to all persons working for Wiz or on Wiz's behalf in any capacity, including employees at all levels, directors, officers, agency workers, volunteers, interns, agents, contractors, external consultants, third-party representatives and business partners, sponsors, or any other person associated with us, wherever located.
Who is responsible for this policy?
Wiz's legal team has the overall responsibility for the effective operation of this policy. However, Wiz's management shall ensure the overall enforcement of this policy throughout the company. Suggestions for change should be reported to Wiz's legal team.
Definitions
- Bribery is offering, promising, giving or accepting any financial or other advantage, to induce the recipient or any other person to act improperly in the performance of their functions, or to reward them for acting improperly, or where the recipient would act improperly by accepting the advantage. An advantage includes money, gifts, loans, fees, hospitality, services, discounts, the award of a contract, or anything else of value. A person acts improperly where they act illegally, unethically, or contrary to an expectation of good faith or impartiality, or where they abuse a position of trust. The improper acts may be in relation to any business or professional activities, public functions, acts in the course of employment, or other activities by or on behalf of any organization of any kind. It is a criminal offence to offer, promise, give, request, or accept a bribe. Individuals found guilty can be punished with imprisonment and/or fines and employers that fail to prevent bribery can face an unlimited fine, exclusion from tendering for public contracts, and damage to its reputation.
- Corruption is the abuse of entrusted power or position for private gain.
EXAMPLES Offering a bribe: You offer tickets to a major sporting event to a potential client, but only if they agree to do business with Wiz. This would be an offence as you are making the offer to gain a commercial and contractual advantage. We may also be found to have committed an offence because the offer has been made to obtain business for Wiz. It may also be an offence for the potential client to accept your offer. Receiving a bribe: A supplier gives your nephew a job, but makes it clear that in return they expect you to use your influence at Wiz to ensure we continue to do business with them. It is an offence for a supplier to make such an offer. It would be an offence for you to accept the offer as you would be doing so to gain a personal advantage. Bribing a foreign official: You arrange for the business to pay an additional "facilitation" payment to a foreign official to speed up an administrative process for Wiz. The offence of bribing a foreign public official is committed as soon as the offer is made. This is because it is made to gain a business advantage for us. We may also be found to have committed an offence. |
- Facilitation Payments, also known as “back-handers” or “grease payments,” are typically small, unofficial payments made to secure or expedite a routine or necessary action (for example, by a government official).
- Kickbacks are typically payments made in return for a business favor or advantage.
- Third Party means any individual or organization you come into contact with during the course of your work for or with Wiz, and includes actual and potential clients, customers, suppliers, distributors, business contacts, agents, advisers, and government and public bodies, including their advisors, representatives and officials, politicians and political parties.
What You Must Not Do
It is not acceptable for you (or someone on your behalf) to:
- give, promise to give, or offer, a payment, gift or hospitality with the expectation or hope that a business advantage will be received, or to reward a business advantage already given;
- give or accept a gift or hospitality during any commercial negotiations or tender process, if this could be perceived as intended or likely to influence the outcome;
- accept a payment, gift or hospitality from a third party that you know or suspect is offered with the expectation that it will provide a business advantage for them or anyone else in return;
- offer or accept a gift to or from government officials or representatives, or politicians or political parties, without the prior approval of the legal team;
- threaten or retaliate against another individual who has refused to commit a bribery offence or who has raised concerns under this policy; or
- engage in any other activity that might lead to a breach of this policy.
Facilitation Payments and Kickbacks
We do not make, and will not accept, facilitation payments or "kickbacks" of any kind. See section 2 for definitions of these terms.
You must avoid any activity that might lead to a facilitation payment or kickback being made or accepted by us or on our behalf, or that might suggest that such a payment will be made or accepted. If you are asked to make a payment on our behalf, you should always be mindful of what the payment is for and whether the amount requested is proportionate to the goods or services provided. You should always ask for a receipt which details the reason for the payment. If you have any suspicions, concerns, or queries regarding a payment, you should raise these with Wiz's legal team.
Gifts, Hospitality, and Expenses
This policy allows reasonable and appropriate hospitality or entertainment given to or received from third parties, for the purposes of:
- establishing or maintaining good business relationships;
- improving or maintaining our image or reputation; or
- marketing or presenting our products and/or services effectively.
The giving and accepting of gifts is allowed if the following requirements are met:
- it is not made with the intention of influencing a third party to obtain or retain business or a business advantage, or to reward the provision or retention of business or a business advantage, or in explicit or implicit exchange for favors or benefits;
- it is appropriate in the circumstances, taking account of the reason for the gift, its timing and value;
- it is given openly, not secretly; and
- it complies with any applicable local law.
Promotional gifts of low value such to or from existing customers, suppliers and business partners will usually be acceptable.
Reimbursing a third party's expenses or accepting an offer to reimburse our expenses (for example, the costs of attending a business meeting) would not usually amount to bribery. However, in excess of genuine and reasonable business expenses (such as the cost of an extended hotel stay) is not acceptable.
We appreciate that practice varies between countries and regions and what may be normal and acceptable in one region may not be in another. The test to be applied is whether in all the circumstances the gift, hospitality or payment is reasonable and justifiable. The intention behind it should always be considered.
Donations
We do not make contributions to political parties.
We only make charitable donations that are legal and ethical under local laws and practices.
Record-Keeping
We must keep financial records and have appropriate internal controls in place which will evidence the business reason for making payments to third parties.
You must declare and keep a written record of all hospitality or gifts given or received, which will be subject to managerial review.
You must submit all expenses claims relating to hospitality, gifts, or payments to third parties in accordance with our expenses policy and record the reason for expenditure.
All accounts, invoices, and other records relating to dealings with third parties including suppliers and customers should be prepared with strict accuracy and completeness. Accounts must not be kept "off-book" to facilitate or conceal improper payments.
Your Responsibilities
You must ensure that you read, understand, and comply with this policy.
The prevention, detection and reporting of bribery and other forms of corruption are the responsibility of all those working for Wiz or under Wiz's control. You are required to avoid any activity that might lead to, or suggest, a breach of this policy.
You must notify the Wiz legal team as soon as possible if you believe or suspect that a conflict with this policy has occurred or may occur in the future. For example, if a customer or potential customer offers you something to gain a business advantage with us or indicates to you that a gift or payment is required to secure their business. Further "red flags" that may indicate bribery or corruption are set out in section 13.
How to Raise a Concern
You are encouraged to raise concerns about any issue or suspicion of bribery or corruption at the earliest possible stage.
If you are offered a bribe, or are asked to make one, or if you believe or suspect that any bribery, corruption, or other breach of this policy has occurred or may occur, you must notify your manager, the HR team, or the legal team as soon as possible.
If you are unsure about whether a particular act constitutes bribery or corruption, raise it with your manager, the HR team, or the legal team.
Protection
Individuals who refuse to accept or offer a bribe or who raise concerns or report another's wrongdoing are sometimes worried about possible repercussions. We aim to encourage openness and will support anyone who raises genuine concerns in good faith under this policy, even if they turn out to be mistaken.
We are committed to ensuring no one suffers any detrimental treatment as a result of refusing to take part in bribery or corruption, or because of reporting in good faith their suspicion that an actual or potential bribery or other corruption offence has taken place or may take place in the future. Damaging treatment includes dismissal, disciplinary action, threats, or other unfavorable treatment connected with raising a concern. If you believe that you have suffered any such treatment, you should inform the legal team immediately.
Training and Communication
Training on this policy will be provided as necessary.
Our zero-tolerance approach to bribery and corruption must be communicated to all suppliers, contractors, and business partners at the outset of our business relationship with them and as appropriate thereafter.
Breaches of this Policy
Any employee who breaches this policy will face disciplinary action, up to dismissal for misconduct or gross misconduct.
We may terminate our relationship with other individuals and organizations working on our behalf if they breach this policy.
Potential Risk Scenarios: “Red Flags”
The following is a list of possible red flags that may arise during the course of your work for or with Wiz and which may raise concerns under various anti-bribery and anti-corruption laws. The list is not intended to be exhaustive and is for illustrative purposes only.
If you encounter any of these red flags while working for or with Wiz, you must report them promptly to your manager, the HR team or legal team:
- you become aware that a third party engages in, or has been accused of engaging in, improper business practices;
- you learn that a third party has a reputation for paying bribes, or requiring that bribes are paid to them, or has a reputation for having a "special relationship" with foreign government officials;
- a third party insists on receiving a commission or fee payment before carrying out a government function or process for us;
- a third-party requests payment in cash and/or refuses to sign a formal commission or fee agreement, or to provide an invoice or receipt for a payment made;
- a third party requests that payment is made to a country or geographic location different from where the third party resides or conducts business;
- a third party requests an unexpected additional fee or commission to "facilitate" a service;
- a third party demands lavish entertainment or gifts before commencing or continuing contractual negotiations or provision of services;
- a third party requests that a payment is made to "overlook" potential legal violations;
- a third party requests that you provide employment or some other advantage to a friend or relative;
- you receive an invoice from a third party that appears to be non-standard or customized;
- a third party insists on the use of side letters or refuses to put terms agreed in writing;
- you notice that we have been invoiced for a commission or fee payment that appears large given the service stated to have been provided;
- a third party requests or requires the use of an agent, intermediary, consultant, distributor, or supplier that is not typically used by or known to us; or
- you are offered an unusually generous gift or lavish hospitality by a third party.
Document Ownership and Approval
- The Wiz Legal team is the owner of this document.
- This policy is designated as non-critical; the Wiz Legal team is responsible for ensuring the policy is reviewed and approved every second year.
- The current version of this document is available to all staff on the internal policy management tool.
- This Policy was approved by Mya Joel, Privacy Officer & Legal Counsel and is issued on a version-controlled basis.
- Change Record
Version | Author | Approver | Approval Date | Description of Changes |
3 | Rosie Cramer | Mya Joel | 8 November 2023 | Template and formatting updates |
Effective August 29th 2023 to November 8th 2023
DownloadTable of Contents
Anti Corruption and Bribery Policy
Contents
Who does this policy apply to? 3
4. Facilitation Payments and Kickbacks 5
5. Gifts, Hospitality, and Expenses 5
11. Training and Communication 7
13. Potential Risk Scenarios: “Red Flags” 7
14. Document Ownership and Approval 8
Purpose and Scope
The purpose of this Policy is to:
- Set out our responsibilities, and the responsibilities of those working for and on our behalf, in observing and upholding our position on bribery and corruption; and
- Provide information and guidance to those working for and on our behalf on how to recognize and deal with bribery and corruption issues
The scope of this policy applies to all Wiz personnel. This policy applies to the corporate controls environment.
Policy
Wiz conducts all business in an honest and ethical manner. We take a zero-tolerance approach to bribery and corruption and are committed to acting professionally, fairly and with integrity in all our business dealings and relationships wherever we operate and implementing and enforcing effective systems to counter bribery and corruption.
We take our legal responsibilities very seriously. We will uphold all laws relevant to countering bribery and corruption in all the jurisdictions in which we operate.
Wiz may amend this policy from time to time and shall make the amended policy available to all individuals to which this policy applies.
Who does this policy apply to?
This policy applies to all persons working for Wiz or on Wiz's behalf in any capacity, including employees at all levels, directors, officers, agency workers, volunteers, interns, agents, contractors, external consultants, third-party representatives and business partners, sponsors, or any other person associated with us, wherever located.
Who is responsible for this policy?
Wiz's legal team has the overall responsibility for the effective operation of this policy. However, Wiz's management shall ensure the overall enforcement of this policy throughout the company. Suggestions for change should be reported to Wiz's legal team.
Definitions
- Bribery is offering, promising, giving or accepting any financial or other advantage, to induce the recipient or any other person to act improperly in the performance of their functions, or to reward them for acting improperly, or where the recipient would act improperly by accepting the advantage.
- An advantage includes money, gifts, loans, fees, hospitality, services, discounts, the award of a contract, or anything else of value.
- A person acts improperly where they act illegally, unethically, or contrary to an expectation of good faith or impartiality, or where they abuse a position of trust. The improper acts may be in relation to any business or professional activities, public functions, acts in the course of employment, or other activities by or on behalf of any organization of any kind.
- Bribery is offering, promising, giving or accepting any financial or other advantage, to induce the recipient or any other person to act improperly in the performance of their functions, or to reward them for acting improperly, or where the recipient would act improperly by accepting the advantage.
It is a criminal offence to offer, promise, give, request, or accept a bribe. Individuals found guilty can be punished with imprisonment and/or fines and employers that fail to prevent bribery can face an unlimited fine, exclusion from tendering for public contracts, and damage to its reputation.
- Corruption is the abuse of entrusted power or position for private gain.
EXAMPLES Offering a bribe: You offer tickets to a major sporting event to a potential client, but only if they agree to do business with Wiz. This would be an offence as you are making the offer to gain a commercial and contractual advantage. We may also be found to have committed an offence because the offer has been made to obtain business for Wiz. It may also be an offence for the potential client to accept your offer. Receiving a bribe: A supplier gives your nephew a job, but makes it clear that in return they expect you to use your influence at Wiz to ensure we continue to do business with them. It is an offence for a supplier to make such an offer. It would be an offence for you to accept the offer as you would be doing so to gain a personal advantage. Bribing a foreign official: You arrange for the business to pay an additional "facilitation" payment to a foreign official to speed up an administrative process for Wiz. The offence of bribing a foreign public official is committed as soon as the offer is made. This is because it is made to gain a business advantage for us. We may also be found to have committed an offence. |
- Facilitation Payments, also known as “back-handers” or “grease payments,” are typically small, unofficial payments made to secure or expedite a routine or necessary action (for example, by a government official).
- Kickbacks are typically payments made in return for a business favor or advantage.
- Third Party means any individual or organization you come into contact with during the course of your work for or with Wiz, and includes actual and potential clients, customers, suppliers, distributors, business contacts, agents, advisers, and government and public bodies, including their advisors, representatives and officials, politicians and political parties.
What You Must Not Do
It is not acceptable for you (or someone on your behalf) to:
- give, promise to give, or offer, a payment, gift or hospitality with the expectation or hope that a business advantage will be received, or to reward a business advantage already given;
- give or accept a gift or hospitality during any commercial negotiations or tender process, if this could be perceived as intended or likely to influence the outcome;
- accept a payment, gift or hospitality from a third party that you know or suspect is offered with the expectation that it will provide a business advantage for them or anyone else in return;
- offer or accept a gift to or from government officials or representatives, or politicians or political parties, without the prior approval of the legal team;
- threaten or retaliate against another individual who has refused to commit a bribery offence or who has raised concerns under this policy; or
- engage in any other activity that might lead to a breach of this policy.
Facilitation Payments and Kickbacks
We do not make, and will not accept, facilitation payments or "kickbacks" of any kind. See section 2 for definitions of these terms.
You must avoid any activity that might lead to a facilitation payment or kickback being made or accepted by us or on our behalf, or that might suggest that such a payment will be made or accepted. If you are asked to make a payment on our behalf, you should always be mindful of what the payment is for and whether the amount requested is proportionate to the goods or services provided. You should always ask for a receipt which details the reason for the payment. If you have any suspicions, concerns, or queries regarding a payment, you should raise these with Wiz's legal team.
Gifts, Hospitality, and Expenses
This policy allows reasonable and appropriate hospitality or entertainment given to or received from third parties, for the purposes of:
- establishing or maintaining good business relationships;
- improving or maintaining our image or reputation; or
- marketing or presenting our products and/or services effectively.
The giving and accepting of gifts is allowed if the following requirements are met:
- it is not made with the intention of influencing a third party to obtain or retain business or a business advantage, or to reward the provision or retention of business or a business advantage, or in explicit or implicit exchange for favors or benefits;
- it is appropriate in the circumstances, taking account of the reason for the gift, its timing and value;
- it is given openly, not secretly; and
- it complies with any applicable local law.
Promotional gifts of low value such to or from existing customers, suppliers and business partners will usually be acceptable.
Reimbursing a third party's expenses or accepting an offer to reimburse our expenses (for example, the costs of attending a business meeting) would not usually amount to bribery. However, in excess of genuine and reasonable business expenses (such as the cost of an extended hotel stay) is not acceptable.
We appreciate that practice varies between countries and regions and what may be normal and acceptable in one region may not be in another. The test to be applied is whether in all the circumstances the gift, hospitality or payment is reasonable and justifiable. The intention behind it should always be considered.
Donations
We do not make contributions to political parties.
We only make charitable donations that are legal and ethical under local laws and practices.
Record-Keeping
We must keep financial records and have appropriate internal controls in place which will evidence the business reason for making payments to third parties.
You must declare and keep a written record of all hospitality or gifts given or received, which will be subject to managerial review.
You must submit all expenses claims relating to hospitality, gifts, or payments to third parties in accordance with our expenses policy and record the reason for expenditure.
All accounts, invoices, and other records relating to dealings with third parties including suppliers and customers should be prepared with strict accuracy and completeness. Accounts must not be kept "off-book" to facilitate or conceal improper payments.
Your Responsibilities
You must ensure that you read, understand, and comply with this policy.
The prevention, detection and reporting of bribery and other forms of corruption are the responsibility of all those working for Wiz or under Wiz's control. You are required to avoid any activity that might lead to, or suggest, a breach of this policy.
You must notify the Wiz legal team as soon as possible if you believe or suspect that a conflict with this policy has occurred or may occur in the future. For example, if a customer or potential customer offers you something to gain a business advantage with us or indicates to you that a gift or payment is required to secure their business. Further "red flags" that may indicate bribery or corruption are set out in section 13.
How to Raise a Concern
You are encouraged to raise concerns about any issue or suspicion of bribery or corruption at the earliest possible stage.
If you are offered a bribe, or are asked to make one, or if you believe or suspect that any bribery, corruption, or other breach of this policy has occurred or may occur, you must notify your manager, the HR team, or the legal team as soon as possible.
If you are unsure about whether a particular act constitutes bribery or corruption, raise it with your manager, the HR team, or the legal team.
Protection
Individuals who refuse to accept or offer a bribe or who raise concerns or report another's wrongdoing are sometimes worried about possible repercussions. We aim to encourage openness and will support anyone who raises genuine concerns in good faith under this policy, even if they turn out to be mistaken.
We are committed to ensuring no one suffers any detrimental treatment as a result of refusing to take part in bribery or corruption, or because of reporting in good faith their suspicion that an actual or potential bribery or other corruption offence has taken place or may take place in the future. Damaging treatment includes dismissal, disciplinary action, threats, or other unfavorable treatment connected with raising a concern. If you believe that you have suffered any such treatment, you should inform the legal team immediately.
Training and Communication
Training on this policy will be provided as necessary.
Our zero-tolerance approach to bribery and corruption must be communicated to all suppliers, contractors, and business partners at the outset of our business relationship with them and as appropriate thereafter.
Breaches of this Policy
Any employee who breaches this policy will face disciplinary action, up to dismissal for misconduct or gross misconduct.
We may terminate our relationship with other individuals and organizations working on our behalf if they breach this policy.
Potential Risk Scenarios: “Red Flags”
The following is a list of possible red flags that may arise during the course of your work for or with Wiz and which may raise concerns under various anti-bribery and anti-corruption laws. The list is not intended to be exhaustive and is for illustrative purposes only.
If you encounter any of these red flags while working for or with Wiz, you must report them promptly to your manager, the HR team or legal team:
- you become aware that a third party engages in, or has been accused of engaging in, improper business practices;
- you learn that a third party has a reputation for paying bribes, or requiring that bribes are paid to them, or has a reputation for having a "special relationship" with foreign government officials;
- a third party insists on receiving a commission or fee payment before carrying out a government function or process for us;
- a third-party requests payment in cash and/or refuses to sign a formal commission or fee agreement, or to provide an invoice or receipt for a payment made;
- a third party requests that payment is made to a country or geographic location different from where the third party resides or conducts business;
- a third party requests an unexpected additional fee or commission to "facilitate" a service;
- a third party demands lavish entertainment or gifts before commencing or continuing contractual negotiations or provision of services;
- a third party requests that a payment is made to "overlook" potential legal violations;
- a third party requests that you provide employment or some other advantage to a friend or relative;
- you receive an invoice from a third party that appears to be non-standard or customized;
- a third party insists on the use of side letters or refuses to put terms agreed in writing;
- you notice that we have been invoiced for a commission or fee payment that appears large given the service stated to have been provided;
- a third party requests or requires the use of an agent, intermediary, consultant, distributor, or supplier that is not typically used by or known to us; or
- you are offered an unusually generous gift or lavish hospitality by a third party.
Document Ownership and Approval
- The Wiz Legal team is the owner of this document.
- This policy is designated as non-critical; the Wiz Legal team is responsible for ensuring the policy is reviewed and approved every second year.
- The current version of this document is available to all staff on the internal policy management tool.
- This Policy was approved by Mya Joel, Privacy Officer & Legal Counsel and is issued on a version-controlled basis.
- Change Record
Version | Author | Approver | Approval Date | Description of Changes |
2.0 | Gosia Gilad | Mya Joel | 16 July 2023 | Template and formatting updates |
Effective June 12th 2023 to August 29th 2023
DownloadTable of Contents
WIZ ANTI-CORRUPTION AND BRIBERY POLICY
Contents
3. WHO DOES THIS POLICY APPLY TO?
4. WHO IS RESPONSIBLE FOR THE POLICY?
7. FACILITATION PAYMENTS AND KICKBACKS
8. GIFTS, HOSPITALITY, AND EXPENSES
14. TRAINING AND COMMUNICATION
16. POTENTIAL RISK SCENARIOS: "RED FLAGS"8
- POLICY STATEMENT
- We conduct all our business in an honest and ethical manner. We take a zero-tolerance approach to bribery and corruption and are committed to acting professionally, fairly and with integrity in all our business dealings and relationships wherever we operate and implementing and enforcing effective systems to counter bribery and corruption.
- We take our legal responsibilities very seriously. We will uphold all laws relevant to countering bribery and corruption in all the jurisdictions in which we operate.
- ABOUT THIS POLICY
- WHO DOES THIS POLICY APPLY TO?
This policy applies to all persons working for Wiz or on Wiz's behalf in any capacity, including employees at all levels, directors, officers, agency workers, volunteers, interns, agents, contractors, external consultants, third-party representatives and business partners, sponsors, or any other person associated with us, wherever located. - WHO IS RESPONSIBLE FOR THE POLICY?
Wiz's legal team has the overall responsibility for the effective operation of this policy. However, Wiz's management shall ensure the overall enforcement of this policy throughout the company. Suggestions for change should be reported to Wiz's legal team. - DEFINITIONS
- Bribery is offering, promising, giving or accepting any financial or other advantage, to induce the recipient or any other person to act improperly in the performance of their functions, or to reward them for acting improperly, or where the recipient would act improperly by accepting the advantage.
- An advantage includes money, gifts, loans, fees, hospitality, services, discounts, the award of a contract or anything else of value.
- A person acts improperly where they act illegally, unethically, or contrary to an expectation of good faith or impartiality, or where they abuse a position of trust. The improper acts may be in relation to any business or professional activities, public functions, acts in the course of employment, or other activities by or on behalf of any organization of any kind.
It is a criminal offence to offer, promise, give, request, or accept a bribe. Individuals found guilty can be punished with imprisonment and/or fines and employers that fail to prevent bribery can face an unlimited fine, exclusion from tendering for public contracts, and damage to its reputation.
- Corruption is the abuse of entrusted power or position for private gain.
- Facilitation payments, also known as "back-handers" or "grease payments", are typically small, unofficial payments made to secure or expedite a routine or necessary action (for example by a government official).
- Kickbacks are typically payments made in return for a business favor or advantage.
- Third party means any individual or organization you come into contact with during the course of your work for or with Wiz, and includes actual and potential clients, customers, suppliers, distributors, business contacts, agents, advisers, and government and public bodies, including their advisors, representatives and officials, politicians and political parties.
- Bribery is offering, promising, giving or accepting any financial or other advantage, to induce the recipient or any other person to act improperly in the performance of their functions, or to reward them for acting improperly, or where the recipient would act improperly by accepting the advantage.
Examples: Offering a bribe: You offer a potential client tickets to a major sporting event, but only if they agree to do business with Wiz. This would be an offence as you are making the offer to gain a commercial and contractual advantage. We may also be found to have committed an offence because the offer has been made to obtain business for Wiz. It may also be an offence for the potential client to accept your offer. Receiving a bribe: A supplier gives your nephew a job, but makes it clear that in return they expect you to use your influence at Wiz to ensure we continue to do business with them. It is an offence for a supplier to make such an offer. It would be an offence for you to accept the offer as you would be doing so to gain a personal advantage. Bribing a foreign official: You arrange for the business to pay an additional "facilitation" payment to a foreign official to speed up an administrative process for Wiz. The offence of bribing a foreign public official is committed as soon as the offer is made. This is because it is made to gain a business advantage for us. We may also be found to have committed an offence. |
It is not acceptable for you (or someone on your behalf) to:
- give, promise to give, or offer, a payment, gift or hospitality with the expectation or hope that a business advantage will be received, or to reward a business advantage already given;
- give or accept a gift or hospitality during any commercial negotiations or tender process, if this could be perceived as intended or likely to influence the outcome;
- accept a payment, gift or hospitality from a third party that you know or suspect is offered with the expectation that it will provide a business advantage for them or anyone else in return;
- offer or accept a gift to or from government officials or representatives, or politicians or political parties, without the prior approval of the legal team;
- threaten or retaliate against another individual who has refused to commit a bribery offence or who has raised concerns under this policy; or
- engage in any other activity that might lead to a breach of this policy.
- We do not make, and will not accept, facilitation payments or "kickbacks" of any kind. See clause 5 for definitions of these terms.
- You must avoid any activity that might lead to a facilitation payment or kickback being made or accepted by us or on our behalf, or that might suggest that such a payment will be made or accepted. If you are asked to make a payment on our behalf, you should always be mindful of what the payment is for and whether the amount requested is proportionate to the goods or services provided. You should always ask for a receipt which details the reason for the payment. If you have any suspicions, concerns, or queries regarding a payment, you should raise these with Wiz's legal team.
- This policy allows reasonable and appropriate hospitality or entertainment given to or received from third parties, for the purposes of:
- The giving and accepting of gifts is allowed if the following requirements are met:
- it is not made with the intention of influencing a third party to obtain or retain business or a business advantage, or to reward the provision or retention of business or a business advantage, or in explicit or implicit exchange for favors or benefits;
- it is appropriate in the circumstances, taking account of the reason for the gift, its timing and value;
- it is given openly, not secretly; and
- it complies with any applicable local law.
- Promotional gifts of low value such to or from existing customers, suppliers and business partners will usually be acceptable.
- Reimbursing a third party's expenses or accepting an offer to reimburse our expenses (for example, the costs of attending a business meeting) would not usually amount to bribery. However, in excess of genuine and reasonable business expenses (such as the cost of an extended hotel stay) is not acceptable.
- We appreciate that practice varies between countries and regions and what may be normal and acceptable in one region may not be in another. The test to be applied is whether in all the circumstances the gift, hospitality or payment is reasonable and justifiable. The intention behind it should always be considered.
- We do not make contributions to political parties.
- We only make charitable donations that are legal and ethical under local laws and practices.
- We must keep financial records and have appropriate internal controls in place which will evidence the business reason for making payments to third parties.
- You must declare and keep a written record of all hospitality or gifts given or received, which will be subject to managerial review.
- You must submit all expenses claims relating to hospitality, gifts or payments to third parties in accordance with our expenses policy and record the reason for expenditure.
- All accounts, invoices, and other records relating to dealings with third parties including suppliers and customers should be prepared with strict accuracy and completeness. Accounts must not be kept "off-book" to facilitate or conceal improper payments.
- You must ensure that you read, understand, and comply with this policy.
- The prevention, detection and reporting of bribery and other forms of corruption are the responsibility of all those working for Wiz or under Wiz's control. You are required to avoid any activity that might lead to, or suggest, a breach of this policy.
- You must notify legal team as soon as possible if you believe or suspect that a conflict with this policy has occurred, or may occur in the future. For example, if a customer or potential customer offers you something to gain a business advantage with us or indicates to you that a gift or payment is required to secure their business. Further "red flags" that may indicate bribery or corruption are set out in clause 16.
- You are encouraged to raise concerns about any issue or suspicion of bribery or corruption at the earliest possible stage.
- If you are offered a bribe, or are asked to make one, or if you believe or suspect that any bribery, corruption, or other breach of this policy has occurred or may occur, you must notify your manager, the HR team or the legal team as soon as possible.
- If you are unsure about whether a particular act constitutes bribery or corruption, raise it with your manager, the HR team or the legal team.
- Individuals who refuse to accept or offer a bribe, or who raise concerns or report another's wrongdoing, are sometimes worried about possible repercussions. We aim to encourage openness and will support anyone who raises genuine concerns in good faith under this policy, even if they turn out to be mistaken.
- We are committed to ensuring no one suffers any detrimental treatment as a result of refusing to take part in bribery or corruption, or because of reporting in good faith their suspicion that an actual or potential bribery or other corruption offence has taken place or may take place in the future. Damaging treatment includes dismissal, disciplinary action, threats or other unfavorable treatment connected with raising a concern. If you believe that you have suffered any such treatment, you should inform the legal team immediately.
- Training on this policy will be provided as necessary.
- Our zero-tolerance approach to bribery and corruption must be communicated to all suppliers, contractors, and business partners at the outset of our business relationship with them and as appropriate thereafter.
- Any employee who breaches this policy will face disciplinary action, which could result in dismissal for misconduct or gross misconduct.
- We may terminate our relationship with other individuals and organizations working on our behalf if they breach this policy.
The following is a list of possible red flags that may arise during the course of you working for or with Wiz and which may raise concerns under various anti-bribery and anti-corruption laws. The list is not intended to be exhaustive and is for illustrative purposes only.
If you encounter any of these red flags while working for or with Wiz, you must report them promptly to your manager, the HR team or legal team:
- you become aware that a third party engages in, or has been accused of engaging in, improper business practices;
- you learn that a third party has a reputation for paying bribes, or requiring that bribes are paid to them, or has a reputation for having a "special relationship" with foreign government officials;
- a third party insists on receiving a commission or fee payment before carrying out a government function or process for us;
- a third-party requests payment in cash and/or refuses to sign a formal commission or fee agreement, or to provide an invoice or receipt for a payment made;
- a third-party requests that payment is made to a country or geographic location different from where the third party resides or conducts business;
- a third party requests an unexpected additional fee or commission to "facilitate" a service;
- a third party demands lavish entertainment or gifts before commencing or continuing contractual negotiations or provision of services;
- a third-party requests that a payment is made to "overlook" potential legal violations;
- a third-party requests that you provide employment or some other advantage to a friend or relative;
- you receive an invoice from a third party that appears to be non-standard or customized;
- a third party insists on the use of side letters or refuses to put terms agreed in writing;
- you notice that we have been invoiced for a commission or fee payment that appears large given the service stated to have been provided;
- a third party requests or requires the use of an agent, intermediary, consultant, distributor or supplier that is not typically used by or known to us; or
- you are offered an unusually generous gift or offered lavish hospitality by a third party.
Effective May 24th 2023 to June 12th 2023
DownloadTable of Contents
WIZ ANTI-CORRUPTION AND BRIBERY POLICY
Contents
WIZ ANTI-CORRUPTION AND BRIBERY POLICY1
3.WHO DOES THIS POLICY APPLY TO?3
4.WHO IS RESPONSIBLE FOR THE POLICY?3
7.FACILITATION PAYMENTS AND KICKBACKS5
8.GIFTS, HOSPITALITY, AND EXPENSES5
14.TRAINING AND COMMUNICATION7
16.POTENTIAL RISK SCENARIOS: "RED FLAGS"8
- POLICY STATEMENT
- We conduct all our business in an honest and ethical manner. We take a zero-tolerance approach to bribery and corruption and are committed to acting professionally, fairly and with integrity in all our business dealings and relationships wherever we operate and implementing and enforcing effective systems to counter bribery and corruption.
- We take our legal responsibilities very seriously. We will uphold all laws relevant to countering bribery and corruption in all the jurisdictions in which we operate.
- ABOUT THIS POLICY
- WHO DOES THIS POLICY APPLY TO?
This policy applies to all persons working for Wiz or on Wiz's behalf in any capacity, including employees at all levels, directors, officers, agency workers, volunteers, interns, agents, contractors, external consultants, third-party representatives and business partners, sponsors, or any other person associated with us, wherever located.
- DEFINITIONS
- Bribery is offering, promising, giving or accepting any financial or other advantage, to induce the recipient or any other person to act improperly in the performance of their functions, or to reward them for acting improperly, or where the recipient would act improperly by accepting the advantage.
- An advantage includes money, gifts, loans, fees, hospitality, services, discounts, the award of a contract or anything else of value.
- A person acts improperly where they act illegally, unethically, or contrary to an expectation of good faith or impartiality, or where they abuse a position of trust. The improper acts may be in relation to any business or professional activities, public functions, acts in the course of employment, or other activities by or on behalf of any organization of any kind.
- Bribery is offering, promising, giving or accepting any financial or other advantage, to induce the recipient or any other person to act improperly in the performance of their functions, or to reward them for acting improperly, or where the recipient would act improperly by accepting the advantage.
It is a criminal offence to offer, promise, give, request, or accept a bribe. Individuals found guilty can be punished with imprisonment and/or fines and employers that fail to prevent bribery can face an unlimited fine, exclusion from tendering for public contracts, and damage to its reputation.
Examples: Offering a bribe: You offer a potential client tickets to a major sporting event, but only if they agree to do business with Wiz. This would be an offence as you are making the offer to gain a commercial and contractual advantage. We may also be found to have committed an offence because the offer has been made to obtain business for Wiz. It may also be an offence for the potential client to accept your offer. Receiving a bribe: A supplier gives your nephew a job, but makes it clear that in return they expect you to use your influence at Wiz to ensure we continue to do business with them. It is an offence for a supplier to make such an offer. It would be an offence for you to accept the offer as you would be doing so to gain a personal advantage. Bribing a foreign official: You arrange for the business to pay an additional "facilitation" payment to a foreign official to speed up an administrative process for Wiz. The offence of bribing a foreign public official is committed as soon as the offer is made. This is because it is made to gain a business advantage for us. We may also be found to have committed an offence. |
- Facilitation payments, also known as "back-handers" or "grease payments", are typically small, unofficial payments made to secure or expedite a routine or necessary action (for example by a government official).
- Kickbacks are typically payments made in return for a business favor or advantage.
- Third party means any individual or organization you come into contact with during the course of your work for or with Wiz, and includes actual and potential clients, customers, suppliers, distributors, business contacts, agents, advisers, and government and public bodies, including their advisors, representatives and officials, politicians and political parties.
It is not acceptable for you (or someone on your behalf) to:
- give, promise to give, or offer, a payment, gift or hospitality with the expectation or hope that a business advantage will be received, or to reward a business advantage already given;
- give or accept a gift or hospitality during any commercial negotiations or tender process, if this could be perceived as intended or likely to influence the outcome;
- accept a payment, gift or hospitality from a third party that you know or suspect is offered with the expectation that it will provide a business advantage for them or anyone else in return;
- offer or accept a gift to or from government officials or representatives, or politicians or political parties, without the prior approval of the legal team;
- threaten or retaliate against another individual who has refused to commit a bribery offence or who has raised concerns under this policy; or
- engage in any other activity that might lead to a breach of this policy.
- FACILITATION PAYMENTS AND KICKBACKS
- We do not make, and will not accept, facilitation payments or "kickbacks" of any kind. See clause 5 for definitions of these terms.
- You must avoid any activity that might lead to a facilitation payment or kickback being made or accepted by us or on our behalf, or that might suggest that such a payment will be made or accepted. If you are asked to make a payment on our behalf, you should always be mindful of what the payment is for and whether the amount requested is proportionate to the goods or services provided. You should always ask for a receipt which details the reason for the payment. If you have any suspicions, concerns, or queries regarding a payment, you should raise these with Wiz's legal team.
- GIFTS, HOSPITALITY, AND EXPENSES
- This policy allows reasonable and appropriate hospitality or entertainment given to or received from third parties, for the purposes of:
- The giving and accepting of gifts is allowed if the following requirements are met:
- it is not made with the intention of influencing a third party to obtain or retain business or a business advantage, or to reward the provision or retention of business or a business advantage, or in explicit or implicit exchange for favors or benefits;
- it is appropriate in the circumstances, taking account of the reason for the gift, its timing and value;
- it is given openly, not secretly; and
- it complies with any applicable local law.
- Promotional gifts of low value such to or from existing customers, suppliers and business partners will usually be acceptable.
- Reimbursing a third party's expenses or accepting an offer to reimburse our expenses (for example, the costs of attending a business meeting) would not usually amount to bribery. However, in excess of genuine and reasonable business expenses (such as the cost of an extended hotel stay) is not acceptable.
- We appreciate that practice varies between countries and regions and what may be normal and acceptable in one region may not be in another. The test to be applied is whether in all the circumstances the gift, hospitality or payment is reasonable and justifiable. The intention behind it should always be considered.
- DONATIONS
- RECORD-KEEPING
- We must keep financial records and have appropriate internal controls in place which will evidence the business reason for making payments to third parties.
- You must declare and keep a written record of all hospitality or gifts given or received, which will be subject to managerial review.
- You must submit all expenses claims relating to hospitality, gifts or payments to third parties in accordance with our expenses policy and record the reason for expenditure.
- All accounts, invoices, and other records relating to dealings with third parties including suppliers and customers should be prepared with strict accuracy and completeness. Accounts must not be kept "off-book" to facilitate or conceal improper payments.
- YOUR RESPONSIBILITIES
- You must ensure that you read, understand, and comply with this policy.
- The prevention, detection and reporting of bribery and other forms of corruption are the responsibility of all those working for Wiz or under Wiz's control. You are required to avoid any activity that might lead to, or suggest, a breach of this policy.
- You must notify legal team as soon as possible if you believe or suspect that a conflict with this policy has occurred, or may occur in the future. For example, if a customer or potential customer offers you something to gain a business advantage with us or indicates to you that a gift or payment is required to secure their business. Further "red flags" that may indicate bribery or corruption are set out in clause 16.
- HOW TO RAISE A CONCERN
- You are encouraged to raise concerns about any issue or suspicion of bribery or corruption at the earliest possible stage.
- If you are offered a bribe, or are asked to make one, or if you believe or suspect that any bribery, corruption, or other breach of this policy has occurred or may occur, you must notify your manager, the HR team or the legal team as soon as possible.
- If you are unsure about whether a particular act constitutes bribery or corruption, raise it with your manager, the HR team or the legal team.
- PROTECTION
- Individuals who refuse to accept or offer a bribe, or who raise concerns or report another's wrongdoing, are sometimes worried about possible repercussions. We aim to encourage openness and will support anyone who raises genuine concerns in good faith under this policy, even if they turn out to be mistaken.
- We are committed to ensuring no one suffers any detrimental treatment as a result of refusing to take part in bribery or corruption, or because of reporting in good faith their suspicion that an actual or potential bribery or other corruption offence has taken place or may take place in the future. Damaging treatment includes dismissal, disciplinary action, threats or other unfavorable treatment connected with raising a concern. If you believe that you have suffered any such treatment, you should inform the legal team immediately.
- TRAINING AND COMMUNICATION
- BREACHES OF THIS POLICY
- POTENTIAL RISK SCENARIOS: "RED FLAGS"
The following is a list of possible red flags that may arise during the course of you working for or with Wiz and which may raise concerns under various anti-bribery and anti-corruption laws. The list is not intended to be exhaustive and is for illustrative purposes only.
If you encounter any of these red flags while working for or with Wiz, you must report them promptly to your manager, the HR team or legal team:
- you become aware that a third party engages in, or has been accused of engaging in, improper business practices;
- you learn that a third party has a reputation for paying bribes, or requiring that bribes are paid to them, or has a reputation for having a "special relationship" with foreign government officials;
- a third party insists on receiving a commission or fee payment before carrying out a government function or process for us;
- a third-party requests payment in cash and/or refuses to sign a formal commission or fee agreement, or to provide an invoice or receipt for a payment made;
- a third-party requests that payment is made to a country or geographic location different from where the third party resides or conducts business;
- a third party requests an unexpected additional fee or commission to "facilitate" a service;
- a third party demands lavish entertainment or gifts before commencing or continuing contractual negotiations or provision of services;
- a third-party requests that a payment is made to "overlook" potential legal violations;
- a third-party requests that you provide employment or some other advantage to a friend or relative;
- you receive an invoice from a third party that appears to be non-standard or customized;
- a third party insists on the use of side letters or refuses to put terms agreed in writing;
- you notice that we have been invoiced for a commission or fee payment that appears large given the service stated to have been provided;
- a third party requests or requires the use of an agent, intermediary, consultant, distributor or supplier that is not typically used by or known to us; or
- you are offered an unusually generous gift or offered lavish hospitality by a third party.
Wiz Code of Conduct
Effective September 27th 2024
DownloadTable of Contents
WIZ CODE OF CONDUCT
2. RESPONSIBILITY FOR THE CODE
6. DOCUMENT OWNERSHIP AND APPROVAL
1. PURPOSE AND SCOPE
The purpose of this code of conduct is to:
- Explain Wiz's values and how they relate both to our day-to-day work and the key ethical issues Wiz faces.
- Provide information and guidance in relation to how we should conduct ourselves when carrying out business.
- Explain how we expect our employees, suppliers, partners, vendors, agents, advisors and/or our representatives (collectively, "Partners") to conduct themselves when engaging with Wiz, acting on behalf of Wiz and/or otherwise providing services to Wiz.
This code of conduct applies to all persons working for or with Wiz including all Partners and employees at all levels, directors, officers, agency workers, volunteers, interns and individual temporary or fixed term contractors, wherever located (collectively, “Representatives”).
Wiz may amend this code of conduct from time to time and shall make available such amendments to all Representatives.
1.1 Wiz Values
Be Truthful
- Strong in authentic communication
- Able to build trust with stakeholders
- Comfortable with saying “I don’t know,” and wanting to learn
- Flexibility – able to adjust quickly to change
Lead by Example
- Live up to values, not just talk
- Roll up sleeve mentality
- Solution oriented – identify the problem and then plan for moving forward
- Able to express a strong, clear point of view
Win Together
- Excellence in teamwork
- Focus on building Raving Fans
- Excited to build together
- Accessible to all – excited to interact with anyone at company to help
Execute with Excellence
- Highly accountable – we deliver on our promises
- Relentless focus – customer delight is always top of mind
- Create – think outside the box and build the Wiz playbook
Act Confident, Stay Humble
- Learn it All mentality
- Strong drive for improvement
- Able to listen and open to change
- Above and beyond for everyone – never saying “it is not my job”
2. RESPONSIBILITY FOR THE CODE
Management at all levels are responsible for ensuring those reporting to them understand and comply with this code of conduct and are given adequate and regular training on it and the issues covered by it.
3. PRINCIPLES AND ETHICS
3.1 Standards of Behavior
Wiz employees or “Wizards” are ambassadors of the Wiz brand and a critical aspect of what makes up the Wiz DNA. As such, we hold a high bar for the standard of behavior expected. Wizards have a responsibility to treat others with dignity and respect at all times and exhibit conduct that reflects inclusion during work, at work functions on or off the worksite, and all other company-sponsored events. Behavior exhibited that does not reflect the Wiz values could be deemed misconduct. Misconduct will not be tolerated and could be grounds for disciplinary action up to and including termination of employment.
Examples of misconduct include, but are not limited to, the following:
- Refusal to perform or follow reasonable directions or prescribed procedures or any form of insubordination;
- Theft or unauthorized removal of company property or the property of others;
- Any action deemed to not align with Wiz values or be considered detrimental to our culture;
- Defacing, damaging, or destroying property of the company or others;
- Possession of illegal drugs on company premises;
- Abusive or discourteous treatment of client, customers, guests, or other employees;
- Any behavior that creates an intimidating, hostile, or offensive work environment or has an adverse effect on work performance;
- Revealing, disclosing, or making available any information considered “confidential” to unauthorized persons;
- Misrepresentation or omission of facts in obtaining employment;
- Falsification of any record of hours worked or tampering with any other employee’s record;
- Failure to comply with fire, safety, and health rules, instructions, or practices;
- Fighting, serious violence, or verbal threats; or
- Possession of a firearm or other weapon on company property.
This list is for illustrative purposes only and does not constitute a complete list of behavior that is considered inappropriate. In general, based on high ethical principles, the use of good judgement will guide you with respect to lines of acceptable conduct. If a situation arises where it is difficult to determine the proper course of action, the matter should be discussed openly with your leader and/or any member of the HRBP team for advice and consultation.
Compliance with this policy of business ethics and conduct is the responsibility of every Wizard.
3.2 Human Rights
Wiz supports the fundamental human rights of all people. We respect and do not interfere with the right of our Representatives to decide whether to lawfully associate with groups of their choice, including the right to form or joint trade unions and/or to engage in collective bargaining. Wiz strives to embed human rights in existing operations by multiple means: assessing the risks, increasing awareness, fostering due diligence, strengthening the legal framework, collaborating in collective actions, opening dialogue and transparent reporting. Where faced with human rights violations, Wiz implements adequate remediation.
3.3 Equal opportunities, inclusion and diversity
Wiz is committed to diversity and equal opportunities for everyone. Wiz respects the unique attributes and perspectives of our Representatives. Wiz provides equal treatment and equal employment opportunity without regard to race, ethnicity, color, religion, gender, age, national origin or ancestry, physical or mental disability, sexual orientation, military status or any other basis protected by law.
3.4 Employment
Wiz compensates its employees in accordance with applicable laws and pays fair wages in line with applicable laws including adequate rest periods and leave. Wiz is committed to ensuring that the services we provide are delivered in a way that respects human rights and protects the fundamental dignity of workers. This includes ensuring that there is no slavery, servitude, forced or compulsory human labor, human trafficking, child labor, debt bondage and deceptive recruiting for labor or any other form of modern slavery in any part of our business or in our supply chains.
3.5 Safe Work Environment
Wiz provides a safe, healthy, and sanitary working environment. This includes the implementation of safeguards to prevent workplace hazards and work-related accidents and injuries.
3.6 Confidential Information
Confidential information is a valuable asset. In the course Wiz's operations, we may be entrusted with information that must be kept confidential. Our confidential business information must be kept secure for Wiz to remain competitive and successful. Confidential information may include, for example, unpublished sales and financial information, internal operations at Wiz, product or operating formulas and methods, information relating to Wiz's platform, roadmap, marketing plans, research results, employee data, and information about Wiz and its Representatives.
Unauthorized disclosure of Wiz's confidential information will adversely affect Wiz and its business. Wiz trusts its employees and Representatives to ensure the secrecy of Wiz's confidential information and to not disclose confidential information outside of Wiz.
Wiz also receives confidential information about third parties such as the Confidential Information of its Representatives. Wiz has an obligation to protect such third-party confidential information in the same way that it protects its own Confidential Information.
3.7 Data Privacy
The protection and responsible use of personal data is a priority for Wiz. Wiz is committed to collecting and using data in a lawful, fair, legitimate and ethical way, and will always respect the privacy of individuals in order to earn and deserve their trust. Wiz ensures that its processing of personal data by itself or by itself and its Representatives, is in compliance with laws. Representatives with access to personal data are expected to apply the privacy principles of lawful, fair and transparent data processing, respecting any purpose limitations, as well as the principles of data minimization, accuracy, storage limitation, integrity and confidentiality. Wiz implements and continuously monitors its security measures to protect individuals’ privacy rights.
3.8 Bribery and Corruption
All Wiz Representatives must comply with applicable anti-corruption laws, regardless of personal location or place of business. Representatives shall review and ensure full compliance with Wiz's Anti Corruption and Bribery Policy. Anti-corruption laws include prohibitions on bribing government officials, or engaging in kickbacks and bribery with private parties (also known as commercial bribery). Wiz prohibits all forms of bribery or kickbacks. Wiz does not tolerate violations. Representatives must not offer, directly or indirectly, any form of gift, entertainment or anything of value to any government official or his or her representatives to: (a) obtain or retain business; (b) influence business decisions; (c) expedite a process; or (d) secure an unfair advantage. Wiz also prohibits payments to government officials to expedite or ensure routine actions, such as issuing licenses, permits or visas. These prohibitions apply to Wiz's business operations and to any third parties acting on Wiz's behalf. For purposes of anti-bribery laws, government officials include elected and appointed officers or employees of national, municipal or local governments (including individuals holding legislative, administrative and judicial positions), officials of political parties and candidates for political offices, and employees of government or state-controlled companies.
3.9. Free and Fair Competition
Wiz is committed to free, fair, and open competition, which is an essential feature of healthy business markets. Competition fosters innovation, productivity and growth. Fair competition laws (often called Antitrust or Competition laws) are intended to promote and protect competition. Such laws ensure a level playing field for all businesses, which in turn support healthy local and global economies. Wiz carefully follow these laws in all of its business.
3.10 Conflicts of Interest
A conflict of interest exists when a Representative's personal interests are inconsistent with those of Wiz and create conflicting loyalties. Wiz requires that its Representatives avoid situations where their personal interests conflict, or appear to conflict, with the interests of Wiz. Representatives should not use their position at Wiz for personal benefit or to benefit relatives or close associates. Many actual or potential conflicts of interest can be resolved in an acceptable way for both the individual and Wiz. In case of a conflict of interest, the Representatives concerned should immediately inform their manager or Wiz business stakeholder in order to find an appropriate solution.
3.11. Wiz and its Community
As part of the global community, we recognize our important role in helping to address some of the world’s significant challenges. We endeavor to make our communities better places to live and work. Wiz encourages its Representatives to get involved in activities that strengthen communities. Wiz's ability to build relationships with our communities is critical to our long-term success.
3.12. Environment & Sustainability
At Wiz we strive to minimize environmental pollution and make continuous improvements in environmental protection and sustainability through our actions, including by considering environmental impact when sourcing or delivering services. Wiz and our suppliers are required to act in accordance with applicable statutory and international standards regarding the environment.
4. TRAINING AND COMPLIANCE
Wiz shall train its employees to ensure awareness and compliance with the requirements of this Code. However, Wiz believes that the sense of responsibility of each Representative is the basis of compliance. Thus, Wiz expects its Representatives to constantly and adequately identify, assess and manage the compliance risks that fall within the sphere of Wiz's business responsibilities.
Wiz encourages it Representatives to report any violations of this code of conduct to their manager or Wiz business stakeholder and/or to Wiz's legal team, including via Wiz’s anonymous hotline reporting tool.
5. RELATED DOCUMENTS
Wiz Anti Corruption and Bribery Policy
6. DOCUMENT OWNERSHIP AND APPROVAL
6.1 The Wiz Legal team is the owner of this document.
6.2 This policy is designated as critical; Wiz Legal team is responsible for ensuring the policy is reviewed and approved annually.
6.3 The current version of this document is available to all staff on the internal policy management tool.
6.4 This code of conduct was approved by Emma Berkenfeld and issued on a version-controlled basis.
Effective November 21st 2023 to September 27th 2024
DownloadTable of Contents
WIZ CODE OF CONDUCT
1. ABOUT THIS CODE OF CONDUCT
2. WHO THIS CODE APPLIES TO
3. RESPONSIBILITY FOR THE CODE
4. PRINCIPALS AND ETHICS
5. TRAINING AND ENSURING COMPLIANCE
- Explain Wiz's values and how they relate both to our day-to-day work and the key ethical issues Wiz faces.
- Provide information and guidance in relation to how we should conduct ourselves when carrying out business; and
- Explain how we expect our employees, suppliers, partners, vendors, agents, advisors and/or our representatives (collectively, "Representatives") to conduct themselves when engaging with Wiz, acting on behalf of Wiz and/or otherwise providing services to Wiz.
Effective November 17th 2023 to November 21st 2023
DownloadTable of Contents
WIZ CODE OF CONDUCT
5.TRAINING AND ENSURING COMPLIANCE
- Explain Wiz's values and how they relate both to our day-to-day work and the key ethical issues Wiz faces.
- Provide information and guidance in relation to how we should conduct ourselves when carrying out business; and
- Explain how we expect our employees, suppliers, partners, vendors, agents, advisors and/or our representatives (collectively, "Representatives") to conduct themselves when engaging with Wiz, acting on behalf of Wiz and/or otherwise providing services to Wiz.
Effective October 9th 2023 to November 17th 2023
DownloadTable of Contents
WIZ CODE OF CONDUCT
Contents
5.TRAINING AND ENSURING COMPLIANCE
- Explain Wiz's values and how they relate both to our day-to-day work and the key ethical issues Wiz faces.
- Provide information and guidance in relation to how we should conduct ourselves when carrying out business; and
- Explain how we expect our employees, suppliers, partners, vendors, agents, advisors and/or our representatives (collectively, "Representatives") to conduct themselves when engaging with Wiz, acting on behalf of Wiz and/or otherwise providing services to Wiz.
Data Processing Agreement
Effective April 14th 2025
DownloadTable of Contents
DATA PROCESSING AGREEMENT
This Data Processing Agreement (“DPA”) forms part of the Wiz Subscription Agreement or other agreement for Wiz services entered into between the Parties (the “Agreement”) between the Wiz entity that has entered into the Agreement (“Wiz”, “Us”, “We”, “Our”) and Customer (collectively, “You”, “Your”, or “Customer”) pursuant to the Agreement. Both parties shall be referred to as the “Parties” and each, a “Party”. This DPA forms a binding legal agreement to reflect the Parties’ agreement with regard to the Processing of Personal Data (as such terms are defined below).
WHEREAS, Wiz shall provide the services set forth in the Agreement (collectively, the “Services”) to Customer, as described in the Agreement; and
WHEREAS, the Parties wish to set forth the arrangements concerning the Processing of Personal Data within the context of the Services and agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
NOW THEREFORE, in consideration of the mutual promises set forth herein and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged by the Parties, the Parties, intending to be legally bound, agree as follows:
1. INTERPRETATION AND DEFINITIONS
1.1 The headings contained in this DPA are for convenience only and shall not be interpreted to limit or otherwise affect the provisions of this DPA. References to clauses or sections are references to the clauses or sections of this DPA unless otherwise stated. Words used in the singular include the plural and vice versa, as the context may require. Capitalized terms not defined herein shall have the meanings assigned to such terms in the Agreement.
1.2 Definitions:
- “Controller” or “Business” as relevant under applicable Data Protection Laws, means the entity which determines the purposes and means of the Processing of Personal Data or such equivalent term under Data Protection Laws.
- “Customer Personal Data” means any Personal Data which is provided to and Processed by Wiz on behalf of Customer in order to provide the Services under the Agreement. Customer Personal Data does not include Personal Data that Wiz Processes as a Controller separately from its Processing obligations to Customer under the Agreement.
- “Data Protection Laws” means all laws and regulations of the European Union, the EEA and their Member States, Switzerland, the United Kingdom, and the United States, each to the extent applicable to the Processing of Personal Data under the Agreement.
- “Data Subject” means the identified or identifiable person to whom the Customer Personal Data relates.
- “EEA” means the European Economic Area.
- “EU Data Protection Law” means the GDPR, and the UK GDPR.
- “Extended EEA Country” means a Member State of the EEA, Switzerland or the United Kingdom, and Extended EEA Countries means the foregoing countries collectively.
- “Member State(s)” means a country that belongs to the European Union and/or the EEA.
- “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier or such equivalent term under Data Protection Laws.
- “Process(ing)” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Processor” or “Service Provider,” as relevant under applicable Data Protection Laws, means the entity which Processes Personal Data on behalf of the Controller or Business or such equivalent term under Data Protection Laws.
- “Security Addendum” means Wiz’s Security Addendum which is available via https://www.wiz.io/legal/security-addendum.
- “Standard Contractual Clauses” means the “standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council adopted by the European Commission decision of 4 June 2021” and published under document number C (2021) 3972 available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32021D0914&qid=1689513765256, as may be updated, amended or superseded from time to time.
- “Sub-Processor” means any Processor or Service Provider engaged by Wiz and/or Wiz Affiliate to Process Customer Personal Data.
- “Supervisory Authority” means the competent supervisory authority pursuant to the applicable Data Protection Laws.
- “Third Country” has the meaning given in Clause 8.2 below.
- “UK GDPR” means the GDPR as incorporated into United Kingdom domestic law pursuant to Section 3 of the European Union (Withdrawal) Act 2018 (the "UK GDPR").
- “US Privacy Laws” means the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq., as amended by the California Privacy Rights Act of 2020 along with any associated regulations (“CCPA”); the Virginia Consumer Data Protection Act (“VCDPA”); the Colorado Privacy Act; and any similar U.S. laws governing data privacy and security once effective.
2. CUSTOMER’S PROCESSING OF PERSONAL DATA. Customer shall, in its use of the Services, Process Customer Personal Data in accordance with the requirements of Data Protection Laws.For the avoidance of doubt, Customer’s instructions for the Processing of Customer Personal Data shall comply with Data Protection Laws. As between the Parties, Customer shall have sole responsibility for the means by which Customer acquired Customer Personal Data. Without limitation, to the extent applicable, Customer shall comply with any and all transparency-related obligations (including, without limitation, displaying any and all relevant and required privacy notices or policies) and shall have any and all required legal basis in order to collect, Process and transfer to Wiz the Customer Personal Data and to authorize the Processing by Wiz of the Customer Personal Data which is authorized in this DPA.
3. WIZ’S PROCESSING OF PERSONAL DATA
3.1 Application. As used in clauses 3 – 9 herein, Customer Personal Data refers to Customer Personal Data that is subject to Data Protection Laws.
3.2 Roles of the Parties. The Parties acknowledge and agree that with regard to the Processing of Customer Personal Data, (i) Customer is the Controller or Business or, where Customer is acting behalf of its own customers, a Processor, (ii) Wiz is the Processor or Service Provider, and (iii) Wiz or its Affiliates may engage Sub-Processors pursuant to the requirements set forth in Clause 6 below.
3.3 Wiz and its Affiliates (as applicable) shall Process Customer Personal Data only in accordance with Customer’s documented instructions, which are set out in the Agreement, as necessary for the performance of the Services and for the performance of the Agreement and this DPA, unless required to otherwise by any applicable law, court of competent jurisdiction or other Supervisory Authority to which Wiz and its Affiliates are subject, in which case, Wiz shall inform Customer of the legal requirement before processing, unless that law prohibits such information. Customer agrees that the Agreement is its complete and final instructions to Wiz in relation to the Processing of Personal Data. Processing any Personal Data outside the scope of the Agreement will require prior written agreement between Wiz and Customer by way of an amendment to the Agreement, and may include any additional fees that may be payable by Customer to Wiz for carrying out such instructions. The duration of the Processing, the nature and purposes of the Processing, as well as the types of Customer Personal Data Processed and categories of Data Subjects under this DPA are further specified in Schedule 1 to this DPA.
3.4 To the extent that Wiz or its Affiliates cannot comply with an instruction from Customer and/or its authorized users relating to Processing of Customer Personal Data or where Wiz considers such instruction to be unlawful, Wiz (i) shall inform Customer, providing relevant details of the problem; (ii) may, without any kind of liability towards Customer, temporarily cease all Processing of the affected Customer Personal Data (other than securely storing those data); and (iii) if the Parties do not agree on a resolution to the issue in question and the costs thereof, each Party may, as its sole remedy, terminate the Agreement and this DPA with respect to the affected Processing, and Customer shall pay to Wiz all the amounts owed to Wiz or due before the date of termination.
4. RIGHTS OF DATA SUBJECTS. If Wiz receives a request from a Data Subject to exercise its rights under Data Protection Laws (“Data Subject Request”), Wiz shall, to the extent legally permitted, promptly notify and forward such Data Subject Request to Customer. Taking into account the nature of the Processing, Wiz shall use commercially reasonable efforts to assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws.
5. WIZ PERSONNEL
5.1 Confidentiality. Wiz shall grant access to the Customer Personal Data to persons under its authority (including, without limitation, its personnel) only on a need-to-know basis and ensure that such persons engaged in the Processing of Customer Personal Data have committed themselves to confidentiality.
6. AUTHORIZATION REGARDING SUB-PROCESSORS
6.1 Customer hereby grants general written authorization to Wiz to appoint Sub-Processors to perform specific Processing activities on Customer Personal Data on its behalf. Wiz’s current list of Sub-Processors is included at https://www.wiz.io/sub-processor-list (“Sub-Processor List”) and is hereby approved by Customer.
6.2 Objection Right for Sub-Processors. Wiz offers a mechanism for Customers to subscribe to notifications of changes to Wiz’s Sub-Processor List via https://www.wiz.io/sub-processor-list. If Customer subscribes to receive such updates, Wiz shall provide notification of any intended changes concerning the addition or replacement of other Sub-Processor(s) to the email address which has subscribed thereby giving Customer the opportunity to object. Customer may reasonably object to Wiz’s use of a Sub-Processor for reasons related to the Data Protection Laws by notifying Wiz in writing within ten (10) days after receipt of Wiz’s notice including the reasons for objecting to Wiz’s use of such Sub-Processor. Failure to object to such Sub-Processor in writing within ten (10) days following Wiz’s notice shall be deemed as acceptance of the Sub-Processor. In the event Customer reasonably objects to a Sub-Processor, Wiz will use reasonable efforts to make available to Customer a change in the Services to avoid Processing of Customer Personal Data by the objected-to Sub-Processor without unreasonably burdening Customer. If Wiz is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may, as a sole remedy, terminate the Agreement and this DPA by providing written notice to Wiz provided that all amounts due under the Agreement before the termination date shall be duly paid to Wiz. Until a decision is made regarding the Sub-Processor, Wiz may temporarily suspend the Processing of the affected Customer Personal Data.
6.3 Where Wiz engages a Sub-Processor, we shall do so by way of a written contract which imposes on the Sub-Processor substantially the same data protection obligations as in this DPA.
7.SECURITY
7.1 Controls for the Protection of Customer Personal Data. Taking into account the state of the art, Wiz shall maintain industry-standard technical and organizational measures, including as required pursuant to Article 32 of the GDPR and other applicable Data Protection Laws, for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Personal Data), confidentiality and integrity of Customer Personal Data, as set forth in the Security Addendum. Upon Customer’s request, Wiz will use commercially reasonable efforts to assist Customer, in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR and other applicable Data Protection Laws taking into account the nature of the processing, the state of the art, the costs of implementation, the scope, the context, the purposes of the Processing and the information available to Wiz.
7.2 Third-Party Certifications and Audits. Upon Customer’s written request at reasonable intervals, and subject to the confidentiality obligations set forth in the Agreement, Wiz shall make available to Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and that is bound by confidentiality obligations (“Permitted Auditor”)) a copy of Wiz’s then most recent third-party audits or certifications. Any certifications and/or documentation made available by Wiz to Customer in accordance with this Section shall be Wiz’s Confidential Information and shall only be used by Customer to assess compliance with this DPA, and shall not be used for any other purpose or disclosed to any third party without Wiz’s prior written approval and upon Wiz’s request, Customer shall return all such documentation in Customer’s possession or control. To the greatest extent possible, Customer shall utilize Wiz’s certifications and other privacy documentation and policies made available to Customer on Wiz’s Trust Center to assess Wiz’s compliance with its obligations this DPA. Only to the extent that Customer is not able to do so, and in any event, no more than once per year (except if otherwise required by applicable law) and following at least 45 days’ notice in writing from Customer, at Customer’s cost and expense, Wiz shall allow for and contribute to remote audits conducted by Customer or a Permitted Auditor. The Parties shall agree on the scope, methodology, timing and conditions of such audits in advance. Customer shall use reasonable endeavors to ensure that the conduct of each audit does not disrupt Wiz’s business. In no event shall Customer be permitted to access any information, including without limitation, data that belongs to Wiz’s other customers or such other information that is not relevant to Wiz’s compliance with this the DPA. Unless otherwise agreed by the Parties, Customer shall use reasonable efforts to carry out the audit of Wiz’s compliance with this DPA together with the audit of Wiz’s compliance with the Security Addendum.
8. TRANSFERS OF DATA
8.1 Transfers to countries that offer adequate level of data protection. Personal Data may be transferred from the Extended EEA Countries to countries or frameworks that offer adequate level of data protection under or pursuant to the adequacy decisions published by the relevant data protection authorities of the Extended EEA Countries (“Adequacy Decisions”), without any further safeguard being necessary.
8.2 Transfers to other countries. If, and to the extent, the Processing of Customer Personal Data which is subject to Data Protection Laws of the EEA Extended Countries includes transfers by Customer from the Extended EEA Countries to Wiz in countries outside the Extended EEA Countries which have not been subject to an Adequacy Decision (“Third Countries”), the Parties agree that such transfers shall be undertaken on the basis of the Standard Contractual Clauses, which will be deemed to have been signed by each Party on the Effective Date of this Agreement, are incorporated herein by reference and construed in accordance with Schedule 2 below, unless another mechanism provided for in the Data Protection Laws of the applicable Extended EEA Country applies.
8.3 In the event Customer enables Third Party Integrations (as defined in the Agreement) which involve transfers of Customer Personal Data between Wiz and the Third Party Integration provider, Customer acknowledges and agrees that (a) such Third Party Integration providers are not Sub-Processors of Wiz; (b) such transfers are conducted at Customer’s instruction in accordance with an agreement between the Customer and such Third Party Integration provider (which Wiz is not a party to); and (c) Customer shall be solely responsible for such transfers and their compliance with Data Protection Laws, including without limitation, executing Standard Contractual Clauses with such Third Party Integration providers as required.
9. US PRIVACY LAWS
9.1 In performing its obligations under the Agreement and this DPA, Wiz shall comply with its obligations under US Privacy Laws, including by providing the level of privacy protection as is required by US Privacy Laws to Customer Personal Data subject to the US Privacy Laws. Wiz will not: (1) “sell” or “share” for purposes of “cross-context behavioral advertising” or “targeted advertising” (as defined by applicable US Privacy Laws) any Customer Personal Data; (2) retain, use, or disclose Customer Personal Data for any purpose other than the contractual business purpose set forth herein or as otherwise permitted under US Privacy Laws or outside of the direct business relationship between Wiz and Customer; or (3) attempt to re-identify any pseudonymized, anonymized, aggregate, or de-identified Customer Personal Data.
9.2 Wiz will (1) comply with any applicable restrictions under applicable US Privacy Laws on combining Customer Personal Data with Personal Data that Wiz receives from, or on behalf of, another person or persons; and (2) promptly notify Customer if Wiz determines that it (i) can no longer meet its obligations under this DPA or applicable US Privacy Laws; or (ii) in Wiz’s opinion, an instruction from Customer infringes applicable US Privacy Laws.
9.3 To the extent required under US Privacy Laws, Customer may take reasonable and appropriate steps to help to ensure that Wiz uses Customer Personal Data in a manner consistent with Customer’s obligations under US Privacy Laws and to stop and remediate unauthorized use of the Customer Personal Data.
9.4 Wiz certifies that it understands its obligations in this Clause 9.The Parties agree that Schedule 1 hereto shall satisfy any requirement under applicable U.S. Privacy Law to provide details regarding the nature of the Processing activities related to Customer Personal Data.
10. PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION. To the extent required under applicable Data Protection Laws, Wiz shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data (a “Personal Data Incident”). Wiz shall make reasonable efforts to identify the cause of such Personal Data Incident and take those steps as Wiz deems necessary, possible and reasonable in order to remediate the cause of such a Personal Data Incident. Customer (or its customers), as the Controller or Business, will be the party responsible for notifying supervisory authorities and/or concerned Data Subjects (where required by Data Protection Laws).
11. RETURN AND DELETION OF PERSONAL DATA. Subject to the Agreement, upon termination or expiry of the Services, Wiz shall, make available for return the Customer Personal Data via the Services and delete such Customer Personal Data in accordance with Wiz’s customer data retention & deletion policy unless applicable law requires storage of the Customer Personal Data. In any event, Customer agrees that Wiz may retain Customer Personal Data in accordance with its standard backup policy, for evidence purposes and/or for the establishment, exercise or defense of legal claims and/or to comply with applicable laws and regulations.
12. TERMINATION. This DPA shall automatically terminate upon the termination or expiration of the Agreement under which the Services are provided, provided that, to the extent Wiz retains any Customer Personal Data following termination or expiration of the Agreement, this DPA shall survive for such period that Wiz retains Customer Personal Data. Clauses 2, 3.4 and 13 shall survive the termination or expiration of this DPA for any reason. This DPA cannot, in principle, be terminated separately to the Agreement, except where the Processing ends before the termination of the Agreement, in which case, this DPA shall automatically terminate.
13. RELATIONSHIP WITH AGREEMENT. Subject to any provisions in Schedule 2 regarding governing law and choice of forum of the Standard Contractual Clauses, the governing law and choice of forum provision in the Agreement shall apply to this DPA. In the event of any conflict between the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail over the conflicting provisions of the Agreement. For the avoidance of doubt each Party’s and its Affiliates’ liability, taken together in the aggregate, arising out of or relating to this DPA, the Standard Contractual Clauses, Data Protection Laws and any other data protection agreements in connection with the Agreement (if any), shall be subject to any aggregate limitations on liability set out in the Agreement. NOTWITHSTANDING THE FOREGOING, IF CUSTOMER IS USING THE SERVICES FOR A FREE TRIAL, WIZ’S MAXIMUM AGGREGATE LIABILITY TO CUSTOMER UNDER OR RELATED TO THIS DPA SHALL BE CAPPED AT ONE THOUSAND DOLLARS US ($1,000 US).
List of Schedules
SCHEDULE 1 – DETAILS OF THE PROCESSING
SCHEDULE 2 – STANDARD CONTRACTUAL CLAUSE
DETAILS OF THE PROCESSING
Subject matter.
Wiz will Process Customer Personal Data as necessary to perform the Services pursuant to the Agreement, as further instructed by Customer in its use of the Services.
Nature and Purpose of Processing.
Performing the Agreement, this DPA and/or other contracts executed by the Parties, including, providing the Service(s) and support and technical maintenance to Customer and complying with documented reasonable instructions provided by Customer where such instructions are consistent with the terms of the Agreement.
Duration of Processing.
Subject to any section of the DPA and/or the Agreement dealing with the duration of the Processing and the consequences of the expiration or termination thereof, Wiz will Process Customer Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.
Types of Customer Personal Data.
Customer determines the categories of any Customer Personal Data that is made accessible to Wiz, which may include, without limitation, Customer Personal Data relating to the following categories:
- If Customer uses Wiz for scanning, Personal Data might be temporarily processed by Wiz during the scanning. The type of the Personal Data depends on Customer environment and which sources Customer connects.
- Wiz only stores metadata such as CVEs, misconfigurations, list of installed packages, cloud events, local cloud user accounts, cloud object identifiers and (depending on the features used by Customer) logs and file paths. Depending on the Customer’s environment and naming conventions and features used by Customer, some Personal Data may be included in the metadata findings. For example, cloud user account names, logs and artifacts could include an individual’s name, associated email address, professional phone number and IP address as well as information about device and operating system and (if specific Wiz features are used) samples of findings to enable Customer to locate, verify and remediate the finding(s).
Customer acknowledges that Wiz does not control which Customer Personal Data Customer shares with it in the context of the Services.
Categories of Data Subjects.
As part of providing the Services, Wiz may process Customer Personal Data related to Customer’s customers or users, leads, employees and service providers, the extent of which is solely determined by Customer.
STANDARD CONTRACTUAL CLAUSES
1. Incorporation and interpretation of the Standard Contractual Clauses
1.1. In relation to transfers by Customer of Customer Personal Data which are subject to Data Protection Laws of the Extended EEA Countries to Wiz in Third Countries, the parties agree that Module Two (Transfer controller to processor) or Module 3 (Transfer processor to processor) of the Standard Contractual Clauses shall apply, as applicable.
1.2. The Parties acknowledge that the information required to be provided in the Standard Contractual Clauses, including the appendices, is set out in Appendix 1 below.
1.3. If there is a conflict between the provisions of this Agreement and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail, provided that, except to the extent prohibited by applicable law, the Standard Contractual Clauses shall be interpreted in accordance with and subject to this DPA and the Agreement, including without limitation, the provisions on limitation of liability, instructions, storage, erasure and return of Personal Data, audits and engagement of Sub-Processors.
1.4. If any provision or part-provision of this DPA or the Agreement causes the Standard Contractual Clauses to become an invalid export mechanism in the relevant Extended EEA Country, it shall be deemed deleted but that shall not affect the validity and enforceability of the rest of this Agreement and the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
1.5 Where requested by Wiz, Customer shall provide reasonable assistance to Wiz and be responsible for issuing such communications to Data Subjects and/or the Controller (to the extent Module Three applies) as are required in order for Wiz to comply with its obligations under the Standard Contractual Clauses.
1.6. Notwithstanding anything to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is the UK, template Addendum B.1.0 issued by the UK ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses, (the “UK Approved Addendum”) shall amend the Standard Contractual Clauses in respect of such transfers and Part 1 of the UK Approved Addendum shall be populated as set out below:
Table 1. The “start date” will be the date this DPA enters into force. The “Parties” are Customer as exporter Wiz as importer.
Table 2. The “Addendum EU SCCs” are the modules and clauses of the Standard Contractual Clauses selected in relation to a particular transfer in accordance with paragraphs 1.1 and 1.2 of this Schedule.
Table 3. The “Appendix Information” is as set out in Appendix 1 to this Schedule.
Table 4. Neither party may end the UK Approved Addendum in accordance with its Section 19.
1.7. Except where paragraph 1.7 above applies, but notwithstanding anything else to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is not a Member State of the European Union, references in the Standard Contractual Clauses to:
(a) “Member States of the European Union” shall refer to the applicable Extended EEA Country in which the data exporter is established or from where the transferred Personal Data originated (as applicable);
(b) “the GDPR” shall refer to the Data Protection Laws of the Extended EEA Country in which the data exporter is established or from where the Personal Data originated; and
(c) “supervisory authority” shall refer to the data protection authority in the Extended EEA Country as determined in Annex I(C) below.
ANNEX I
A. LIST OF THE PARTIES | |
Data Exporter: | Name and address: Customer, as set out in the Agreement Contact details: As set out in the Agreement Activities relevant to the data transferred under these Clauses: Receipt of Wiz Services, as set out in the Agreement and this DPA |
Data Importer: | Name and address: Wiz, as set out in the Agreement Contact details: Privacy Officer, privacy@wiz.io Activities relevant to the data transferred under these Clauses: Provision of Wiz Services, as set out in the Agreement and this DPA |
B. DETAILS OF PROCESSING/TRANSFER | |
CATEGORIES OF DATA SUBJECTS | As described in Schedule 1 |
CATEGORIES OF PERSONAL DATA | As described in Schedule 1 |
SPECIAL CATEGORIES OF DATA (IF APPLICABLE) | Wiz does not control which Personal Data Customer shares with it in the context of the Services. If Customer uses Wiz’s features specifically designed to scan data stores via a SaaS deployment, Wiz will temporarily Process any Special Category data included within the data source(s) that Customer connects for scanning. |
FREQUENCY OF THE TRANSFER | As regular as is required to provide the Services |
NATURE AND PURPOSE OF THE PROCESSING | As described in Schedule 1 |
RETENTION | As described in Schedule 1 |
TRANSFER TO (SUB)PROCESSORS | As set out in Wiz’s Sub-Processor List |
C. COMPETENT SUPERVISORY AUTHORITY | |
The competent supervisory authority shall be determined in accordance with Clause 13 of the Standard Contractual Clauses. Where an EU Representative has not been appointed by data exporter, the competent supervisory authority shall be the supervisory authority of the Netherlands. | |
D. GOVERNING LAW AND CHOICE OF FORUM | |
GOVERNING LAW | For the purposes of Clause 17 of the Standard Contractual Clauses the Parties select OPTION 1: the law of the Netherlands. a) |
CHOICE OF FORUM | For the purposes of Clause 18 of the SCCs: the Parties select the courts of the Netherlands. |
E. OTHER | |
Where the Standard Contractual Clauses identify optional provisions (or provisions with multiple options) the following will apply: For Clause 7 (Docking Clause), the optional provision will apply. For Clause 9(a), option 2 (General Written Authorisation) will apply and the time period for prior notice of Sub-Processor changes shall be as set out in this DPA. For Clause 11(a) (Redress) – the optional provision will not apply. | |
ANNEX II – WIZ SECURITY MEASURES
The technical and organizational measures including technical and organizational measures to support the security of Personal Data incorporated into Annex II of the Standard Contractual Clauses shall be the technical and organizational security measures as described in Wiz’s Security Addendum.
In addition, Wiz agrees to the following compensating safeguards to protect such data to an equivalent level as required under the Data Protection Laws of the Extended EEA Countries to the extent required under the Standard Contractual Clauses:
- Wiz and Customer shall encrypt all transfers of the Customer Personal Data between them, and Wiz shall encrypt any onward transfers it makes of such Customer Personal Data.
- Wiz will use reasonably available legal mechanisms to challenge any demands for Customer Personal Data access through national security process it receives as well as any non-disclosure provisions attached thereto.
- Wiz will promptly notify Customer of any government demands for Customer Personal Data, unless prohibited under applicable law. To the extent Wiz is prohibited by law from providing such notification, Wiz shall: (i) review each request on a case-by-case basis; (ii) use reasonable efforts to request that the confidentiality requirement be waived to enable Wiz to notify the Customer and/or the appropriate Supervisory Authority competent for the Customer; and (iii) maintain evidence of any such attempt to have a confidentiality requirement waived.
- Wiz will promptly notify Customer if Wiz can no longer comply with the applicable clauses in this Section. Wiz shall not be required to provide Customer with specific information about why it can no longer comply, if providing such information is prohibited by applicable law. Such notice shall entitle Customer to terminate the Agreement (or, at Customer’s option, affected statements of work, order forms, and like documents thereunder) and receive a prompt pro-rata refund of any prepaid amounts thereunder.
Effective August 26th 2024 to April 14th 2025
DownloadTable of Contents
DATA PROCESSING AGREEMENT
This Data Processing Agreement (“DPA”) forms part of the Wiz Subscription Agreement or other agreement for Wiz services entered into between the Parties (the “Agreement”) between the Wiz entity that has entered into the Agreement (“Wiz”, “Us”, “We”, “Our”) and Customer (collectively, “You”, “Your”, or “Customer”) pursuant to the Agreement. Both parties shall be referred to as the “Parties” and each, a “Party”. This DPA forms a binding legal agreement to reflect the Parties’ agreement with regard to the Processing of Personal Data (as such terms are defined below).
WHEREAS, Wiz shall provide the services set forth in the Agreement (collectively, the “Services”) to Customer, as described in the Agreement; and
WHEREAS, the Parties wish to set forth the arrangements concerning the Processing of Personal Data within the context of the Services and agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
NOW THEREFORE, in consideration of the mutual promises set forth herein and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged by the Parties, the Parties, intending to be legally bound, agree as follows:
1. INTERPRETATION AND DEFINITIONS
1.1 The headings contained in this DPA are for convenience only and shall not be interpreted to limit or otherwise affect the provisions of this DPA. References to clauses or sections are references to the clauses or sections of this DPA unless otherwise stated. Words used in the singular include the plural and vice versa, as the context may require. Capitalized terms not defined herein shall have the meanings assigned to such terms in the Agreement.
1.2 Definitions:
- “Controller” or “Business” as relevant under applicable Data Protection Laws, means the entity which determines the purposes and means of the Processing of Personal Data or such equivalent term under Data Protection Laws.
- “Customer Personal Data” means any Personal Data which is provided to and Processed by Wiz on behalf of Customer in order to provide the Services under the Agreement. Customer Personal Data does not include Personal Data that Wiz Processes as a Controller separately from its Processing obligations to Customer under the Agreement.
- “Data Protection Laws” means all laws and regulations of the European Union, the EEA and their Member States, Switzerland, the United Kingdom, and the United States, each to the extent applicable to the Processing of Personal Data under the Agreement.
- “Data Subject” means the identified or identifiable person to whom the Customer Personal Data relates.
- “EEA” means the European Economic Area.
- “EU Data Protection Law” means the GDPR, and the UK GDPR.
- “Extended EEA Country” means a Member State of the EEA, Switzerland or the United Kingdom, and Extended EEA Countries means the foregoing countries collectively.
- “Member State(s)” means a country that belongs to the European Union and/or the EEA.
- “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier or such equivalent term under Data Protection Laws.
- “Process(ing)” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Processor” or “Service Provider,” as relevant under applicable Data Protection Laws, means the entity which Processes Personal Data on behalf of the Controller or Business or such equivalent term under Data Protection Laws.
- “Security Addendum” means Wiz’s Security Addendum which is available via https://www.wiz.io/legal/security-addendum.
- “Standard Contractual Clauses” means the “standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council adopted by the European Commission decision of 4 June 2021” and published under document number C (2021) 3972 available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32021D0914&qid=1689513765256, as may be updated, amended or superseded from time to time.
- “Sub-Processor” means any Processor or Service Provider engaged by Wiz and/or Wiz Affiliate to Process Customer Personal Data.
- “Supervisory Authority” means the competent supervisory authority pursuant to the applicable Data Protection Laws.
- “Third Country” has the meaning given in Clause 8.2 below.
- “UK GDPR” means the GDPR as incorporated into United Kingdom domestic law pursuant to Section 3 of the European Union (Withdrawal) Act 2018 (the "UK GDPR").
- “US Privacy Laws” means the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq., as amended by the California Privacy Rights Act of 2020 along with any associated regulations (“CCPA”); the Virginia Consumer Data Protection Act (“VCDPA”); the Colorado Privacy Act; and any similar U.S. laws governing data privacy and security once effective.
2. CUSTOMER’S PROCESSING OF PERSONAL DATA. Customer shall, in its use of the Services, Process Customer Personal Data in accordance with the requirements of Data Protection Laws.For the avoidance of doubt, Customer’s instructions for the Processing of Customer Personal Data shall comply with Data Protection Laws. As between the Parties, Customer shall have sole responsibility for the means by which Customer acquired Customer Personal Data. Without limitation, to the extent applicable, Customer shall comply with any and all transparency-related obligations (including, without limitation, displaying any and all relevant and required privacy notices or policies) and shall have any and all required legal basis in order to collect, Process and transfer to Wiz the Customer Personal Data and to authorize the Processing by Wiz of the Customer Personal Data which is authorized in this DPA.
3. WIZ’S PROCESSING OF PERSONAL DATA
3.1 Application. As used in clauses 3 – 9 herein, Customer Personal Data refers to Customer Personal Data that is subject to Data Protection Laws.
3.2 Roles of the Parties. The Parties acknowledge and agree that with regard to the Processing of Customer Personal Data, (i) Customer is the Controller or Business or, where Customer is acting behalf of its own customers, a Processor, (ii) Wiz is the Processor or Service Provider, and (iii) Wiz or its Affiliates may engage Sub-Processors pursuant to the requirements set forth in Clause 6 below.
3.3 Wiz and its Affiliates (as applicable) shall Process Customer Personal Data only in accordance with Customer’s documented instructions, which are set out in the Agreement, as necessary for the performance of the Services and for the performance of the Agreement and this DPA, unless required to otherwise by any applicable law, court of competent jurisdiction or other Supervisory Authority to which Wiz and its Affiliates are subject, in which case, Wiz shall inform Customer of the legal requirement before processing, unless that law prohibits such information. Customer agrees that the Agreement is its complete and final instructions to Wiz in relation to the Processing of Personal Data. Processing any Personal Data outside the scope of the Agreement will require prior written agreement between Wiz and Customer by way of an amendment to the Agreement, and may include any additional fees that may be payable by Customer to Wiz for carrying out such instructions. The duration of the Processing, the nature and purposes of the Processing, as well as the types of Customer Personal Data Processed and categories of Data Subjects under this DPA are further specified in Schedule 1 to this DPA.
3.4 To the extent that Wiz or its Affiliates cannot comply with an instruction from Customer and/or its authorized users relating to Processing of Customer Personal Data or where Wiz considers such instruction to be unlawful, Wiz (i) shall inform Customer, providing relevant details of the problem; (ii) may, without any kind of liability towards Customer, temporarily cease all Processing of the affected Customer Personal Data (other than securely storing those data); and (iii) if the Parties do not agree on a resolution to the issue in question and the costs thereof, each Party may, as its sole remedy, terminate the Agreement and this DPA with respect to the affected Processing, and Customer shall pay to Wiz all the amounts owed to Wiz or due before the date of termination.
4. RIGHTS OF DATA SUBJECTS. If Wiz receives a request from a Data Subject to exercise its rights under Data Protection Laws (“Data Subject Request”), Wiz shall, to the extent legally permitted, promptly notify and forward such Data Subject Request to Customer. Taking into account the nature of the Processing, Wiz shall use commercially reasonable efforts to assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws.
5. WIZ PERSONNEL
5.1 Confidentiality. Wiz shall grant access to the Customer Personal Data to persons under its authority (including, without limitation, its personnel) only on a need-to-know basis and ensure that such persons engaged in the Processing of Customer Personal Data have committed themselves to confidentiality.
6. AUTHORIZATION REGARDING SUB-PROCESSORS
6.1 Customer hereby grants general written authorization to Wiz to appoint Sub-Processors to perform specific Processing activities on Customer Personal Data on its behalf. Wiz’s current list of Sub-Processors is included at https://www.wiz.io/sub-processor-list (“Sub-Processor List”) and is hereby approved by Customer.
6.2 Objection Right for Sub-Processors. Wiz offers a mechanism for Customers to subscribe to notifications of changes to Wiz’s Sub-Processor List via https://www.wiz.io/sub-processor-list. If Customer subscribes to receive such updates, Wiz shall provide notification of any intended changes concerning the addition or replacement of other Sub-Processor(s) to the email address which has subscribed thereby giving Customer the opportunity to object. Customer may reasonably object to Wiz’s use of a Sub-Processor for reasons related to the Data Protection Laws by notifying Wiz in writing within ten (10) days after receipt of Wiz’s notice including the reasons for objecting to Wiz’s use of such Sub-Processor. Failure to object to such Sub-Processor in writing within ten (10) days following Wiz’s notice shall be deemed as acceptance of the Sub-Processor. In the event Customer reasonably objects to a Sub-Processor, Wiz will use reasonable efforts to make available to Customer a change in the Services to avoid Processing of Customer Personal Data by the objected-to Sub-Processor without unreasonably burdening Customer. If Wiz is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may, as a sole remedy, terminate the Agreement and this DPA by providing written notice to Wiz provided that all amounts due under the Agreement before the termination date shall be duly paid to Wiz. Until a decision is made regarding the Sub-Processor, Wiz may temporarily suspend the Processing of the affected Customer Personal Data.
6.3 Where Wiz engages a Sub-Processor, we shall do so by way of a written contract which imposes on the Sub-Processor substantially the same data protection obligations as in this DPA.
7.SECURITY
7.1 Controls for the Protection of Customer Personal Data. Taking into account the state of the art, Wiz shall maintain industry-standard technical and organizational measures, including as required pursuant to Article 32 of the GDPR and other applicable Data Protection Laws, for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Personal Data), confidentiality and integrity of Customer Personal Data, as set forth in the Security Addendum. Upon Customer’s request, Wiz will use commercially reasonable efforts to assist Customer, in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR and other applicable Data Protection Laws taking into account the nature of the processing, the state of the art, the costs of implementation, the scope, the context, the purposes of the Processing and the information available to Wiz.
7.2 Third-Party Certifications and Audits. Upon Customer’s written request at reasonable intervals, and subject to the confidentiality obligations set forth in the Agreement, Wiz shall make available to Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and bound by confidentiality obligations) a copy of Wiz’s then most recent third-party audits or certifications, as applicable (provided, however, that any such documentation shall be Wiz’s confidential information and shall only be used by Customer to assess compliance with this DPA, and shall not be used for any other purpose or disclosed to any third party without Wiz’s prior written approval and, upon Wiz’s request, Customer shall return all such documentation in Customer’s possession or control). Only as required by applicable Data Protection Laws and at Customer’s cost and expense, not more than once per year, Wiz shall allow for and contribute to audits, including remote inspections, conducted by Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and that is bound by confidentiality obligations) provided that the parties shall agree on the scope, methodology, timing and conditions of such audits and inspections in advance. Notwithstanding anything to the contrary, such audits and/or inspections shall not contain any information, including without limitation, Personal Data that belongs to Wiz’s other customers.
8. TRANSFERS OF DATA
8.1 Transfers to countries that offer adequate level of data protection. Personal Data may be transferred from the Extended EEA Countries to countries or frameworks that offer adequate level of data protection under or pursuant to the adequacy decisions published by the relevant data protection authorities of the Extended EEA Countries (“Adequacy Decisions”), without any further safeguard being necessary.
8.2 Transfers to other countries. If, and to the extent, the Processing of Customer Personal Data which is subject to Data Protection Laws of the EEA Extended Countries includes transfers by Customer from the Extended EEA Countries to Wiz in countries outside the Extended EEA Countries which have not been subject to an Adequacy Decision (“Third Countries”), the Parties agree that such transfers shall be undertaken on the basis of the Standard Contractual Clauses, which will be deemed to have been signed by each Party on the Effective Date of this Agreement, are incorporated herein by reference and construed in accordance with Schedule 2 below, unless another mechanism provided for in the Data Protection Laws of the applicable Extended EEA Country applies.
8.3 In the event Customer enables Third Party Integrations (as defined in the Agreement) which involve transfers of Customer Personal Data between Wiz and the Third Party Integration provider, Customer acknowledges and agrees that (a) such Third Party Integration providers are not Sub-Processors of Wiz; (b) such transfers are conducted at Customer’s instruction in accordance with an agreement between the Customer and such Third Party Integration provider (which Wiz is not a party to); and (c) Customer shall be solely responsible for such transfers and their compliance with Data Protection Laws, including without limitation, executing Standard Contractual Clauses with such Third Party Integration providers as required.
9. US PRIVACY LAWS
9.1 In performing its obligations under the Agreement and this DPA, Wiz shall comply with its obligations under US Privacy Laws, including by providing the level of privacy protection as is required by US Privacy Laws to Customer Personal Data subject to the US Privacy Laws. Wiz will not: (1) “sell” or “share” for purposes of “cross-context behavioral advertising” or “targeted advertising” (as defined by applicable US Privacy Laws) any Customer Personal Data; (2) retain, use, or disclose Customer Personal Data for any purpose other than the contractual business purpose set forth herein or as otherwise permitted under US Privacy Laws or outside of the direct business relationship between Wiz and Customer; or (3) attempt to re-identify any pseudonymized, anonymized, aggregate, or de-identified Customer Personal Data.
9.2 Wiz will (1) comply with any applicable restrictions under applicable US Privacy Laws on combining Customer Personal Data with Personal Data that Wiz receives from, or on behalf of, another person or persons; and (2) promptly notify Customer if Wiz determines that it (i) can no longer meet its obligations under this DPA or applicable US Privacy Laws; or (ii) in Wiz’s opinion, an instruction from Customer infringes applicable US Privacy Laws.
9.3 To the extent required under US Privacy Laws, Customer may take reasonable and appropriate steps to help to ensure that Wiz uses Customer Personal Data in a manner consistent with Customer’s obligations under US Privacy Laws and to stop and remediate unauthorized use of the Customer Personal Data.
9.4 Wiz certifies that it understands its obligations in this Clause 9.The Parties agree that Schedule 1 hereto shall satisfy any requirement under applicable U.S. Privacy Law to provide details regarding the nature of the Processing activities related to Customer Personal Data.
10. PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION. To the extent required under applicable Data Protection Laws, Wiz shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data (a “Personal Data Incident”). Wiz shall make reasonable efforts to identify the cause of such Personal Data Incident and take those steps as Wiz deems necessary, possible and reasonable in order to remediate the cause of such a Personal Data Incident. Customer (or its customers), as the Controller or Business, will be the party responsible for notifying supervisory authorities and/or concerned Data Subjects (where required by Data Protection Laws).
11. RETURN AND DELETION OF PERSONAL DATA. Subject to the Agreement, upon termination or expiry of the Services, Wiz shall, make available for return the Customer Personal Data via the Services and delete such Customer Personal Data in accordance with Wiz’s customer data retention & deletion policy unless applicable law requires storage of the Customer Personal Data. In any event, Customer agrees that Wiz may retain Customer Personal Data in accordance with its standard backup policy, for evidence purposes and/or for the establishment, exercise or defense of legal claims and/or to comply with applicable laws and regulations. Notwithstanding anything to the contrary, Customer hereby agrees and understands that, to the extent Wiz performs cloud scanning on behalf of Customer, if and when Customer wants to delete specific Customer Personal Data, Customer may delete such Customer Personal Data from its own databases, and it will automatically be erased from Wiz’s databases within a reasonable market standard timeframe. If Customer requests return of the Customer Personal Data, it shall be returned in an industry standard format generally available for Wiz’s Customers.
12. TERMINATION. This DPA shall automatically terminate upon the termination or expiration of the Agreement under which the Services are provided, provided that, to the extent Wiz retains any Customer Personal Data following termination or expiration of the Agreement, this DPA shall survive for such period that Wiz retains Customer Personal Data. Clauses 2, 3.4 and 13 shall survive the termination or expiration of this DPA for any reason. This DPA cannot, in principle, be terminated separately to the Agreement, except where the Processing ends before the termination of the Agreement, in which case, this DPA shall automatically terminate.
13. RELATIONSHIP WITH AGREEMENT. Subject to any provisions in Schedule 2 regarding governing law and choice of forum of the Standard Contractual Clauses, the governing law and choice of forum provision in the Agreement shall apply to this DPA. In the event of any conflict between the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail over the conflicting provisions of the Agreement. For the avoidance of doubt each Party’s and its Affiliates’ liability, taken together in the aggregate, arising out of or relating to this DPA, the Standard Contractual Clauses, Data Protection Laws and any other data protection agreements in connection with the Agreement (if any), shall be subject to any aggregate limitations on liability set out in the Agreement. NOTWITHSTANDING THE FOREGOING, IF CUSTOMER IS USING THE SERVICES FOR A FREE TRIAL, WIZ’S MAXIMUM AGGREGATE LIABILITY TO CUSTOMER UNDER OR RELATED TO THIS DPA SHALL BE CAPPED AT ONE THOUSAND DOLLARS US ($1,000 US).
List of Schedules
SCHEDULE 1 – DETAILS OF THE PROCESSING
SCHEDULE 2 – STANDARD CONTRACTUAL CLAUSE
DETAILS OF THE PROCESSING
Subject matter.
Wiz will Process Customer Personal Data as necessary to perform the Services pursuant to the Agreement, as further instructed by Customer in its use of the Services.
Nature and Purpose of Processing.
Performing the Agreement, this DPA and/or other contracts executed by the Parties, including, providing the Service(s) and support and technical maintenance to Customer and complying with documented reasonable instructions provided by Customer where such instructions are consistent with the terms of the Agreement.
Duration of Processing.
Subject to any section of the DPA and/or the Agreement dealing with the duration of the Processing and the consequences of the expiration or termination thereof, Wiz will Process Customer Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.
Types of Customer Personal Data.
Customer determines the categories of any Customer Personal Data that is made accessible to Wiz, which may include, without limitation, Customer Personal Data relating to the following categories:
- If Customer uses Wiz for scanning, Personal Data might be temporarily processed by Wiz during the scanning. The type of the Personal Data depends on Customer environment and which sources Customer connects.
- Wiz only stores metadata such as CVEs, misconfigurations, list of installed packages, cloud events, local cloud user accounts, cloud object identifiers and (depending on the features used by Customer) logs and file paths. Depending on the Customer’s environment and naming conventions and features used by Customer, some limited Personal Data may be included in the metadata findings. For example, cloud user account names, logs and artifacts could include an individual’s name, associated email address, professional phone number and IP address as well as information about device and operating system and (if specific Wiz features are enabled) pseudonymized samples of findings to enable Customer to locate, verify and remediate the finding(s).
Customer acknowledges that Wiz does not control which Customer Personal Data Customer shares with it in the context of the Services.
Categories of Data Subjects.
As part of providing the Services, Wiz may process Customer Personal Data related to Customer’s customers or users, leads, employees and service providers, the extent of which is solely determined by Customer.
STANDARD CONTRACTUAL CLAUSES
1. Incorporation and interpretation of the Standard Contractual Clauses
1.1. In relation to transfers by Customer of Customer Personal Data which are subject to Data Protection Laws of the Extended EEA Countries to Wiz in Third Countries, the parties agree that Module Two (Transfer controller to processor) or Module 3 (Transfer processor to processor) of the Standard Contractual Clauses shall apply, as applicable.
1.2. The Parties acknowledge that the information required to be provided in the Standard Contractual Clauses, including the appendices, is set out in Appendix 1 below.
1.3. If there is a conflict between the provisions of this Agreement and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail, provided that, except to the extent prohibited by applicable law, the Standard Contractual Clauses shall be interpreted in accordance with and subject to this DPA and the Agreement, including without limitation, the provisions on limitation of liability, instructions, storage, erasure and return of Personal Data, audits and engagement of Sub-Processors.
1.4. If any provision or part-provision of this DPA or the Agreement causes the Standard Contractual Clauses to become an invalid export mechanism in the relevant Extended EEA Country, it shall be deemed deleted but that shall not affect the validity and enforceability of the rest of this Agreement and the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
1.5 Where requested by Wiz, Customer shall provide reasonable assistance to Wiz and be responsible for issuing such communications to Data Subjects and/or the Controller (to the extent Module Three applies) as are required in order for Wiz to comply with its obligations under the Standard Contractual Clauses.
1.6. For the purpose of Section III, Clause 14 of the Standard Contractual Clauses, the parties acknowledge and agree that, as between the parties, the Customer (acting as data exporter) is responsible for: (i) assessing the laws of the country to which it transfers Personal Data; and (ii) determining whether or not the transfer meets the requirements of Section III, Clause 14(a) of the Standard Contractual Clauses. Where Wiz (as data importer) provides information to the Customer (acting as data exporter) for assisting the Customer in its assessment, such information is provided on an “as is” basis for informational purposes only. Without prejudice to Section III, Clause 14(c) of the Standard Contractual Clauses, Wiz (as data importer) shall not be liable for any losses suffered by the Customer in connection with its assessment.
1.7. Notwithstanding anything to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is the UK, template Addendum B.1.0 issued by the UK ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses, (the “UK Approved Addendum”) shall amend the Standard Contractual Clauses in respect of such transfers and Part 1 of the UK Approved Addendum shall be populated as set out below:
Table 1. The “start date” will be the date this DPA enters into force. The “Parties” are Customer as exporter Wiz as importer.
Table 2. The “Addendum EU SCCs” are the modules and clauses of the Standard Contractual Clauses selected in relation to a particular transfer in accordance with paragraphs 1.1 and 1.2 of this Schedule.
Table 3. The “Appendix Information” is as set out in Appendix 1 to this Schedule.
Table 4. Neither party may end the UK Approved Addendum in accordance with its Section 19.
1.8. Except where paragraph 1.7 above applies, but notwithstanding anything else to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is not a Member State of the European Union, references in the Standard Contractual Clauses to:
(a) “Member States of the European Union” shall refer to the applicable Extended EEA Country in which the data exporter is established or from where the transferred Personal Data originated (as applicable);
(b) “the GDPR” shall refer to the Data Protection Laws of the Extended EEA Country in which the data exporter is established or from where the Personal Data originated; and
(c) “supervisory authority” shall refer to the data protection authority in the Extended EEA Country as determined in Annex I(C) below.
ANNEX I
A. LIST OF THE PARTIES | |
Data Exporter: | Name and address: Customer, as set out in the Agreement Contact details: As set out in the Agreement Activities relevant to the data transferred under these Clauses: Receipt of Wiz Services, as set out in the Agreement and this DPA |
Data Importer: | Name and address: Wiz, as set out in the Agreement Contact details: Privacy Officer, privacy@wiz.io Activities relevant to the data transferred under these Clauses: Provision of Wiz Services, as set out in the Agreement and this DPA |
B. DETAILS OF PROCESSING/TRANSFER | |
CATEGORIES OF DATA SUBJECTS | As described in Schedule 1 |
CATEGORIES OF PERSONAL DATA | As described in Schedule 1 |
SPECIAL CATEGORIES OF DATA (IF APPLICABLE) | Wiz does not control which Personal Data Customer shares with it in the context of the Services. If Customer uses Wiz’s features specifically designed to scan data stores via a SaaS deployment, Wiz will temporarily Process any Special Category data included within the data source(s) that Customer connects for scanning. |
FREQUENCY OF THE TRANSFER | As regular as is required to provide the Services |
NATURE AND PURPOSE OF THE PROCESSING | As described in Schedule 1 |
RETENTION | As described in Schedule 1 |
TRANSFER TO (SUB)PROCESSORS | As set out in Wiz’s Sub-Processor List |
C. COMPETENT SUPERVISORY AUTHORITY | |
The competent supervisory authority shall be determined in accordance with Clause 13 of the Standard Contractual Clauses. Where an EU Representative has not been appointed by data exporter, the competent supervisory authority shall be the supervisory authority of the Netherlands. | |
D. GOVERNING LAW AND CHOICE OF FORUM | |
GOVERNING LAW | For the purposes of Clause 17 of the Standard Contractual Clauses the Parties select OPTION 1: the law of the Netherlands. a) |
CHOICE OF FORUM | For the purposes of Clause 18 of the SCCs: the Parties select the courts of the Netherlands. |
E. OTHER | |
Where the Standard Contractual Clauses identify optional provisions (or provisions with multiple options) the following will apply: For Clause 7 (Docking Clause), the optional provision will apply. For Clause 9(a), option 2 (General Written Authorisation) will apply and the time period for prior notice of Sub-Processor changes shall be as set out in this DPA. For Clause 11(a) (Redress) – the optional provision will not apply. | |
ANNEX II – WIZ SECURITY MEASURES
The technical and organizational measures including technical and organizational measures to support the security of Personal Data incorporated into Annex II of the Standard Contractual Clauses shall be the technical and organizational security measures as described in Wiz’s Security Addendum.
In addition, Wiz agrees to the following compensating safeguards to protect such data to an equivalent level as required under the Data Protection Laws of the Extended EEA Countries to the extent required under the Standard Contractual Clauses:
- Wiz and Customer shall encrypt all transfers of the Customer Personal Data between them, and Wiz shall encrypt any onward transfers it makes of such Customer Personal Data.
- Wiz will use reasonably available legal mechanisms to challenge any demands for Customer Personal Data access through national security process it receives as well as any non-disclosure provisions attached thereto.
- Wiz will promptly notify Customer of any government demands for Customer Personal Data, unless prohibited under applicable law. To the extent Wiz is prohibited by law from providing such notification, Wiz shall: (i) review each request on a case-by-case basis; (ii) use reasonable efforts to request that the confidentiality requirement be waived to enable Wiz to notify the Customer and/or the appropriate Supervisory Authority competent for the Customer; and (iii) maintain evidence of any such attempt to have a confidentiality requirement waived.
- Wiz will promptly notify Customer if Wiz can no longer comply with the applicable clauses in this Section. Wiz shall not be required to provide Customer with specific information about why it can no longer comply, if providing such information is prohibited by applicable law. Such notice shall entitle Customer to terminate the Agreement (or, at Customer’s option, affected statements of work, order forms, and like documents thereunder) and receive a prompt pro-rata refund of any prepaid amounts thereunder.
Effective April 18th 2024 to August 26th 2024
DownloadTable of Contents
DATA PROCESSING AGREEMENT
This Data Processing Agreement (“DPA”) forms part of the Wiz Master Subscription Agreement or other agreement for Wiz services entered into between the Parties (the “Agreement”) between the Wiz entity that has entered into the Agreement (“Wiz”, “Us”, “We”, “Our”) and Customer (collectively, “You”, “Your”, or “Customer”) pursuant to the Agreement. Both parties shall be referred to as the “Parties” and each, a “Party”. This DPA forms a binding legal agreement to reflect the Parties’ agreement with regard to the Processing of Personal Data (as such terms are defined below).
WHEREAS, Wiz shall provide the services set forth in the Agreement (collectively, the “Services”) to Customer, as described in the Agreement; and
WHEREAS, the Parties wish to set forth the arrangements concerning the Processing of Personal Data within the context of the Services and agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
NOW THEREFORE, in consideration of the mutual promises set forth herein and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged by the Parties, the Parties, intending to be legally bound, agree as follows:
1. INTERPRETATION AND DEFINITIONS
1.1 The headings contained in this DPA are for convenience only and shall not be interpreted to limit or otherwise affect the provisions of this DPA. References to clauses or sections are references to the clauses or sections of this DPA unless otherwise stated. Words used in the singular include the plural and vice versa, as the context may require. Capitalized terms not defined herein shall have the meanings assigned to such terms in the Agreement.
1.2 Definitions:
- “Controller” or “Business” as relevant under applicable Data Protection Laws, means the entity which determines the purposes and means of the Processing of Personal Data or such equivalent term under Data Protection Laws.
- “Customer Personal Data” means any Personal Data which is provided to and Processed by Wiz on behalf of Customer in order to provide the Services under the Agreement. Customer Personal Data does not include Personal Data that Wiz Processes as a Controller separately from its Processing obligations to Customer under the Agreement.
- “Data Protection Laws” means all laws and regulations of the European Union, the EEA and their Member States, Switzerland, the United Kingdom, and the United States, each to the extent applicable to the Processing of Personal Data under the Agreement.
- “Data Subject” means the identified or identifiable person to whom the Customer Personal Data relates.
- “EEA” means the European Economic Area.
- “EU Data Protection Law” means the GDPR, and the UK GDPR.
- “Extended EEA Country” means a Member State of the EEA, Switzerland or the United Kingdom, and Extended EEA Countries means the foregoing countries collectively.
- “Member State(s)” means a country that belongs to the European Union and/or the EEA.
- “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier or such equivalent term under Data Protection Laws.
- “Process(ing)” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Processor” or “Service Provider,” as relevant under applicable Data Protection Laws, means the entity which Processes Personal Data on behalf of the Controller or Business or such equivalent term under Data Protection Laws.
- “Security Addendum” means Wiz’s Security Addendum which is available via https://www.wiz.io/legal/security-addendum.
- “Standard Contractual Clauses” means the “standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council adopted by the European Commission decision of 4 June 2021” and published under document number C (2021) 3972 available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32021D0914&qid=1689513765256, as may be updated, amended or superseded from time to time.
- “Sub-Processor” means any Processor or Service Provider engaged by Wiz and/or Wiz Affiliate to Process Customer Personal Data.
- “Supervisory Authority” means the competent supervisory authority pursuant to the applicable Data Protection Laws.
- “Third Country” has the meaning given in Clause 8.2 below.
- “UK GDPR” means the GDPR as incorporated into United Kingdom domestic law pursuant to Section 3 of the European Union (Withdrawal) Act 2018 (the "UK GDPR").
- “US Privacy Laws” means the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq., as amended by the California Privacy Rights Act of 2020 along with any associated regulations (“CCPA”); the Virginia Consumer Data Protection Act (“VCDPA”); the Colorado Privacy Act; and any similar U.S. laws governing data privacy and security once effective.
2. CUSTOMER’S PROCESSING OF PERSONAL DATA. Customer shall, in its use of the Services, Process Customer Personal Data in accordance with the requirements of Data Protection Laws.For the avoidance of doubt, Customer’s instructions for the Processing of Customer Personal Data shall comply with Data Protection Laws. As between the Parties, Customer shall have sole responsibility for the means by which Customer acquired Customer Personal Data. Without limitation, to the extent applicable, Customer shall comply with any and all transparency-related obligations (including, without limitation, displaying any and all relevant and required privacy notices or policies) and shall have any and all required legal basis in order to collect, Process and transfer to Wiz the Customer Personal Data and to authorize the Processing by Wiz of the Customer Personal Data which is authorized in this DPA.
3. WIZ’S PROCESSING OF PERSONAL DATA
3.1 Application. As used in clauses 3 – 9 herein, Customer Personal Data refers to Customer Personal Data that is subject to Data Protection Laws.
3.2 Roles of the Parties. The Parties acknowledge and agree that with regard to the Processing of Customer Personal Data, (i) Customer is the Controller or Business or, where Customer is acting behalf of its own customers, a Processor, (ii) Wiz is the Processor or Service Provider, and (iii) Wiz or its Affiliates may engage Sub-Processors pursuant to the requirements set forth in Clause 6 below.
3.3 Wiz and its Affiliates (as applicable) shall Process Customer Personal Data only in accordance with Customer’s documented instructions, which are set out in the Agreement, as necessary for the performance of the Services and for the performance of the Agreement and this DPA, unless required to otherwise by any applicable law, court of competent jurisdiction or other Supervisory Authority to which Wiz and its Affiliates are subject, in which case, Wiz shall inform Customer of the legal requirement before processing, unless that law prohibits such information. Customer agrees that the Agreement is its complete and final instructions to Wiz in relation to the Processing of Personal Data. Processing any Personal Data outside the scope of the Agreement will require prior written agreement between Wiz and Customer by way of an amendment to the Agreement, and may include any additional fees that may be payable by Customer to Wiz for carrying out such instructions. The duration of the Processing, the nature and purposes of the Processing, as well as the types of Customer Personal Data Processed and categories of Data Subjects under this DPA are further specified in Schedule 1 to this DPA.
3.4 To the extent that Wiz or its Affiliates cannot comply with an instruction from Customer and/or its authorized users relating to Processing of Customer Personal Data or where Wiz considers such instruction to be unlawful, Wiz (i) shall inform Customer, providing relevant details of the problem; (ii) may, without any kind of liability towards Customer, temporarily cease all Processing of the affected Customer Personal Data (other than securely storing those data); and (iii) if the Parties do not agree on a resolution to the issue in question and the costs thereof, each Party may, as its sole remedy, terminate the Agreement and this DPA with respect to the affected Processing, and Customer shall pay to Wiz all the amounts owed to Wiz or due before the date of termination.
4. RIGHTS OF DATA SUBJECTS. If Wiz receives a request from a Data Subject to exercise its rights under Data Protection Laws (“Data Subject Request”), Wiz shall, to the extent legally permitted, promptly notify and forward such Data Subject Request to Customer. Taking into account the nature of the Processing, Wiz shall use commercially reasonable efforts to assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws.
5. WIZ PERSONNEL
5.1 Confidentiality. Wiz shall grant access to the Customer Personal Data to persons under its authority (including, without limitation, its personnel) only on a need-to-know basis and ensure that such persons engaged in the Processing of Customer Personal Data have committed themselves to confidentiality.
6. AUTHORIZATION REGARDING SUB-PROCESSORS
6.1 Customer hereby grants general written authorization to Wiz to appoint Sub-Processors to perform specific Processing activities on Customer Personal Data on its behalf. Wiz’s current list of Sub-Processors is included at https://www.wiz.io/sub-processor-list (“Sub-Processor List”) and is hereby approved by Customer.
6.2 Objection Right for Sub-Processors. Wiz offers a mechanism for Customers to subscribe to notifications of changes to Wiz’s Sub-Processor List via https://www.wiz.io/sub-processor-list. If Customer subscribes to receive such updates, Wiz shall provide notification of any intended changes concerning the addition or replacement of other Sub-Processor(s) to the email address which has subscribed thereby giving Customer the opportunity to object. Customer may reasonably object to Wiz’s use of a Sub-Processor for reasons related to the Data Protection Laws by notifying Wiz in writing within ten (10) days after receipt of Wiz’s notice including the reasons for objecting to Wiz’s use of such Sub-Processor. Failure to object to such Sub-Processor in writing within ten (10) days following Wiz’s notice shall be deemed as acceptance of the Sub-Processor. In the event Customer reasonably objects to a Sub-Processor, Wiz will use reasonable efforts to make available to Customer a change in the Services to avoid Processing of Customer Personal Data by the objected-to Sub-Processor without unreasonably burdening Customer. If Wiz is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may, as a sole remedy, terminate the Agreement and this DPA by providing written notice to Wiz provided that all amounts due under the Agreement before the termination date shall be duly paid to Wiz. Until a decision is made regarding the Sub-Processor, Wiz may temporarily suspend the Processing of the affected Customer Personal Data.
6.3 Where Wiz engages a Sub-Processor, we shall do so by way of a written contract which imposes on the Sub-Processor substantially the same data protection obligations as in this DPA.
7.SECURITY
7.1 Controls for the Protection of Customer Personal Data. Taking into account the state of the art, Wiz shall maintain industry-standard technical and organizational measures, including as required pursuant to Article 32 of the GDPR and other applicable Data Protection Laws, for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Personal Data), confidentiality and integrity of Customer Personal Data, as set forth in the Security Addendum. Upon Customer’s request, Wiz will use commercially reasonable efforts to assist Customer, in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR and other applicable Data Protection Laws taking into account the nature of the processing, the state of the art, the costs of implementation, the scope, the context, the purposes of the Processing and the information available to Wiz.
7.2 Third-Party Certifications and Audits. Upon Customer’s written request at reasonable intervals, and subject to the confidentiality obligations set forth in the Agreement, Wiz shall make available to Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and bound by confidentiality obligations) a copy of Wiz’s then most recent third-party audits or certifications, as applicable (provided, however, that any such documentation shall be Wiz’s confidential information and shall only be used by Customer to assess compliance with this DPA, and shall not be used for any other purpose or disclosed to any third party without Wiz’s prior written approval and, upon Wiz’s request, Customer shall return all such documentation in Customer’s possession or control). Only as required by applicable Data Protection Laws and at Customer’s cost and expense, not more than once per year, Wiz shall allow for and contribute to audits, including remote inspections, conducted by Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and that is bound by confidentiality obligations) provided that the parties shall agree on the scope, methodology, timing and conditions of such audits and inspections in advance. Notwithstanding anything to the contrary, such audits and/or inspections shall not contain any information, including without limitation, Personal Data that belongs to Wiz’s other customers.
8. TRANSFERS OF DATA
8.1 Transfers to countries that offer adequate level of data protection. Personal Data may be transferred from the Extended EEA Countries to countries or frameworks that offer adequate level of data protection under or pursuant to the adequacy decisions published by the relevant data protection authorities of the Extended EEA Countries (“Adequacy Decisions”), without any further safeguard being necessary.
8.2 Transfers to other countries. If, and to the extent, the Processing of Customer Personal Data which is subject to Data Protection Laws of the EEA Extended Countries includes transfers by Customer from the Extended EEA Countries to Wiz in countries outside the Extended EEA Countries which have not been subject to an Adequacy Decision (“Third Countries”), the Parties agree that such transfers shall be undertaken on the basis of the Standard Contractual Clauses, which will be deemed to have been signed by each Party on the Effective Date of this Agreement, are incorporated herein by reference and construed in accordance with Schedule 2 below, unless another mechanism provided for in the Data Protection Laws of the applicable Extended EEA Country applies.
8.3 In the event Customer enables Third Party Integrations (as defined in the Agreement) which involve transfers of Customer Personal Data between Wiz and the Third Party Integration provider, Customer acknowledges and agrees that (a) such Third Party Integration providers are not Sub-Processors of Wiz; (b) such transfers are conducted at Customer’s instruction in accordance with an agreement between the Customer and such Third Party Integration provider (which Wiz is not a party to); and (c) Customer shall be solely responsible for such transfers and their compliance with Data Protection Laws, including without limitation, executing Standard Contractual Clauses with such Third Party Integration providers as required.
9. US PRIVACY LAWS
9.1 In performing its obligations under the Agreement and this DPA, Wiz shall comply with its obligations under US Privacy Laws, including by providing the level of privacy protection as is required by US Privacy Laws to Customer Personal Data subject to the US Privacy Laws. Wiz will not: (1) “sell” or “share” for purposes of “cross-context behavioral advertising” or “targeted advertising” (as defined by applicable US Privacy Laws) any Customer Personal Data; (2) retain, use, or disclose Customer Personal Data for any purpose other than the contractual business purpose set forth herein or as otherwise permitted under US Privacy Laws or outside of the direct business relationship between Wiz and Customer; or (3) attempt to re-identify any pseudonymized, anonymized, aggregate, or de-identified Customer Personal Data.
9.2 Wiz will (1) comply with any applicable restrictions under applicable US Privacy Laws on combining Customer Personal Data with Personal Data that Wiz receives from, or on behalf of, another person or persons; and (2) promptly notify Customer if Wiz determines that it (i) can no longer meet its obligations under this DPA or applicable US Privacy Laws; or (ii) in Wiz’s opinion, an instruction from Customer infringes applicable US Privacy Laws.
9.3 To the extent required under US Privacy Laws, Customer may take reasonable and appropriate steps to help to ensure that Wiz uses Customer Personal Data in a manner consistent with Customer’s obligations under US Privacy Laws and to stop and remediate unauthorized use of the Customer Personal Data.
9.4 Wiz certifies that it understands its obligations in this Clause 9.The Parties agree that Schedule 1 hereto shall satisfy any requirement under applicable U.S. Privacy Law to provide details regarding the nature of the Processing activities related to Customer Personal Data.
10. PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION. To the extent required under applicable Data Protection Laws, Wiz shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data (a “Personal Data Incident”). Wiz shall make reasonable efforts to identify the cause of such Personal Data Incident and take those steps as Wiz deems necessary, possible and reasonable in order to remediate the cause of such a Personal Data Incident. Customer (or its customers), as the Controller or Business, will be the party responsible for notifying supervisory authorities and/or concerned Data Subjects (where required by Data Protection Laws).
11. RETURN AND DELETION OF PERSONAL DATA. Subject to the Agreement, upon termination or expiry of the Services, Wiz shall, make available for return the Customer Personal Data via the Services and delete such Customer Personal Data in accordance with Wiz’s customer data retention & deletion policy unless applicable law requires storage of the Customer Personal Data. In any event, Customer agrees that Wiz may retain Customer Personal Data in accordance with its standard backup policy, for evidence purposes and/or for the establishment, exercise or defense of legal claims and/or to comply with applicable laws and regulations. Notwithstanding anything to the contrary, Customer hereby agrees and understands that, to the extent Wiz performs cloud scanning on behalf of Customer, if and when Customer wants to delete specific Customer Personal Data, Customer may delete such Customer Personal Data from its own databases, and it will automatically be erased from Wiz’s databases within a reasonable market standard timeframe. If Customer requests return of the Customer Personal Data, it shall be returned in an industry standard format generally available for Wiz’s Customers.
12. TERMINATION. This DPA shall automatically terminate upon the termination or expiration of the Agreement under which the Services are provided, provided that, to the extent Wiz retains any Customer Personal Data following termination or expiration of the Agreement, this DPA shall survive for such period that Wiz retains Customer Personal Data. Clauses 2, 3.4 and 13 shall survive the termination or expiration of this DPA for any reason. This DPA cannot, in principle, be terminated separately to the Agreement, except where the Processing ends before the termination of the Agreement, in which case, this DPA shall automatically terminate.
13. RELATIONSHIP WITH AGREEMENT. Subject to any provisions in Schedule 2 regarding governing law and choice of forum of the Standard Contractual Clauses, the governing law and choice of forum provision in the Agreement shall apply to this DPA. In the event of any conflict between the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail over the conflicting provisions of the Agreement. For the avoidance of doubt each Party’s and its Affiliates’ liability, taken together in the aggregate, arising out of or relating to this DPA, the Standard Contractual Clauses, Data Protection Laws and any other data protection agreements in connection with the Agreement (if any), shall be subject to any aggregate limitations on liability set out in the Agreement. NOTWITHSTANDING THE FOREGOING, IF CUSTOMER IS USING THE SERVICES FOR A FREE TRIAL, WIZ’S MAXIMUM AGGREGATE LIABILITY TO CUSTOMER UNDER OR RELATED TO THIS DPA SHALL BE CAPPED AT ONE THOUSAND DOLLARS US ($1,000 US).
List of Schedules
SCHEDULE 1 – DETAILS OF THE PROCESSING
SCHEDULE 2 – STANDARD CONTRACTUAL CLAUSE
DETAILS OF THE PROCESSING
Subject matter.
Wiz will Process Customer Personal Data as necessary to perform the Services pursuant to the Agreement, as further instructed by Customer in its use of the Services.
Nature and Purpose of Processing.
Performing the Agreement, this DPA and/or other contracts executed by the Parties, including, providing the Service(s) and support and technical maintenance to Customer and complying with documented reasonable instructions provided by Customer where such instructions are consistent with the terms of the Agreement.
Duration of Processing.
Subject to any section of the DPA and/or the Agreement dealing with the duration of the Processing and the consequences of the expiration or termination thereof, Wiz will Process Customer Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.
Types of Customer Personal Data.
Customer determines the categories of any Customer Personal Data that is made accessible to Wiz, which may include, without limitation, Customer Personal Data relating to the following categories:
- If Customer uses Wiz for scanning, Personal Data might be temporarily processed by Wiz during the scanning. The type of the Personal Data depends on Customer environment and which sources Customer connects.
- Wiz only stores metadata such as CVEs, misconfigurations, list of installed packages, cloud events, local cloud user accounts, cloud object identifiers and (depending on the features used by Customer) logs and file paths. Depending on the Customer’s environment and naming conventions and features used by Customer, some limited Personal Data may be included in the metadata findings. For example, cloud user account names, logs and artifacts could include an individual’s name, associated email address, professional phone number and IP address as well as information about device and operating system and (if specific Wiz features are enabled) pseudonymized samples of findings to enable Customer to locate, verify and remediate the finding(s).
Customer acknowledges that Wiz does not control which Customer Personal Data Customer shares with it in the context of the Services.
Categories of Data Subjects.
As part of providing the Services, Wiz may process Customer Personal Data related to Customer’s customers or users, leads, employees and service providers, the extent of which is solely determined by Customer.
STANDARD CONTRACTUAL CLAUSES
1. Incorporation and interpretation of the Standard Contractual Clauses
1.1. In relation to transfers by Customer of Customer Personal Data which are subject to Data Protection Laws of the Extended EEA Countries to Wiz in Third Countries, the parties agree that Module Two (Transfer controller to processor) or Module 3 (Transfer processor to processor) of the Standard Contractual Clauses shall apply, as applicable.
1.2. The Parties acknowledge that the information required to be provided in the Standard Contractual Clauses, including the appendices, is set out in Appendix 1 below.
1.3. If there is a conflict between the provisions of this Agreement and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail, provided that, except to the extent prohibited by applicable law, the Standard Contractual Clauses shall be interpreted in accordance with and subject to this DPA and the Agreement, including without limitation, the provisions on limitation of liability, instructions, storage, erasure and return of Personal Data, audits and engagement of Sub-Processors.
1.4. If any provision or part-provision of this DPA or the Agreement causes the Standard Contractual Clauses to become an invalid export mechanism in the relevant Extended EEA Country, it shall be deemed deleted but that shall not affect the validity and enforceability of the rest of this Agreement and the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
1.5 Where requested by Wiz, Customer shall provide reasonable assistance to Wiz and be responsible for issuing such communications to Data Subjects and/or the Controller (to the extent Module Three applies) as are required in order for Wiz to comply with its obligations under the Standard Contractual Clauses.
1.6. For the purpose of Section III, Clause 14 of the Standard Contractual Clauses, the parties acknowledge and agree that, as between the parties, the Customer (acting as data exporter) is responsible for: (i) assessing the laws of the country to which it transfers Personal Data; and (ii) determining whether or not the transfer meets the requirements of Section III, Clause 14(a) of the Standard Contractual Clauses. Where Wiz (as data importer) provides information to the Customer (acting as data exporter) for assisting the Customer in its assessment, such information is provided on an “as is” basis for informational purposes only. Without prejudice to Section III, Clause 14(c) of the Standard Contractual Clauses, Wiz (as data importer) shall not be liable for any losses suffered by the Customer in connection with its assessment.
1.7. Notwithstanding anything to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is the UK, template Addendum B.1.0 issued by the UK ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses, (the “UK Approved Addendum”) shall amend the Standard Contractual Clauses in respect of such transfers and Part 1 of the UK Approved Addendum shall be populated as set out below:
Table 1. The “start date” will be the date this DPA enters into force. The “Parties” are Customer as exporter Wiz as importer.
Table 2. The “Addendum EU SCCs” are the modules and clauses of the Standard Contractual Clauses selected in relation to a particular transfer in accordance with paragraphs 1.1 and 1.2 of this Schedule.
Table 3. The “Appendix Information” is as set out in Appendix 1 to this Schedule.
Table 4. Neither party may end the UK Approved Addendum in accordance with its Section 19.
1.8. Except where paragraph 1.7 above applies, but notwithstanding anything else to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is not a Member State of the European Union, references in the Standard Contractual Clauses to:
(a) “Member States of the European Union” shall refer to the applicable Extended EEA Country in which the data exporter is established or from where the transferred Personal Data originated (as applicable);
(b) “the GDPR” shall refer to the Data Protection Laws of the Extended EEA Country in which the data exporter is established or from where the Personal Data originated; and
(c) “supervisory authority” shall refer to the data protection authority in the Extended EEA Country as determined in Annex I(C) below.
ANNEX I
A. LIST OF THE PARTIES | |
Data Exporter: | Name and address: Customer, as set out in the Agreement Contact details: As set out in the Agreement Activities relevant to the data transferred under these Clauses: Receipt of Wiz Services, as set out in the Agreement and this DPA |
Data Importer: | Name and address: Wiz, as set out in the Agreement Contact details: Privacy Officer, privacy@wiz.io Activities relevant to the data transferred under these Clauses: Provision of Wiz Services, as set out in the Agreement and this DPA |
B. DETAILS OF PROCESSING/TRANSFER | |
CATEGORIES OF DATA SUBJECTS | As described in Schedule 1 |
CATEGORIES OF PERSONAL DATA | As described in Schedule 1 |
SPECIAL CATEGORIES OF DATA (IF APPLICABLE) | Wiz does not control which Personal Data Customer shares with it in the context of the Services. If Customer uses Wiz’s features specifically designed to scan data stores via a SaaS deployment, Wiz will temporarily Process any Special Category data included within the data source(s) that Customer connects for scanning. |
FREQUENCY OF THE TRANSFER | As regular as is required to provide the Services |
NATURE AND PURPOSE OF THE PROCESSING | As described in Schedule 1 |
RETENTION | As described in Schedule 1 |
TRANSFER TO (SUB)PROCESSORS | As set out in Wiz’s Sub-Processor List |
C. COMPETENT SUPERVISORY AUTHORITY | |
The competent supervisory authority shall be determined in accordance with Clause 13 of the Standard Contractual Clauses. Where an EU Representative has not been appointed by data exporter, the competent supervisory authority shall be the supervisory authority of the Netherlands. | |
D. GOVERNING LAW AND CHOICE OF FORUM | |
GOVERNING LAW | For the purposes of Clause 17 of the Standard Contractual Clauses the Parties select OPTION 1: the law of the Netherlands. a) |
CHOICE OF FORUM | For the purposes of Clause 18 of the SCCs: the Parties select the courts of the Netherlands. |
E. OTHER | |
Where the Standard Contractual Clauses identify optional provisions (or provisions with multiple options) the following will apply: For Clause 7 (Docking Clause), the optional provision will apply. For Clause 9(a), option 2 (General Written Authorisation) will apply and the time period for prior notice of Sub-Processor changes shall be as set out in this DPA. For Clause 11(a) (Redress) – the optional provision will not apply. | |
ANNEX II – WIZ SECURITY MEASURES
The technical and organizational measures including technical and organizational measures to support the security of Personal Data incorporated into Annex II of the Standard Contractual Clauses shall be the technical and organizational security measures as described in Wiz’s Security Addendum.
In addition, Wiz agrees to the following compensating safeguards to protect such data to an equivalent level as required under the Data Protection Laws of the Extended EEA Countries to the extent required under the Standard Contractual Clauses:
- Wiz and Customer shall encrypt all transfers of the Customer Personal Data between them, and Wiz shall encrypt any onward transfers it makes of such Customer Personal Data.
- Wiz will use reasonably available legal mechanisms to challenge any demands for Customer Personal Data access through national security process it receives as well as any non-disclosure provisions attached thereto.
- Wiz will promptly notify Customer of any government demands for Customer Personal Data, unless prohibited under applicable law. To the extent Wiz is prohibited by law from providing such notification, Wiz shall: (i) review each request on a case-by-case basis; (ii) use reasonable efforts to request that the confidentiality requirement be waived to enable Wiz to notify the Customer and/or the appropriate Supervisory Authority competent for the Customer; and (iii) maintain evidence of any such attempt to have a confidentiality requirement waived.
- Wiz will promptly notify Customer if Wiz can no longer comply with the applicable clauses in this Section. Wiz shall not be required to provide Customer with specific information about why it can no longer comply, if providing such information is prohibited by applicable law. Such notice shall entitle Customer to terminate the Agreement (or, at Customer’s option, affected statements of work, order forms, and like documents thereunder) and receive a prompt pro-rata refund of any prepaid amounts thereunder.
Effective November 20th 2023 to April 18th 2024
DownloadTable of Contents
DATA PROCESSING AGREEMENT
This Data Processing Agreement (“DPA”) forms part of the Wiz Master Subscription Agreement or other agreement for Wiz services entered into between the Parties (the “Agreement”) between the Wiz entity that has entered into the Agreement (“Wiz”, “Us”, “We”, “Our”) and Customer (collectively, “You”, “Your”, or “Customer”) pursuant to the Agreement. Both parties shall be referred to as the “Parties” and each, a “Party”. This DPA forms a binding legal agreement to reflect the Parties’ agreement with regard to the Processing of Personal Data (as such terms are defined below).
WHEREAS, Wiz shall provide the services set forth in the Agreement (collectively, the “Services”) to Customer, as described in the Agreement; and
WHEREAS, the Parties wish to set forth the arrangements concerning the Processing of Personal Data within the context of the Services and agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
NOW THEREFORE, in consideration of the mutual promises set forth herein and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged by the Parties, the Parties, intending to be legally bound, agree as follows:
1. INTERPRETATION AND DEFINITIONS
1.1 The headings contained in this DPA are for convenience only and shall not be interpreted to limit or otherwise affect the provisions of this DPA. References to clauses or sections are references to the clauses or sections of this DPA unless otherwise stated. Words used in the singular include the plural and vice versa, as the context may require. Capitalized terms not defined herein shall have the meanings assigned to such terms in the Agreement.
1.2 Definitions:
- “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- “Controller” or “Business” as relevant under applicable Data Protection Laws, means the entity which determines the purposes and means of the Processing of Personal Data or such equivalent term under Data Protection Laws.
- “Customer Personal Data” means any Personal Data which is provided to and Processed by Wiz on behalf of Customer in order to provide the Services under the Agreement. Customer Personal Data does not include Personal Data that Wiz Processes as a Controller separately from its Processing obligations to Customer under the Agreement.
- “Data Protection Laws” means all laws and regulations of the European Union, the EEA and their Member States, Switzerland, the United Kingdom, and the United States, each to the extent applicable to the Processing of Personal Data under the Agreement.
- “Data Subject” means the identified or identifiable person to whom the Customer Personal Data relates.
- “EEA” means the European Economic Area.
- “EU Data Protection Law” means the GDPR, and the UK GDPR.
- “Extended EEA Country” means a Member State of the EEA, Switzerland or the United Kingdom, and Extended EEA Countries means the foregoing countries collectively.
- “Member State(s)” means a country that belongs to the European Union and/or the EEA.
- “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier or such equivalent term under Data Protection Laws.
- “Process(ing)” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Processor” or “Service Provider,” as relevant under applicable Data Protection Laws, means the entity which Processes Personal Data on behalf of the Controller or Business or such equivalent term under Data Protection Laws.
- “Security Addendum” means Wiz’s Security Addendum which is available via https://www.wiz.io/legal/security-addendum.
- “Standard Contractual Clauses” means the “standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council adopted by the European Commission decision of 4 June 2021” and published under document number C (2021) 3972 available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0914&qid=1689513765256, as may be updated, amended or superseded from time to time.
- “Sub-Processor” means any Processor or Service Provider engaged by Wiz and/or Wiz Affiliate to Process Customer Personal Data.
- “Supervisory Authority” means the competent supervisory authority pursuant to the applicable Data Protection Laws.
- “Third Country” has the meaning given in Clause 8.2 below.
- “UK GDPR” means the GDPR as incorporated into United Kingdom domestic law pursuant to Section 3 of the European Union (Withdrawal) Act 2018 (the "UK GDPR").
- “US Privacy Laws” means the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq., as amended by the California Privacy Rights Act of 2020 along with any associated regulations (“CCPA”); the Virginia Consumer Data Protection Act (“VCDPA”); the Colorado Privacy Act; and any similar U.S. laws governing data privacy and security once effective.
2. CUSTOMER’S PROCESSING OF PERSONAL DATA. Customer shall, in its use of the Services, Process Customer Personal Data in accordance with the requirements of Data Protection Laws and comply at all times with the obligations applicable to Controllers or Businesses, as applicable. For the avoidance of doubt, Customer’s instructions for the Processing of Customer Personal Data shall comply with Data Protection Laws. Customer shall have sole responsibility for the means by which Customer acquired Customer Personal Data. Without limitation, Customer shall comply with any and all transparency-related obligations (including, without limitation, displaying any and all relevant and required privacy notices or policies) and shall have any and all required legal basis in order to collect, Process and transfer to Wiz the Customer Personal Data and to authorize the Processing by Wiz of the Customer Personal Data which is authorized in this DPA.
3. WIZ’S PROCESSING OF PERSONAL DATA
3.1 Application. As used in clauses 3 – 9 herein, Customer Personal Data refers to Customer Personal Data that is subject to Data Protection Laws.
3.2 Roles of the Parties. The Parties acknowledge and agree that with regard to the Processing of Customer Personal Data, (i) Customer is the Controller or Business, (ii) Wiz is the Processor or Service Provider, and (iii) Wiz or its Affiliates may engage Sub-Processors pursuant to the requirements set forth in Clause 6 below.
3.3 Wiz and its Affiliates (as applicable) shall Process Customer Personal Data only in accordance with Customer’s documented instructions, which are set out in the Agreement, as necessary for the performance of the Services and for the performance of the Agreement and this DPA, unless required to otherwise by any applicable law, court of competent jurisdiction or other Supervisory Authority to which Wiz and its Affiliates are subject, in which case, Wiz shall inform Customer of the legal requirement before processing, unless that law prohibits such information. Customer agrees that the Agreement is its complete and final instructions to Wiz in relation to the Processing of Personal Data. Processing any Personal Data outside the scope of the Agreement will require prior written agreement between Wiz and Customer by way of an amendment to the Agreement, and may include any additional fees that may be payable by Customer to Wiz for carrying out such instructions. The duration of the Processing, the nature and purposes of the Processing, as well as the types of Customer Personal Data Processed and categories of Data Subjects under this DPA are further specified in Schedule 1 to this DPA.
3.4 To the extent that Wiz or its Affiliates cannot comply with an instruction from Customer and/or its authorized users relating to Processing of Customer Personal Data or where Wiz considers such instruction to be unlawful, Wiz (i) shall inform Customer, providing relevant details of the problem; (ii) may, without any kind of liability towards Customer, temporarily cease all Processing of the affected Customer Personal Data (other than securely storing those data); and (iii) if the Parties do not agree on a resolution to the issue in question and the costs thereof, each Party may, as its sole remedy, terminate the Agreement and this DPA with respect to the affected Processing, and Customer shall pay to Wiz all the amounts owed to Wiz or due before the date of termination.
4. RIGHTS OF DATA SUBJECTS. If Wiz receives a request from a Data Subject to exercise its rights under Data Protection Laws (“Data Subject Request”), Wiz shall, to the extent legally permitted, promptly notify and forward such Data Subject Request to Customer. Taking into account the nature of the Processing, Wiz shall use commercially reasonable efforts to assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws.
5. WIZ PERSONNEL
5.1 Confidentiality. Wiz shall grant access to the Customer Personal Data to persons under its authority (including, without limitation, its personnel) only on a need-to-know basis and ensure that such persons engaged in the Processing of Customer Personal Data have committed themselves to confidentiality.
6. AUTHORIZATION REGARDING SUB-PROCESSORS
6.1 Customer hereby grants general written authorization to Wiz to appoint Sub-Processors to perform specific Processing activities on Customer Personal Data on its behalf. Wiz’s current list of Sub-Processors is included at https://www.wiz.io/sub-processor-list (“Sub-Processor List”) and is hereby approved by Customer.
6.2 Objection Right for Sub-Processors. Wiz offers a mechanism for Customers to subscribe to notifications of changes to Wiz’s Sub-Processor List via https://www.wiz.io/sub-processor-list. If Customer subscribes to receive such updates, Wiz shall provide notification of any intended changes concerning the addition or replacement of other Sub-Processor(s) to the email address which has subscribed thereby giving Customer the opportunity to object. Customer may reasonably object to Wiz’s use of a Sub-Processor for reasons related to the Data Protection Laws by notifying Wiz in writing within ten (10) days after receipt of Wiz’s notice including the reasons for objecting to Wiz’s use of such Sub-Processor. Failure to object to such Sub-Processor in writing within ten (10) days following Wiz’s notice shall be deemed as acceptance of the Sub-Processor. In the event Customer reasonably objects to a Sub-Processor, Wiz will use reasonable efforts to make available to Customer a change in the Services to avoid Processing of Customer Personal Data by the objected-to Sub-Processor without unreasonably burdening Customer. If Wiz is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may, as a sole remedy, terminate the Agreement and this DPA by providing written notice to Wiz provided that all amounts due under the Agreement before the termination date shall be duly paid to Wiz. Until a decision is made regarding the Sub-Processor, Wiz may temporarily suspend the Processing of the affected Customer Personal Data.
6.3 Where Wiz engages a Sub-Processor, we shall do so by way of a written contract which imposes on the Sub-Processor substantially the same data protection obligations as in this DPA.
7.SECURITY
7.1 Controls for the Protection of Customer Personal Data. Taking into account the state of the art, Wiz shall maintain industry-standard technical and organizational measures, including as required pursuant to Article 32 of the GDPR and other applicable Data Protection Laws, for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Personal Data), confidentiality and integrity of Customer Personal Data, as set forth in the Security Addendum. Upon Customer’s request, Wiz will use commercially reasonable efforts to assist Customer, in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR and other applicable Data Protection Laws taking into account the nature of the processing, the state of the art, the costs of implementation, the scope, the context, the purposes of the Processing and the information available to Wiz.
7.2 Third-Party Certifications and Audits. Upon Customer’s written request at reasonable intervals, and subject to the confidentiality obligations set forth in the Agreement, Wiz shall make available to Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and bound by confidentiality obligations) a copy of Wiz’s then most recent third-party audits or certifications, as applicable (provided, however, that any such documentation shall be Wiz’s confidential information and shall only be used by Customer to assess compliance with this DPA, and shall not be used for any other purpose or disclosed to any third party without Wiz’s prior written approval and, upon Wiz’s request, Customer shall return all such documentation in Customer’s possession or control). Only as required by applicable Data Protection Laws and at Customer’s cost and expense, not more than once per year, Wiz shall allow for and contribute to audits, including remote inspections, conducted by Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and that is bound by confidentiality obligations) provided that the parties shall agree on the scope, methodology, timing and conditions of such audits and inspections in advance. Notwithstanding anything to the contrary, such audits and/or inspections shall not contain any information, including without limitation, Personal Data that belongs to Wiz’s other customers.
8. TRANSFERS OF DATA
8.1 Transfers to countries that offer adequate level of data protection. Personal Data may be transferred from the Extended EEA Countries to countries or frameworks that offer adequate level of data protection under or pursuant to the adequacy decisions published by the relevant data protection authorities of the Extended EEA Countries (“Adequacy Decisions”), without any further safeguard being necessary.
8.2 Transfers to other countries. If, and to the extent, the Processing of Customer Personal Data which is subject to Data Protection Laws of the EEA Extended Countries includes transfers by Customer from the Extended EEA Countries to Wiz in countries outside the Extended EEA Countries which have not been subject to an Adequacy Decision (“Third Countries”), the Parties agree that such transfers shall be undertaken on the basis of the Standard Contractual Clauses, which will be deemed to have been signed by each Party on the Effective Date of this Agreement, are incorporated herein by reference and construed in accordance with Schedule 2 below, unless another mechanism provided for in the Data Protection Laws of the applicable Extended EEA Country applies.
8.3 In the event Customer enables Third Party Integrations (as defined in the Agreement) which involve transfers of Customer Personal Data between Wiz and the Third Party Integration provider, Customer acknowledges and agrees that (a) such Third Party Integration providers are not Sub-Processors of Wiz; (b) such transfers are conducted at Customer’s instruction in accordance with an agreement between the Customer and such Third Party Integration provider (which Wiz is not a party to); and (c) Customer shall be solely responsible for such transfers and their compliance with Data Protection Laws, including without limitation, executing Standard Contractual Clauses with such Third Party Integration providers as required.
9. US PRIVACY LAWS
9.1 In performing its obligations under the Agreement and this DPA, Wiz will not: (1) “sell” or “share” for purposes of “cross-context behavioral advertising” or “targeted advertising” (as defined by applicable US Privacy Laws) any Customer Personal Data; (2) retain, use, or disclose Customer Personal Data outside of the direct business relationship between Wiz and Customer; or (3) attempt to re-identify any pseudonymized, anonymized, aggregate, or de-identified Customer Personal Data.
9.2 Wiz will (1) comply with any applicable restrictions under applicable US Privacy Laws on combining Customer Personal Data with Personal Data that Wiz receives from, or on behalf of, another person or persons; and (2) promptly notify Customer if Wiz determines that it (i) can no longer meet its obligations under this DPA or applicable US Privacy Laws; or (ii) in Wiz’s opinion, an instruction from Customer infringes applicable US Privacy Laws.
9.3 To the extent required under US Privacy Laws, Customer may take reasonable and appropriate steps to help to ensure that Wiz uses Customer Personal Data in a manner consistent with Customer’s obligations under US Privacy Laws and to stop and remediate unauthorized use of the Customer Personal Data.
9.4 Wiz certifies that it understands its obligations in this Clause 9.The Parties agree that Schedule 1 hereto shall satisfy any requirement under applicable U.S. Privacy Law to provide details regarding the nature of the Processing activities related to Customer Personal Data.
10. PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION. To the extent required under applicable Data Protection Laws, Wiz shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data (a “Personal Data Incident”). Wiz shall make reasonable efforts to identify the cause of such Personal Data Incident and take those steps as Wiz deems necessary, possible and reasonable in order to remediate the cause of such a Personal Data Incident. Customer (or its customers), as the Controller or Business, will be the party responsible for notifying supervisory authorities and/or concerned Data Subjects (where required by Data Protection Laws).
11. RETURN AND DELETION OF PERSONAL DATA. Subject to the Agreement, upon termination or expiry of the Services, Wiz shall, make available for return the Customer Personal Data via the Services and delete such Customer Personal Data in accordance with Wiz’s customer data retention & deletion policy unless applicable law requires storage of the Customer Personal Data. In any event, Customer agrees that Wiz may retain Customer Personal Data in accordance with its standard backup policy, for evidence purposes and/or for the establishment, exercise or defence of legal claims and/or to comply with applicable laws and regulations. Notwithstanding anything to the contrary, Customer hereby agrees and understands that, to the extent Wiz performs cloud scanning on behalf of Customer, if and when Customer wants to delete specific Customer Personal Data, Customer may delete such Customer Personal Data from its own databases, and it will automatically be erased from Wiz’s databases within a reasonable market standard timeframe. If Customer requests return of the Customer Personal Data, it shall be returned in an industry standard format generally available for Wiz’s Customers.
12. TERMINATION. This DPA shall automatically terminate upon the termination or expiration of the Agreement under which the Services are provided, provided that, to the extent Wiz retains any Customer Personal Data following termination or expiration of the Agreement, this DPA shall survive for such period that Wiz retains Customer Personal Data. Clauses 2, 3.4 and 13 shall survive the termination or expiration of this DPA for any reason. This DPA cannot, in principle, be terminated separately to the Agreement, except where the Processing ends before the termination of the Agreement, in which case, this DPA shall automatically terminate.
13. RELATIONSHIP WITH AGREEMENT. Subject to any provisions in Schedule 2 regarding governing law and choice of forum of the Standard Contractual Clauses, the governing law and choice of forum provision in the Agreement shall apply to this DPA. In the event of any conflict between the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail over the conflicting provisions of the Agreement. For the avoidance of doubt each Party’s and its Affiliates’ liability, taken together in the aggregate, arising out of or relating to this DPA, the Standard Contractual Clauses, Data Protection Laws and any other data protection agreements in connection with the Agreement (if any), shall be subject to any aggregate limitations on liability set out in the Agreement. NOTWITHSTANDING THE FOREGOING, IF CUSTOMER IS USING THE SERVICES FOR A FREE TRIAL, WIZ’S MAXIMUM AGGREGATE LIABILITY TO CUSTOMER UNDER OR RELATED TO THIS DPA SHALL BE CAPPED AT ONE THOUSAND DOLLARS US ($1,000 US).
14. MISCELLANEOUS. Any Wiz obligation hereunder may be performed (in whole or in part), and any Wiz right (including invoice and payment rights) or remedy may be exercised (in whole or in part), by an Affiliate of Wiz. This DPA may be amended by Wiz from time to time in its sole discretion, with such updated version posted to Wiz’s website, provided, however, that no such update shall materially diminish the privacy or security of Customer Personal Data.
List of Schedules
SCHEDULE 1 – DETAILS OF THE PROCESSING
SCHEDULE 2 – STANDARD CONTRACTUAL CLAUSE
SCHEDULE 1
DETAILS OF THE PROCESSING
Subject matter.
Wiz will Process Customer Personal Data as necessary to perform the Services pursuant to the Agreement, as further instructed by Customer in its use of the Services.
Nature and Purpose of Processing.
1. Performing the Agreement, this DPA and/or other contracts executed by the Parties, including, providing the Service(s) and support and technical maintenance to Customer.
2. To comply with documented reasonable instructions provided by Customer where such instructions are consistent with the terms of the Agreement.
3. Resolving disputes, enforcing the Agreement, this DPA and/or defending Wiz’s rights.
4. Complying with applicable laws and regulations, including for cooperating with local and foreign tax authorities, preventing fraud, money laundering and terrorist financing.
Duration of Processing.
Subject to any section of the DPA and/or the Agreement dealing with the duration of the Processing and the consequences of the expiration or termination thereof, Wiz will Process Customer Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.
Types of Customer Personal Data.
Customer determines the categories of any Customer Personal Data that is made accessible to Wiz, which may include, without limitation, Customer Personal Data relating to the following categories:
- If Customer uses Wiz for scanning, Personal Data might be temporarily processed by Wiz during the scanning. The type of the Personal Data depends on Customer environment and which sources Customer connects.
- Wiz only stores metadata such as CVEs, misconfigurations, list of installed packages, cloud events, local cloud user accounts, cloud object identifiers and (depending on the features used by Customer) logs and file paths. Such metadata does not generally contain Personal Data, however, depending on the Customer’s environment and naming conventions and the features used by Customer, some limited Personal Data may be included. For example, cloud user account names, logs and artifacts could include an individual’s name, logs could contain names, associated email address and IP address and (if specific Wiz features are enabled) pseudonymized samples of findings to enable Customer to locate, verify and remediate the finding(s).
Customer acknowledges that Wiz does not control which Customer Personal Data Customer shares with it in the context of the Services.
Categories of Data Subjects.
As part of providing the Services, Wiz may process Customer Personal Data related to Customer’s customers or users, leads, employees and service providers, the extent of which is solely determined by Customer.
SCHEDULE 2
STANDARD CONTRACTUAL CLAUSES
1 Incorporation and interpretation of the Standard Contractual Clauses
1.1 In relation to transfers by Customer of Customer Personal Data which are subject to Data Protection Laws of the Extended EEA Countries to Wiz in Third Countries, the parties agree that Module Two (Transfer controller to processor) or Module 3 (Transfer processor to processor) of the Standard Contractual Clauses shall apply, as applicable.
1.2 The Parties acknowledge that the information required to be provided in the Standard Contractual Clauses, including the appendices, is set out in Appendix 1 below.
1.3 If there is a conflict between the provisions of this Agreement and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail, provided that, except to the extent prohibited by applicable law, the Standard Contractual Clauses shall be interpreted in accordance with and subject to this DPA and the Agreement, including without limitation, the provisions on limitation of liability, instructions, storage, erasure and return of Personal Data, audits and engagement of Sub-Processors.
1.4 If any provision or part-provision of this DPA or the Agreement causes the Standard Contractual Clauses to become an invalid export mechanism in the relevant Extended EEA Country, it shall be deemed deleted but that shall not affect the validity and enforceability of the rest of this Agreement and the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
1.5 Where requested by Wiz, Customer shall provide reasonable assistance to Wiz and be responsible for issuing such communications to Data Subjects and/or the Controller (to the extent Module Three applies) as are required in order for Wiz to comply with its obligations under the Standard Contractual Clauses.
1.6 For the purpose of Section III, Clause 14 of the Standard Contractual Clauses, the parties acknowledge and agree that, as between the parties, the Customer (acting as data exporter) is responsible for: (i) assessing the laws of the country to which it transfers Personal Data; and (ii) determining whether or not the transfer meets the requirements of Section III, Clause 14(a) of the Standard Contractual Clauses. Where Wiz (as data importer) provides information to the Customer (acting as data exporter) for assisting the Customer in its assessment, such information is provided on an “as is” basis for informational purposes only. Without prejudice to Section III, Clause 14(c) of the Standard Contractual Clauses, Wiz (as data importer) shall not be liable for any losses suffered by the Customer in connection with its assessment.
1.7 Notwithstanding anything to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is the UK, template Addendum B.1.0 issued by the UK ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses, (the “UK Approved Addendum”) shall amend the Standard Contractual Clauses in respect of such transfers and Part 1 of the UK Approved Addendum shall be populated as set out below:
Table 1. The “start date” will be the date this DPA enters into force. The “Parties” are Customer as exporter Wiz as importer.
Table 2. The “Addendum EU SCCs” are the modules and clauses of the Standard Contractual Clauses selected in relation to a particular transfer in accordance with paragraphs 1.1 and 1.2 of this Schedule.
Table 3. The “Appendix Information” is as set out in Appendix 1 to this Schedule.
Table 4. Neither party may end the UK Approved Addendum in accordance with its Section 19.
1.8 Except where paragraph 1.9 above applies, but notwithstanding anything else to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is not a Member State of the European Union, references in the Standard Contractual Clauses to:
(a)“Member States of the European Union” shall refer to the applicable Extended EEA Country in which the data exporter is established or from where the transferred Personal Data originated (as applicable);
(b)“the GDPR” shall refer to the Data Protection Laws of the Extended EEA Country in which the data exporter is established or from where the Personal Data originated; and
(c)“supervisory authority” shall refer to the data protection authority in the Extended EEA Country as determined in Annex I(C) below.
Appendix 1 – Completion of the Standard Contractual Clauses
ANNEX I
A. LIST OF THE PARTIES | |
Data Exporter: | Name and address: Customer, as set out in the Agreement Contact details: As set out in the Agreement Activities relevant to the data transferred under these Clauses: Receipt of Wiz Services, as set out in the Agreement and this DPA |
Data Importer: | Name and address: Wiz, as set out in the Agreement Contact details: Privacy Officer, privacy@wiz.io Activities relevant to the data transferred under these Clauses: Provision of Wiz Services, as set out in the Agreement and this DPA |
B. DETAILS OF PROCESSING/TRANSFER | |
CATEGORIES OF DATA SUBJECTS | As described in Schedule 1 |
CATEGORIES OF PERSONAL DATA | As described in Schedule 1 |
SPECIAL CATEGORIES OF DATA (IF APPLICABLE) | Wiz does not control which Personal Data Customer shares with it in the context of the Services |
FREQUENCY OF THE TRANSFER | As regular as is required to provide the Services |
NATURE AND PURPOSE OF THE PROCESSING | As described in Schedule 1 |
RETENTION | As described in Schedule 1 |
TRANSFER TO (SUB)PROCESSORS | As set out in Wiz’s Sub-Processor List |
C. COMPETENT SUPERVISORY AUTHORITY | |
The competent supervisory authority shall be determined in accordance with Clause 13 of the Standard Contractual Clauses. Where an EU Representative has not been appointed by data exporter, the competent supervisory authority shall be the supervisory authority of the Netherlands. | |
D. GOVERNING LAW AND CHOICE OF FORUM | |
GOVERNING LAW | For the purposes of Clause 17 of the Standard Contractual Clauses the Parties select OPTION 1: the law of the Netherlands. a) |
CHOICE OF FORUM | For the purposes of Clause 18 of the SCCs: the Parties select the courts of the Netherlands. |
E. OTHER | |
Where the Standard Contractual Clauses identify optional provisions (or provisions with multiple options) the following will apply: For Clause 7 (Docking Clause), the optional provision will apply. For Clause 9(a), option 2 (General Written Authorisation) will apply and the time period for prior notice of Sub-Processor changes shall be as set out in this DPA. For Clause 11(a) (Redress) – the optional provision will not apply. | |
ANNEX II – WIZ SECURITY MEASURES
The technical and organizational measures including technical and organizational measures to support the security of Personal Data incorporated into Annex II of the Standard Contractual Clauses shall be the technical and organizational security measures as described in Wiz’s Security Addendum.
In addition, Wiz agrees to the following compensating safeguards to protect such data to an equivalent level as required under the Data Protection Laws of the Extended EEA Countries to the extent required under the Standard Contractual Clauses:
- Wiz and Customer shall encrypt all transfers of the Customer Personal Data between them, and Wiz shall encrypt any onward transfers it makes of such Customer Personal Data.
- Wiz will use reasonably available legal mechanisms to challenge any demands for Customer Personal Data access through national security process it receives as well as any non-disclosure provisions attached thereto.
- Wiz will promptly notify Customer of any government demands for Customer Personal Data, unless prohibited under applicable law. To the extent Wiz is prohibited by law from providing such notification, Wiz shall: (i) review each request on a case-by-case basis; (ii) use reasonable efforts to request that the confidentiality requirement be waived to enable Wiz to notify the Customer and/or the appropriate Supervisory Authority competent for the Customer; and (iii) maintain evidence of any such attempt to have a confidentiality requirement waived.
- Wiz will promptly notify Customer if Wiz can no longer comply with the applicable clauses in this Section. Wiz shall not be required to provide Customer with specific information about why it can no longer comply, if providing such information is prohibited by applicable law. Such notice shall entitle Customer to terminate the Agreement (or, at Customer’s option, affected statements of work, order forms, and like documents thereunder) and receive a prompt pro-rata refund of any prepaid amounts thereunder.
Effective November 17th 2023 to November 20th 2023
DownloadTable of Contents
DATA PROCESSING AGREEMENT
This Data Processing Agreement (“DPA”) forms part of the Wiz Master Subscription Agreement or other agreement for Wiz services entered into between the Parties (the “Agreement”) between the Wiz entity that has entered into the Agreement (“Wiz”, “Us”, “We”, “Our”) and Customer (collectively, “You”, “Your”, or “Customer”) pursuant to the Agreement. Both parties shall be referred to as the “Parties” and each, a “Party”. This DPA forms a binding legal agreement to reflect the Parties’ agreement with regard to the Processing of Personal Data (as such terms are defined below).
WHEREAS, Wiz shall provide the services set forth in the Agreement (collectively, the “Services”) to Customer, as described in the Agreement; and
WHEREAS, the Parties wish to set forth the arrangements concerning the Processing of Personal Data within the context of the Services and agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
NOW THEREFORE, in consideration of the mutual promises set forth herein and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged by the Parties, the Parties, intending to be legally bound, agree as follows:
1. INTERPRETATION AND DEFINITIONS
1.1 The headings contained in this DPA are for convenience only and shall not be interpreted to limit or otherwise affect the provisions of this DPA. References to clauses or sections are references to the clauses or sections of this DPA unless otherwise stated. Words used in the singular include the plural and vice versa, as the context may require. Capitalized terms not defined herein shall have the meanings assigned to such terms in the Agreement.
1.2Definitions:
- “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- “Controller” or “Business” as relevant under applicable Data Protection Laws, means the entity which determines the purposes and means of the Processing of Personal Data or such equivalent term under Data Protection Laws.
- “Customer Personal Data” means any Personal Data which is provided to and Processed by Wiz on behalf of Customer in order to provide the Services under the Agreement. Customer Personal Data does not include Personal Data that Wiz Processes as a Controller separately from its Processing obligations to Customer under the Agreement.
- “Data Protection Laws” means all laws and regulations of the European Union, the EEA and their Member States, Switzerland, the United Kingdom, and the United States, each to the extent applicable to the Processing of Personal Data under the Agreement.
- “Data Subject” means the identified or identifiable person to whom the Customer Personal Data relates.
- “EEA” means the European Economic Area.
- “EU Data Protection Law” means the GDPR, and the UK GDPR.
- “Extended EEA Country” means a Member State of the EEA, Switzerland or the United Kingdom, and Extended EEA Countries means the foregoing countries collectively.
- “Member State(s)” means a country that belongs to the European Union and/or the EEA.
- “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier or such equivalent term under Data Protection Laws.
- “Process(ing)” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Processor” or “Service Provider,” as relevant under applicable Data Protection Laws, means the entity which Processes Personal Data on behalf of the Controller or Business or such equivalent term under Data Protection Laws.
- “Security Addendum” means Wiz’s Security Addendum which is available via https://www.wiz.io/legal/security-addendum.
- “Standard Contractual Clauses” means the “standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council adopted by the European Commission decision of 4 June 2021” and published under document number C (2021) 3972 available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0914&qid=1689513765256, as may be updated, amended or superseded from time to time.
- “Sub-Processor” means any Processor or Service Provider engaged by Wiz and/or Wiz Affiliate to Process Customer Personal Data.
- “Supervisory Authority” means the competent supervisory authority pursuant to the applicable Data Protection Laws.
- “Third Country” has the meaning given in Clause 8.2 below.
- “UK GDPR” means the GDPR as incorporated into United Kingdom domestic law pursuant to Section 3 of the European Union (Withdrawal) Act 2018 (the "UK GDPR").
- “US Privacy Laws” means the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq., as amended by the California Privacy Rights Act of 2020 along with any associated regulations (“CCPA”); the Virginia Consumer Data Protection Act (“VCDPA”); the Colorado Privacy Act; and any similar U.S. laws governing data privacy and security once effective.
2.CUSTOMER’S PROCESSING OF PERSONAL DATA. Customer shall, in its use of the Services, Process Customer Personal Data in accordance with the requirements of Data Protection Laws and comply at all times with the obligations applicable to Controllers or Businesses, as applicable. For the avoidance of doubt, Customer’s instructions for the Processing of Customer Personal Data shall comply with Data Protection Laws. Customer shall have sole responsibility for the means by which Customer acquired Customer Personal Data. Without limitation, Customer shall comply with any and all transparency-related obligations (including, without limitation, displaying any and all relevant and required privacy notices or policies) and shall have any and all required legal basis in order to collect, Process and transfer to Wiz the Customer Personal Data and to authorize the Processing by Wiz of the Customer Personal Data which is authorized in this DPA.
3.WIZ’S PROCESSING OF PERSONAL DATA
3.1Application. As used in clauses 3 – 9 herein, Customer Personal Data refers to Customer Personal Data that is subject to Data Protection Laws.
3.2Roles of the Parties. The Parties acknowledge and agree that with regard to the Processing of Customer Personal Data, (i) Customer is the Controller or Business, (ii) Wiz is the Processor or Service Provider, and (iii) Wiz or its Affiliates may engage Sub-Processors pursuant to the requirements set forth in Clause 6 below.
3.3Wiz and its Affiliates (as applicable) shall Process Customer Personal Data only in accordance with Customer’s documented instructions, which are set out in the Agreement, as necessary for the performance of the Services and for the performance of the Agreement and this DPA, unless required to otherwise by any applicable law, court of competent jurisdiction or other Supervisory Authority to which Wiz and its Affiliates are subject, in which case, Wiz shall inform Customer of the legal requirement before processing, unless that law prohibits such information. Customer agrees that the Agreement is its complete and final instructions to Wiz in relation to the Processing of Personal Data. Processing any Personal Data outside the scope of the Agreement will require prior written agreement between Wiz and Customer by way of an amendment to the Agreement, and may include any additional fees that may be payable by Customer to Wiz for carrying out such instructions. The duration of the Processing, the nature and purposes of the Processing, as well as the types of Customer Personal Data Processed and categories of Data Subjects under this DPA are further specified in Schedule 1 to this DPA.
3.4To the extent that Wiz or its Affiliates cannot comply with an instruction from Customer and/or its authorized users relating to Processing of Customer Personal Data or where Wiz considers such instruction to be unlawful, Wiz (i) shall inform Customer, providing relevant details of the problem; (ii) may, without any kind of liability towards Customer, temporarily cease all Processing of the affected Customer Personal Data (other than securely storing those data); and (iii) if the Parties do not agree on a resolution to the issue in question and the costs thereof, each Party may, as its sole remedy, terminate the Agreement and this DPA with respect to the affected Processing, and Customer shall pay to Wiz all the amounts owed to Wiz or due before the date of termination.
4.RIGHTS OF DATA SUBJECTS. If Wiz receives a request from a Data Subject to exercise its rights under Data Protection Laws (“Data Subject Request”), Wiz shall, to the extent legally permitted, promptly notify and forward such Data Subject Request to Customer. Taking into account the nature of the Processing, Wiz shall use commercially reasonable efforts to assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws.
5.WIZ PERSONNEL
5.1Confidentiality. Wiz shall grant access to the Customer Personal Data to persons under its authority (including, without limitation, its personnel) only on a need-to-know basis and ensure that such persons engaged in the Processing of Customer Personal Data have committed themselves to confidentiality.
6.AUTHORIZATION REGARDING SUB-PROCESSORS
6.1Customer hereby grants general written authorization to Wiz to appoint Sub-Processors to perform specific Processing activities on Customer Personal Data on its behalf. Wiz’s current list of Sub-Processors is included at https://www.wiz.io/sub-processor-list (“Sub-Processor List”) and is hereby approved by Customer.
6.2 Objection Right for Sub-Processors. Wiz offers a mechanism for Customers to subscribe to notifications of changes to Wiz’s Sub-Processor List via https://www.wiz.io/sub-processor-list. If Customer subscribes to receive such updates, Wiz shall provide notification of any intended changes concerning the addition or replacement of other Sub-Processor(s) to the email address which has subscribed thereby giving Customer the opportunity to object. Customer may reasonably object to Wiz’s use of a Sub-Processor for reasons related to the Data Protection Laws by notifying Wiz in writing within ten (10) days after receipt of Wiz’s notice including the reasons for objecting to Wiz’s use of such Sub-Processor. Failure to object to such Sub-Processor in writing within ten (10) days following Wiz’s notice shall be deemed as acceptance of the Sub-Processor. In the event Customer reasonably objects to a Sub-Processor, Wiz will use reasonable efforts to make available to Customer a change in the Services to avoid Processing of Customer Personal Data by the objected-to Sub-Processor without unreasonably burdening Customer. If Wiz is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may, as a sole remedy, terminate the Agreement and this DPA by providing written notice to Wiz provided that all amounts due under the Agreement before the termination date shall be duly paid to Wiz. Until a decision is made regarding the Sub-Processor, Wiz may temporarily suspend the Processing of the affected Customer Personal Data.
6.3Where Wiz engages a Sub-Processor, we shall do so by way of a written contract which imposes on the Sub-Processor substantially the same data protection obligations as in this DPA.
7.SECURITY
7.1Controls for the Protection of Customer Personal Data. Taking into account the state of the art, Wiz shall maintain industry-standard technical and organizational measures, including as required pursuant to Article 32 of the GDPR and other applicable Data Protection Laws, for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Personal Data), confidentiality and integrity of Customer Personal Data, as set forth in the Security Addendum. Upon Customer’s request, Wiz will use commercially reasonable efforts to assist Customer, in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR and other applicable Data Protection Laws taking into account the nature of the processing, the state of the art, the costs of implementation, the scope, the context, the purposes of the Processing and the information available to Wiz.
7.2Third-Party Certifications and Audits. Upon Customer’s written request at reasonable intervals, and subject to the confidentiality obligations set forth in the Agreement, Wiz shall make available to Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and bound by confidentiality obligations) a copy of Wiz’s then most recent third-party audits or certifications, as applicable (provided, however, that any such documentation shall be Wiz’s confidential information and shall only be used by Customer to assess compliance with this DPA, and shall not be used for any other purpose or disclosed to any third party without Wiz’s prior written approval and, upon Wiz’s request, Customer shall return all such documentation in Customer’s possession or control). Only as required by applicable Data Protection Laws and at Customer’s cost and expense, not more than once per year, Wiz shall allow for and contribute to audits, including remote inspections, conducted by Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and that is bound by confidentiality obligations) provided that the parties shall agree on the scope, methodology, timing and conditions of such audits and inspections in advance. Notwithstanding anything to the contrary, such audits and/or inspections shall not contain any information, including without limitation, Personal Data that belongs to Wiz’s other customers.
8.TRANSFERS OF DATA
8.1Transfers to countries that offer adequate level of data protection. Personal Data may be transferred from the Extended EEA Countries to countries or frameworks that offer adequate level of data protection under or pursuant to the adequacy decisions published by the relevant data protection authorities of the Extended EEA Countries (“Adequacy Decisions”), without any further safeguard being necessary.
8.2 Transfers to other countries. If, and to the extent, the Processing of Customer Personal Data which is subject to Data Protection Laws of the EEA Extended Countries includes transfers by Customer from the Extended EEA Countries to Wiz in countries outside the Extended EEA Countries which have not been subject to an Adequacy Decision (“Third Countries”), the Parties agree that such transfers shall be undertaken on the basis of the Standard Contractual Clauses, which will be deemed to have been signed by each Party on the Effective Date of this Agreement, are incorporated herein by reference and construed in accordance with Schedule 2 below, unless another mechanism provided for in the Data Protection Laws of the applicable Extended EEA Country applies.
8.3In the event Customer enables Third Party Integrations (as defined in the Agreement) which involve transfers of Customer Personal Data between Wiz and the Third Party Integration provider, Customer acknowledges and agrees that (a) such Third Party Integration providers are not Sub-Processors of Wiz; (b) such transfers are conducted at Customer’s instruction in accordance with an agreement between the Customer and such Third Party Integration provider (which Wiz is not a party to); and (c) Customer shall be solely responsible for such transfers and their compliance with Data Protection Laws, including without limitation, executing Standard Contractual Clauses with such Third Party Integration providers as required.
9. US PRIVACY LAWS
9.1 In performing its obligations under the Agreement and this DPA, Wiz will not: (1) “sell” or “share” for purposes of “cross-context behavioral advertising” or “targeted advertising” (as defined by applicable US Privacy Laws) any Customer Personal Data; (2) retain, use, or disclose Customer Personal Data outside of the direct business relationship between Wiz and Customer; or (3) attempt to re-identify any pseudonymized, anonymized, aggregate, or de-identified Customer Personal Data.
9.2Wiz will (1) comply with any applicable restrictions under applicable US Privacy Laws on combining Customer Personal Data with Personal Data that Wiz receives from, or on behalf of, another person or persons; and (2) promptly notify Customer if Wiz determines that it (i) can no longer meet its obligations under this DPA or applicable US Privacy Laws; or (ii) in Wiz’s opinion, an instruction from Customer infringes applicable US Privacy Laws.
9.3 Wiz certifies that it understands its obligations in this Clause 9.
9.4The Parties agree that Schedule 1 hereto shall satisfy any requirement under applicable U.S. Privacy Law to provide details regarding the nature of the Processing activities related to Customer Personal Data.
10.PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION. To the extent required under applicable Data Protection Laws, Wiz shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data (a “Personal Data Incident”). Wiz shall make reasonable efforts to identify the cause of such Personal Data Incident and take those steps as Wiz deems necessary, possible and reasonable in order to remediate the cause of such a Personal Data Incident. Customer (or its customers), as the Controller or Business, will be the party responsible for notifying supervisory authorities and/or concerned Data Subjects (where required by Data Protection Laws).
11.RETURN AND DELETION OF PERSONAL DATA. Subject to the Agreement, upon termination or expiry of the Services, Wiz shall, make available for return the Customer Personal Data via the Services and delete such Customer Personal Data in accordance with Wiz’s customer data retention & deletion policy unless applicable law requires storage of the Customer Personal Data. In any event, Customer agrees that Wiz may retain Customer Personal Data in accordance with its standard backup policy, for evidence purposes and/or for the establishment, exercise or defence of legal claims and/or to comply with applicable laws and regulations. Notwithstanding anything to the contrary, Customer hereby agrees and understands that, to the extent Wiz performs cloud scanning on behalf of Customer, if and when Customer wants to delete specific Customer Personal Data, Customer may delete such Customer Personal Data from its own databases, and it will automatically be erased from Wiz’s databases within a reasonable market standard timeframe. If Customer requests return of the Customer Personal Data, it shall be returned in an industry standard format generally available for Wiz’s Customers.
12.TERMINATION. This DPA shall automatically terminate upon the termination or expiration of the Agreement under which the Services are provided, provided that, to the extent Wiz retains any Customer Personal Data following termination or expiration of the Agreement, this DPA shall survive for such period that Wiz retains Customer Personal Data. Clauses 2, 3.4 and 13 shall survive the termination or expiration of this DPA for any reason. This DPA cannot, in principle, be terminated separately to the Agreement, except where the Processing ends before the termination of the Agreement, in which case, this DPA shall automatically terminate.
13.RELATIONSHIP WITH AGREEMENT. Subject to any provisions in Schedule 2 regarding governing law and choice of forum of the Standard Contractual Clauses, the governing law and choice of forum provision in the Agreement shall apply to this DPA. In the event of any conflict between the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail over the conflicting provisions of the Agreement. For the avoidance of doubt each Party’s and its Affiliates’ liability, taken together in the aggregate, arising out of or relating to this DPA, the Standard Contractual Clauses, Data Protection Laws and any other data protection agreements in connection with the Agreement (if any), shall be subject to any aggregate limitations on liability set out in the Agreement. NOTWITHSTANDING THE FOREGOING, IF CUSTOMER IS USING THE SERVICES FOR A FREE TRIAL, WIZ’S MAXIMUM AGGREGATE LIABILITY TO CUSTOMER UNDER OR RELATED TO THIS DPA SHALL BE CAPPED AT ONE THOUSAND DOLLARS US ($1,000 US).
14.MISCELLANEOUS. Any Wiz obligation hereunder may be performed (in whole or in part), and any Wiz right (including invoice and payment rights) or remedy may be exercised (in whole or in part), by an Affiliate of Wiz. This DPA may be amended by Wiz from time to time in its sole discretion, with such updated version posted to Wiz’s website, provided, however, that no such update shall materially diminish the privacy or security of Customer Personal Data.
List of Schedules
SCHEDULE 1 – DETAILS OF THE PROCESSING
SCHEDULE 2 – STANDARD CONTRACTUAL CLAUSE
SCHEDULE 1
DETAILS OF THE PROCESSING
Subject matter.
Wiz will Process Customer Personal Data as necessary to perform the Services pursuant to the Agreement, as further instructed by Customer in its use of the Services.
Nature and Purpose of Processing.
1.Performing the Agreement, this DPA and/or other contracts executed by the Parties, including, providing the Service(s) and support and technical maintenance to Customer.
2.To comply with documented reasonable instructions provided by Customer where such instructions are consistent with the terms of the Agreement.
3.Resolving disputes, enforcing the Agreement, this DPA and/or defending Wiz’s rights.
4.Complying with applicable laws and regulations, including for cooperating with local and foreign tax authorities, preventing fraud, money laundering and terrorist financing.
Duration of Processing.
Subject to any section of the DPA and/or the Agreement dealing with the duration of the Processing and the consequences of the expiration or termination thereof, Wiz will Process Customer Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.
Types of Customer Personal Data.
Customer determines the categories of any Customer Personal Data that is made accessible to Wiz, which may include, without limitation, Customer Personal Data relating to the following categories:
- If Customer uses Wiz for scanning, Personal Data might be temporarily processed by Wiz during the scanning. The type of the Personal Data depends on Customer environment and which sources Customer connects.
- Wiz only stores metadata such as CVEs, misconfigurations, list of installed packages, cloud events, local cloud user accounts, cloud object identifiers and (depending on the features used by Customer) logs and file paths. Such metadata does not generally contain Personal Data, however, depending on the Customer’s environment and naming conventions and the features used by Customer, some limited Personal Data may be included. For example, cloud user account names, logs and artifacts could include an individual’s name, logs could contain names, associated email address and IP address and (if specific Wiz features are enabled) pseudonymized samples of findings to enable Customer to locate, verify and remediate the finding(s).
Customer acknowledges that Wiz does not control which Customer Personal Data Customer shares with it in the context of the Services.
Categories of Data Subjects.
As part of providing the Services, Wiz may process Customer Personal Data related to Customer’s customers or users, leads, employees and service providers, the extent of which is solely determined by Customer.
SCHEDULE 2
STANDARD CONTRACTUAL CLAUSES
1Incorporation and interpretation of the Standard Contractual Clauses
1.1In relation to transfers by Customer of Customer Personal Data which are subject to Data Protection Laws of the EEA Extended Countries to Wiz in Third Countries, the parties agree that Module Two (Transfer controller to processor) or Module 3 (Transfer processor to processor) of the Standard Contractual Clauses shall apply, as applicable.
1.2The Parties acknowledge that the information required to be provided in the Standard Contractual Clauses, including the appendices, is set out in Appendix 1 below.
1.3If there is a conflict between the provisions of this Agreement and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail, provided that, except to the extent prohibited by applicable law, the Standard Contractual Clauses shall be interpreted in accordance with and subject to this DPA and the Agreement, including without limitation, the provisions on limitation of liability, instructions, storage, erasure and return of Personal Data, audits and engagement of Sub-Processors.
1.4If any provision or part-provision of this DPA or the Agreement causes the Standard Contractual Clauses to become an invalid export mechanism in the relevant Extended EEA Country, it shall be deemed deleted but that shall not affect the validity and enforceability of the rest of this Agreement and the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
1.5Where requested by Wiz, Customer shall provide reasonable assistance to Wiz and be responsible for issuing such communications to Data Subjects and/or the Controller (to the extent Module Three applies) as are required in order for Wiz to comply with its obligations under the Standard Contractual Clauses.
1.6For the purpose of Section III, Clause 14 of the Standard Contractual Clauses, the parties acknowledge and agree that, as between the parties, the Customer (acting as data exporter) is responsible for: (i) assessing the laws of the country to which it transfers Personal Data; and (ii) determining whether or not the transfer meets the requirements of Section III, Clause 14(a) of the Standard Contractual Clauses. Where Wiz (as data importer) provides information to the Customer (acting as data exporter) for assisting the Customer in its assessment, such information is provided on an “as is” basis for informational purposes only. Without prejudice to Section III, Clause 14(c) of the Standard Contractual Clauses, Wiz (as data importer) shall not be liable for any losses suffered by the Customer in connection with its assessment.
1.7 Notwithstanding anything to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is the UK, template Addendum B.1.0 issued by the UK ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses, (the “UK Approved Addendum”) shall amend the Standard Contractual Clauses in respect of such transfers and Part 1 of the UK Approved Addendum shall be populated as set out below:
Table 1. The “start date” will be the date this DPA enters into force. The “Parties” are Customer as exporter Wiz as importer.
Table 2. The “Addendum EU SCCs” are the modules and clauses of the Standard Contractual Clauses selected in relation to a particular transfer in accordance with paragraphs 1.1 and 1.2 of this Schedule.
Table 3. The “Appendix Information” is as set out in Appendix 1 to this Schedule.
Table 4. Neither party may end the UK Approved Addendum in accordance with its Section 19.
1.8 Except where paragraph 1.9 above applies, but notwithstanding anything else to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is not a Member State of the European Union, references in the Standard Contractual Clauses to:
(a)“Member States of the European Union” shall refer to the applicable Extended EEA Country in which the data exporter is established or from where the transferred Personal Data originated (as applicable);
(b)“the GDPR” shall refer to the Data Protection Laws of the Extended EEA Country in which the data exporter is established or from where the Personal Data originated; and
(c)“supervisory authority” shall refer to the data protection authority in the Extended EEA Country as determined in Annex I(C) below.
Appendix 1 – Completion of the Standard Contractual Clauses
ANNEX I
A. LIST OF THE PARTIES | |
Data Exporter: | Name and address: Customer, as set out in the Agreement Contact details: As set out in the Agreement Activities relevant to the data transferred under these Clauses: Receipt of Wiz Services, as set out in the Agreement and this DPA |
Data Importer: | Name and address: Wiz, as set out in the Agreement Contact details: Privacy Officer, privacy@wiz.io Activities relevant to the data transferred under these Clauses: Provision of Wiz Services, as set out in the Agreement and this DPA |
B. DETAILS OF PROCESSING/TRANSFER | |
CATEGORIES OF DATA SUBJECTS | As described in Schedule 1 |
CATEGORIES OF PERSONAL DATA | As described in Schedule 1 |
SPECIAL CATEGORIES OF DATA (IF APPLICABLE) | Wiz does not control which Personal Data Customer shares with it in the context of the Services |
FREQUENCY OF THE TRANSFER | As regular as is required to provide the Services |
NATURE AND PURPOSE OF THE PROCESSING | As described in Schedule 1 |
RETENTION | As described in Schedule 1 |
TRANSFER TO (SUB)PROCESSORS | As set out in Wiz’s Sub-Processor List |
C. COMPETENT SUPERVISORY AUTHORITY | |
The competent supervisory authority shall be determined in accordance with Clause 13 of the Standard Contractual Clauses. Where an EU Representative has not been appointed by data exporter, the competent supervisory authority shall be the supervisory authority of the Netherlands. | |
D. GOVERNING LAW AND CHOICE OF FORUM | |
GOVERNING LAW | For the purposes of Clause 17 of the Standard Contractual Clauses the Parties select OPTION 1: the law of the Netherlands. a) |
CHOICE OF FORUM | For the purposes of Clause 18 of the SCCs: the Parties select the courts of the Netherlands. |
E. OTHER | |
Where the Standard Contractual Clauses identify optional provisions (or provisions with multiple options) the following will apply: For Clause 7 (Docking Clause), the optional provision will apply. For Clause 9(a), option 2 (General Written Authorisation) will apply and the time period for prior notice of Sub-Processor changes shall be as set out in this DPA. For Clause 11(a) (Redress) – the optional provision will not apply. | |
ANNEX II – WIZ SECURITY MEASURES
The technical and organizational measures including technical and organizational measures to support the security of Personal Data incorporated into Annex II of the Standard Contractual Clauses shall be the technical and organizational security measures as described in Wiz’s Security Addendum.
In addition, Wiz agrees to the following compensating safeguards to protect such data to an equivalent level as required under the Data Protection Laws of the Extended EEA Countries to the extent required under the Standard Contractual Clauses:
- Wiz and Customer shall encrypt all transfers of the Customer Personal Data between them, and Wiz shall encrypt any onward transfers it makes of such Customer Personal Data.
- Wiz will use reasonably available legal mechanisms to challenge any demands for Customer Personal Data access through national security process it receives as well as any non-disclosure provisions attached thereto.
- Wiz will promptly notify Customer of any government demands for Customer Personal Data, unless prohibited under applicable law. To the extent Wiz is prohibited by law from providing such notification, Wiz shall: (i) review each request on a case-by-case basis; (ii) use reasonable efforts to request that the confidentiality requirement be waived to enable Wiz to notify the Customer and/or the appropriate Supervisory Authority competent for the Customer; and (iii) maintain evidence of any such attempt to have a confidentiality requirement waived.
- Wiz will promptly notify Customer if Wiz can no longer comply with the applicable clauses in this Section. Wiz shall not be required to provide Customer with specific information about why it can no longer comply, if providing such information is prohibited by applicable law. Such notice shall entitle Customer to terminate the Agreement (or, at Customer’s option, affected statements of work, order forms, and like documents thereunder) and receive a prompt pro-rata refund of any prepaid amounts thereunder.
Effective November 13th 2023 to November 17th 2023
DownloadTable of Contents
DATA PROCESSING AGREEMENT
This Data Processing Agreement (“DPA”) forms part of the Wiz Master Subscription Agreement or other agreement for Wiz services entered into between the Parties (the “Agreement”) between the Wiz entity that has entered into the Agreement (“Wiz”, “Us”, “We”, “Our”) and Customer (collectively, “You”, “Your”, or “Customer”) pursuant to the Agreement. Both parties shall be referred to as the “Parties” and each, a “Party”. This DPA forms a binding legal agreement to reflect the Parties’ agreement with regard to the Processing of Personal Data (as such terms are defined below).
WHEREAS, Wiz shall provide the services set forth in the Agreement (collectively, the “Services”) to Customer, as described in the Agreement; and
WHEREAS, the Parties wish to set forth the arrangements concerning the Processing of Personal Data within the context of the Services and agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
NOW THEREFORE, in consideration of the mutual promises set forth herein and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged by the Parties, the Parties, intending to be legally bound, agree as follows:
1. INTERPRETATION AND DEFINITIONS
1.1 The headings contained in this DPA are for convenience only and shall not be interpreted to limit or otherwise affect the provisions of this DPA. References to clauses or sections are references to the clauses or sections of this DPA unless otherwise stated. Words used in the singular include the plural and vice versa, as the context may require. Capitalized terms not defined herein shall have the meanings assigned to such terms in the Agreement.
1.2Definitions:
- “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- “Controller” or “Business” as relevant under applicable Data Protection Laws, means the entity which determines the purposes and means of the Processing of Personal Data or such equivalent term under Data Protection Laws.
- “Customer Personal Data” means any Personal Data which is provided to and Processed by Wiz on behalf of Customer in order to provide the Services under the Agreement. Customer Personal Data does not include Personal Data that Wiz Processes as a Controller separately from its Processing obligations to Customer under the Agreement.
- “Data Protection Laws” means all laws and regulations of the European Union, the EEA and their Member States, Switzerland, the United Kingdom, and the United States, each to the extent applicable to the Processing of Personal Data under the Agreement.
- “Data Subject” means the identified or identifiable person to whom the Customer Personal Data relates.
- “EEA” means the European Economic Area.
- “EU Data Protection Law” means the GDPR, and the UK GDPR.
- “Extended EEA Country” means a Member State of the EEA, Switzerland or the United Kingdom, and Extended EEA Countries means the foregoing countries collectively.
- “Member State(s)” means a country that belongs to the European Union and/or the EEA.
- “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier or such equivalent term under Data Protection Laws.
- “Process(ing)” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Processor” or “Service Provider,” as relevant under applicable Data Protection Laws, means the entity which Processes Personal Data on behalf of the Controller or Business or such equivalent term under Data Protection Laws.
- “Security Addendum” means Wiz’s Security Addendum which is available via https://www.wiz.io/legal/security-addendum.
- “Standard Contractual Clauses” means the “standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council adopted by the European Commission decision of 4 June 2021” and published under document number C (2021) 3972 available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0914&qid=1689513765256, as may be updated, amended or superseded from time to time.
- “Sub-Processor” means any Processor or Service Provider engaged by Wiz and/or Wiz Affiliate to Process Customer Personal Data.
- “Supervisory Authority” means the competent supervisory authority pursuant to the applicable Data Protection Laws.
- “Third Country” has the meaning given in Clause 8.2 below.
- “UK GDPR” means the GDPR as incorporated into United Kingdom domestic law pursuant to Section 3 of the European Union (Withdrawal) Act 2018 (the "UK GDPR").
- “US Privacy Laws” means the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq., as amended by the California Privacy Rights Act of 2020 along with any associated regulations (“CCPA”); the Virginia Consumer Data Protection Act (“VCDPA”); the Colorado Privacy Act; and any similar U.S. laws governing data privacy and security once effective.
2.CUSTOMER’S PROCESSING OF PERSONAL DATA. Customer shall, in its use of the Services, Process Customer Personal Data in accordance with the requirements of Data Protection Laws and comply at all times with the obligations applicable to Controllers or Businesses, as applicable. For the avoidance of doubt, Customer’s instructions for the Processing of Customer Personal Data shall comply with Data Protection Laws. Customer shall have sole responsibility for the means by which Customer acquired Customer Personal Data. Without limitation, Customer shall comply with any and all transparency-related obligations (including, without limitation, displaying any and all relevant and required privacy notices or policies) and shall have any and all required legal basis in order to collect, Process and transfer to Wiz the Customer Personal Data and to authorize the Processing by Wiz of the Customer Personal Data which is authorized in this DPA.
3.WIZ’S PROCESSING OF PERSONAL DATA
3.1Application. As used in clauses 3 – 9 herein, Customer Personal Data refers to Customer Personal Data that is subject to Data Protection Laws.
3.2Roles of the Parties. The Parties acknowledge and agree that with regard to the Processing of Customer Personal Data, (i) Customer is the Controller or Business, (ii) Wiz is the Processor or Service Provider, and (iii) Wiz or its Affiliates may engage Sub-Processors pursuant to the requirements set forth in Clause 6 below.
3.3Wiz and its Affiliates (as applicable) shall Process Customer Personal Data only in accordance with Customer’s documented instructions, which are set out in the Agreement, as necessary for the performance of the Services and for the performance of the Agreement and this DPA, unless required to otherwise by any applicable law, court of competent jurisdiction or other Supervisory Authority to which Wiz and its Affiliates are subject, in which case, Wiz shall inform Customer of the legal requirement before processing, unless that law prohibits such information. Customer agrees that the Agreement is its complete and final instructions to Wiz in relation to the Processing of Personal Data. Processing any Personal Data outside the scope of the Agreement will require prior written agreement between Wiz and Customer by way of an amendment to the Agreement, and may include any additional fees that may be payable by Customer to Wiz for carrying out such instructions. The duration of the Processing, the nature and purposes of the Processing, as well as the types of Customer Personal Data Processed and categories of Data Subjects under this DPA are further specified in Schedule 1 to this DPA.
3.4To the extent that Wiz or its Affiliates cannot comply with an instruction from Customer and/or its authorized users relating to Processing of Customer Personal Data or where Wiz considers such instruction to be unlawful, Wiz (i) shall inform Customer, providing relevant details of the problem; (ii) may, without any kind of liability towards Customer, temporarily cease all Processing of the affected Customer Personal Data (other than securely storing those data); and (iii) if the Parties do not agree on a resolution to the issue in question and the costs thereof, each Party may, as its sole remedy, terminate the Agreement and this DPA with respect to the affected Processing, and Customer shall pay to Wiz all the amounts owed to Wiz or due before the date of termination.
4.RIGHTS OF DATA SUBJECTS. If Wiz receives a request from a Data Subject to exercise its rights under Data Protection Laws (“Data Subject Request”), Wiz shall, to the extent legally permitted, promptly notify and forward such Data Subject Request to Customer. Taking into account the nature of the Processing, Wiz shall use commercially reasonable efforts to assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws.
5.WIZ PERSONNEL
5.1Confidentiality. Wiz shall grant access to the Customer Personal Data to persons under its authority (including, without limitation, its personnel) only on a need-to-know basis and ensure that such persons engaged in the Processing of Customer Personal Data have committed themselves to confidentiality.
6.AUTHORIZATION REGARDING SUB-PROCESSORS
6.1Customer hereby grants general written authorization to Wiz to appoint Sub-Processors to perform specific Processing activities on Customer Personal Data on its behalf. Wiz’s current list of Sub-Processors is included at https://www.wiz.io/sub-processor-list (“Sub-Processor List”) and is hereby approved by Customer.
6.2 Objection Right for Sub-Processors. Wiz offers a mechanism for Customers to subscribe to notifications of changes to Wiz’s Sub-Processor List via https://www.wiz.io/sub-processor-list. If Customer subscribes to receive such updates, Wiz shall provide notification of any intended changes concerning the addition or replacement of other Sub-Processor(s) to the email address which has subscribed thereby giving Customer the opportunity to object. Customer may reasonably object to Wiz’s use of a Sub-Processor for reasons related to the Data Protection Laws by notifying Wiz in writing within ten (10) days after receipt of Wiz’s notice including the reasons for objecting to Wiz’s use of such Sub-Processor. Failure to object to such Sub-Processor in writing within ten (10) days following Wiz’s notice shall be deemed as acceptance of the Sub-Processor. In the event Customer reasonably objects to a Sub-Processor, Wiz will use reasonable efforts to make available to Customer a change in the Services to avoid Processing of Customer Personal Data by the objected-to Sub-Processor without unreasonably burdening Customer. If Wiz is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may, as a sole remedy, terminate the Agreement and this DPA by providing written notice to Wiz provided that all amounts due under the Agreement before the termination date shall be duly paid to Wiz. Until a decision is made regarding the Sub-Processor, Wiz may temporarily suspend the Processing of the affected Customer Personal Data.
6.3Where Wiz engages a Sub-Processor, we shall do so by way of a written contract which imposes on the Sub-Processor substantially the same data protection obligations as in this DPA.
7.SECURITY
7.1Controls for the Protection of Customer Personal Data. Taking into account the state of the art, Wiz shall maintain industry-standard technical and organizational measures, including as required pursuant to Article 32 of the GDPR and other applicable Data Protection Laws, for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Personal Data), confidentiality and integrity of Customer Personal Data, as set forth in the Security Addendum. Upon Customer’s request, Wiz will use commercially reasonable efforts to assist Customer, in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR and other applicable Data Protection Laws taking into account the nature of the processing, the state of the art, the costs of implementation, the scope, the context, the purposes of the Processing and the information available to Wiz.
7.2Third-Party Certifications and Audits. Upon Customer’s written request at reasonable intervals, and subject to the confidentiality obligations set forth in the Agreement, Wiz shall make available to Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and bound by confidentiality obligations) a copy of Wiz’s then most recent third-party audits or certifications, as applicable (provided, however, that any such documentation shall be Wiz’s confidential information and shall only be used by Customer to assess compliance with this DPA, and shall not be used for any other purpose or disclosed to any third party without Wiz’s prior written approval and, upon Wiz’s request, Customer shall return all such documentation in Customer’s possession or control). Only as required by applicable Data Protection Laws and at Customer’s cost and expense, not more than once per year, Wiz shall allow for and contribute to audits, including remote inspections, conducted by Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and that is bound by confidentiality obligations) provided that the parties shall agree on the scope, methodology, timing and conditions of such audits and inspections in advance. Notwithstanding anything to the contrary, such audits and/or inspections shall not contain any information, including without limitation, Personal Data that belongs to Wiz’s other customers.
8.TRANSFERS OF DATA
8.1Transfers to countries that offer adequate level of data protection. Personal Data may be transferred from the Extended EEA Countries to countries or frameworks that offer adequate level of data protection under or pursuant to the adequacy decisions published by the relevant data protection authorities of the Extended EEA Countries (“Adequacy Decisions”), without any further safeguard being necessary.
8.2 Transfers to other countries. If, and to the extent, the Processing of Customer Personal Data which is subject to Data Protection Laws of the EEA Extended Countries includes transfers by Customer from the Extended EEA Countries to Wiz in countries outside the Extended EEA Countries which have not been subject to an Adequacy Decision (“Third Countries”), the Parties agree that such transfers shall be undertaken on the basis of the Standard Contractual Clauses, which will be deemed to have been signed by each Party on the Effective Date of this Agreement, are incorporated herein by reference and construed in accordance with Schedule 2 below, unless another mechanism provided for in the Data Protection Laws of the applicable Extended EEA Country applies.
8.3In the event Customer enables Third Party Integrations (as defined in the Agreement) which involve transfers of Customer Personal Data between Wiz and the Third Party Integration provider, Customer acknowledges and agrees that (a) such Third Party Integration providers are not Sub-Processors of Wiz; (b) such transfers are conducted at Customer’s instruction in accordance with an agreement between the Customer and such Third Party Integration provider (which Wiz is not a party to); and (c) Customer shall be solely responsible for such transfers and their compliance with Data Protection Laws, including without limitation, executing Standard Contractual Clauses with such Third Party Integration providers as required.
9. US PRIVACY LAWS
9.1 In performing its obligations under the Agreement and this DPA, Wiz will not: (1) “sell” or “share” for purposes of “cross-context behavioral advertising” or “targeted advertising” (as defined by applicable US Privacy Laws) any Customer Personal Data; (2) retain, use, or disclose Customer Personal Data outside of the direct business relationship between Wiz and Customer; or (3) attempt to re-identify any pseudonymized, anonymized, aggregate, or de-identified Customer Personal Data.
9.2Wiz will (1) comply with any applicable restrictions under applicable US Privacy Laws on combining Customer Personal Data with Personal Data that Wiz receives from, or on behalf of, another person or persons; and (2) promptly notify Customer if Wiz determines that it (i) can no longer meet its obligations under this DPA or applicable US Privacy Laws; or (ii) in Wiz’s opinion, an instruction from Customer infringes applicable US Privacy Laws.
9.3 Wiz certifies that it understands its obligations in this Clause 9.
9.4The Parties agree that Schedule 1 hereto shall satisfy any requirement under applicable U.S. Privacy Law to provide details regarding the nature of the Processing activities related to Customer Personal Data.
10.PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION. To the extent required under applicable Data Protection Laws, Wiz shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data (a “Personal Data Incident”). Wiz shall make reasonable efforts to identify the cause of such Personal Data Incident and take those steps as Wiz deems necessary, possible and reasonable in order to remediate the cause of such a Personal Data Incident. Customer (or its customers), as the Controller or Business, will be the party responsible for notifying supervisory authorities and/or concerned Data Subjects (where required by Data Protection Laws).
11.RETURN AND DELETION OF PERSONAL DATA. Subject to the Agreement, upon termination or expiry of the Services, Wiz shall, make available for return the Customer Personal Data via the Services and delete such Customer Personal Data in accordance with Wiz’s customer data retention & deletion policy unless applicable law requires storage of the Customer Personal Data. In any event, Customer agrees that Wiz may retain Customer Personal Data in accordance with its standard backup policy, for evidence purposes and/or for the establishment, exercise or defence of legal claims and/or to comply with applicable laws and regulations. Notwithstanding anything to the contrary, Customer hereby agrees and understands that, to the extent Wiz performs cloud scanning on behalf of Customer, if and when Customer wants to delete specific Customer Personal Data, Customer may delete such Customer Personal Data from its own databases, and it will automatically be erased from Wiz’s databases within a reasonable market standard timeframe. If Customer requests return of the Customer Personal Data, it shall be returned in an industry standard format generally available for Wiz’s Customers.
12.TERMINATION. This DPA shall automatically terminate upon the termination or expiration of the Agreement under which the Services are provided, provided that, to the extent Wiz retains any Customer Personal Data following termination or expiration of the Agreement, this DPA shall survive for such period that Wiz retains Customer Personal Data. Clauses 2, 3.4 and 13 shall survive the termination or expiration of this DPA for any reason. This DPA cannot, in principle, be terminated separately to the Agreement, except where the Processing ends before the termination of the Agreement, in which case, this DPA shall automatically terminate.
13.RELATIONSHIP WITH AGREEMENT. Subject to any provisions in Schedule 2 regarding governing law and choice of forum of the Standard Contractual Clauses, the governing law and choice of forum provision in the Agreement shall apply to this DPA. In the event of any conflict between the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail over the conflicting provisions of the Agreement. For the avoidance of doubt each Party’s and its Affiliates’ liability, taken together in the aggregate, arising out of or relating to this DPA, the Standard Contractual Clauses, Data Protection Laws and any other data protection agreements in connection with the Agreement (if any), shall be subject to any aggregate limitations on liability set out in the Agreement. NOTWITHSTANDING THE FOREGOING, IF CUSTOMER IS USING THE SERVICES FOR A FREE TRIAL, WIZ’S MAXIMUM AGGREGATE LIABILITY TO CUSTOMER UNDER OR RELATED TO THIS DPA SHALL BE CAPPED AT ONE THOUSAND DOLLARS US ($1,000 US).
14.MISCELLANEOUS. Any Wiz obligation hereunder may be performed (in whole or in part), and any Wiz right (including invoice and payment rights) or remedy may be exercised (in whole or in part), by an Affiliate of Wiz. This DPA may be amended by Wiz from time to time in its sole discretion, with such updated version posted to Wiz’s website, provided, however, that no such update shall materially diminish the privacy or security of Customer Personal Data.
List of Schedules
SCHEDULE 1 – DETAILS OF THE PROCESSING
SCHEDULE 2 – STANDARD CONTRACTUAL CLAUSE
SCHEDULE 1
DETAILS OF THE PROCESSING
Subject matter.
Wiz will Process Customer Personal Data as necessary to perform the Services pursuant to the Agreement, as further instructed by Customer in its use of the Services.
Nature and Purpose of Processing.
1.Performing the Agreement, this DPA and/or other contracts executed by the Parties, including, providing the Service(s) and support and technical maintenance to Customer.
2.To comply with documented reasonable instructions provided by Customer where such instructions are consistent with the terms of the Agreement.
3.Resolving disputes, enforcing the Agreement, this DPA and/or defending Wiz’s rights.
4.Complying with applicable laws and regulations, including for cooperating with local and foreign tax authorities, preventing fraud, money laundering and terrorist financing.
Duration of Processing.
Subject to any section of the DPA and/or the Agreement dealing with the duration of the Processing and the consequences of the expiration or termination thereof, Wiz will Process Customer Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.
Types of Customer Personal Data.
Customer determines the categories of any Customer Personal Data that is made accessible to Wiz, which may include, without limitation, Customer Personal Data relating to the following categories:
- If Customer uses Wiz for scanning, Personal Data might be temporarily processed by Wiz during the scanning. The type of the Personal Data depends on Customer environment and which sources Customer connects.
- Wiz only stores metadata such as CVEs, misconfigurations, list of installed packages, cloud events, local cloud user accounts, cloud object identifiers and (depending on the features used by Customer) logs and file paths. Such metadata does not generally contain Personal Data, however, depending on the Customer’s environment and naming conventions and the features used by Customer, some limited Personal Data may be included. For example, cloud user account names, logs and artifacts could include an individual’s name, logs could contain names, associated email address and IP address and (if specific Wiz features are enabled) pseudonymized samples of findings to enable Customer to locate, verify and remediate the finding(s).
Customer acknowledges that Wiz does not control which Customer Personal Data Customer shares with it in the context of the Services.
Categories of Data Subjects.
As part of providing the Services, Wiz may process Customer Personal Data related to Customer’s customers or users, leads, employees and service providers, the extent of which is solely determined by Customer.
SCHEDULE 2
STANDARD CONTRACTUAL CLAUSES
1Incorporation and interpretation of the Standard Contractual Clauses
1.1In relation to transfers by Customer of Customer Personal Data which are subject to Data Protection Laws of the EEA Extended Countries to Wiz in Third Countries, the parties agree that Module Two (Transfer controller to processor) or Module 3 (Transfer processor to processor) of the Standard Contractual Clauses shall apply, as applicable.
1.2The Parties acknowledge that the information required to be provided in the Standard Contractual Clauses, including the appendices, is set out in Appendix 1 below.
1.3If there is a conflict between the provisions of this Agreement and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail, provided that, except to the extent prohibited by applicable law, the Standard Contractual Clauses shall be interpreted in accordance with and subject to this DPA and the Agreement, including without limitation, the provisions on limitation of liability, instructions, storage, erasure and return of Personal Data, audits and engagement of Sub-Processors.
1.4If any provision or part-provision of this DPA or the Agreement causes the Standard Contractual Clauses to become an invalid export mechanism in the relevant Extended EEA Country, it shall be deemed deleted but that shall not affect the validity and enforceability of the rest of this Agreement and the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
1.5Where requested by Wiz, Customer shall provide reasonable assistance to Wiz and be responsible for issuing such communications to Data Subjects and/or the Controller (to the extent Module Three applies) as are required in order for Wiz to comply with its obligations under the Standard Contractual Clauses.
1.6For the purpose of Section III, Clause 14 of the Standard Contractual Clauses, the parties acknowledge and agree that, as between the parties, the Customer (acting as data exporter) is responsible for: (i) assessing the laws of the country to which it transfers Personal Data; and (ii) determining whether or not the transfer meets the requirements of Section III, Clause 14(a) of the Standard Contractual Clauses. Where Wiz (as data importer) provides information to the Customer (acting as data exporter) for assisting the Customer in its assessment, such information is provided on an “as is” basis for informational purposes only. Without prejudice to Section III, Clause 14(c) of the Standard Contractual Clauses, Wiz (as data importer) shall not be liable for any losses suffered by the Customer in connection with its assessment.
1.7 Notwithstanding anything to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is the UK, template Addendum B.1.0 issued by the UK ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses, (the “UK Approved Addendum”) shall amend the Standard Contractual Clauses in respect of such transfers and Part 1 of the UK Approved Addendum shall be populated as set out below:
Table 1. The “start date” will be the date this DPA enters into force. The “Parties” are Customer as exporter Wiz as importer.
Table 2. The “Addendum EU SCCs” are the modules and clauses of the Standard Contractual Clauses selected in relation to a particular transfer in accordance with paragraphs 1.1 and 1.2 of this Schedule.
Table 3. The “Appendix Information” is as set out in Appendix 1 to this Schedule.
Table 4. Neither party may end the UK Approved Addendum in accordance with its Section 19.
1.8 Except where paragraph 1.9 above applies, but notwithstanding anything else to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is not a Member State of the European Union, references in the Standard Contractual Clauses to:
(a)“Member States of the European Union” shall refer to the applicable Extended EEA Country in which the data exporter is established or from where the transferred Personal Data originated (as applicable);
(b)“the GDPR” shall refer to the Data Protection Laws of the Extended EEA Country in which the data exporter is established or from where the Personal Data originated; and
(c)“supervisory authority” shall refer to the data protection authority in the Extended EEA Country as determined in Annex I(C) below.
Appendix 1 – Completion of the Standard Contractual Clauses
ANNEX I
A. LIST OF THE PARTIES | |
Data Exporter: | Name and address: Customer, as set out in the Agreement Contact details: As set out in the Agreement Activities relevant to the data transferred under these Clauses: Receipt of Wiz Services, as set out in the Agreement and this DPA |
Data Importer: | Name and address: Wiz, as set out in the Agreement Contact details: Privacy Officer, privacy@wiz.io Activities relevant to the data transferred under these Clauses: Provision of Wiz Services, as set out in the Agreement and this DPA |
B. DETAILS OF PROCESSING/TRANSFER | |
CATEGORIES OF DATA SUBJECTS | As described in Schedule 1 |
CATEGORIES OF PERSONAL DATA | As described in Schedule 1 |
SPECIAL CATEGORIES OF DATA (IF APPLICABLE) | Wiz does not control which Personal Data Customer shares with it in the context of the Services |
FREQUENCY OF THE TRANSFER | As regular as is required to provide the Services |
NATURE AND PURPOSE OF THE PROCESSING | As described in Schedule 1 |
RETENTION | As described in Schedule 1 |
TRANSFER TO (SUB)PROCESSORS | As set out in Wiz’s Sub-Processor List |
C. COMPETENT SUPERVISORY AUTHORITY | |
The competent supervisory authority shall be determined in accordance with Clause 13 of the Standard Contractual Clauses. Where an EU Representative has not been appointed by data exporter, the competent supervisory authority shall be the supervisory authority of the Netherlands. | |
D. GOVERNING LAW AND CHOICE OF FORUM | |
GOVERNING LAW | For the purposes of Clause 17 of the Standard Contractual Clauses the Parties select OPTION 1: the law of the Netherlands. a) |
CHOICE OF FORUM | For the purposes of Clause 18 of the SCCs: the Parties select the courts of the Netherlands. |
E. OTHER | |
Where the Standard Contractual Clauses identify optional provisions (or provisions with multiple options) the following will apply: For Clause 7 (Docking Clause), the optional provision will apply. For Clause 9(a), option 2 (General Written Authorisation) will apply and the time period for prior notice of Sub-Processor changes shall be as set out in this DPA. For Clause 11(a) (Redress) – the optional provision will not apply. | |
ANNEX II – WIZ SECURITY MEASURES
The technical and organizational measures including technical and organizational measures to support the security of Personal Data incorporated into Annex II of the Standard Contractual Clauses shall be the technical and organizational security measures as described in Wiz’s Security Addendum.
In addition, Wiz agrees to the following compensating safeguards to protect such data to an equivalent level as required under the Data Protection Laws of the Extended EEA Countries to the extent required under the Standard Contractual Clauses:
- Wiz and Customer shall encrypt all transfers of the Customer Personal Data between them, and Wiz shall encrypt any onward transfers it makes of such Customer Personal Data.
- Wiz will use reasonably available legal mechanisms to challenge any demands for Customer Personal Data access through national security process it receives as well as any non-disclosure provisions attached thereto.
- Wiz will promptly notify Customer of any government demands for Customer Personal Data, unless prohibited under applicable law. To the extent Wiz is prohibited by law from providing such notification, Wiz shall: (i) review each request on a case-by-case basis; (ii) use reasonable efforts to request that the confidentiality requirement be waived to enable Wiz to notify the Customer and/or the appropriate Supervisory Authority competent for the Customer; and (iii) maintain evidence of any such attempt to have a confidentiality requirement waived.
- Wiz will promptly notify Customer if Wiz can no longer comply with the applicable clauses in this Section. Wiz shall not be required to provide Customer with specific information about why it can no longer comply, if providing such information is prohibited by applicable law. Such notice shall entitle Customer to terminate the Agreement (or, at Customer’s option, affected statements of work, order forms, and like documents thereunder) and receive a prompt pro-rata refund of any prepaid amounts thereunder.
Effective October 29th 2023 to November 13th 2023
DownloadTable of Contents
DATA PROCESSING AGREEMENT
This Data Processing Agreement (“DPA”) forms part of the Wiz Master Subscription Agreement or other agreement for Wiz services entered into between the Parties (the “Agreement”) between the Wiz entity that has entered into the Agreement (“Wiz”, “Us”, “We”, “Our”) and Customer (collectively, “You”, “Your”, or “Customer”) pursuant to the Agreement. Both parties shall be referred to as the “Parties” and each, a “Party”. This DPA forms a binding legal agreement to reflect the Parties’ agreement with regard to the Processing of Personal Data (as such terms are defined below).
WHEREAS, Wiz shall provide the services set forth in the Agreement (collectively, the “Services”) to Customer, as described in the Agreement; and
WHEREAS, the Parties wish to set forth the arrangements concerning the Processing of Personal Data within the context of the Services and agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
NOW THEREFORE, in consideration of the mutual promises set forth herein and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged by the Parties, the Parties, intending to be legally bound, agree as follows:
1. INTERPRETATION AND DEFINITIONS
1.1 The headings contained in this DPA are for convenience only and shall not be interpreted to limit or otherwise affect the provisions of this DPA. References to clauses or sections are references to the clauses or sections of this DPA unless otherwise stated. Words used in the singular include the plural and vice versa, as the context may require. Capitalized terms not defined herein shall have the meanings assigned to such terms in the Agreement.
1.2 Definitions:
- “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- “Controller” or “Business” as relevant under applicable Data Protection Laws, means the entity which determines the purposes and means of the Processing of Personal Data or such equivalent term under Data Protection Laws.
- “Customer Personal Data” means any Personal Data which is provided to and Processed by Wiz on behalf of Customer in order to provide the Services under the Agreement. Customer Personal Data does not include Personal Data that Wiz Processes as a Controller separately from its Processing obligations to Customer under the Agreement.
- “Data Protection Laws” means all laws and regulations of the European Union, the EEA and their Member States, Switzerland, the United Kingdom, and the United States, each to the extent applicable to the Processing of Personal Data under the Agreement.
- “Data Subject” means the identified or identifiable person to whom the Customer Personal Data relates.
- “EEA” means the European Economic Area.
- “EU Data Protection Law” means the GDPR, and the UK GDPR.
- “Extended EEA Country” means a Member State of the EEA, Switzerland or the United Kingdom, and Extended EEA Countries means the foregoing countries collectively.
- “Member State(s)” means a country that belongs to the European Union and/or the EEA.
- “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier or such equivalent term under Data Protection Laws.
- “Process(ing)” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Processor” or “Service Provider,” as relevant under applicable Data Protection Laws, means the entity which Processes Personal Data on behalf of the Controller or Business or such equivalent term under Data Protection Laws.
- “Security Addendum” means Wiz’s Security Addendum which is available via https://www.wiz.io/security-addendum.
- “Standard Contractual Clauses” means the “standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council adopted by the European Commission decision of 4 June 2021” and published under document number C (2021) 3972 available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0914&qid=1689513765256, as may be updated, amended or superseded from time to time.
- “Sub-Processor” means any Processor or Service Provider engaged by Wiz and/or Wiz Affiliate to Process Customer Personal Data.
- “Supervisory Authority” means the competent supervisory authority pursuant to the applicable Data Protection Laws.
- “Third Country” has the meaning given in Clause 8.2 below.
- “UK GDPR” means the GDPR as incorporated into United Kingdom domestic law pursuant to Section 3 of the European Union (Withdrawal) Act 2018 (the "UK GDPR").
- “US Privacy Laws” means the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq., as amended by the California Privacy Rights Act of 2020 along with any associated regulations (“CCPA”); the Virginia Consumer Data Protection Act (“VCDPA”); the Colorado Privacy Act; and any similar U.S. laws governing data privacy and security once effective.
2. CUSTOMER’S PROCESSING OF PERSONAL DATA. Customer shall, in its use of the Services, Process Customer Personal Data in accordance with the requirements of Data Protection Laws and comply at all times with the obligations applicable to Controllers or Businesses, as applicable. For the avoidance of doubt, Customer’s instructions for the Processing of Customer Personal Data shall comply with Data Protection Laws. Customer shall have sole responsibility for the means by which Customer acquired Customer Personal Data. Without limitation, Customer shall comply with any and all transparency-related obligations (including, without limitation, displaying any and all relevant and required privacy notices or policies) and shall have any and all required legal basis in order to collect, Process and transfer to Wiz the Customer Personal Data and to authorize the Processing by Wiz of the Customer Personal Data which is authorized in this DPA.
3. WIZ’S PROCESSING OF PERSONAL DATA
3.1 Application. As used in clauses 3 – 9 herein, Customer Personal Data refers to Customer Personal Data that is subject to Data Protection Laws.
3.2 Roles of the Parties. The Parties acknowledge and agree that with regard to the Processing of Customer Personal Data, (i) Customer is the Controller or Business, (ii) Wiz is the Processor or Service Provider, and (iii) Wiz or its Affiliates may engage Sub-Processors pursuant to the requirements set forth in Clause 6 below.
3.3 Wiz and its Affiliates (as applicable) shall Process Customer Personal Data only in accordance with Customer’s documented instructions, which are set out in the Agreement, as necessary for the performance of the Services and for the performance of the Agreement and this DPA, unless required to otherwise by any applicable law, court of competent jurisdiction or other Supervisory Authority to which Wiz and its Affiliates are subject, in which case, Wiz shall inform Customer of the legal requirement before processing, unless that law prohibits such information. Customer agrees that the Agreement is its complete and final instructions to Wiz in relation to the Processing of Personal Data. Processing any Personal Data outside the scope of the Agreement will require prior written agreement between Wiz and Customer by way of an amendment to the Agreement, and may include any additional fees that may be payable by Customer to Wiz for carrying out such instructions. The duration of the Processing, the nature and purposes of the Processing, as well as the types of Customer Personal Data Processed and categories of Data Subjects under this DPA are further specified in Schedule 1 to this DPA.
3.4 To the extent that Wiz or its Affiliates cannot comply with an instruction from Customer and/or its authorized users relating to Processing of Customer Personal Data or where Wiz considers such instruction to be unlawful, Wiz (i) shall inform Customer, providing relevant details of the problem; (ii) may, without any kind of liability towards Customer, temporarily cease all Processing of the affected Customer Personal Data (other than securely storing those data); and (iii) if the Parties do not agree on a resolution to the issue in question and the costs thereof, each Party may, as its sole remedy, terminate the Agreement and this DPA with respect to the affected Processing, and Customer shall pay to Wiz all the amounts owed to Wiz or due before the date of termination.
4. RIGHTS OF DATA SUBJECTS. If Wiz receives a request from a Data Subject to exercise its rights under Data Protection Laws (“Data Subject Request”), Wiz shall, to the extent legally permitted, promptly notify and forward such Data Subject Request to Customer. Taking into account the nature of the Processing, Wiz shall use commercially reasonable efforts to assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws.
5. WIZ PERSONNEL
5.1 Confidentiality. Wiz shall grant access to the Customer Personal Data to persons under its authority (including, without limitation, its personnel) only on a need-to-know basis and ensure that such persons engaged in the Processing of Customer Personal Data have committed themselves to confidentiality.
6. AUTHORIZATION REGARDING SUB-PROCESSORS
6.1 Customer hereby grants general written authorization to Wiz to appoint Sub-Processors to perform specific Processing activities on Customer Personal Data on its behalf. Wiz’s current list of Sub-Processors is included at https://www.wiz.io/sub-processor-list (“Sub-Processor List”) and is hereby approved by Customer.
6.2 Objection Right for Sub-Processors. Wiz offers a mechanism for Customers to subscribe to notifications of changes to Wiz’s Sub-Processor List via https://www.wiz.io/legal/sub-processor-list. If Customer subscribes to receive such updates, Wiz shall provide notification of any intended changes concerning the addition or replacement of other Sub-Processor(s) to the email address which has subscribed thereby giving Customer the opportunity to object. Customer may reasonably object to Wiz’s use of a Sub-Processor for reasons related to the Data Protection Laws by notifying Wiz in writing within ten (10) days after receipt of Wiz’s notice including the reasons for objecting to Wiz’s use of such Sub-Processor. Failure to object to such Sub-Processor in writing within ten (10) days following Wiz’s notice shall be deemed as acceptance of the Sub-Processor. In the event Customer reasonably objects to a Sub-Processor, Wiz will use reasonable efforts to make available to Customer a change in the Services to avoid Processing of Customer Personal Data by the objected-to Sub-Processor without unreasonably burdening Customer. If Wiz is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may, as a sole remedy, terminate the Agreement and this DPA by providing written notice to Wiz provided that all amounts due under the Agreement before the termination date shall be duly paid to Wiz. Until a decision is made regarding the Sub-Processor, Wiz may temporarily suspend the Processing of the affected Customer Personal Data.
6.3 Where Wiz engages a Sub-Processor, we shall do so by way of a written contract which imposes on the Sub-Processor substantially the same data protection obligations as in this DPA.
7. SECURITY
7.1 Controls for the Protection of Customer Personal Data. Taking into account the state of the art, Wiz shall maintain industry-standard technical and organizational measures, including as required pursuant to Article 32 of the GDPR and other applicable Data Protection Laws, for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Personal Data), confidentiality and integrity of Customer Personal Data, as set forth in the Security Addendum. Upon Customer’s request, Wiz will use commercially reasonable efforts to assist Customer, in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR and other applicable Data Protection Laws taking into account the nature of the processing, the state of the art, the costs of implementation, the scope, the context, the purposes of the Processing and the information available to Wiz.
7.2 Third-Party Certifications and Audits. Upon Customer’s written request at reasonable intervals, and subject to the confidentiality obligations set forth in the Agreement, Wiz shall make available to Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and bound by confidentiality obligations) a copy of Wiz’s then most recent third-party audits or certifications, as applicable (provided, however, that any such documentation shall be Wiz’s confidential information and shall only be used by Customer to assess compliance with this DPA, and shall not be used for any other purpose or disclosed to any third party without Wiz’s prior written approval and, upon Wiz’s request, Customer shall return all such documentation in Customer’s possession or control). Only as required by applicable Data Protection Laws and at Customer’s cost and expense, not more than once per year, Wiz shall allow for and contribute to audits, including remote inspections, conducted by Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and that is bound by confidentiality obligations) provided that the parties shall agree on the scope, methodology, timing and conditions of such audits and inspections in advance. Notwithstanding anything to the contrary, such audits and/or inspections shall not contain any information, including without limitation, Personal Data that belongs to Wiz’s other customers.
8. TRANSFERS OF DATA
8.1 Transfers to countries that offer adequate level of data protection. Personal Data may be transferred from the Extended EEA Countries to countries or frameworks that offer adequate level of data protection under or pursuant to the adequacy decisions published by the relevant data protection authorities of the Extended EEA Countries (“Adequacy Decisions”), without any further safeguard being necessary.
8.2 Transfers to other countries. If, and to the extent, the Processing of Customer Personal Data which is subject to Data Protection Laws of the EEA Extended Countries includes transfers by Customer from the Extended EEA Countries to Wiz in countries outside the Extended EEA Countries which have not been subject to an Adequacy Decision (“Third Countries”), the Parties agree that such transfers shall be undertaken on the basis of the Standard Contractual Clauses, which will be deemed to have been signed by each Party on the Effective Date of this Agreement, are incorporated herein by reference and construed in accordance with Schedule 2 below, unless another mechanism provided for in the Data Protection Laws of the applicable Extended EEA Country applies.
8.3 In the event Customer enables Third Party Integrations (as defined in the Agreement) which involve transfers of Customer Personal Data between Wiz and the Third Party Integration provider, Customer acknowledges and agrees that (a) such Third Party Integration providers are not Sub-Processors of Wiz; (b) such transfers are conducted at Customer’s instruction in accordance with an agreement between the Customer and such Third Party Integration provider (which Wiz is not a party to); and (c) Customer shall be solely responsible for such transfers and their compliance with Data Protection Laws, including without limitation, executing Standard Contractual Clauses with such Third Party Integration providers as required.
9. US PRIVACY LAWS
9.1 In performing its obligations under the Agreement and this DPA, Wiz will not: (1) “sell” or “share” for purposes of “cross-context behavioral advertising” or “targeted advertising” (as defined by applicable US Privacy Laws) any Customer Personal Data; (2) retain, use, or disclose Customer Personal Data outside of the direct business relationship between Wiz and Customer; or (3) attempt to re-identify any pseudonymized, anonymized, aggregate, or de-identified Customer Personal Data.
9.2 Wiz will (1) comply with any applicable restrictions under applicable US Privacy Laws on combining Customer Personal Data with Personal Data that Wiz receives from, or on behalf of, another person or persons; and (2) promptly notify Customer if Wiz determines that it (i) can no longer meet its obligations under this DPA or applicable US Privacy Laws; or (ii) in Wiz’s opinion, an instruction from Customer infringes applicable US Privacy Laws.
9.3 Wiz certifies that it understands its obligations in this Clause 9.
9.4 The Parties agree that Schedule 1 hereto shall satisfy any requirement under applicable U.S. Privacy Law to provide details regarding the nature of the Processing activities related to Customer Personal Data.
10. PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION. To the extent required under applicable Data Protection Laws, Wiz shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data (a “Personal Data Incident”). Wiz shall make reasonable efforts to identify the cause of such Personal Data Incident and take those steps as Wiz deems necessary, possible and reasonable in order to remediate the cause of such a Personal Data Incident. Customer (or its customers), as the Controller or Business, will be the party responsible for notifying supervisory authorities and/or concerned Data Subjects (where required by Data Protection Laws).
11. RETURN AND DELETION OF PERSONAL DATA. Subject to the Agreement, upon termination or expiry of the Services, Wiz shall, make available for return the Customer Personal Data via the Services and delete such Customer Personal Data in accordance with Wiz’s customer data retention & deletion policy unless applicable law requires storage of the Customer Personal Data. In any event, Customer agrees that Wiz may retain Customer Personal Data in accordance with its standard backup policy, for evidence purposes and/or for the establishment, exercise or defence of legal claims and/or to comply with applicable laws and regulations. Notwithstanding anything to the contrary, Customer hereby agrees and understands that, to the extent Wiz performs cloud scanning on behalf of Customer, if and when Customer wants to delete specific Customer Personal Data, Customer may delete such Customer Personal Data from its own databases, and it will automatically be erased from Wiz’s databases within a reasonable market standard timeframe. If Customer requests return of the Customer Personal Data, it shall be returned in an industry standard format generally available for Wiz’s Customers.
12. TERMINATION. This DPA shall automatically terminate upon the termination or expiration of the Agreement under which the Services are provided, provided that, to the extent Wiz retains any Customer Personal Data following termination or expiration of the Agreement, this DPA shall survive for such period that Wiz retains Customer Personal Data. Clauses 2, 3.4 and 13 shall survive the termination or expiration of this DPA for any reason. This DPA cannot, in principle, be terminated separately to the Agreement, except where the Processing ends before the termination of the Agreement, in which case, this DPA shall automatically terminate.
13. RELATIONSHIP WITH AGREEMENT. Subject to any provisions in Schedule 2 regarding governing law and choice of forum of the Standard Contractual Clauses, the governing law and choice of forum provision in the Agreement shall apply to this DPA. In the event of any conflict between the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail over the conflicting provisions of the Agreement. For the avoidance of doubt each Party’s and its Affiliates’ liability, taken together in the aggregate, arising out of or relating to this DPA, the Standard Contractual Clauses, Data Protection Laws and any other data protection agreements in connection with the Agreement (if any), shall be subject to any aggregate limitations on liability set out in the Agreement. NOTWITHSTANDING THE FOREGOING, IF CUSTOMER IS USING THE SERVICES FOR A FREE TRIAL, WIZ’S MAXIMUM AGGREGATE LIABILITY TO CUSTOMER UNDER OR RELATED TO THIS DPA SHALL BE CAPPED AT ONE THOUSAND DOLLARS US ($1,000 US).
14. MISCELLANEOUS. Any Wiz obligation hereunder may be performed (in whole or in part), and any Wiz right (including invoice and payment rights) or remedy may be exercised (in whole or in part), by an Affiliate of Wiz. This DPA may be amended by Wiz from time to time in its sole discretion, with such updated version posted to Wiz’s website, provided, however, that no such update shall materially diminish the privacy or security of Customer Personal Data.
List of Schedules
SCHEDULE 1 – DETAILS OF THE PROCESSING
SCHEDULE 2 – STANDARD CONTRACTUAL CLAUSE
SCHEDULE 1
DETAILS OF THE PROCESSING
Subject matter.
Wiz will Process Customer Personal Data as necessary to perform the Services pursuant to the Agreement, as further instructed by Customer in its use of the Services.
Nature and Purpose of Processing.
1. Performing the Agreement, this DPA and/or other contracts executed by the Parties, including, providing the Service(s) and support and technical maintenance to Customer.
2. To comply with documented reasonable instructions provided by Customer where such instructions are consistent with the terms of the Agreement.
3. Resolving disputes, enforcing the Agreement, this DPA and/or defending Wiz’s rights.
4. Complying with applicable laws and regulations, including for cooperating with local and foreign tax authorities, preventing fraud, money laundering and terrorist financing.
Duration of Processing.
Subject to any section of the DPA and/or the Agreement dealing with the duration of the Processing and the consequences of the expiration or termination thereof, Wiz will Process Customer Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.
Types of Customer Personal Data.
Customer determines the categories of any Customer Personal Data that is made accessible to Wiz, which may include, without limitation, Customer Personal Data relating to the following categories:
- If Customer uses Wiz for scanning, Personal Data might be temporarily processed by Wiz during the scanning. The type of the Personal Data depends on Customer environment and which sources Customer connects.
- Wiz only stores metadata such as CVEs, misconfigurations, list of installed packages, cloud events, local cloud user accounts, cloud object identifiers and (depending on the features used by Customer) logs and file paths. Such metadata does not generally contain Personal Data, however, depending on the Customer’s environment and naming conventions and the features used by Customer, some limited Personal Data may be included. For example, cloud user account names, logs and artifacts could include an individual’s name, logs could contain names, associated email address and IP address and (if specific Wiz features are enabled) pseudonymized samples of findings to enable Customer to locate, verify and remediate the finding(s).
Customer acknowledges that Wiz does not control which Customer Personal Data Customer shares with it in the context of the Services.
Categories of Data Subjects.
As part of providing the Services, Wiz may process Customer Personal Data related to Customer’s customers or users, leads, employees and service providers, the extent of which is solely determined by Customer.
SCHEDULE 2
STANDARD CONTRACTUAL CLAUSES
1 Incorporation and interpretation of the Standard Contractual Clauses
1.1 In relation to transfers by Customer of Customer Personal Data which are subject to Data Protection Laws of the EEA Extended Countries to Wiz in Third Countries, the parties agree that Module Two (Transfer controller to processor) or Module 3 (Transfer processor to processor) of the Standard Contractual Clauses shall apply, as applicable.
1.2 The Parties acknowledge that the information required to be provided in the Standard Contractual Clauses, including the appendices, is set out in Appendix 1 below.
1.3 If there is a conflict between the provisions of this Agreement and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail, provided that, except to the extent prohibited by applicable law, the Standard Contractual Clauses shall be interpreted in accordance with and subject to this DPA and the Agreement, including without limitation, the provisions on limitation of liability, instructions, storage, erasure and return of Personal Data, audits and engagement of Sub-Processors.
1.4 If any provision or part-provision of this DPA or the Agreement causes the Standard Contractual Clauses to become an invalid export mechanism in the relevant Extended EEA Country, it shall be deemed deleted but that shall not affect the validity and enforceability of the rest of this Agreement and the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
1.5 Where requested by Wiz, Customer shall provide reasonable assistance to Wiz and be responsible for issuing such communications to Data Subjects and/or the Controller (to the extent Module Three applies) as are required in order for Wiz to comply with its obligations under the Standard Contractual Clauses.
1.6 For the purpose of Section III, Clause 14 of the Standard Contractual Clauses, the parties acknowledge and agree that, as between the parties, the Customer (acting as data exporter) is responsible for: (i) assessing the laws of the country to which it transfers Personal Data; and (ii) determining whether or not the transfer meets the requirements of Section III, Clause 14(a) of the Standard Contractual Clauses. Where Wiz (as data importer) provides information to the Customer (acting as data exporter) for assisting the Customer in its assessment, such information is provided on an “as is” basis for informational purposes only. Without prejudice to Section III, Clause 14(c) of the Standard Contractual Clauses, Wiz (as data importer) shall not be liable for any losses suffered by the Customer in connection with its assessment.
1.7 Notwithstanding anything to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is the UK, template Addendum B.1.0 issued by the UK ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses, (the “UK Approved Addendum”) shall amend the Standard Contractual Clauses in respect of such transfers and Part 1 of the UK Approved Addendum shall be populated as set out below:
Table 1. The “start date” will be the date this DPA enters into force. The “Parties” are Customer as exporter Wiz as importer.
Table 2. The “Addendum EU SCCs” are the modules and clauses of the Standard Contractual Clauses selected in relation to a particular transfer in accordance with paragraphs 1.1 and 1.2 of this Schedule.
Table 3. The “Appendix Information” is as set out in Appendix 1 to this Schedule.
Table 4. Neither party may end the UK Approved Addendum in accordance with its Section 19.
1.8 Except where paragraph 1.9 above applies, but notwithstanding anything else to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is not a Member State of the European Union, references in the Standard Contractual Clauses to:
(a) “Member States of the European Union” shall refer to the applicable Extended EEA Country in which the data exporter is established or from where the transferred Personal Data originated (as applicable);
(b) “the GDPR” shall refer to the Data Protection Laws of the Extended EEA Country in which the data exporter is established or from where the Personal Data originated; and
(c) “supervisory authority” shall refer to the data protection authority in the Extended EEA Country as determined in Annex I(C) below.
Appendix 1 – Completion of the Standard Contractual Clauses
ANNEX I
A. LIST OF THE PARTIES | |
Data Exporter: | Name and address: Customer, as set out in the Agreement Contact details: As set out in the Agreement Activities relevant to the data transferred under these Clauses: Receipt of Wiz Services, as set out in the Agreement and this DPA |
Data Importer: | Name and address: Wiz, as set out in the Agreement Contact details: Privacy Officer, privacy@wiz.io Activities relevant to the data transferred under these Clauses: Provision of Wiz Services, as set out in the Agreement and this DPA |
B. DETAILS OF PROCESSING/TRANSFER | |
CATEGORIES OF DATA SUBJECTS | As described in Schedule 1 |
CATEGORIES OF PERSONAL DATA | As described in Schedule 1 |
SPECIAL CATEGORIES OF DATA (IF APPLICABLE) | Wiz does not control which Personal Data Customer shares with it in the context of the Services |
FREQUENCY OF THE TRANSFER | As regular as is required to provide the Services |
NATURE AND PURPOSE OF THE PROCESSING | As described in Schedule 1 |
RETENTION | As described in Schedule 1 |
TRANSFER TO (SUB)PROCESSORS | As set out in Wiz’s Sub-Processor List |
C. COMPETENT SUPERVISORY AUTHORITY | |
The competent supervisory authority shall be determined in accordance with Clause 13 of the Standard Contractual Clauses. Where an EU Representative has not been appointed by data exporter, the competent supervisory authority shall be the supervisory authority of the Netherlands. | |
D. GOVERNING LAW AND CHOICE OF FORUM | |
GOVERNING LAW | For the purposes of Clause 17 of the Standard Contractual Clauses the Parties select OPTION 1: the law of the Netherlands. a) |
CHOICE OF FORUM | For the purposes of Clause 18 of the SCCs: the Parties select the courts of the Netherlands. |
E. OTHER | |
Where the Standard Contractual Clauses identify optional provisions (or provisions with multiple options) the following will apply: For Clause 7 (Docking Clause), the optional provision will apply. For Clause 9(a), option 2 (General Written Authorisation) will apply and the time period for prior notice of Sub-Processor changes shall be as set out in this DPA. For Clause 11(a) (Redress) – the optional provision will not apply. | |
ANNEX II – WIZ SECURITY MEASURES
The technical and organizational measures including technical and organizational measures to support the security of Personal Data incorporated into Annex II of the Standard Contractual Clauses shall be the technical and organizational security measures as described in Wiz’s Security Addendum.
In addition, Wiz agrees to the following compensating safeguards to protect such data to an equivalent level as required under the Data Protection Laws of the Extended EEA Countries to the extent required under the Standard Contractual Clauses:
- Wiz and Customer shall encrypt all transfers of the Customer Personal Data between them, and Wiz shall encrypt any onward transfers it makes of such Customer Personal Data.
- Wiz will use reasonably available legal mechanisms to challenge any demands for Customer Personal Data access through national security process it receives as well as any non-disclosure provisions attached thereto.
- Wiz will promptly notify Customer of any government demands for Customer Personal Data, unless prohibited under applicable law. To the extent Wiz is prohibited by law from providing such notification, Wiz shall: (i) review each request on a case-by-case basis; (ii) use reasonable efforts to request that the confidentiality requirement be waived to enable Wiz to notify the Customer and/or the appropriate Supervisory Authority competent for the Customer; and (iii) maintain evidence of any such attempt to have a confidentiality requirement waived.
- Wiz will promptly notify Customer if Wiz can no longer comply with the applicable clauses in this Section. Wiz shall not be required to provide Customer with specific information about why it can no longer comply, if providing such information is prohibited by applicable law. Such notice shall entitle Customer to terminate the Agreement (or, at Customer’s option, affected statements of work, order forms, and like documents thereunder) and receive a prompt pro-rata refund of any prepaid amounts thereunder.
Effective September 19th 2023 to October 29th 2023
DownloadTable of Contents
DATA PROCESSING AGREEMENT
This Data Processing Agreement (“DPA”) forms part of the Wiz Master Subscription Agreement or other agreement for Wiz services entered into between the Parties (the “Agreement”) between the Wiz entity that has entered into the Agreement (“Wiz”, “Us”, “We”, “Our”) and Customer (collectively, “You”, “Your”, or “Customer”) pursuant to the Agreement. Both parties shall be referred to as the “Parties” and each, a “Party”. This DPA forms a binding legal agreement to reflect the Parties’ agreement with regard to the Processing of Personal Data (as such terms are defined below).
WHEREAS, Wiz shall provide the services set forth in the Agreement (collectively, the “Services”) to Customer, as described in the Agreement; and
WHEREAS, the Parties wish to set forth the arrangements concerning the Processing of Personal Data within the context of the Services and agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
NOW THEREFORE, in consideration of the mutual promises set forth herein and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged by the Parties, the Parties, intending to be legally bound, agree as follows:
1. INTERPRETATION AND DEFINITIONS
1.1 The headings contained in this DPA are for convenience only and shall not be interpreted to limit or otherwise affect the provisions of this DPA. References to clauses or sections are references to the clauses or sections of this DPA unless otherwise stated. Words used in the singular include the plural and vice versa, as the context may require. Capitalized terms not defined herein shall have the meanings assigned to such terms in the Agreement.
1.2 Definitions:
2. CUSTOMER’S PROCESSING OF PERSONAL DATA. Customer shall, in its use of the Services, Process Customer Personal Data in accordance with the requirements of Data Protection Laws and comply at all times with the obligations applicable to Controllers or Businesses, as applicable. For the avoidance of doubt, Customer’s instructions for the Processing of Customer Personal Data shall comply with Data Protection Laws. Customer shall have sole responsibility for the means by which Customer acquired Customer Personal Data. Without limitation, Customer shall comply with any and all transparency-related obligations (including, without limitation, displaying any and all relevant and required privacy notices or policies) and shall have any and all required legal basis in order to collect, Process and transfer to Wiz the Customer Personal Data and to authorize the Processing by Wiz of the Customer Personal Data which is authorized in this DPA.
3. WIZ’S PROCESSING OF PERSONAL DATA
3.1 Application. As used in clauses 3 – 9 herein, Customer Personal Data refers to Customer Personal Data that is subject to Data Protection Laws.
3.2 Roles of the Parties. The Parties acknowledge and agree that with regard to the Processing of Customer Personal Data, (i) Customer is the Controller or Business, (ii) Wiz is the Processor or Service Provider, and (iii) Wiz or its Affiliates may engage Sub-Processors pursuant to the requirements set forth in Clause 6 below.
3.3 Wiz and its Affiliates (as applicable) shall Process Customer Personal Data only in accordance with Customer’s documented instructions, which are set out in this DPA, the Agreement, as necessary for the performance of the Services and for the performance of the Agreement and this DPA, unless required to otherwise by any applicable law, court of competent jurisdiction or other Supervisory Authority to which Wiz and its Affiliates are subject, in which case, Wiz shall inform Customer of the legal requirement before processing, unless that law prohibits such information. Customer agrees that the Agreement is its complete and final instructions to Wiz in relation to the Processing of Personal Data. Processing any Personal Data outside the scope of the Agreement will require prior written agreement between Wiz and Customer by way of an amendment to the Agreement, and may include any additional fees that may be payable by Customer to Wiz for carrying out such instructions. The duration of the Processing, the nature and purposes of the Processing, as well as the types of Customer Personal Data Processed and categories of Data Subjects under this DPA are further specified in Schedule 1 to this DPA.
3.4 To the extent that Wiz or its Affiliates cannot comply with an instruction from Customer and/or its authorized users relating to Processing of Customer Personal Data or where Wiz considers such instruction to be unlawful, Wiz (i) shall inform Customer, providing relevant details of the problem; (ii) may, without any kind of liability towards Customer, temporarily cease all Processing of the affected Customer Personal Data (other than securely storing those data); and (iii) if the Parties do not agree on a resolution to the issue in question and the costs thereof, each Party may, as its sole remedy, terminate the Agreement and this DPA with respect to the affected Processing, and Customer shall pay to Wiz all the amounts owed to Wiz or due before the date of termination.
4. RIGHTS OF DATA SUBJECTS. If Wiz receives a request from a Data Subject to exercise its rights under Data Protection Laws (“Data Subject Request”), Wiz shall, to the extent legally permitted, promptly notify and forward such Data Subject Request to Customer. Taking into account the nature of the Processing, Wiz shall use commercially reasonable efforts to assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws.
5. WIZ PERSONNEL
5.1 Confidentiality. Wiz shall grant access to the Customer Personal Data to persons under its authority (including, without limitation, its personnel) only on a need-to-know basis and ensure that such persons engaged in the Processing of Customer Personal Data have committed themselves to confidentiality.
6. AUTHORIZATION REGARDING SUB-PROCESSORS
6.1 Customer hereby grants general written authorization to Wiz to appoint Sub-Processors to perform specific Processing activities on Customer Personal Data on its behalf. Wiz’s current list of Sub-Processors is included at https://www.wiz.io/sub-processor-list (“Sub-Processor List”) and is hereby approved by Customer.
6.2. Objection Right for Sub-Processors. Wiz offers a mechanism for Customers to subscribe to notifications of changes to Wiz’s Sub-Processor List via https://www.wiz.io/legal/sub-processor-list. If Customer subscribes to receive such updates, Wiz shall provide notification of any intended changes concerning the addition or replacement of other Sub-Processor(s) to the email address which has subscribed thereby giving Customer the opportunity to object. Customer may reasonably object to Wiz’s use of a Sub-Processor for reasons related to the Data Protection Laws by notifying Wiz in writing within ten (10) days after receipt of Wiz’s notice including the reasons for objecting to Wiz’s use of such Sub-Processor. Failure to object to such Sub-Processor in writing within ten (10) days following Wiz’s notice shall be deemed as acceptance of the Sub-Processor. In the event Customer reasonably objects to a Sub-Processor, Wiz will use reasonable efforts to make available to Customer a change in the Services to avoid Processing of Customer Personal Data by the objected-to Sub-Processor without unreasonably burdening Customer. If Wiz is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may, as a sole remedy, terminate the Agreement and this DPA by providing written notice to Wiz provided that all amounts due under the Agreement before the termination date shall be duly paid to Wiz. Until a decision is made regarding the Sub-Processor, Wiz may temporarily suspend the Processing of the affected Customer Personal Data.
6.3. Where Wiz engages a Sub-Processor, we shall do so by way of a written contract which imposes on the Sub-Processor substantially the same data protection obligations as in this DPA.
7. SECURITY
7.1 Controls for the Protection of Customer Personal Data. Taking into account the state of the art, Wiz shall maintain industry-standard technical and organizational measures, including as required pursuant to Article 32 of the GDPR and other applicable Data Protection Laws, for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Personal Data), confidentiality and integrity of Customer Personal Data, as set forth in the Security Documentation. Upon Customer’s request, Wiz will use commercially reasonable efforts to assist Customer, in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR and other applicable Data Protection Laws taking into account the nature of the processing, the state of the art, the costs of implementation, the scope, the context, the purposes of the Processing and the information available to Wiz.
7.2 Third-Party Certifications and Audits. Upon Customer’s written request at reasonable intervals, and subject to the confidentiality obligations set forth in the Agreement, Wiz shall make available to Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and bound by confidentiality obligations) a copy of Wiz’s then most recent third-party audits or certifications, as applicable (provided, however, that any such documentation shall be Wiz’s confidential information and shall only be used by Customer to assess compliance with this DPA, and shall not be used for any other purpose or disclosed to any third party without Wiz’s prior written approval and, upon Wiz’s request, Customer shall return all such documentation in Customer’s possession or control). Only as required by applicable Data Protection Laws and at Customer’s cost and expense, not more than once per year, Wiz shall allow for and contribute to audits, including remote inspections, conducted by Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and that is bound by confidentiality obligations) provided that the parties shall agree on the scope, methodology, timing and conditions of such audits and inspections in advance. Notwithstanding anything to the contrary, such audits and/or inspections shall not contain any information, including without limitation, Personal Data that belongs to Wiz’s other customers.
8. TRANSFERS OF DATA
8.1 Transfers to countries that offer adequate level of data protection. Personal Data may be transferred from the Extended EEA Countries to countries or frameworks that offer adequate level of data protection under or pursuant to the adequacy decisions published by the relevant data protection authorities of the Extended EEA Countries (“Adequacy Decisions”), without any further safeguard being necessary.
8.2 Transfers to other countries. If, and to the extent, the Processing of Customer Personal Data which is subject to Data Protection Laws of the EEA Extended Countries includes transfers by Customer from the Extended EEA Countries to Wiz in countries outside the Extended EEA Countries which have not been subject to an Adequacy Decision (“Third Countries”), the Parties agree that such transfers shall be undertaken on the basis of the Standard Contractual Clauses, which will be deemed to have been signed by each Party on the Effective Date of this Agreement, are incorporated herein by reference and construed in accordance with Schedule 2 below, unless another mechanism provided for in the Data Protection Laws of the applicable Extended EEA Country applies.
8.3 In the event Customer enables Third Party Integrations (as defined in the Agreement) which involve transfers of Customer Personal Data between Wiz and the Third Party Integration provider, Customer acknowledges and agrees that (a) such Third Party Integration providers are not Sub-Processors of Wiz; (b) such transfers are conducted at Customer’s instruction in accordance with an agreement between the Customer and such Third Party Integration provider (which Wiz is not a party to); and (c) Customer shall be solely responsible for such transfers and their compliance with Data Protection Laws, including without limitation, executing Standard Contractual Clauses with such Third Party Integration providers as required.
9. US PRIVACY LAWS
9.1 In performing its obligations under the Agreement and this DPA, Wiz will not: (1) “sell” or “share” for purposes of “cross-context behavioral advertising” or “targeted advertising” (as defined by applicable US Privacy Laws) any Customer Personal Data; (2) retain, use, or disclose Customer Personal Data outside of the direct business relationship between Wiz and Customer; or (3) attempt to re-identify any pseudonymized, anonymized, aggregate, or de-identified Customer Personal Data.
9.2 Wiz will (1) comply with any applicable restrictions under applicable US Privacy Laws on combining Customer Personal Data with Personal Data that Wiz receives from, or on behalf of, another person or persons; and (2) promptly notify Customer if Wiz determines that it (i) can no longer meet its obligations under this DPA or applicable US Privacy Laws; or (ii) in Wiz’s opinion, an instruction from Customer infringes applicable US Privacy Laws.
9.3 Wiz certifies that it understands its obligations in this Clause 9.
9.4 The Parties agree that Schedule 1 hereto shall satisfy any requirement under applicable U.S. Privacy Law to provide details regarding the nature of the Processing activities related to Customer Personal Data.
10. PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION. To the extent required under applicable Data Protection Laws, Wiz shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data (a “Personal Data Incident”). Wiz shall make reasonable efforts to identify the cause of such Personal Data Incident and take those steps as Wiz deems necessary, possible and reasonable in order to remediate the cause of such a Personal Data Incident. Customer (or its customers), as the Controller or Business, will be the party responsible for notifying supervisory authorities and/or concerned Data Subjects (where required by Data Protection Laws).
11. RETURN AND DELETION OF PERSONAL DATA. Subject to the Agreement, upon termination or expiry of the Services, Wiz shall, make available for return the Customer Personal Data via the Services and delete such Customer Personal Data in accordance with Wiz’s customer data retention & deletion policy unless applicable law requires storage of the Customer Personal Data. In any event, Customer agrees that Wiz may retain Customer Personal Data in accordance with its standard backup policy, for evidence purposes and/or for the establishment, exercise or defence of legal claims and/or to comply with applicable laws and regulations. Notwithstanding anything to the contrary, Customer hereby agrees and understands that, to the extent Wiz performs cloud scanning on behalf of Customer, if and when Customer wants to delete specific Customer Personal Data, Customer may delete such Customer Personal Data from its own databases, and it will automatically be erased from Wiz’s databases within a reasonable market standard timeframe. If Customer requests return of the Customer Personal Data, it shall be returned in an industry standard format generally available for Wiz’s Customers.
12. TERMINATION. This DPA shall automatically terminate upon the termination or expiration of the Agreement under which the Services are provided, provided that, to the extent Wiz retains any Customer Personal Data following termination or expiration of the Agreement, this DPA shall survive for such period that Wiz retains Customer Personal Data. Clauses 2, 3.4 and 13 shall survive the termination or expiration of this DPA for any reason. This DPA cannot, in principle, be terminated separately to the Agreement, except where the Processing ends before the termination of the Agreement, in which case, this DPA shall automatically terminate.
13. RELATIONSHIP WITH AGREEMENT. Subject to any provisions in Schedule 2 regarding governing law and choice of forum of the Standard Contractual Clauses, the governing law and choice of forum provision in the Agreement shall apply to this DPA. In the event of any conflict between the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail over the conflicting provisions of the Agreement. For the avoidance of doubt each Party’s and its Affiliates’ liability, taken together in the aggregate, arising out of or relating to this DPA, the Standard Contractual Clauses, Data Protection Laws and any other data protection agreements in connection with the Agreement (if any), shall be subject to any aggregate limitations on liability set out in the Agreement. NOTWITHSTANDING THE FOREGOING, IF CUSTOMER IS USING THE SERVICES FOR A FREE TRIAL, WIZ’S MAXIMUM AGGREGATE LIABILITY TO CUSTOMER UNDER OR RELATED TO THIS DPA SHALL BE CAPPED AT ONE THOUSAND DOLLARS US ($1,000 US).
14. MISCELLANEOUS. Any Wiz obligation hereunder may be performed (in whole or in part), and any Wiz right (including invoice and payment rights) or remedy may be exercised (in whole or in part), by an Affiliate of Wiz. This DPA may be amended by Wiz from time to time in its sole discretion, with such updated version posted to Wiz’s website, provided, however, that no such update shall materially diminish the privacy or security of Customer Personal Data.
List of Schedules
SCHEDULE 1 – DETAILS OF THE PROCESSING
SCHEDULE 2 – STANDARD CONTRACTUAL CLAUSE
SCHEDULE 1
DETAILS OF THE PROCESSING
Subject matter.
Wiz will Process Customer Personal Data as necessary to perform the Services pursuant to the Agreement, as further instructed by Customer in its use of the Services.
Nature and Purpose of Processing.
1. Performing the Agreement, this DPA and/or other contracts executed by the Parties, including, providing the Service(s) and support and technical maintenance to Customer.
2. To comply with documented reasonable instructions provided by Customer where such instructions are consistent with the terms of the Agreement.
3. Resolving disputes, enforcing the Agreement, this DPA and/or defending Wiz’s rights.
4. Complying with applicable laws and regulations, including for cooperating with local and foreign tax authorities, preventing fraud, money laundering and terrorist financing.
Duration of Processing.
Subject to any section of the DPA and/or the Agreement dealing with the duration of the Processing and the consequences of the expiration or termination thereof, Wiz will Process Customer Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.
Types of Customer Personal Data.
Customer determines the categories of any Customer Personal Data that is made accessible to Wiz, which may include, without limitation, Customer Personal Data relating to the following categories:
- If Customer uses Wiz for scanning, Personal Data might be temporarily processed by Wiz during the scanning. The type of the Personal Data depends on Customer environment and which sources Customer connects.
- Wiz only stores metadata such as CVEs, misconfigurations, list of installed packages, cloud events, local cloud user accounts, cloud object identifiers and (depending on the features used by Customer) logs and file paths. Such metadata does not generally contain Personal Data, however, depending on the Customer’s environment and naming conventions and the features used by Customer, some limited Personal Data may be included. For example, cloud user account names, logs and artifacts could include an individual’s name, logs could contain names, associated email address and IP address and (if specific Wiz features are enabled) pseudonymized samples of findings to enable Customer to locate, verify and remediate the finding(s).
Customer acknowledges that Wiz does not control which Customer Personal Data Customer shares with it in the context of the Services.
Categories of Data Subjects.
As part of providing the Services, Wiz may process Customer Personal Data related to Customer’s customers or users, leads, employees and service providers, the extent of which is solely determined by Customer.
SCHEDULE 2
STANDARD CONTRACTUAL CLAUSES
1. Incorporation and interpretation of the Standard Contractual Clauses
1.1 In relation to transfers by Customer of Customer Personal Data which are subject to Data Protection Laws of the EEA Extended Countries to Wiz in Third Countries, the parties agree that Module Two (Transfer controller to processor) or Module 3 (Transfer processor to processor) of the Standard Contractual Clauses shall apply, as applicable.
1.2 The Parties acknowledge that the information required to be provided in the Standard Contractual Clauses, including the appendices, is set out in Appendix 1 below.
1.3 If there is a conflict between the provisions of this Agreement and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail, provided that, except to the extent prohibited by applicable law, the Standard Contractual Clauses shall be interpreted in accordance with and subject to this DPA and the Agreement, including without limitation, the provisions on limitation of liability, instructions, storage, erasure and return of Personal Data, audits and engagement of Sub-Processors.
1.4 If any provision or part-provision of this DPA or the Agreement causes the Standard Contractual Clauses to become an invalid export mechanism in the relevant Extended EEA Country, it shall be deemed deleted but that shall not affect the validity and enforceability of the rest of this Agreement and the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
1.5 Where requested by Wiz, Customer shall provide reasonable assistance to Wiz and be responsible for issuing such communications to Data Subjects and/or the Controller (to the extent Module Three applies) as are required in order for Wiz to comply with its obligations under the Standard Contractual Clauses.
1.6 For the purpose of Section III, Clause 14 of the Standard Contractual Clauses, the parties acknowledge and agree that, as between the parties, the Customer (acting as data exporter) is responsible for: (i) assessing the laws of the country to which it transfers Personal Data; and (ii) determining whether or not the transfer meets the requirements of Section III, Clause 14(a) of the Standard Contractual Clauses. Where Wiz (as data importer) provides information to the Customer (acting as data exporter) for assisting the Customer in its assessment, such information is provided on an “as is” basis for informational purposes only. Without prejudice to Section III, Clause 14(c) of the Standard Contractual Clauses, Wiz (as data importer) shall not be liable for any losses suffered by the Customer in connection with its assessment.
1.7 Notwithstanding anything to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is the UK, template Addendum B.1.0 issued by the UK ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses, (the “UK Approved Addendum”) shall amend the Standard Contractual Clauses in respect of such transfers and Part 1 of the UK Approved Addendum shall be populated as set out below:
Table 1. The “start date” will be the date this DPA enters into force. The “Parties” are Customer as exporter Wiz as importer.
Table 2. The “Addendum EU SCCs” are the modules and clauses of the Standard Contractual Clauses selected in relation to a particular transfer in accordance with paragraphs 1.1 and 1.2 of this Schedule.
Table 3. The “Appendix Information” is as set out in Appendix 1 to this Schedule.
Table 4. Neither party may end the UK Approved Addendum in accordance with its Section 19.
1.8 Except where paragraph 1.9 above applies, but notwithstanding anything else to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is not a Member State of the European Union, references in the Standard Contractual Clauses to:
(a)“Member States of the European Union” shall refer to the applicable Extended EEA Country in which the data exporter is established or from where the transferred Personal Data originated (as applicable);
(b)“the GDPR” shall refer to the Data Protection Laws of the Extended EEA Country in which the data exporter is established or from where the Personal Data originated; and
(c)“supervisory authority” shall refer to the data protection authority in the Extended EEA Country as determined in Annex I(C) below.
Appendix 1 – Completion of the Standard Contractual Clauses
ANNEX I
A. LIST OF THE PARTIES | |
Data Exporter: | Name and address: Customer, as set out in the Agreement Contact details: As set out in the Agreement Activities relevant to the data transferred under these Clauses: Receipt of Wiz Services, as set out in the Agreement and this DPA |
Data Importer: | Name and address: Wiz, as set out in the Agreement Contact details: Privacy Officer, privacy@wiz.io Activities relevant to the data transferred under these Clauses: Provision of Wiz Services, as set out in the Agreement and this DPA |
B. DETAILS OF PROCESSING/TRANSFER | |
CATEGORIES OF DATA SUBJECTS | As described in Schedule 1 |
CATEGORIES OF PERSONAL DATA | As described in Schedule 1 |
SPECIAL CATEGORIES OF DATA (IF APPLICABLE) | Wiz does not control which Personal Data Customer shares with it in the context of the Services |
FREQUENCY OF THE TRANSFER | As regular as is required to provide the Services |
NATURE AND PURPOSE OF THE PROCESSING | As described in Schedule 1 |
RETENTION | As described in Schedule 1 |
TRANSFER TO (SUB)PROCESSORS | As set out in Wiz’s Sub-Processor List |
C. COMPETENT SUPERVISORY AUTHORITY | |
The competent supervisory authority shall be determined in accordance with Clause 13 of the Standard Contractual Clauses. Where an EU Representative has not been appointed by data exporter, the competent supervisory authority shall be the supervisory authority of the Netherlands. | |
D. GOVERNING LAW AND CHOICE OF FORUM | |
GOVERNING LAW | For the purposes of Clause 17 of the Standard Contractual Clauses the Parties select OPTION 1: the law of the Netherlands. a |
CHOICE OF FORUM | For the purposes of Clause 18 of the SCCs: the Parties select the courts of the Netherlands. |
E. OTHER | |
Where the Standard Contractual Clauses identify optional provisions (or provisions with multiple options) the following will apply: For Clause 7 (Docking Clause), the optional provision will apply. For Clause 9(a), option 2 (General Written Authorisation) will apply and the time period for prior notice of Sub-Processor changes shall be as set out in this DPA. For Clause 11(a) (Redress) – the optional provision will not apply. | |
ANNEX II – WIZ SECURITY MEASURES
The technical and organizational measures including technical and organizational measures to support the security of Personal Data incorporated into Annex II of the Standard Contractual Clauses shall be the technical and organizational security measures as described in Wiz’s Security Documentation.
In addition, Wiz agrees to the following compensating safeguards to protect such data to an equivalent level as required under the Data Protection Laws of the Extended EEA Countries to the extent required under the Standard Contractual Clauses:
- Wiz and Customer shall encrypt all transfers of the Customer Personal Data between them, and Wiz shall encrypt any onward transfers it makes of such Customer Personal Data.
- Wiz will use reasonably available legal mechanisms to challenge any demands for Customer Personal Data access through national security process it receives as well as any non-disclosure provisions attached thereto.
- Wiz will promptly notify Customer of any government demands for Customer Personal Data, unless prohibited under applicable law. To the extent Wiz is prohibited by law from providing such notification, Wiz shall: (i) review each request on a case-by-case basis; (ii) use reasonable efforts to request that the confidentiality requirement be waived to enable Wiz to notify the Customer and/or the appropriate Supervisory Authority competent for the Customer; and (iii) maintain evidence of any such attempt to have a confidentiality requirement waived.
- Wiz will promptly notify Customer if Wiz can no longer comply with the applicable clauses in this Section. Wiz shall not be required to provide Customer with specific information about why it can no longer comply, if providing such information is prohibited by applicable law. Such notice shall entitle Customer to terminate the Agreement (or, at Customer’s option, affected statements of work, order forms, and like documents thereunder) and receive a prompt pro-rata refund of any prepaid amounts thereunder.
Effective September 11th 2023 to September 19th 2023
DownloadTable of Contents
DATA PROCESSING AGREEMENT
This Data Processing Agreement (“DPA”) forms part of the Wiz Master Subscription Agreement or other agreement for Wiz services entered into between the Parties (the “Agreement”) between the Wiz entity that has entered into the Agreement (“Wiz”, “Us”, “We”, “Our”) and Customer (collectively, “You”, “Your”, or “Customer”) pursuant to the Agreement. Both parties shall be referred to as the “Parties” and each, a “Party”. This DPA forms a binding legal agreement to reflect the Parties’ agreement with regard to the Processing of Personal Data (as such terms are defined below).
WHEREAS, Wiz shall provide the services set forth in the Agreement (collectively, the “Services”) to Customer, as described in the Agreement; and
WHEREAS, the Parties wish to set forth the arrangements concerning the Processing of Personal Data within the context of the Services and agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
NOW THEREFORE, in consideration of the mutual promises set forth herein and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged by the Parties, the Parties, intending to be legally bound, agree as follows:
1. INTERPRETATION AND DEFINITIONS
1.1 The headings contained in this DPA are for convenience only and shall not be interpreted to limit or otherwise affect the provisions of this DPA. References to clauses or sections are references to the clauses or sections of this DPA unless otherwise stated. Words used in the singular include the plural and vice versa, as the context may require. Capitalized terms not defined herein shall have the meanings assigned to such terms in the Agreement.
1.2 Definitions:
2. CUSTOMER’S PROCESSING OF PERSONAL DATA. Customer shall, in its use of the Services, Process Customer Personal Data in accordance with the requirements of Data Protection Laws and comply at all times with the obligations applicable to Controllers or Businesses, as applicable. For the avoidance of doubt, Customer’s instructions for the Processing of Customer Personal Data shall comply with Data Protection Laws. Customer shall have sole responsibility for the means by which Customer acquired Customer Personal Data. Without limitation, Customer shall comply with any and all transparency-related obligations (including, without limitation, displaying any and all relevant and required privacy notices or policies) and shall have any and all required legal basis in order to collect, Process and transfer to Wiz the Customer Personal Data and to authorize the Processing by Wiz of the Customer Personal Data which is authorized in this DPA.
3. WIZ’S PROCESSING OF PERSONAL DATA
3.1 Application. As used in clauses 3 – 9 herein, Customer Personal Data refers to Customer Personal Data that is subject to Data Protection Laws.
3.2 Roles of the Parties. The Parties acknowledge and agree that with regard to the Processing of Customer Personal Data, (i) Customer is the Controller or Business, (ii) Wiz is the Processor or Service Provider, and (iii) Wiz or its Affiliates may engage Sub-Processors pursuant to the requirements set forth in Clause 6 below.
3.3 Wiz and its Affiliates (as applicable) shall Process Customer Personal Data only in accordance with Customer’s documented instructions, which are set out in this DPA, the Agreement, as necessary for the performance of the Services and for the performance of the Agreement and this DPA, unless required to otherwise by any applicable law, court of competent jurisdiction or other Supervisory Authority to which Wiz and its Affiliates are subject, in which case, Wiz shall inform Customer of the legal requirement before processing, unless that law prohibits such information. Customer agrees that the Agreement is its complete and final instructions to Company in relation to the Processing of Personal Data. Processing any Personal Data outside the scope of the Agreement will require prior written agreement between Wiz and Customer by way of an amendment to the Agreement, and may include any additional fees that may be payable by Customer to Wiz for carrying out such instructions. The duration of the Processing, the nature and purposes of the Processing, as well as the types of Customer Personal Data Processed and categories of Data Subjects under this DPA are further specified in Schedule 1 to this DPA.
3.4 To the extent that Wiz or its Affiliates cannot comply with an instruction from Customer and/or its authorized users relating to Processing of Customer Personal Data or where Wiz considers such instruction to be unlawful, Wiz (i) shall inform Customer, providing relevant details of the problem; (ii) may, without any kind of liability towards Customer, temporarily cease all Processing of the affected Customer Personal Data (other than securely storing those data); and (iii) if the Parties do not agree on a resolution to the issue in question and the costs thereof, each Party may, as its sole remedy, terminate the Agreement and this DPA with respect to the affected Processing, and Customer shall pay to Wiz all the amounts owed to Wiz or due before the date of termination.
4. RIGHTS OF DATA SUBJECTS. If Wiz receives a request from a Data Subject to exercise its rights under Data Protection Laws (“Data Subject Request”), Wiz shall, to the extent legally permitted, promptly notify and forward such Data Subject Request to Customer. Taking into account the nature of the Processing, Wiz shall use commercially reasonable efforts to assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws.
5. WIZ PERSONNEL
5.1 Confidentiality. Wiz shall grant access to the Customer Personal Data to persons under its authority (including, without limitation, its personnel) only on a need-to-know basis and ensure that such persons engaged in the Processing of Customer Personal Data have committed themselves to confidentiality.
6. AUTHORIZATION REGARDING SUB-PROCESSORS
6.1 Customer hereby grants general written authorization to Wiz to appoint Sub-Processors to perform specific Processing activities on Customer Personal Data on its behalf. Wiz’s current list of Sub-Processors is included at https://www.wiz.io/sub-processor-list (“Sub-Processor List”) and is hereby approved by Customer.
6.2. Objection Right for Sub-Processors. Wiz offers a mechanism for Customers to subscribe to notifications of changes to Wiz’s Sub-Processor List via https://www.wiz.io/legal/sub-processor-list. If Customer subscribes to receive such updates, Wiz shall provide notification of any intended changes concerning the addition or replacement of other Sub-Processor(s) to the email address which has subscribed thereby giving Customer the opportunity to object. Customer may reasonably object to Wiz’s use of a Sub-Processor for reasons related to the Data Protection Laws by notifying Wiz in writing within ten (10) days after receipt of Wiz’s notice including the reasons for objecting to Wiz’s use of such Sub-Processor. Failure to object to such Sub-Processor in writing within ten (10) days following Wiz’s notice shall be deemed as acceptance of the Sub-Processor. In the event Customer reasonably objects to a Sub-Processor, Wiz will use reasonable efforts to make available to Customer a change in the Services to avoid Processing of Customer Personal Data by the objected-to Sub-Processor without unreasonably burdening Customer. If Wiz is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may, as a sole remedy, terminate the Agreement and this DPA by providing written notice to Wiz provided that all amounts due under the Agreement before the termination date shall be duly paid to Wiz. Until a decision is made regarding the Sub-Processor, Wiz may temporarily suspend the Processing of the affected Customer Personal Data.
6.3. Where Wiz engages a Sub-Processor, we shall do so by way of a written contract which imposes on the Sub-Processor substantially the same data protection obligations as in this DPA.
7. SECURITY
7.1 Controls for the Protection of Customer Personal Data. Taking into account the state of the art, Wiz shall maintain industry-standard technical and organizational measures, including as required pursuant to Article 32 of the GDPR and other applicable Data Protection Laws, for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Personal Data), confidentiality and integrity of Customer Personal Data, as set forth in the Security Documentation. Upon Customer’s request, Wiz will use commercially reasonable efforts to assist Customer, in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR and other applicable Data Protection Laws taking into account the nature of the processing, the state of the art, the costs of implementation, the scope, the context, the purposes of the Processing and the information available to Wiz.
7.2 Third-Party Certifications and Audits. Upon Customer’s written request at reasonable intervals, and subject to the confidentiality obligations set forth in the Agreement, Wiz shall make available to Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and bound by confidentiality obligations) a copy of Wiz’s then most recent third-party audits or certifications, as applicable (provided, however, that any such documentation shall be Wiz’s confidential information and shall only be used by Customer to assess compliance with this DPA, and shall not be used for any other purpose or disclosed to any third party without Wiz’s prior written approval and, upon Wiz’s request, Customer shall return all such documentation in Customer’s possession or control). Only as required by applicable Data Protection Laws and at Customer’s cost and expense, not more than once per year, Wiz shall allow for and contribute to audits, including remote inspections, conducted by Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and that is bound by confidentiality obligations) provided that the parties shall agree on the scope, methodology, timing and conditions of such audits and inspections in advance. Notwithstanding anything to the contrary, such audits and/or inspections shall not contain any information, including without limitation, Personal Data that belongs to Wiz’s other customers.
8. TRANSFERS OF DATA
8.1 Transfers to countries that offer adequate level of data protection. Personal Data may be transferred from the Extended EEA Countries to countries or frameworks that offer adequate level of data protection under or pursuant to the adequacy decisions published by the relevant data protection authorities of the Extended EEA Countries (“Adequacy Decisions”), without any further safeguard being necessary.
8.2 Transfers to other countries. If, and to the extent, the Processing of Customer Personal Data which is subject to Data Protection Laws of the EEA Extended Countries includes transfers by Customer from the Extended EEA Countries to Wiz in countries outside the Extended EEA Countries which have not been subject to an Adequacy Decision (“Third Countries”), the Parties agree that such transfers shall be undertaken on the basis of the Standard Contractual Clauses, which will be deemed to have been signed by each Party on the Effective Date of this Agreement, are incorporated herein by reference and construed in accordance with Schedule 2 below, unless another mechanism provided for in the Data Protection Laws of the applicable Extended EEA Country applies.
8.3 In the event Customer enables Third Party Integrations (as defined in the Agreement) which involve transfers of Customer Personal Data between Wiz and the Third Party Integration provider, Customer acknowledges and agrees that (a) such Third Party Integration providers are not Sub-Processors of Wiz; (b) such transfers are conducted at Customer’s instruction in accordance with an agreement between the Customer and such Third Party Integration provider (which Wiz is not a party to); and (c) Customer shall be solely responsible for such transfers and their compliance with Data Protection Laws, including without limitation, executing Standard Contractual Clauses with such Third Party Integration providers as required.
9. US PRIVACY LAWS
9.1 In performing its obligations under the Agreement and this DPA, Wiz will not: (1) “sell” or “share” for purposes of “cross-context behavioral advertising” or “targeted advertising” (as defined by applicable US Privacy Laws) any Customer Personal Data; (2) retain, use, or disclose Customer Personal Data outside of the direct business relationship between Wiz and Customer; or (3) attempt to re-identify any pseudonymized, anonymized, aggregate, or de-identified Customer Personal Data.
9.2 Wiz will (1) comply with any applicable restrictions under applicable US Privacy Laws on combining Customer Personal Data with Personal Data that Wiz receives from, or on behalf of, another person or persons; and (2) promptly notify Customer if Wiz determines that it (i) can no longer meet its obligations under this DPA or applicable US Privacy Laws; or (ii) in Wiz’s opinion, an instruction from Customer infringes applicable US Privacy Laws.
9.3 Wiz certifies that it understands its obligations in this Clause 9.
9.4 The Parties agree that Schedule 1 hereto shall satisfy any requirement under applicable U.S. Privacy Law to provide details regarding the nature of the Processing activities related to Customer Personal Data.
10. PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION. To the extent required under applicable Data Protection Laws, Wiz shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data (a “Personal Data Incident”). Wiz shall make reasonable efforts to identify the cause of such Personal Data Incident and take those steps as Wiz deems necessary, possible and reasonable in order to remediate the cause of such a Personal Data Incident. Customer (or its customers), as the Controller or Business, will be the party responsible for notifying supervisory authorities and/or concerned Data Subjects (where required by Data Protection Laws).
11. RETURN AND DELETION OF PERSONAL DATA. Subject to the Agreement, upon termination or expiry of the Services, Wiz shall, make available for return the Customer Personal Data via the Services and delete such Customer Personal Data in accordance with Wiz’s customer data retention & deletion policy unless applicable law requires storage of the Customer Personal Data. In any event, Customer agrees that Wiz may retain Customer Personal Data in accordance with its standard backup policy, for evidence purposes and/or for the establishment, exercise or defence of legal claims and/or to comply with applicable laws and regulations. Notwithstanding anything to the contrary, Customer hereby agrees and understands that, to the extent Wiz performs cloud scanning on behalf of Customer, if and when Customer wants to delete specific Customer Personal Data, Customer may delete such Customer Personal Data from its own databases, and it will automatically be erased from Wiz’s databases within a reasonable market standard timeframe. If Customer requests return of the Customer Personal Data, it shall be returned in an industry standard format generally available for Wiz’s Customers.
12. TERMINATION. This DPA shall automatically terminate upon the termination or expiration of the Agreement under which the Services are provided, provided that, to the extent Wiz retains any Customer Personal Data following termination or expiration of the Agreement, this DPA shall survive for such period that Wiz retains Customer Personal Data. Clauses 2, 3.4 and 13 shall survive the termination or expiration of this DPA for any reason. This DPA cannot, in principle, be terminated separately to the Agreement, except where the Processing ends before the termination of the Agreement, in which case, this DPA shall automatically terminate.
13. RELATIONSHIP WITH AGREEMENT. Subject to any provisions in Schedule 2 regarding governing law and choice of forum of the Standard Contractual Clauses, the governing law and choice of forum provision in the Agreement shall apply to this DPA. In the event of any conflict between the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail over the conflicting provisions of the Agreement. For the avoidance of doubt each Party’s and its Affiliates’ liability, taken together in the aggregate, arising out of or relating to this DPA, the Standard Contractual Clauses, Data Protection Laws and any other data protection agreements in connection with the Agreement (if any), shall be subject to any aggregate limitations on liability set out in the Agreement. NOTWITHSTANDING THE FOREGOING, IF CUSTOMER IS USING THE SERVICES FOR A FREE TRIAL, WIZ’S MAXIMUM AGGREGATE LIABILITY TO CUSTOMER UNDER OR RELATED TO THIS DPA SHALL BE CAPPED AT ONE THOUSAND DOLLARS US ($1,000 US).
14. MISCELLANEOUS. Any Wiz obligation hereunder may be performed (in whole or in part), and any Wiz right (including invoice and payment rights) or remedy may be exercised (in whole or in part), by an Affiliate of Wiz. This DPA may be amended by Wiz from time to time in its sole discretion, with such updated version posted to Wiz’s website, provided, however, that no such update shall materially diminish the privacy or security of Customer Personal Data.
List of Schedules
SCHEDULE 1 – DETAILS OF THE PROCESSING
SCHEDULE 2 – STANDARD CONTRACTUAL CLAUSE
SCHEDULE 1
DETAILS OF THE PROCESSING
Subject matter.
Wiz will Process Customer Personal Data as necessary to perform the Services pursuant to the Agreement, as further instructed by Customer in its use of the Services.
Nature and Purpose of Processing.
1. Performing the Agreement, this DPA and/or other contracts executed by the Parties, including, providing the Service(s) and support and technical maintenance to Customer.
2. To comply with documented reasonable instructions provided by Customer where such instructions are consistent with the terms of the Agreement.
3. Resolving disputes, enforcing the Agreement, this DPA and/or defending Wiz’s rights.
4. Complying with applicable laws and regulations, including for cooperating with local and foreign tax authorities, preventing fraud, money laundering and terrorist financing.
Duration of Processing.
Subject to any section of the DPA and/or the Agreement dealing with the duration of the Processing and the consequences of the expiration or termination thereof, Wiz will Process Customer Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.
Types of Customer Personal Data.
Customer determines the categories of any Customer Personal Data that is made accessible to Wiz, which may include, without limitation, Customer Personal Data relating to the following categories:
- If Customer uses Wiz for scanning, Personal Data might be temporarily processed by Wiz during the scanning. The type of the Personal Data depends on Customer environment and which sources Customer connects.
- Wiz only stores metadata such as CVEs, misconfigurations, list of installed packages, cloud events, local cloud user accounts, cloud object identifiers and (depending on the features used by Customer) logs and file paths. Such metadata does not generally contain Personal Data, however, depending on the Customer’s environment and naming conventions and the features used by Customer, some limited Personal Data may be included. For example, cloud user account names, logs and artifacts could include an individual’s name, logs could contain names, associated email address and IP address and (if specific Wiz features are enabled) pseudonymized samples of findings to enable Customer to locate, verify and remediate the finding(s).
Customer acknowledges that Wiz does not control which Customer Personal Data Customer shares with it in the context of the Services.
Categories of Data Subjects.
As part of providing the Services, Wiz may process Customer Personal Data related to Customer’s customers or users, leads, employees and service providers, the extent of which is solely determined by Customer.
SCHEDULE 2
STANDARD CONTRACTUAL CLAUSES
1. Incorporation and interpretation of the Standard Contractual Clauses
1.1 In relation to transfers by Customer of Customer Personal Data which are subject to Data Protection Laws of the EEA Extended Countries to Wiz in Third Countries, the parties agree that Module Two (Transfer controller to processor) or Module 3 (Transfer processor to processor) of the Standard Contractual Clauses shall apply, as applicable.
1.2 The Parties acknowledge that the information required to be provided in the Standard Contractual Clauses, including the appendices, is set out in Appendix 1 below.
1.3 If there is a conflict between the provisions of this Agreement and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail, provided that, except to the extent prohibited by applicable law, the Standard Contractual Clauses shall be interpreted in accordance with and subject to this DPA and the Agreement, including without limitation, the provisions on limitation of liability, instructions, storage, erasure and return of Personal Data, audits and engagement of Sub-Processors.
1.4 If any provision or part-provision of this DPA or the Agreement causes the Standard Contractual Clauses to become an invalid export mechanism in the relevant Extended EEA Country, it shall be deemed deleted but that shall not affect the validity and enforceability of the rest of this Agreement and the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
1.5 Where requested by Wiz, Customer shall provide reasonable assistance to Wiz and be responsible for issuing such communications to Data Subjects and/or the Controller (to the extent Module Three applies) as are required in order for Wiz to comply with its obligations under the Standard Contractual Clauses.
1.6 For the purpose of Section III, Clause 14 of the Standard Contractual Clauses, the parties acknowledge and agree that, as between the parties, the Customer (acting as data exporter) is responsible for: (i) assessing the laws of the country to which it transfers Personal Data; and (ii) determining whether or not the transfer meets the requirements of Section III, Clause 14(a) of the Standard Contractual Clauses. Where Wiz (as data importer) provides information to the Customer (acting as data exporter) for assisting the Customer in its assessment, such information is provided on an “as is” basis for informational purposes only. Without prejudice to Section III, Clause 14(c) of the Standard Contractual Clauses, Wiz (as data importer) shall not be liable for any losses suffered by the Customer in connection with its assessment.
1.7 Notwithstanding anything to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is the UK, template Addendum B.1.0 issued by the UK ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses, (the “UK Approved Addendum”) shall amend the Standard Contractual Clauses in respect of such transfers and Part 1 of the UK Approved Addendum shall be populated as set out below:
Table 1. The “start date” will be the date this DPA enters into force. The “Parties” are Customer as exporter Wiz as importer.
Table 2. The “Addendum EU SCCs” are the modules and clauses of the Standard Contractual Clauses selected in relation to a particular transfer in accordance with paragraphs 1.1 and 1.2 of this Schedule.
Table 3. The “Appendix Information” is as set out in Appendix 1 to this Schedule.
Table 4. Neither party may end the UK Approved Addendum in accordance with its Section 19.
1.8 Except where paragraph 1.9 above applies, but notwithstanding anything else to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is not a Member State of the European Union, references in the Standard Contractual Clauses to:
(a)“Member States of the European Union” shall refer to the applicable Extended EEA Country in which the data exporter is established or from where the transferred Personal Data originated (as applicable);
(b)“the GDPR” shall refer to the Data Protection Laws of the Extended EEA Country in which the data exporter is established or from where the Personal Data originated; and
(c)“supervisory authority” shall refer to the data protection authority in the Extended EEA Country as determined in Annex I(C) below.
Appendix 1 – Completion of the Standard Contractual Clauses
ANNEX I
A. LIST OF THE PARTIES | |
Data Exporter: | Name and address: Customer, as set out in the Agreement Contact details: As set out in the Agreement Activities relevant to the data transferred under these Clauses: Receipt of Wiz Services, as set out in the Agreement and this DPA |
Data Importer: | Name and address: Wiz, as set out in the Agreement Contact details: Privacy Officer, privacy@wiz.io Activities relevant to the data transferred under these Clauses: Provision of Wiz Services, as set out in the Agreement and this DPA |
B. DETAILS OF PROCESSING/TRANSFER | |
CATEGORIES OF DATA SUBJECTS | As described in Schedule 1 |
CATEGORIES OF PERSONAL DATA | As described in Schedule 1 |
SPECIAL CATEGORIES OF DATA (IF APPLICABLE) | Wiz does not control which Personal Data Customer shares with it in the context of the Services |
FREQUENCY OF THE TRANSFER | As regular as is required to provide the Services |
NATURE AND PURPOSE OF THE PROCESSING | As described in Schedule 1 |
RETENTION | As described in Schedule 1 |
TRANSFER TO (SUB)PROCESSORS | As set out in Wiz’s Sub-Processor List |
C. COMPETENT SUPERVISORY AUTHORITY | |
The competent supervisory authority shall be determined in accordance with Clause 13 of the Standard Contractual Clauses. Where an EU Representative has not been appointed by data exporter, the competent supervisory authority shall be the supervisory authority of the Netherlands. | |
D. GOVERNING LAW AND CHOICE OF FORUM | |
GOVERNING LAW | For the purposes of Clause 17 of the Standard Contractual Clauses the Parties select OPTION 1: the law of the Netherlands. a |
CHOICE OF FORUM | For the purposes of Clause 18 of the SCCs: the Parties select the courts of the Netherlands. |
E. OTHER | |
Where the Standard Contractual Clauses identify optional provisions (or provisions with multiple options) the following will apply: For Clause 7 (Docking Clause), the optional provision will apply. For Clause 9(a), option 2 (General Written Authorisation) will apply and the time period for prior notice of Sub-Processor changes shall be as set out in this DPA. For Clause 11(a) (Redress) – the optional provision will not apply. | |
ANNEX II – WIZ SECURITY MEASURES
The technical and organizational measures including technical and organizational measures to support the security of Personal Data incorporated into Annex II of the Standard Contractual Clauses shall be the technical and organizational security measures as described in Wiz’s Security Documentation.
In addition, Wiz agrees to the following compensating safeguards to protect such data to an equivalent level as required under the Data Protection Laws of the Extended EEA Countries to the extent required under the Standard Contractual Clauses:
- Wiz and Customer shall encrypt all transfers of the Customer Personal Data between them, and Wiz shall encrypt any onward transfers it makes of such Customer Personal Data.
- Wiz will use reasonably available legal mechanisms to challenge any demands for Customer Personal Data access through national security process it receives as well as any non-disclosure provisions attached thereto.
- Wiz will promptly notify Customer of any government demands for Customer Personal Data, unless prohibited under applicable law. To the extent Wiz is prohibited by law from providing such notification, Wiz shall: (i) review each request on a case-by-case basis; (ii) use reasonable efforts to request that the confidentiality requirement be waived to enable Wiz to notify the Customer and/or the appropriate Supervisory Authority competent for the Customer; and (iii) maintain evidence of any such attempt to have a confidentiality requirement waived.
- Wiz will promptly notify Customer if Wiz can no longer comply with the applicable clauses in this Section. Wiz shall not be required to provide Customer with specific information about why it can no longer comply, if providing such information is prohibited by applicable law. Such notice shall entitle Customer to terminate the Agreement (or, at Customer’s option, affected statements of work, order forms, and like documents thereunder) and receive a prompt pro-rata refund of any prepaid amounts thereunder.
Effective August 29th 2023 to September 11th 2023
DownloadTable of Contents
DATA PROCESSING AGREEMENT
This Data Processing Agreement (“DPA”) forms part of the Wiz Master Subscription Agreement or other agreement for Wiz services entered into between the Parties (the “Agreement”) between the Wiz entity that has entered into the Agreement (“Wiz”, “Us”, “We”, “Our”) and Customer (collectively, “You”, “Your”, or “Customer”) pursuant to the Agreement. Both parties shall be referred to as the “Parties” and each, a “Party”. This DPA forms a binding legal agreement to reflect the Parties’ agreement with regard to the Processing of Personal Data (as such terms are defined below).
WHEREAS, Wiz shall provide the services set forth in the Agreement (collectively, the “Services”) to Customer, as described in the Agreement; and
WHEREAS, the Parties wish to set forth the arrangements concerning the Processing of Personal Data within the context of the Services and agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
NOW THEREFORE, in consideration of the mutual promises set forth herein and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged by the Parties, the Parties, intending to be legally bound, agree as follows:
1. INTERPRETATION AND DEFINITIONS
1.1 The headings contained in this DPA are for convenience only and shall not be interpreted to limit or otherwise affect the provisions of this DPA. References to clauses or sections are references to the clauses or sections of this DPA unless otherwise stated. Words used in the singular include the plural and vice versa, as the context may require. Capitalized terms not defined herein shall have the meanings assigned to such terms in the Agreement.
1.2 Definitions:
- “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- “Controller” or “Business” as relevant under applicable Data Protection Laws, means the entity which determines the purposes and means of the Processing of Personal Data or such equivalent term under Data Protection Laws.
- “Customer Personal Data” means any Personal Data which is provided to and Processed by Wiz on behalf of Customer in order to provide the Services under the Agreement. Customer Personal Data does not include Personal Data that Wiz Processes as a Controller separately from its Processing obligations to Customer under the Agreement.
- “Data Protection Laws” means all laws and regulations of the the European Union, the EEA and their Member States, Switzerland, the United Kingdom, and the United States, each to the extent applicable to the Processing of Personal Data under the Agreement.
- “Data Subject” means the identified or identifiable person to whom the Customer Personal Data relates.
- “EEA” means the European Economic Area.
- “EU Data Protection Law” means the GDPR, and the UK GDPR.
- “Extended EEA Country” means a Member State of the EEA, Switzerland or the United Kingdom, and Extended EEA Countries means the foregoing countries collectively.
- “Member State(s)” means a country that belongs to the European Union and/or the EEA.
- “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier or such equivalent term under Data Protection Laws.
- “Process(ing)” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Processor” or “Service Provider,” as relevant under applicable Data Protection Laws, means the entity which Processes Personal Data on behalf of the Controller or Business or such equivalent term under Data Protection Laws.
- “Security Documentation” means Wiz’s security documentation that is applicable to the specific Services purchased by Customer, as updated from time to time, and as made reasonably available by Wiz.
- “Standard Contractual Clauses” means the “standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council adopted by the European Commission decision of 4 June 2021” and published under document number C (2021) 3972 available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0914&qid=1689513765256, as may be updated, amended or superseded from time to time.
- “Sub-Processor” means any Processor or Service Provider engaged by Wiz and/or Wiz Affiliate to Process Customer Personal Data.
- “Supervisory Authority” means the competent supervisory authority pursuant to the applicable Data Protection Laws.
- “Third Country” has the meaning given in Clause 8.2 below.
- “UK GDPR” means the GDPR as incorporated into United Kingdom domestic law pursuant to Section 3 of the European Union (Withdrawal) Act 2018 (the "UK GDPR").
- “US Privacy Laws” means the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq., as amended by the California Privacy Rights Act of 2020 along with any associated regulations (“CCPA”); the Virginia Consumer Data Protection Act (“VCDPA”); the Colorado Privacy Act; and any similar U.S. laws governing data privacy and security once effective.
2. CUSTOMER’S PROCESSING OF PERSONAL DATA. Customer shall, in its use of the Services, Process Customer Personal Data in accordance with the requirements of Data Protection Laws and comply at all times with the obligations applicable to Controllers or Businesses, as applicable. For the avoidance of doubt, Customer’s instructions for the Processing of Customer Personal Data shall comply with Data Protection Laws. Customer shall have sole responsibility for the means by which Customer acquired Customer Personal Data. Without limitation, Customer shall comply with any and all transparency-related obligations (including, without limitation, displaying any and all relevant and required privacy notices or policies) and shall have any and all required legal basis in order to collect, Process and transfer to Wiz the Customer Personal Data and to authorize the Processing by Wiz of the Customer Personal Data which is authorized in this DPA.
3. WIZ’S PROCESSING OF PERSONAL DATA
3.1 Application. As used in clauses 3 – 9 herein, Customer Personal Data refers to Customer Personal Data that is subject to Data Protection Laws.
3.2 Roles of the Parties. The Parties acknowledge and agree that with regard to the Processing of Customer Personal Data, (i) Customer is the Controller or Business, (ii) Wiz is the Processor or Service Provider, and (iii) Wiz or its Affiliates may engage Sub-Processors pursuant to the requirements set forth in Clause 6 below.
3.3 Wiz and its Affiliates (as applicable) shall Process Customer Personal Data only in accordance with Customer’s documented instructions, which are set out in this DPA, the Agreement, as necessary for the performance of the Services and for the performance of the Agreement and this DPA, unless required to otherwise by any applicable law, court of competent jurisdiction or other Supervisory Authority to which Wiz and its Affiliates are subject, in which case, Wiz shall inform Customer of the legal requirement before processing, unless that law prohibits such information. Customer agrees that the Agreement is its complete and final instructions to Company in relation to the Processing of Personal Data. Processing any Personal Data outside the scope of the Agreement will require prior written agreement between Wiz and Customer by way of an amendment to the Agreement, and may include any additional fees that may be payable by Customer to Wiz for carrying out such instructions. The duration of the Processing, the nature and purposes of the Processing, as well as the types of Customer Personal Data Processed and categories of Data Subjects under this DPA are further specified in Schedule 1 to this DPA.
3.4 To the extent that Wiz or its Affiliates cannot comply with an instruction from Customer and/or its authorized users relating to Processing of Customer Personal Data or where Wiz considers such instruction to be unlawful, Wiz (i) shall inform Customer, providing relevant details of the problem; (ii) may, without any kind of liability towards Customer, temporarily cease all Processing of the affected Customer Personal Data (other than securely storing those data); and (iii) if the Parties do not agree on a resolution to the issue in question and the costs thereof, each Party may, as its sole remedy, terminate the Agreement and this DPA with respect to the affected Processing, and Customer shall pay to Wiz all the amounts owed to Wiz or due before the date of termination.
4. RIGHTS OF DATA SUBJECTS. If Wiz receives a request from a Data Subject to exercise its rights under Data Protection Laws (“Data Subject Request”), Wiz shall, to the extent legally permitted, promptly notify and forward such Data Subject Request to Customer. Taking into account the nature of the Processing, Wiz shall use commercially reasonable efforts to assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws.
5. WIZ PERSONNEL
5.1 Confidentiality. Wiz shall grant access to the Customer Personal Data to persons under its authority (including, without limitation, its personnel) only on a need-to-know basis and ensure that such persons engaged in the Processing of Customer Personal Data have committed themselves to confidentiality.
6. AUTHORIZATION REGARDING SUB-PROCESSORS
6.1 Customer hereby grants general written authorization to Wiz to appoint Sub-Processors to perform specific Processing activities on Customer Personal Data on its behalf. Wiz’s current list of Sub-Processors is included at https://www.wiz.io/sub-processor-list (“Sub-Processor List”) and is hereby approved by Customer.
6.2 Objection Right for Sub-Processors. Wiz offers a mechanism for Customers to subscribe to notifications of changes to Wiz’s Sub-Processor List via https://www.wiz.io/legal/sub-processor-list. If Customer subscribes to receive such updates, Wiz shall provide notification of any intended changes concerning the addition or replacement of other Sub-Processor(s) to the email address which has subscribed thereby giving Customer the opportunity to object. Customer may reasonably object to Wiz’s use of a Sub-Processor for reasons related to the Data Protection Laws by notifying Wiz in writing within ten (10) days after receipt of Wiz’s notice including the reasons for objecting to Wiz’s use of such Sub-Processor. Failure to object to such Sub-Processor in writing within ten (10) days following Wiz’s notice shall be deemed as acceptance of the Sub-Processor. In the event Customer reasonably objects to a Sub-Processor, Wiz will use reasonable efforts to make available to Customer a change in the Services to avoid Processing of Customer Personal Data by the objected-to Sub-Processor without unreasonably burdening Customer. If Wiz is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may, as a sole remedy, terminate the Agreement and this DPA by providing written notice to Wiz provided that all amounts due under the Agreement before the termination date shall be duly paid to Wiz. Until a decision is made regarding the Sub-Processor, Wiz may temporarily suspend the Processing of the affected Customer Personal Data.
6.3 Where Wiz engages a Sub-Processor, we shall do so by way of a written contract which imposes on the Sub-Processor substantially the same data protection obligations as in this DPA.
7. SECURITY
7.1 Controls for the Protection of Customer Personal Data. Taking into account the state of the art, Wiz shall maintain industry-standard technical and organizational measures, including as required pursuant to Article 32 of the GDPR and other applicable Data Protection Laws, for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Personal Data), confidentiality and integrity of Customer Personal Data, as set forth in the Security Documentation. Upon Customer’s request, Wiz will use commercially reasonable efforts to assist Customer, in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR and other applicable Data Protection Laws taking into account the nature of the processing, the state of the art, the costs of implementation, the scope, the context, the purposes of the Processing and the information available to Wiz.
7.2 Third-Party Certifications and Audits. Upon Customer’s written request at reasonable intervals, and subject to the confidentiality obligations set forth in the Agreement, Wiz shall make available to Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and bound by confidentiality obligations) a copy of Wiz’s then most recent third-party audits or certifications, as applicable (provided, however, that any such documentation shall be Wiz’s confidential information and shall only be used by Customer to assess compliance with this DPA, and shall not be used for any other purpose or disclosed to any third party without Wiz’s prior written approval and, upon Wiz’s request, Customer shall return all such documentation in Customer’s possession or control). Only as required by applicable Data Protection Laws and at Customer’s cost and expense, not more than once per year, Wiz shall allow for and contribute to audits, including remote inspections, conducted by Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and that is bound by confidentiality obligations) provided that the parties shall agree on the scope, methodology, timing and conditions of such audits and inspections in advance. Notwithstanding anything to the contrary, such audits and/or inspections shall not contain any information, including without limitation, Personal Data that belongs to Wiz’s other customers.
8. TRANSFERS OF DATA
8.1 Transfers to countries that offer adequate level of data protection. Personal Data may be transferred from the Extended EEA Countries to countries or frameworks that offer adequate level of data protection under or pursuant to the adequacy decisions published by the relevant data protection authorities of the Extended EEA Countries (“Adequacy Decisions”), without any further safeguard being necessary.
8.2 Transfers to other countries. If, and to the extent, the Processing of Customer Personal Data which is subject to Data Protection Laws of the EEA Extended Countries includes transfers by Customer from the Extended EEA Countries to Wiz in countries outside the Extended EEA Countries which have not been subject to an Adequacy Decision (“Third Countries”), the Parties agree that such transfers shall be undertaken on the basis of the Standard Contractual Clauses, which will be deemed to have been signed by each Party on the Effective Date of this Agreement, are incorporated herein by reference and construed in accordance with Schedule 2 below, unless another mechanism provided for in the Data Protection Laws of the applicable Extended EEA Country applies.
8.3 In the event Customer enables Third Party Integrations (as defined in the Agreement) which involve transfers of Customer Personal Data between Wiz and the Third Party Integration provider, Customer acknowledges and agrees that (a) such Third Party Integration providers are not Sub-Processors of Wiz; (b) such transfers are conducted at Customer’s instruction in accordance with an agreement between the Customer and such Third Party Integration provider (which Wiz is not a party to); and (c) Customer shall be solely responsible for such transfers and their compliance with Data Protection Laws, including without limitation, executing Standard Contractual Clauses with such Third Party Integration providers as required.
9. US PRIVACY LAWS
9.1 In performing its obligations under the Agreement and this DPA, Wiz will not: (1) “sell” or “share” for purposes of “cross-context behavioral advertising” or “targeted advertising” (as defined by applicable US Privacy Laws) any Customer Personal Data; (2) retain, use, or disclose Customer Personal Data outside of the direct business relationship between Wiz and Customer; or (3) attempt to re-identify any pseudonymized, anonymized, aggregate, or de-identified Customer Personal Data.
9.2 Wiz will (1) comply with any applicable restrictions under applicable US Privacy Laws on combining Customer Personal Data with Personal Data that Wiz receives from, or on behalf of, another person or persons; and (2) promptly notify Customer if Wiz determines that it (i) can no longer meet its obligations under this DPA or applicable US Privacy Laws; or (ii) in Wiz’s opinion, an instruction from Customer infringes applicable US Privacy Laws.
9.3 Wiz certifies that it understands its obligations in this Clause 9.
9.4 The Parties agree that Schedule 1 hereto shall satisfy any requirement under applicable U.S. Privacy Law to provide details regarding the nature of the Processing activities related to Customer Personal Data.
10. PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION. To the extent required under applicable Data Protection Laws, Wiz shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data (a “Personal Data Incident”). Wiz shall make reasonable efforts to identify the cause of such Personal Data Incident and take those steps as Wiz deems necessary, possible and reasonable in order to remediate the cause of such a Personal Data Incident. Customer (or its customers), as the Controller or Business, will be the party responsible for notifying supervisory authorities and/or concerned Data Subjects (where required by Data Protection Laws).
11. RETURN AND DELETION OF PERSONAL DATA. Subject to the Agreement, upon termination or expiry of the Services, Wiz shall, make available for return the Customer Personal Data via the Services and delete such Customer Personal Data in accordance with Wiz’s customer data retention & deletion policy unless applicable law requires storage of the Customer Personal Data. In any event, Customer agrees that Wiz may retain Customer Personal Data in accordance with its standard backup policy, for evidence purposes and/or for the establishment, exercise or defence of legal claims and/or to comply with applicable laws and regulations. Notwithstanding anything to the contrary, Customer hereby agrees and understands that, to the extent Wiz performs cloud scanning on behalf of Customer, if and when Customer wants to delete specific Customer Personal Data, Customer may delete such Customer Personal Data from its own databases, and it will automatically be erased from Wiz’s databases within a reasonable market standard timeframe. If Customer requests return of the Customer Personal Data, it shall be returned in an industry standard format generally available for Wiz’s Customers.
12. TERMINATION. This DPA shall automatically terminate upon the termination or expiration of the Agreement under which the Services are provided, provided that, to the extent Wiz retains any Customer Personal Data following termination or expiration of the Agreement, this DPA shall survive for such period that Wiz retains Customer Personal Data. Clauses 2, 3.4 and 13 shall survive the termination or expiration of this DPA for any reason. This DPA cannot, in principle, be terminated separately to the Agreement, except where the Processing ends before the termination of the Agreement, in which case, this DPA shall automatically terminate.
13. RELATIONSHIP WITH AGREEMENT. Subject to any provisions in Schedule 2 regarding governing law and choice of forum of the Standard Contractual Clauses, the governing law and choice of forum provision in the Agreement shall apply to this DPA. In the event of any conflict between the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail over the conflicting provisions of the Agreement. For the avoidance of doubt each Party’s and its Affiliates’ liability, taken together in the aggregate, arising out of or relating to this DPA, the Standard Contractual Clauses, Data Protection Laws and any other data protection agreements in connection with the Agreement (if any), shall be subject to any aggregate limitations on liability set out in the Agreement. NOTWITHSTANDING THE FOREGOING, IF CUSTOMER IS USING THE SERVICES FOR A FREE TRIAL, WIZ’S MAXIMUM AGGREGATE LIABILITY TO CUSTOMER UNDER OR RELATED TO THIS DPA SHALL BE CAPPED AT ONE THOUSAND DOLLARS US ($1,000 US).
14. MISCELLANEOUS. Any Wiz obligation hereunder may be performed (in whole or in part), and any Wiz right (including invoice and payment rights) or remedy may be exercised (in whole or in part), by an Affiliate of Wiz. This DPA may be amended by Wiz from time to time in its sole discretion, with such updated version posted to Wiz’s website, provided, however, that no such update shall materially diminish the privacy or security of Customer Personal Data.
List of Schedules
SCHEDULE 1 – DETAILS OF THE PROCESSING
SCHEDULE 2 – STANDARD CONTRACTUAL CLAUSE
SCHEDULE 1
DETAILS OF THE PROCESSING
Subject matter.
Wiz will Process Customer Personal Data as necessary to perform the Services pursuant to the Agreement, as further instructed by Customer in its use of the Services.
Nature and Purpose of Processing.
1. Performing the Agreement, this DPA and/or other contracts executed by the Parties, including, providing the Service(s) and support and technical maintenance to Customer.
2. To comply with documented reasonable instructions provided by Customer where such instructions are consistent with the terms of the Agreement.
3. Resolving disputes, enforcing the Agreement, this DPA and/or defending Wiz’s rights.
4. Complying with applicable laws and regulations, including for cooperating with local and foreign tax authorities, preventing fraud, money laundering and terrorist financing.
Duration of Processing.
Subject to any section of the DPA and/or the Agreement dealing with the duration of the Processing and the consequences of the expiration or termination thereof, Wiz will Process Customer Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.
Types of Customer Personal Data.
Customer determines the categories of any Customer Personal Data that is made accessible to Wiz, which may include, without limitation, Customer Personal Data relating to the following categories:
- If Customer uses Wiz for scanning, Personal Data might be temporarily processed by Wiz during the scanning. The type of the Personal Data depends on Customer environment and which sources Customer connects.
- Wiz only stores metadata such as CVEs, misconfigurations, list of installed packages, cloud events, local cloud user accounts, cloud object identifiers and (depending on the features used by Customer) logs and file paths. Such metadata does not generally contain Personal Data, however, depending on the Customer’s environment and naming conventions and the features used by Customer, some limited Personal Data may be included. For example, cloud user account names, logs and artifacts could include an individual’s name, logs could contain names, associated email address and IP address and (if specific Wiz features are enabled) pseudonymized samples of findings to enable Customer to locate, verify and remediate the finding(s).
Customer acknowledges that Wiz does not control which Customer Personal Data Customer shares with it in the context of the Services.
Categories of Data Subjects.
As part of providing the Services, Wiz may process Customer Personal Data related to Customer’s customers or users, leads, employees and service providers, the extent of which is solely determined by Customer.
SCHEDULE 2
STANDARD CONTRACTUAL CLAUSES
1 Incorporation and interpretation of the Standard Contractual Clauses
1.1 In relation to transfers by Customer of Customer Personal Data which are subject to Data Protection Laws of the EEA Extended Countries to Wiz in Third Countries, the parties agree that Module Two (Transfer controller to processor) or Module 3 (Transfer processor to processor) of the Standard Contractual Clauses shall apply, as applicable.
1.2 The Parties acknowledge that the information required to be provided in the Standard Contractual Clauses, including the appendices, is set out in Appendix 1 below.
1.3 If there is a conflict between the provisions of this Agreement and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail, provided that, except to the extent prohibited by applicable law, the Standard Contractual Clauses shall be interpreted in accordance with and subject to this DPA and the Agreement, including without limitation, the provisions on limitation of liability, instructions, storage, erasure and return of Personal Data, audits and engagement of Sub-Processors.
1.4 If any provision or part-provision of this DPA or the Agreement causes the Standard Contractual Clauses to become an invalid export mechanism in the relevant Extended EEA Country, it shall be deemed deleted but that shall not affect the validity and enforceability of the rest of this Agreement and the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
1.5 Where requested by Wiz, Customer shall provide reasonable assistance to Wiz and be responsible for issuing such communications to Data Subjects and/or the Controller (to the extent Module Three applies) as are required in order for Wiz to comply with its obligations under the Standard Contractual Clauses.
1.6 For the purpose of Section III, Clause 14 of the Standard Contractual Clauses, the parties acknowledge and agree that, as between the parties, the Customer (acting as data exporter) is responsible for: (i) assessing the laws of the country to which it transfers Personal Data; and (ii) determining whether or not the transfer meets the requirements of Section III, Clause 14(a) of the Standard Contractual Clauses. Where Wiz (as data importer) provides information to the Customer (acting as data exporter) for assisting the Customer in its assessment, such information is provided on an “as is” basis for informational purposes only. Without prejudice to Section III, Clause 14(c) of the Standard Contractual Clauses, Wiz (as data importer) shall not be liable for any losses suffered by the Customer in connection with its assessment.
1.7 Notwithstanding anything to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is the UK, template Addendum B.1.0 issued by the UK ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses, (the “UK Approved Addendum”) shall amend the Standard Contractual Clauses in respect of such transfers and Part 1 of the UK Approved Addendum shall be populated as set out below:
Table 1. The “start date” will be the date this DPA enters into force. The “Parties” are Customer as exporter Wiz as importer.
Table 2. The “Addendum EU SCCs” are the modules and clauses of the Standard Contractual Clauses selected in relation to a particular transfer in accordance with paragraphs 1.1 and 1.2 of this Schedule.
Table 3. The “Appendix Information” is as set out in Appendix 1 to this Schedule.
Table 4. Neither party may end the UK Approved Addendum in accordance with its Section 19.
1.8 Except where paragraph 1.9 above applies, but notwithstanding anything else to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is not a Member State of the European Union, references in the Standard Contractual Clauses to:
(a) “Member States of the European Union” shall refer to the applicable Extended EEA Country in which the data exporter is established or from where the transferred Personal Data originated (as applicable);
(b) “the GDPR” shall refer to the Data Protection Laws of the Extended EEA Country in which the data exporter is established or from where the Personal Data originated; and
(c) “supervisory authority” shall refer to the data protection authority in the Extended EEA Country as determined in Annex I(C) below.
Appendix 1 – Completion of the Standard Contractual Clauses
ANNEX I
A. LIST OF THE PARTIES | |
Data Exporter: | Name and address: Customer, as set out in the Agreement Contact details: As set out in the Agreement Activities relevant to the data transferred under these Clauses: Receipt of Wiz Services, as set out in the Agreement and this DPA |
Data Importer: | Name and address: Wiz, as set out in the Agreement Contact details: Privacy Officer, privacy@wiz.io Activities relevant to the data transferred under these Clauses: Provision of Wiz Services, as set out in the Agreement and this DPA |
B. DETAILS OF PROCESSING/TRANSFER | |
CATEGORIES OF DATA SUBJECTS | As described in Schedule 1 |
CATEGORIES OF PERSONAL DATA | As described in Schedule 1 |
SPECIAL CATEGORIES OF DATA (IF APPLICABLE) | Wiz does not control which Personal Data Customer shares with it in the context of the Services |
FREQUENCY OF THE TRANSFER | As regular as is required to provide the Services |
NATURE AND PURPOSE OF THE PROCESSING | As described in Schedule 1 |
RETENTION | As described in Schedule 1 |
TRANSFER TO (SUB)PROCESSORS | As set out in Wiz’s Sub-Processor List |
C. COMPETENT SUPERVISORY AUTHORITY | |
The competent supervisory authority shall be determined in accordance with Clause 13 of the Standard Contractual Clauses. Where an EU Representative has not been appointed by data exporter, the competent supervisory authority shall be the supervisory authority of the Netherlands. | |
D. GOVERNING LAW AND CHOICE OF FORUM | |
GOVERNING LAW | For the purposes of Clause 17 of the Standard Contractual Clauses the Parties select OPTION 1: the law of the Netherlands. a |
CHOICE OF FORUM | For the purposes of Clause 18 of the SCCs: the Parties select the courts of the Netherlands. |
E. OTHER | |
Where the Standard Contractual Clauses identify optional provisions (or provisions with multiple options) the following will apply: For Clause 7 (Docking Clause), the optional provision will apply. For Clause 9(a), option 2 (General Written Authorisation) will apply and the time period for prior notice of Sub-Processor changes shall be as set out in this DPA. For Clause 11(a) (Redress) – the optional provision will not apply. | |
ANNEX II – WIZ SECURITY MEASURES
The technical and organizational measures including technical and organizational measures to support the security of Personal Data incorporated into Annex II of the Standard Contractual Clauses shall be the technical and organizational security measures as described in Wiz’s Security Documentation.
In addition, Wiz agrees to the following compensating safeguards to protect such data to an equivalent level as required under the Data Protection Laws of the Extended EEA Countries to the extent required under the Standard Contractual Clauses:
- Wiz and Customer shall encrypt all transfers of the Customer Personal Data between them, and Wiz shall encrypt any onward transfers it makes of such Customer Personal Data.
- Wiz will use reasonably available legal mechanisms to challenge any demands for Customer Personal Data access through national security process it receives as well as any non-disclosure provisions attached thereto.
- Wiz will promptly notify Customer of any government demands for Customer Personal Data, unless prohibited under applicable law. To the extent Wiz is prohibited by law from providing such notification, Wiz shall: (i) review each request on a case-by-case basis; (ii) use reasonable efforts to request that the confidentiality requirement be waived to enable Wiz to notify the Customer and/or the appropriate Supervisory Authority competent for the Customer; and (iii) maintain evidence of any such attempt to have a confidentiality requirement waived.
- Wiz will promptly notify Customer if Wiz can no longer comply with the applicable clauses in this Section. Wiz shall not be required to provide Customer with specific information about why it can no longer comply, if providing such information is prohibited by applicable law. Such notice shall entitle Customer to terminate the Agreement (or, at Customer’s option, affected statements of work, order forms, and like documents thereunder) and receive a prompt pro-rata refund of any prepaid amounts thereunder.
Effective August 21st 2023 to August 29th 2023
DownloadTable of Contents
- “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- “Authorized Affiliate” means any of Customer’s Affiliate(s) which (a) is subject to the Data Protection Laws, and (b) is permitted to use the Services pursuant to the Agreement between Customer and Wiz but has not signed its own agreement with Wiz and is not a “Customer” as defined under the Agreement. For the purposes of the DPA, the term Customer includes Customer Authorized Affiliates to the extent applicable.
- “Controller” or “Business” as relevant under applicable Data Protection Laws, means the entity which determines the purposes and means of the Processing of Personal Data or such equivalent term under Data Protection Laws.
- “Customer Personal Data” means any Personal Data which is provided to and Processed by Wiz on behalf of Customer in order to provide the Services under the Agreement. Customer Personal Data does not include Personal Data that Wiz Processes as a Controller separately from its Processing obligations to Customer under the Agreement.
- “Data Protection Laws” means all laws and regulations of the European Union, the EEA and their Member States, Switzerland, the United Kingdom, and United States, each to the extent applicable to the Processing of Personal Data under the Agreement.
- “Data Subject” means the identified or identifiable person to whom the Customer Personal Data relates.
- “EEA” means the European Economic Area.
- “EU Data Protection Law” means the GDPR, and the UK GDPR.
- “Extended EEA Country” means a country within the EEA, Switzerland or the United Kingdom, and Extended EEA Countries means the foregoing countries collectively.
- “Member State(s)” means a country that belongs to the European Union and/or the EEA.
- “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier.
- “Process(ing)” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Processor” or “Service Provider,” as relevant under applicable Data Protection Laws, means the entity which Processes Personal Data on behalf of the Controller or Business or such equivalent term under Data Protection Laws.
- “Security Documentation” means Wiz’s security documentation that is applicable to the specific Services purchased by Customer, as updated from time to time, and as made reasonably available by Wiz.
- “Standard Contractual Clauses” means the “standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council adopted by the European Commission decision of 4 June 2021” and published under document number C (2021) 3972 available at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=en, as may be updated, amended or superseded from time to time.
- “Sub-Processor” means any Processor or Service Provider engaged by Wiz and/or Wiz Affiliate to Process Customer Personal Data.
- “Supervisory Authority” means the competent supervisory authority pursuant to the applicable Data Protection Laws.
- “Third Country” has the meaning given in Clause 8.2 below.
- “UK GDPR” means the GDPR as incorporated into United Kingdom domestic law pursuant to Section 3 of the European Union (Withdrawal) Act 2018 (the "UK GDPR").
- “U.S. Privacy Laws” means the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq., as amended by the California Privacy Rights Act of 2020 along with any associated regulations (“CCPA”); the Virginia Consumer Data Protection Act (“VCDPA”); the Colorado Privacy Act; and any similar U.S. laws governing data privacy and security once effective.
- Wiz certifies that it understands its obligations in this Clause 9.
Table 1. The “start date” will be the date this DPA enters into force. The “Parties” are Customer or Customer Authorized Affiliate as exporter Wiz as importer.
Table 2. The “Addendum EU SCCs” are the modules and clauses of the Standard Contractual Clauses selected in relation to a particular transfer in accordance with paragraphs 1.1 and 1.2 of this Schedule.
Table 4. Neither party may end the UK Approved Addendum in accordance with its Section 19.
A. LIST OF THE PARTIES | |
Data Exporter: | Name and address: Customer or Customer Authorized Affiliate, as set out in the Agreement Contact details: As set out in the Agreement Activities relevant to the data transferred under these Clauses: Receipt of Wiz Services, as set out in the Agreement and this DPA |
Data Importer: | Name and address: Wiz, as set out in the Agreement Contact details: Privacy Officer, privacy@wiz.io Activities relevant to the data transferred under these Clauses: Provision of Wiz Services, as set out in the Agreement and this DPA |
B. DETAILS OF PROCESSING/TRANSFER | |
CATEGORIES OF DATA SUBJECTS | As described in Schedule 1 |
CATEGORIES OF PERSONAL DATA | As described in Schedule 1 |
SPECIAL CATEGORIES OF DATA (IF APPLICABLE) | Wiz does not control which Personal Data Customer shares with it in the context of the Services |
FREQUENCY OF THE TRANSFER | As regular as is required to provide the Services |
NATURE AND PURPOSE OF THE PROCESSING | As described in Schedule 1 |
RETENTION | As described in Schedule 1 |
TRANSFER TO (SUB)PROCESSORS | As set out in Wiz’s Sub-Processor List. |
C. COMPETENT SUPERVISORY AUTHORITY | |
The competent supervisory authority shall be determined in accordance with Clause 13 of the Standard Contractual Clauses. Where an EU Representative has not been appointed by data exporter, the competent supervisory authority shall be the supervisory authority of the Netherlands. Where the data exporter is established outside of the EU, but within an Extended EEA Country, the competent supervisory authority shall be the supervisory authority of the Extended EEA Country in which the Transferring Client Entity is established. Where the data exporter is established outside an Extended EEA Country and the personal data originates from an Extended EEA Country which is not in the EU, the supervisory authority shall be the supervisory authority of the Extended EEA Country from which the Personal Data originated. | |
D. GOVERNING LAW AND CHOICE OF FORUM | |
GOVERNING LAW | For the purposes of Clause 17 of the Standard Contractual Clauses the Parties select OPTION 1: a) (a) where the data exporter is established in the EU or otherwise if the personal data originates from the EU, the Parties select the laws of the Netherlands; (b) where the data exporter is established outside the EU but within an Extended EEA Country, the Parties select the laws of the Extended EEA Country where the data exporter is established; or (c) subject to (a) above, where the data exporter is established outside an Extended EEA Country, the parties select the laws of the Extended EEA Country where the personal data originates from. |
CHOICE OF FORUM | For the purposes of Clause 18 of the SCCs:
outside an Extended EEA Country, the parties select the courts of the Extended EEA Country where the personal data originates from. |
E. OTHER | |
Where the Standard Contractual Clauses identify optional provisions (or provisions with multiple options) the following will apply: For Clause 7 (Docking Clause), the optional provision will apply. For Clause 9(a), option 2 will apply and the time period for prior notice of Sub-Processor changes shall be as set out in this DPA. For Clause 11(a) (Redress) – the optional provision will not apply. | |
Effective July 5th 2023 to August 21st 2023
DownloadTable of Contents
- “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- “Authorized Affiliate” means any of Customer’s Affiliate(s) which (a) is subject to the Data Protection Laws, and (b) is permitted to use the Services pursuant to the Agreement between Customer and Wiz but has not signed its own agreement with Wiz and is not a “Customer” as defined under the Agreement. For the purposes of the DPA, the term Customer includes Customer Authorized Affiliates to the extent applicable.
- “Controller” or “Business” as relevant under applicable Data Protection Laws, means the entity which determines the purposes and means of the Processing of Personal Data or such equivalent term under Data Protection Laws.
- “Customer Personal Data” means any Personal Data which is provided to and Processed by Wiz on behalf of Customer in order to provide the Services under the Agreement. Customer Personal Data does not include Personal Data that Wiz Processes as a Controller separately from its Processing obligations to Customer under the Agreement.
- “Data Protection Laws” means all laws and regulations of the European Union, the EEA and their Member States, Switzerland, the United Kingdom, and United States, each to the extent applicable to the Processing of Personal Data under the Agreement.
- “Data Subject” means the identified or identifiable person to whom the Customer Personal Data relates.
- “EEA” means the European Economic Area.
- “EU Data Protection Law” means the GDPR, and the UK GDPR.
- “Extended EEA Country” means a country within the EEA, Switzerland or the United Kingdom, and Extended EEA Countries means the foregoing countries collectively.
- “Member State(s)” means a country that belongs to the European Union and/or the EEA.
- “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier.
- “Process(ing)” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Processor” or “Service Provider,” as relevant under applicable Data Protection Laws, means the entity which Processes Personal Data on behalf of the Controller or Business or such equivalent term under Data Protection Laws.
- “Security Documentation” means Wiz’s security documentation that is applicable to the specific Services purchased by Customer, as updated from time to time, and as made reasonably available by Wiz.
- “Standard Contractual Clauses” means the “standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council adopted by the European Commission decision of 4 June 2021” and published under document number C (2021) 3972 available at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=en, as may be updated, amended or superseded from time to time.
- “Sub-Processor” means any Processor or Service Provider engaged by Wiz and/or Wiz Affiliate to Process Customer Personal Data.
- “Supervisory Authority” means the competent supervisory authority pursuant to the applicable Data Protection Laws.
- “Third Country” has the meaning given in Clause 8.2 below.
- “UK GDPR” means the GDPR as incorporated into United Kingdom domestic law pursuant to Section 3 of the European Union (Withdrawal) Act 2018 (the "UK GDPR").
- “U.S. Privacy Laws” means the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq., as amended by the California Privacy Rights Act of 2020 along with any associated regulations (“CCPA”); the Virginia Consumer Data Protection Act (“VCDPA”); the Colorado Privacy Act; and any similar U.S. laws governing data privacy and security once effective.
- Wiz certifies that it understands its obligations in this Clause 9.
Table 1. The “start date” will be the date this DPA enters into force. The “Parties” are Customer or Customer Authorized Affiliate as exporter Wiz as importer.
Table 2. The “Addendum EU SCCs” are the modules and clauses of the Standard Contractual Clauses selected in relation to a particular transfer in accordance with paragraphs 1.1 and 1.2 of this Schedule.
Table 4. Neither party may end the UK Approved Addendum in accordance with its Section 19.
A. LIST OF THE PARTIES | |
Data Exporter: | Name and address: Customer or Customer Authorized Affiliate, as set out in the Agreement Contact details: As set out in the Agreement Activities relevant to the data transferred under these Clauses: Receipt of Wiz Services, as set out in the Agreement and this DPA |
Data Importer: | Name and address: Wiz, as set out in the Agreement Contact details: Privacy Officer, privacy@wiz.io Activities relevant to the data transferred under these Clauses: Provision of Wiz Services, as set out in the Agreement and this DPA |
B. DETAILS OF PROCESSING/TRANSFER | |
CATEGORIES OF DATA SUBJECTS | As described in Schedule 1 |
CATEGORIES OF PERSONAL DATA | As described in Schedule 1 |
SPECIAL CATEGORIES OF DATA (IF APPLICABLE) | Wiz does not control which Personal Data Customer shares with it in the context of the Services |
FREQUENCY OF THE TRANSFER | As regular as is required to provide the Services |
NATURE AND PURPOSE OF THE PROCESSING | As described in Schedule 1 |
RETENTION | As described in Schedule 1 |
TRANSFER TO (SUB)PROCESSORS | As set out in Wiz’s Sub-Processor List. |
C. COMPETENT SUPERVISORY AUTHORITY | |
The competent supervisory authority shall be determined in accordance with Clause 13 of the Standard Contractual Clauses. Where an EU Representative has not been appointed by data exporter, the competent supervisory authority shall be the supervisory authority of the Netherlands. Where the data exporter is established outside of the EU, but within an Extended EEA Country, the competent supervisory authority shall be the supervisory authority of the Extended EEA Country in which the Transferring Client Entity is established. Where the data exporter is established outside an Extended EEA Country and the personal data originates from an Extended EEA Country which is not in the EU, the supervisory authority shall be the supervisory authority of the Extended EEA Country from which the Personal Data originated. | |
D. GOVERNING LAW AND CHOICE OF FORUM | |
GOVERNING LAW | For the purposes of Clause 17 of the Standard Contractual Clauses the Parties select OPTION 1: a) (a) where the data exporter is established in the EU or otherwise if the personal data originates from the EU, the Parties select the laws of the Netherlands; (b) where the data exporter is established outside the EU but within an Extended EEA Country, the Parties select the laws of the Extended EEA Country where the data exporter is established; or (c) subject to (a) above, where the data exporter is established outside an Extended EEA Country, the parties select the laws of the Extended EEA Country where the personal data originates from. |
CHOICE OF FORUM | For the purposes of Clause 18 of the SCCs:
outside an Extended EEA Country, the parties select the courts of the Extended EEA Country where the personal data originates from. |
E. OTHER | |
Where the Standard Contractual Clauses identify optional provisions (or provisions with multiple options) the following will apply: For Clause 7 (Docking Clause), the optional provision will apply. For Clause 9(a), option 2 will apply and the time period for prior notice of Sub-Processor changes shall be as set out in this DPA. For Clause 11(a) (Redress) – the optional provision will not apply. | |
U.S. Government Customer Addendum
Effective March 6th 2025
DownloadTable of Contents
U.S GOVERNMENT CUSTOMER ADDENDUM TO WIZ SUBSCRIPTION AGREEMENT
This U.S. government customer addendum (“Addendum”) is incorporated into and forms part of the Wiz Subscription Agreement between Wiz and Customer (“Agreement”) and which governs the provision and use of Wiz products or services. Capitalized terms used but not otherwise defined in this Addendum shall have the meanings given to them in the Agreement.
This Addendum applies to United States government customers, including entities of the United States Federal Government (“Federal”), as well as state, local, or public education entities created by the law of the applicable state (collectively, “SLED”). Wiz acknowledges that statutes and regulations that govern Federal and SLED customers may sometimes require that certain terms in commercial supplier agreements be limited and or otherwise rendered ineffective and inoperative. Therefore, if and to the extent the deviations set forth in this Addendum are required by applicable law, Wiz and Customer agree that the following provisions take precedence over any conflicting terms in the Agreement:
- Business Purpose/Grant of License. References to a Customer’s “internal business purposes” in the Agreement include the internal governmental purposes of a Federal Customer or SLED Customer, as applicable, for purposes authorized by applicable law. Notwithstanding anything to the contrary in the Agreement, unless otherwise stated in the applicable Order, for the Subscription Term in an Order, the Platform may only be used by the identified Federal Customer or SLED Customer and shall not be used by such Customer’s Affiliates.
- FOIA/Public Disclosure Laws. Notwithstanding any confidentiality obligations in the Agreement, Wiz acknowledges that Customer may be compelled to disclose Confidential Information pursuant to the Federal Freedom of Information Act and any state equivalents or other applicable public disclosure laws (collectively, “Laws”). Wiz acknowledges that such Confidential Information, including the terms and conditions of the Agreement, related Order Forms, Statements of Work, or other attachments, or pricing information, may be disclosed to third parties upon request to the extent compelled by such Laws; provided that, prior to any such disclosure, Customer provides written notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at Wiz’s expense, if Wiz should wish to contest the disclosure.
- Fees and Taxes. Wiz understands that Customer may be subject to applicable laws governing payment, including availability of funds, timing of payments, late payment interest penalties, and taxes. The foregoing is not intended to modify the provisions of the Agreement regarding Partner Orders, including but not limited to subsection 1.2.
- Indemnification.
- No Customer Indemnification Obligation. If and to the extent applicable law explicitly prohibits Customer from indemnifying Wiz, any terms or conditions in the Agreement requiring Customer to indemnify Wiz shall be deemed void and not binding against Customer.
- Take Down Requirement. In the event of any legal claim brought against Wiz alleging that Customer Data infringes or misappropriates a third party’s intellectual property rights or violates applicable law, or that arises out of Customer’s use of the Services in breach of the Agreement, the Documentation, or any applicable Order Form (collectively, “Customer Data Claims”), Wiz may require, by written notice to Customer, that Customer delete from the Service any Customer Data, or cease use of the applicable Service, that is the subject of any Customer Data Claims. Promptly after receiving any such notice, Customer will delete such Customer Data, or cease such applicable use of the Services, and certify such deletion or cessation to Wiz in writing. Wiz shall be authorized to provide a copy of such certification to the applicable claimant.
- Controlling Law, Venue and Disputes. Notwithstanding anything in the Agreement to the contrary:
- Federal. As it relates to Federal entities, the Agreement and any disputes arising out of or related thereto shall be governed by U.S. Federal Law. Any language requiring dispute resolution in a specific forum or venue that is different from that prescribed by applicable Federal Law is hereby deleted and superseded by the forum or venue required by applicable law. If Wiz believes that a Federal Customer is in breach of the Agreement, it shall pursue its rights under the Contract Disputes Act or other applicable Law while continuing performance as set forth in Federal Acquisition Regulation 52.233-1 (Disputes).
- SLED. As it relates to SLED entities, the Agreement and any disputes arising out of or related thereto shall be governed by the laws of the state pursuant to which Customer is created, or the state in which Customer’s primary headquarters, flagship campus, or main office is geographically located. With respect to all disputes arising out of or related to the Agreement, the parties consent to exclusive jurisdiction and venue in the state and federal courts located in such state.
Effective October 22nd 2024 to March 6th 2025
DownloadTable of Contents
U.S GOVERNMENT CUSTOMER ADDENDUM TO WIZ MASTER SUBSCRIPTION AGREEMENT
This U.S. government customer addendum (“Addendum”) is incorporated into and forms part of the Wiz Subscription Agreement between Wiz and Customer (“Agreement”) and which governs the provision and use of Wiz products or services. Capitalized terms used but not otherwise defined in this Addendum shall have the meanings given to them in the Agreement.
This Addendum applies to United States government customers, including entities of the United States Federal Government (“Federal”), as well as state, local, or public education entities created by the law of the applicable state (collectively, “SLED”). Wiz acknowledges that statues and regulations that govern Federal and SLED customers may sometimes require that certain terms in commercial supplier agreements be limited and may be ineffective and inoperative. Therefore, if and to the extent the deviations set forth in this Addendum are required by applicable law, Wiz and Customer agree that the following provisions take precedence over any conflicting terms in the Agreement:
- Business Purpose/Grant of License. Wiz acknowledges that references to “business purpose” in the Agreement include Customer’s government purposes authorized by applicable law.
- FOIA/Public Disclosure Laws. Notwithstanding any confidentiality obligations in the Agreement, Wiz acknowledges that Customer may be compelled to disclose Confidential Information pursuant to the Federal Freedom of Information Act and any state equivalents or other applicable public disclosure laws. Wiz acknowledges that such Confidential Information, including the terms and conditions of the Agreement, related Order Forms, Statements of Work, or other attachments, or pricing information, may be disclosed to third parties upon request to the extent compelled by such Laws; provided that, prior to any such disclosure, Customer provides written notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at Wiz’s expense, if Wiz should wish to contest the disclosure.
- Fees and Taxes. Wiz understands that Customer may be subject to applicable laws governing payment, including availability of funds, timing of payments, late payment interest penalties, and taxes.
- Indemnification.
- No Customer Indemnification Obligation. If and to the extent applicable law prohibits Customer from indemnifying Wiz, any terms or conditions in the Agreement requiring Customer to indemnify Wiz shall be deemed void and not binding against Customer.
- Take Down Requirement. In the event of any IP Infringement Claim or any other legal claim brought against Wiz alleging that Customer Data infringes or misappropriates a third party’s intellectual property rights or violates applicable law, or arising out of Customer’s use of the Services in breach of the Agreement, the Documentation, or any applicable Order Form, Wiz may require, by written notice to Customer, that Customer delete from the Service any Customer Data, or cease use of the applicable Service, that is the subject of any Claims. Promptly after receiving any such notice, Customer will delete such Customer Data, or cease such applicable use of the Services, and certify such deletion or cessation to Wiz in writing. Wiz shall be authorized to provide a copy of such certification to the applicable claimant.
- Government Control of Defense. Any provision of the Agreement requiring Wiz to defense or indemnify Customer is hereby amended, if and to the extent required by applicable law, to provide that the U.S. Department of Justice (for a Federal Customer) or applicable State Attorney General’s Office (for a SLED Customer) has the sole right to represent the respective Federal or SLED entity in litigation and other formal proceedings.
- Controlling Law, Venue and Disputes. Notwithstanding anything in the Agreement to the contrary:
- Federal. As it relates to Federal entities, the Agreement and any disputes arising out of or related thereto shall be governed by U.S. Federal Law. Any language requiring dispute resolution in a specific forum or venue that is different from that prescribed by applicable Federal Law is hereby deleted and superseded by the forum or venue required by applicable law. If Wiz believes that a Federal Customer is in breach of the Agreement, it shall pursue its rights under the Contract Disputes Act or other applicable Law while continuing performance as set forth in Federal Acquisition Regulation 52.233-1 (Disputes).
- SLED. As it relates to SLED entities, the Agreement and any disputes arising out of or related thereto shall be government by the laws of the state pursuant to which Customer is created, or the state in which Customer’s primary headquarters or main office is geographically located. With respect to all disputes arising out of or related to the Agreement, the parties consent to exclusive jurisdiction and venue in the state and federal courts located in such state.
Effective August 26th 2024 to October 22nd 2024
DownloadTable of Contents
U.S GOVERNMENT ADDENDUM TO WIZ MASTER SUBSCRIPTION AGREEMENT
This U.S. government addendum (“Addendum”) is incorporated into and forms part of the Wiz Subscription Agreement between Wiz and Customer (“Agreement”) and which governs the provision and use of Wiz products or services. Capitalized terms used but not otherwise defined in this Addendum shall have the meanings given to them in the Agreement.
This Addendum applies to United States government customers, including entities of the United States Federal Government (“Federal”), as well as state, local, or public education entities created by the law of the applicable state (collectively, “SLED”). Wiz acknowledges that statues and regulations that govern Federal and SLED customers may sometimes require that certain terms in commercial supplier agreements be limited and may be ineffective and inoperative. Therefore, if and to the extent the deviations set forth in this Addendum are required by applicable law, Wiz and Customer agree that the following provisions take precedence over any conflicting terms in the Agreement:
- Business Purpose/Grant of License. Wiz acknowledges that references to “business purpose” in the Agreement include Customer’s government purposes authorized by applicable law.
- FOIA/Public Disclosure Laws. Notwithstanding any confidentiality obligations in the Agreement, Wiz acknowledges that Customer may be compelled to disclose Confidential Information pursuant to the Federal Freedom of Information Act and any state equivalents or other applicable public disclosure laws. Wiz acknowledges that such Confidential Information, including the terms and conditions of the Agreement, related Order Forms, Statements of Work, or other attachments, or pricing information, may be disclosed to third parties upon request to the extent compelled by such Laws; provided that, prior to any such disclosure, Customer provides written notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at Wiz’s expense, if Wiz should wish to contest the disclosure.
- Fees and Taxes. Wiz understands that Customer may be subject to applicable laws governing payment, including availability of funds, timing of payments, late payment interest penalties, and taxes.
- Indemnification.
- No Customer Indemnification Obligation. If and to the extent applicable law prohibits Customer from indemnifying Wiz, any terms or conditions in the Agreement requiring Customer to indemnify Wiz shall be deemed void and not binding against Customer.
- Take Down Requirement. In the event of any IP Infringement Claim or any other legal claim brought against Wiz alleging that Customer Data infringes or misappropriates a third party’s intellectual property rights or violates applicable law, or arising out of Customer’s use of the Services in breach of the Agreement, the Documentation, or any applicable Order Form, Wiz may require, by written notice to Customer, that Customer delete from the Service any Customer Data, or cease use of the applicable Service, that is the subject of any Claims. Promptly after receiving any such notice, Customer will delete such Customer Data, or cease such applicable use of the Services, and certify such deletion or cessation to Wiz in writing. Wiz shall be authorized to provide a copy of such certification to the applicable claimant.
- Government Control of Defense. Any provision of the Agreement requiring Wiz to defense or indemnify Customer is hereby amended, if and to the extent required by applicable law, to provide that the U.S. Department of Justice (for a Federal Customer) or applicable State Attorney General’s Office (for a SLED Customer) has the sole right to represent the respective Federal or SLED entity in litigation and other formal proceedings.
- Controlling Law, Venue and Disputes. Notwithstanding anything in the Agreement to the contrary:
- Federal. As it relates to Federal entities, the Agreement and any disputes arising out of or related thereto shall be governed by U.S. Federal Law. Any language requiring dispute resolution in a specific forum or venue that is different from that prescribed by applicable Federal Law is hereby deleted and superseded by the forum or venue required by applicable law. If Wiz believes that a Federal Customer is in breach of the Agreement, it shall pursue its rights under the Contract Disputes Act or other applicable Law while continuing performance as set forth in Federal Acquisition Regulation 52.233-1 (Disputes).
- SLED. As it relates to SLED entities, the Agreement and any disputes arising out of or related thereto shall be government by the laws of the state pursuant to which Customer is created, or the state in which Customer’s primary headquarters or main office is geographically located. With respect to all disputes arising out of or related to the Agreement, the parties consent to exclusive jurisdiction and venue in the state and federal courts located in such state.
Effective November 8th 2023 to August 26th 2024
DownloadTable of Contents
U.S GOVERNMENT ADDENDUM TO WIZ MASTER SUBSCRIPTION AGREEMENT
This U.S. government addendum (“Addendum”) is incorporated into and forms part of the Wiz Master Subscription Agreement between Wiz and Customer (“Agreement”) and which governs the provision and use of Wiz products or services. Capitalized terms used but not otherwise defined in this Addendum shall have the meanings given to them in the Agreement.
This Addendum applies to United States government customers, including entities of the United States Federal Government (“Federal”), as well as state, local, or public education entities created by the law of the applicable state (collectively, “SLED”). Wiz acknowledges that statues and regulations that govern Federal and SLED customers may sometimes require that certain terms in commercial supplier agreements be limited and may be ineffective and inoperative. Therefore, if and to the extent the deviations set forth in this Addendum are required by applicable law, Wiz and Customer agree that the following provisions take precedence over any conflicting terms in the Agreement:
- Business Purpose/Grant of License. Wiz acknowledges that references to “business purpose” in the Agreement include Customer’s government purposes authorized by applicable law.
- FOIA/Public Disclosure Laws. Notwithstanding any confidentiality obligations in the Agreement, Wiz acknowledges that Customer may be compelled to disclose Confidential Information pursuant to the Federal Freedom of Information Act and any state equivalents or other applicable public disclosure laws. Wiz acknowledges that such Confidential Information, including the terms and conditions of the Agreement, related Order Forms, Statements of Work, or other attachments, or pricing information, may be disclosed to third parties upon request to the extent compelled by such Laws; provided that, prior to any such disclosure, Customer provides written notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at Wiz’s expense, if Wiz should wish to contest the disclosure.
- Fees and Taxes. Wiz understands that Customer may be subject to applicable laws governing payment, including availability of funds, timing of payments, late payment interest penalties, and taxes.
- Indemnification.
- No Customer Indemnification Obligation. If and to the extent applicable law prohibits Customer from indemnifying Wiz, any terms or conditions in the Agreement requiring Customer to indemnify Wiz shall be deemed void and not binding against Customer.
- Take Down Requirement. In the event of any IP Infringement Claim or any other legal claim brought against Wiz alleging that Customer Data infringes or misappropriates a third party’s intellectual property rights or violates applicable law, or arising out of Customer’s use of the Services in breach of the Agreement, the Documentation, or any applicable Order Form, Wiz may require, by written notice to Customer, that Customer delete from the Service any Customer Data, or cease use of the applicable Service, that is the subject of any Claims. Promptly after receiving any such notice, Customer will delete such Customer Data, or cease such applicable use of the Services, and certify such deletion or cessation to Wiz in writing. Wiz shall be authorized to provide a copy of such certification to the applicable claimant.
- Government Control of Defense. Any provision of the Agreement requiring Wiz to defense or indemnify Customer is hereby amended, if and to the extent required by applicable law, to provide that the U.S. Department of Justice (for a Federal Customer) or applicable State Attorney General’s Office (for a SLED Customer) has the sole right to represent the respective Federal or SLED entity in litigation and other formal proceedings.
- Controlling Law, Venue and Disputes. Notwithstanding anything in the Agreement to the contrary:
- Federal. As it relates to Federal entities, the Agreement and any disputes arising out of or related thereto shall be governed by U.S. Federal Law. Any language requiring dispute resolution in a specific forum or venue that is different from that prescribed by applicable Federal Law is hereby deleted and superseded by the forum or venue required by applicable law. If Wiz believes that a Federal Customer is in breach of the Agreement, it shall pursue its rights under the Contract Disputes Act or other applicable Law while continuing performance as set forth in Federal Acquisition Regulation 52.233-1 (Disputes).
- SLED. As it relates to SLED entities, the Agreement and any disputes arising out of or related thereto shall be government by the laws of the state pursuant to which Customer is created, or the state in which Customer’s primary headquarters or main office is geographically located. With respect to all disputes arising out of or related to the Agreement, the parties consent to exclusive jurisdiction and venue in the state and federal courts located in such state.
Effective October 30th 2023 to November 8th 2023
DownloadTable of Contents
U.S GOVERNMENT ADDENDUM TO WIZ MASTER SUBSCRIPTION AGREEMENT
This U.S. government addendum (“Addendum”) is incorporate into and forms part of the Wiz Master Subscription Agreement between Wiz and Customer (“Agreement”) and which governs the provision and use of Wiz products or services. Capitalized terms used but not otherwise defined in this Addendum shall have the meanings given to them in the Agreement.
This Addendum applies to United States government customers, including entities of the United States Federal Government (“Federal”), as well as state, local, or public education entities created by the law of the applicable state (collectively, “SLED”). Wiz acknowledges that statues and regulations that govern Federal and SLED customers may sometimes require that certain terms in commercial supplier agreements be limited and may be ineffective and inoperative. Therefore, if and to the extent the deviations set forth in this Addendum are required by applicable law, Wiz and Customer agree that the following provisions take precedence over any conflicting terms in the Agreement:
- Business Purpose/Grant of License. Wiz acknowledges that references to “business purpose” in the Agreement include Customer’s government purposes authorized by applicable law.
- FOIA/Public Disclosure Laws. Notwithstanding any confidentiality obligations in the Agreement, Wiz acknowledges that Customer may be compelled to disclose Confidential Information pursuant to the Federal Freedom of Information Act and any state equivalents or other applicable public disclosure laws. Wiz acknowledges that such Confidential Information, including the terms and conditions of the Agreement, related Order Forms, Statements of Work, or other attachments, or pricing information, may be disclosed to third parties upon request to the extent compelled by such Laws; provided that, prior to any such disclosure, Customer provides written notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at Wiz’s expense, if Wiz should wish to contest the disclosure.
- Fees and Taxes. Wiz understands that Customer may be subject to applicable laws governing payment, including availability of funds, timing of payments, late payment interest penalties, and taxes.
- Indemnification.
- No Customer Indemnification Obligation. If and to the extent applicable law prohibits Customer from indemnifying Wiz, any terms or conditions in the Agreement requiring Customer to indemnify Wiz shall be deemed void and not binding against Customer.
- Take Down Requirement. In the event of any IP Infringement Claim or any other legal claim brought against Wiz alleging that Customer Data infringes or misappropriates a third party’s intellectual property rights or violates applicable law, or arising out of Customer’s use of the Services in breach of the Agreement, the Documentation, or any applicable Order Form, Wiz may require, by written notice to Customer, that Customer delete from the Service any Customer Data, or cease use of the applicable Service, that is the subject of any Claims. Promptly after receiving any such notice, Customer will delete such Customer Data, or cease such applicable use of the Services, and certify such deletion or cessation to Wiz in writing. Wiz shall be authorized to provide a copy of such certification to the applicable claimant.
- Government Control of Defense. Any provision of the Agreement requiring Wiz to defense or indemnify Customer is hereby amended, if and to the extent required by applicable law, to provide that the U.S. Department of Justice (for a Federal Customer) or applicable State Attorney General’s Office (for a SLED Customer) has the sole right to represent the respective Federal or SLED entity in litigation and other formal proceedings.
- Controlling Law, Venue and Disputes. Notwithstanding anything in the Agreement to the contrary:
- Federal. As it relates to Federal entities, the Agreement and any disputes arising out of or related thereto shall be governed by U.S. Federal Law. Any language requiring dispute resolution in a specific forum or venue that is different from that prescribed by applicable Federal Law is hereby deleted and superseded by the forum or venue required by applicable law. If Wiz believes that a Federal Customer is in breach of the Agreement, it shall pursue its rights under the Contract Disputes Act or other applicable Law while continuing performance as set forth in Federal Acquisition Regulation 52.233-1 (Disputes).
- SLED. As it relates to SLED entities, the Agreement and any disputes arising out of or related thereto shall be government by the laws of the state pursuant to which Customer is created, or the state in which Customer’s primary headquarters or main office is geographically located. With respect to all disputes arising out of or related to the Agreement, the parties consent to exclusive jurisdiction and venue in the state and federal courts located in such state.
Service and Support Levels Agreement (SLA)
Effective March 18th 2025
DownloadTable of Contents
Monthly Uptime Percentage | Service Credit |
<99.9% | 5% |
< 99.5% | 10% |
< 99% | 25% |
Priority | Description | Free | Enterprise | Elite |
P1-Urgent | An error that makes Wiz generally unusable, resulting in critical impact on how Wiz operates, and there is no workaround available. | 4 Business Hours | 2 Hours | 30 Minutes |
P2-High | An error that severely restricts how Wiz operates, and no workaround is available. | Next Business Day | 4 Hours | 2 Hours |
P3-Normal | An error that limits Wiz performance or has a medium to low impact on the functionality of the Services, but a workaround is available. | Next Business Day | 8 Hours | 8 Hours |
P4-Low | An error that only slightly affects Wiz performance or functionality, and a workaround is easily available. All requests for assistance, comments, and feature requests are low priority. | Next Business Day | Next Business Day | 24 Hours |
Effective May 6th 2024 to March 18th 2025
DownloadTable of Contents
SERVICE AND SUPPORT LEVELS AGREEMENT (SLA)
This Service and Support Levels Agreement (“SLA”) supplements the Agreement and describes the support levels available to Customer under the Agreement. The Base Support Plan is provided to Customer at no additional charge, and the Premium Support Plan will be provided to Customer if purchased in an applicable Order. Capitalized terms not specifically defined in this SLA shall have the meanings defined in the Agreement.
If Wiz fails to meet the Monthly Uptime Percentage in any month during the Subscription Term and Customer submits a request for Service Credit within 30 days following the end of that month, Customer will be entitled to a credit equal to the percentage identified in the table below of the Fees paid by Customer to Wiz pursuant to the applicable Order for that month, (each, a “Service Credit”). Wiz will apply Service Credits to Customer’s renewal invoice at the end of Customer’s then-current Subscription Term. Service Credits will not entitle the Customer to any refund or other payment from Wiz.
Monthly Uptime Percentage | Service Credit |
| <99.9% | 5% |
< 99.5% | 10% |
< 99% | 25% |
Service Credits are Customer’s sole and exclusive remedy for any Services performance or availability issues. Service Credits in any billing month will not, under any circumstances, exceed 25% of the Fees in that billing month.
Wiz will have no liability for any failure to meet Service Levels to the extent such failure is related to: (a) Customer’s use of the Services other than in accordance with the terms of the Agreement and/or the Documentation, (b) the unavailability, suspension, or termination of any cloud provider account, or any other cloud service provider performance issues, (c) issues with Customer’s network connections or other infrastructure, or (d) circumstances beyond Wiz’s reasonable control.
Wiz will provide English-speaking remote assistance to Customer’s Permitted Users for questions or issues related to any error in the Services, including troubleshooting, diagnosis, and recommendations for potential workarounds. Customer’s Permitted Users may report errors or abnormal behavior of the Services by submitting a support request in the Wiz Help Center, as described in the Documentation. Customer’s Permitted Users should be reasonably proficient in the use and functionality of the Services and familiar with the Documentation and should use reasonable diligence to ensure a perceived error is not an issue with Customer’s equipment, software, or internet connectivity.
3.3 Submission of Support Requests
Each support request will: (1) designate the Priority Level of the error in accordance with the definitions in the table below; (2) identify the account that experienced the error; (3) provide the start time of the error; (4) provide a description of the steps required to reproduce the error; (5) provide the relevant log files or data; (6) provide the wording of any error message; and (7) provide accurate contact information for the Customer’s Permitted User most familiar with the error.
Customer’s Permitted Users will also provide Wiz any other relevant information in a timely manner. If a Customer’s Permitted User submits a support request related to an enhancement or feature request, Wiz will deem the support request closed once the request has been forwarded internally to the relevant team and will provide Customer with a reference number for the feature request.
Response Times and Update Frequency | |||||
| Base Support Plan | Premium Support Plan | ||||
Priority Level | Description | Initial Response Time | Response Hours | Initial Response Time | Response Hours |
1 - Urgent | An error that makes Wiz unusable, resulting in critical impact on how Wiz operates, and there is no workaround available. | Within 2 Business Hours | 24x5 (during business days) | Within 30 Minutes | 24x7x365 |
2 - High | An error that severely restricts how Wiz operates, and no workaround is available. | Within 4 Business Hours | During Business Hours | Within 2 Hours | 24x7x365 |
3 - Normal | An error that limits Wiz performance or removes a non-essential feature, but a workaround is available. | Within 24 Business Hours | During Business Hours | Within 8 Hours | 24x7x365 |
4 - Low | An error that only slightly affects Wiz performance or functionality, and a workaround is easily available. All requests for assistance, comments, and feature requests are low priority. | Within 24 Business Hours | During Business Hours | Within 24 Hours | 24x7x365 |
*Unless agreed otherwise with Customer.
Wiz will have no obligation to provide Support to issues arising from: (a) misuse or unauthorized modifications to Wiz’s Services; (b) third-party platforms or other third-party systems; (c) trials, betas or other free or evaluation use; or (d) previous versions of Wiz’s Agent Services that are no longer supported.
“Agent Service” means Wiz Runtime Sensor, Wiz Outpost, Wiz CLI, Wiz Admission Controller, Wiz Tunnel Broker, and any other agents provided by Wiz that run in Customer’s operating environment.
With respect to any Wiz Agent Services included in a Customer’s subscription, Customer will be responsible for the prompt installation of all updates to the Agent Services that are provided by Wiz. Customer acknowledges that as Wiz develops enhanced versions of the Agent Services, Wiz may cease to maintain and support older versions of these Agent Services. Wiz will use commercially reasonable efforts to provide support services with respect to older versions of the Agent Services, but will have no obligation to provide support for Agent Services outside of Wiz’s stated support policy for the applicable Agent Service. Such policies are described in Wiz’s Documentation and subject to change from time to time in Wiz’s reasonable discretion, following advance notice of at least 90 days.
Effective May 1st 2024 to May 6th 2024
DownloadTable of Contents
SERVICE AND SUPPORT LEVELS AGREEMENT (SLA)
This Service and Support Levels Agreement (“SLA”) supplements the Agreement and describes the support levels available to Customer under the Agreement. The Base Support Plan is provided to Customer at no additional charge, and the Premium Support Plan will be provided to Customer if purchased in an applicable Order. Capitalized terms not specifically defined in this SLA shall have the meanings defined in the Agreement.
If Wiz fails to meet the Monthly Uptime Percentage in any month during the Subscription Term and Customer submits a request for Service Credit within 30 days following the end of that month, Customer will be entitled to a credit equal to the percentage identified in the table below of the Fees paid by Customer to Wiz pursuant to the applicable Order for that month, (each, a “Service Credit”). Wiz will apply Service Credits to Customer’s renewal invoice at the end of Customer’s then-current Subscription Term. Service Credits will not entitle the Customer to any refund or other payment from Wiz.
Monthly Uptime Percentage | Service Credit |
| <99.9%< span> | 5% |
< 99.5% | 10% |
< 99% | 25% |
Service Credits are Customer’s sole and exclusive remedy for any Services performance or availability issues. Service Credits in any billing month will not, under any circumstances, exceed 25% of the Fees in that billing month.
Wiz will have no liability for any failure to meet Service Levels to the extent such failure is related to: (a) Customer’s use of the Services other than in accordance with the terms of the Agreement and/or the Documentation, (b) the unavailability, suspension, or termination of any cloud provider account, or any other cloud service provider performance issues, (c) issues with Customer’s network connections or other infrastructure, or (d) circumstances beyond Wiz’s reasonable control.
Wiz will provide English-speaking remote assistance to Customer’s Permitted Users for questions or issues related to any error in the Services, including troubleshooting, diagnosis, and recommendations for potential workarounds. Customer’s Permitted Users may report errors or abnormal behavior of the Services by submitting a support request in the Wiz Help Center, as described in the Documentation. Customer’s Permitted Users should be reasonably proficient in the use and functionality of the Services and familiar with the Documentation and should use reasonable diligence to ensure a perceived error is not an issue with Customer’s equipment, software, or internet connectivity.
3.3 Submission of Support Requests
Each support request will: (1) designate the Priority Level of the error in accordance with the definitions in the table below; (2) identify the account that experienced the error; (3) provide the start time of the error; (4) provide a description of the steps required to reproduce the error; (5) provide the relevant log files or data; (6) provide the wording of any error message; and (7) provide accurate contact information for the Customer’s Permitted User most familiar with the error.
Customer’s Permitted Users will also provide Wiz any other relevant information in a timely manner. If a Customer’s Permitted User submits a support request related to an enhancement or feature request, Wiz will deem the support request closed once the request has been forwarded internally to the relevant team and will provide Customer with a reference number for the feature request.
Response Times and Update Frequency | |||||
| Base Support Plan | Premium Support Plan | ||||
Priority Level | Description | Initial Response Time | Response Hours | Initial Response Time | Response Hours |
1 - Urgent | An error that makes Wiz unusable, resulting in critical impact on how Wiz operates, and there is no workaround available. | Within 2 Business Hours | 24x5 (during business days) | Within 30 Minutes | 24x7x365 |
2 - High | An error that severely restricts how Wiz operates, and no workaround is available. | Within 4 Business Hours | During Business Hours | Within 2 Hours | 24x7x365 |
3 - Normal | An error that limits Wiz performance or removes a non-essential feature, but a workaround is available. | Within 24 Business Hours | During Business Hours | Within 8 Hours | 24x7x365 |
4 - Low | An error that only slightly affects Wiz performance or functionality, and a workaround is easily available. All requests for assistance, comments, and feature requests are low priority. | Within 24 Business Hours | During Business Hours | Within 24 Hours | 24x7x365 |
*Unless agreed otherwise with Customer.
Wiz will have no obligation to provide Support to issues arising from: (a) misuse or unauthorized modifications to Wiz’s Services; (b) third-party platforms or other third-party systems; (c) trials, betas or other free or evaluation use; or (d) previous versions of Wiz’s Agent Services that are no longer supported.
“Agent Service” means Wiz Runtime Sensor, Wiz Outpost, Wiz CLI, Wiz Admission Controller, Wiz Tunnel Broker, and any other agents provided by Wiz that run in Customer’s operating environment.
With respect to any Wiz Agent Services included in a Customer’s subscription, Customer will be responsible for the prompt installation of all updates to the Agent Services that are provided by Wiz. Customer acknowledges that as Wiz develops enhanced versions of the Agent Services, Wiz may cease to maintain and support older versions of these Agent Services. Wiz will use commercially reasonable efforts to provide support services with respect to older versions of the Agent Services, but will have no obligation to provide support for Agent Services outside of Wiz’s stated support policy for the applicable Agent Service. Such policies are described in Wiz’s Documentation and subject to change from time to time in Wiz’s reasonable discretion, following advance notice of at least 90 days.
Effective November 13th 2023 to May 1st 2024
DownloadTable of Contents
SERVICE AND SUPPORT LEVELS AGREEMENT (SLA)
This Service and Support Levels Agreement (“SLA”) supplements the Agreement and describes the service levels available to Customer under the Agreement. Capitalized terms not specifically defined in this SLA shall have the meanings defined in the Agreement.
If Wiz fails to meet the Monthly Uptime Percentage in any month during the Subscription Term and Customer submits a request for Service Credit within 30 days following the end of that month, Customer will be entitled to a credit equal to the percentage identified in the table below of the Fees paid by Customer to Wiz pursuant to the applicable Order for that month, (each, a “Service Credit”). Wiz will apply Service Credits to Customer’s renewal invoice at the end of Customer’s then-current Subscription Term. Service Credits will not entitle the Customer to any refund or other payment from Wiz.
Monthly Uptime Percentage | Service Credit |
< 99.5% | 10% |
< 99% | 25% |
Service Credits are Customer’s sole and exclusive remedy for any Services performance or availability issues. Service Credits in any billing month will not, under any circumstances, exceed 25% of the Fees in that billing month.
Wiz will have no liability for any failure to meet Service Levels to the extent such failure is related to: (a) Customer’s use of the Services other than in accordance with the terms of the Agreement and/or the Documentation, (b) the unavailability, suspension, or termination of any cloud provider account, or any other cloud service provider performance issues, (c) issues with Customer’s network connections or other infrastructure, or (d) circumstances beyond Wiz’s reasonable control.
Wiz will provide English-speaking remote assistance to Customer’s Permitted Users for questions or issues related to any error in the Services, including troubleshooting, diagnosis, and recommendations for potential workarounds. Customer’s Permitted Users may report errors or abnormal behavior of the Services by submitting a support request in the Wiz Help Center, as described in the Documentation. Customer’s Permitted Users should be reasonably proficient in the use and functionality of the Services and familiar with the Documentation and should use reasonable diligence to ensure a perceived error is not an issue with Customer’s equipment, software, or internet connectivity.
3.2 Support Hours
Support requests for Priority Levels 2-4 is provided during Wiz’s Business Hours. Support for Priority Level 1 requests will be on a 24x7x365 basis.
Each support request will: (1) designate the Priority Level of the error in accordance with the definitions in the table below; (2) identify the account that experienced the error; (3) provide the start time of the error; (4) provide a description of the steps required to reproduce the error; (5) provide the relevant log files or data; (6) provide the wording of any error message; and (7) provide accurate contact information for the Customer’s Permitted User most familiar with the error.
Customer’s Permitted Users will also provide Wiz any other relevant information in a timely manner. If a Customer’s Permitted User submits a support request related to an enhancement or feature request, Wiz will deem the support request closed once the request has been forwarded internally to the relevant team and will provide Customer with a reference number for the feature request.
Wiz will use commercially reasonable efforts to respond to support issues in accordance with the Initial Response Times provided in the table below and either validate Customer’s priority level designation or notify Customer of a change in the priority level designation with justification for any change. Wiz does not guarantee resolution of issues, and a resolution may consist of a fix, workaround or other solution Wiz deems reasonable.
Wiz will provide continuous efforts to resolve Priority Level 1 issues until a workaround or resolution can be provided or until the incident can be downgraded to a lower priority. Following submission of a Priority Level 1 request, Customer must be responsive to Wiz's support team’s communications and guidance. Failure to do so may result in Wiz downgrading the request Priority Level.
Response Times and Update Frequency | ||||
Priority Level | Description | Initial Response Time | Response Hours | Update Frequency* |
1 - Urgent | Any error in the Services causing the Services to be unusable, resulting in a critical impact on the operation of the Services and there is no workaround. | Within 2 hours | 24x7x365 | Every 2 hours |
2 - High | An error in the Services where the Services operate but operation is severely restricted. No workaround is available, and performance may be degraded, or functions are limited. | Within 4 hours | During Business Hours | Every 1 Business Day |
3 - Normal | An error in the Services where the Services operate with limitations that are not critical to the overall utility of the Services, requires that a user utilize a non-standard procedure, or removes a non-essential feature. | Within 1 Business Day | During Business Hours | Every 2 Business Days |
4 - Low | An error in the Services where the Services can be used with only slight inconvenience. Also, all requests for assistance, comments, or feature requests fall into this Priority Level. | Within 3 Business Days | During Business Hours | Every 3 Business Days |
*Unless otherwise agreed with Customer
Wiz will have no obligation to provide Support to issues arising from: (a) misuse or unauthorized modifications to Wiz’s Services; (b) third-party platforms or other third-party systems; (c) trials, betas or other free or evaluation use; or (d) previous versions of Wiz’s Agent Services that are no longer supported.
“Agent Service” means Wiz Runtime Sensor, Wiz Outpost, Wiz CLI, Wiz Admission Controller, Wiz Tunnel Broker, and any other agents provided by Wiz that run in Customer’s operating environment.
With respect to any Wiz Agent Services included in a Customer’s subscription, Customer will be responsible for the prompt installation of all updates to the Agent Services that are provided by Wiz. Customer acknowledges that as Wiz develops enhanced versions of the Agent Services, Wiz may cease to maintain and support older versions of these Agent Services. Wiz will use commercially reasonable efforts to provide support services with respect to older versions of the Agent Services, but will have no obligation to provide support for Agent Services outside of Wiz’s stated support policy for the applicable Agent Service. Such policies are described in Wiz’s Documentation and subject to change from time to time in Wiz’s reasonable discretion, following advance notice of at least 90 days.
Tech Integration Agreement
Effective May 13th 2025
DownloadTable of Contents
WIZ TECH INTEGRATION AGREEMENT
This WIZ TECH INTEGRATION AGREEMENT (the “Agreement”) is entered into on the date of the last signature below (the “Effective Date”), by and between:
Partner Company Name | |
Registered Address | |
Partner Product for Integration[1] | |
Partner Contact | |
Partner Contact Email | |
Partner Technical Support Contact | |
Partner Technical Support Email |
1If no Partner product has been identified above, then the presumption shall be that the Parties intend to achieve interoperability between the selected Wiz Products and any and all Partner Product(s). If a specific Partner product has been identified above, Wiz and Partner may mutually agree to integrate other Products which shall be subject to the terms of this Agreement.
(each, a “Party” and collectively, the “Parties”)
1. INTEROPERABILITY AND VALIDATION
Effective June 23rd 2024 to May 13th 2025
DownloadTable of Contents
WIZ TECH INTEGRATION AGREEMENT
This WIZ TECH INTEGRATION AGREEMENT (the “Agreement”) is entered into on the date of the last signature below (the “Effective Date”), by and between:
- Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 52nd Floor, New York, NY 10001 (the “Wiz”); and
- the entity named in the box below (the “Partner”)
Partner Company Name | |
Registered Address | |
Partner Product for Integration[1] | |
Partner Contact | |
Partner Contact Email | |
Partner Technical Support Contact | |
Partner Technical Support Email |
1If no Partner product has been identified above, then the presumption shall be that the Parties intend to achieve interoperability between the selected Wiz Products and any and all Partner Product(s). If a specific Partner product has been identified above, Wiz and Partner may mutually agree to integrate other Products which shall be subject to the terms of this Agreement.
(each, a “Party” and collectively, the “Parties”)
- INTEROPERABILITY AND VALIDATION
- The Parties wish to achieve product interoperability and integration between the Wiz Cloud Security Platform (“Wiz Platform”) and the Partner Product(s) identified in the table on page 1 above (“Partner Products”) via the Wiz integration APIs made available by Wiz to Partner, (“Wiz Integration API” together with the Wiz Platform, the “Wiz Products”, the Wiz Products together with the Partner Products, shall be referred to as the “Products”). Following the Effective Date, Partner shall be granted access to the Wiz partner portal (“Wiz Partner Portal”) including the Wiz integration documentation which sets forth the technical requirements for building the integration (“Wiz Integration Documentation”) which shall be incorporated by reference to this Agreement and Partner agrees to adhere to the requirements set forth in such Wiz Integration Documentation.
- In order to obtain validation and certification by Wiz for such integration, Partner must complete the certification process as defined at https://www.wiz.io/integrations/apply, which shall include demonstration and testing of how the Partner Products operate with the Wiz Products. Within 90 days of the Effective Date, Partner shall provide Wiz with the queries that Partner shall use on top of the Wiz Integration API in order to allow Wiz to ensure that Partner’s use of the API queries meets Wiz’s Integration API best practices.
- Interoperability validation shall be confirmed by Wiz in writing and shall only apply to the Partner Products that were tested in accordance with this section. Wiz reserves the right to reject Partner in its sole discretion if Partner does not meet Wiz’s criteria or for any other reason at Wiz’s discretion. If Partner conforms to Wiz’s criteria, Wiz shall certify Partner as “Certified”.Wiz reserves the right to reject Partner in its sole discretion if Partner does not meet Wiz’s criteria or for any other reason at Wiz’s discretion. Notwithstanding the termination sections in Section 13 below, Wiz and may terminate this Agreement immediately upon written notice to Partner, as long as Partner has not been confirmed in writing by Wiz as “Certified”.
- Once successful product interoperability and integration has been achieved and Partner has been certified by Wiz, the Parties may engage in mutually agreed-upon marketing activities.
- If either Party releases a new version of a Product that requires revalidation of interoperability, the Parties shall work together to complete such testing of the new product version as required and each Party agrees to contribute reasonable technical resources for such purpose.
- Partner shall be responsible for supporting and maintaining the integration contemplated herein.
- Either Party may engage subcontractors and involve Affiliates to perform its obligations under this Agreement provided that each Party remains fully responsible and liable for the performance of its subcontractors and Affiliates. Each Party shall bind its subcontractors and Affiliates to terms and conditions necessary to ensure such subcontractor’s and Affiliate’s compliance with the duties and obligations in this Agreement.
- LIMITED LICENSE.
- License by Partner. Subject to the terms of this Agreement, Partner hereby grants to Wiz and its Affiliates a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Partner Products during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Product(s). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- License by Wiz. Subject to the terms of this Agreement, Wiz hereby grants to Partner a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Wiz Integration API and Wiz Integration Documentation during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Platform.
- Open Source. Any open source software that may be provided with either Party’s Products (including APIs) is licensed and distributed under the terms and conditions of the applicable open source software license accompanying the open source software or set forth in the open source licenses (“Open Source Terms”). Each Party may use such open source software pursuant to the Open Source Terms.
- PROHIBITED USES.
- Unless expressly permitted by a Party in writing in advance, a Party may not use the other Party’s Products for production or commercial purposes or to test or build a competitive product. For the avoidance of doubt, this Agreement governs all uses of each Party’s products by the other Party for the purposes of making the Products interoperable and supersedes any other license agreement, including any click-through terms on either Party’s websites or otherwise.
- Wiz and Partner each agree that they will not, and will not permit any third party to, without the other Party’s prior written consent in each case: (a) use the other Party’s Products in any manner not authorized by the applicable product documentation or applicable laws, or in a way that could create an unreasonable risk from a security or data privacy perspective, (b) distribute, lease, license, sublicense or otherwise disseminate the other Party’s Products to any third party (except as specifically allowed under this Agreement); (c) modify, enhance, create derivative works from, reverse engineer, disassemble, decompile or otherwise reduce the other Party’s Products to human-readable form or attempt to derive the source code, methodology, analysis, or results of the other Party’s Products; (d) use the other Party’s Products in a business production mode, as an end-use product, or use any third-party software embedded in or bundled with the other Party’s Product as a standalone program or in any way independently from other Party’s Product, as applicable; (e) reproduce or make more than a reasonable number of copies of the other Party’s Products; or (f) use the other Party’s Product for commercial purposes or to test a competitive product; (g) disclose, publish or otherwise make publicly available any benchmark, performance or comparison tests that a Party (or a third party contracted by the Party) runs on the other Party’s Products, in whole or in part; (h) remove, modify, or conceal any product identification, copyright, proprietary, intellectual property notices or other such marks on or within the other Party’s Product; (i) use the other Party’s Product to store or transmit infringing, libelous, or otherwise unlawful or tortious material, to store or transmit material in violation of third-party privacy or intellectual property rights, or to conduct any fraudulent or other unlawful activity; (j) interfere with, disrupt the integrity or performance of, or attempt to gain unauthorized access to the other Party’s Product, their related systems or networks, or any third-party data contained therein. Both Parties shall reproduce any copyright notices, legends and proprietary marking on any authorized copy of the other Party’s Products.
- In addition, Partner acknowledges and agrees that: (a) Partner shall only use Wiz’s official Integration APIs as provided in the Wiz Integration Documentation; and (b) it shall only provide access to the Wiz Partner Portal, Wiz Integration Documentation and Wiz Integration API to its employees or service providers on a need to know basis (“Permitted Users”). Partner will ensure that the Permitted Users comply with the terms of this Agreement and shall be fully responsible for any breach of this Agreement by a Permitted User. Partner and its Permitted Users shall not share user credentials to the Wiz Partner Portal with any third party and Partner shall promptly notify Wiz upon becoming aware of any breach of this section which shall be grounds for immediate termination of access to the Wiz Partner Portal and this Agreement by Wiz.
- Any rights not expressly granted herein are deemed reserved and neither Party shall make any other use of the other Party’s Products other than as expressly permitted in this Agreement.
- Wiz may refuse Partner’s access to Wiz Products and/or Wiz Integration Documentation and may delist the integration contemplated hereunder, where, acting reasonably and in good faith, Wiz knows or suspects that such access would violate the terms and conditions of this Agreement (including where Wiz knows or suspects that Partner may have been compromised by a malicious actor). In such circumstances, Wiz shall promptly inform Partner in writing of such refusal of access and/or delisting unless prohibited by applicable law or where Wiz reasonably believes that providing such notice poses a risk to the security of its customers or other Products. Wiz will promptly reinstate Partner’s access and use once the issue has been resolved.
- TITLE AND OWNERSHIP.
- Each Party acknowledges that the other Party and its licensors retain all right, title and interest in and to their respective Products including user manuals and other written materials for the Products and any other materials which are owned by either Party prior to beginning any work under this Agreement and which are not generated in the course of performing this Agreement, including any derivatives, enhancements, improvements or modifications thereof (together “Background Works”) and all intellectual property rights embodied in the Background Works. Except for the limited rights expressly granted herein, this Agreement does not transfer title of a Party’s Background Works from either Party to the other Party or to any third party, and all right, title and interest in and to either Parties’ Background Works will at all times remain solely and exclusively with the respective Party. Neither Party shall take any action inconsistent with such title and ownership.
- Subject to section 4.1 above, each Party shall own any developed work which is produced by that Party in order to fulfil the interoperation of the Party’s Products or otherwise to fulfil the objectives of this Agreement and such developed work shall not be deemed a “work made for hire”. Each Party hereby grants to the other Party a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use any of such developed work solely for purposes of and to the extent necessary to perform its obligations under this Agreement during the Term of this Agreement. Notwithstanding the foregoing, if the Parties or each Party develops such works pursuant to Open Source Terms, then such works will be licensed under the applicable Open Source Terms.
- During the course of their relationship, each Party may have opportunity to provide feedback to the other Party regarding the other Party’s Products. Each Party hereby assigns to the other Party all rights, title to and interest to such feedback it supplies to the other Party, including all intellectual property rights therein, provided that such feedback shall not contain any Confidential Information of the other Party. Each Party agrees to assist the other with and sign any and all documentation to secure those rights.
- SUPPORT.
- Each Party shall provide support for its own Product to its own customers according to such Party’s standard business practices. Notwithstanding the foregoing, the Parties agree to work together to jointly resolve any integration issues identified by mutual customers. Partner agrees to provide support during normal business hours to Wiz or mutual customers with issues concerning interoperability of the Products and agrees to respond to any support requests from Wiz or mutual customers within 3 business days of receipt. Any support provided herein shall be at no cost to either Party. Partner’s point of contact for such support requests is set out in the table on page 1.
- JOINT MARKETING.
- Once interoperability has been achieved, the Parties may jointly develop a marketing and promotions plan (the “Marketing Plan”) including to notify each other’s customers of the relationship between the Parties. The Marketing Plan must be mutually agreed by both Parties in writing prior to either Party taking any action and each Party will use commercially reasonable efforts to implement the Marketing Plan.
- In furtherance of marketing the Products and services of the other Party, each Party shall:
- Avoid deceptive, misleading, misrepresentative, illegal, or unethical practices that may be detrimental to the other Party or to the Products and services of such other Party;
- Not make any representations, warranties, or guarantees to customers concerning the other Party’s Products or services that are inconsistent with or in addition to those made in this Agreement or the Marketing Plan; and
- Comply with all applicable international, federal, state and local laws and regulations, including privacy and data protection laws, in performing marketing activities and its duties with respect to its own Products and services.
- Each Party shall obtain the other Party’s prior written approval in each case for all publicity concerning the other Party including, but not limited to, any press release or marketing statements.
- Notwithstanding the foregoing, it is agreed and understood that either Party shall have unrestricted rights to pursue any business or sales opportunity alone or with any third parties. The Parties agree that this Agreement does not authorize or require either Party to sell the other Party’s Products.
- To the extent that the Parties share or disclose personal data or information of potential or actual customers (“Prospect Information”) with each other in connection with joint marketing activities under this Agreement: (i) the Privacy Addendum set forth at https://www.wiz.io/legal/privacy-addendum shall apply; (ii) each Party will treat Prospect Information provided by the other as Confidential Information; and (iii) will only share or use such Prospect Information under this Agreement in accordance with the Agreement and applicable laws, including privacy and data protection laws. Without limiting the foregoing, each Party will be solely responsible for any Prospect Information it elects to provide to the other Party, including providing any required notices to, and receiving any required consents and authorizations from, the prospects and individuals that are the subjects of such Prospect Information.
- TRADEMARK LICENSE.
- Subject to the terms of this Agreement and any additional policies and instructions identified by a Party with respect to the use of its Marks, once validation and certification has been confirmed by Wiz to Partner in writing, each Party grants to the other Party and its Affiliates a limited, revocable, non-exclusive, non-transferable, royalty-free license for the Term of this Agreement to use the other Party’s trademarks, trade names and/or logos (“Marks”) solely in connection with the integration of the Party’s Products in accordance with this Agreement.
- Each Party maintains exclusive title to its Marks and retains all rights not explicitly granted by the Agreement. Neither Party will: (i) challenge or take any action which interferes with the other Party’s rights in its Marks; (ii) directly or indirectly use any Marks or any mark or name confusingly similar to any Marks of the other Party, as part of its business names or in any manner except as explicitly authorized by the other Party; (iii) register or attempt to register any trademark, any part of trademark, or any mark or name confusingly similar to any of the other Party’s Marks. Each Party shall have the right to object to and thereby prohibit the use of its Marks on or in any materials at any time in its sole discretion, provided that if Partner prohibits the use of its Marks by Wiz after certification has been achieved, Wiz shall not be obligated to provide Partner with any support and may, at its discretion, terminate this Agreement immediately upon written notice to Partner by email. If the Party owning the Marks notifies the other Party that the use of the Marks is not in compliance with the Mark owner’s policies or is otherwise in breach of this Agreement, then the Party using the Marks will promptly take such reasonable corrective action as directed by the Mark owner. All of the benefit and goodwill associated with the use of the Marks will inure entirely to the Mark owner. Either Party may terminate its trademark license if, in its reasonable discretion, the other Party’s use of one or more of its Marks tarnishes, blurs or dilutes the quality associated with the Marks or the associated goodwill.
- EXPENSES.
- Each Party shall bear its own costs and expenses incurred in performing its obligations under this Agreement, unless otherwise agreed by the Parties in writing.
- LIMITED WARRANTY.
- Each Party represents and warrants to the other Party that it has the right to enter into this Agreement, and that this Agreement constitutes a valid binding obligation of such Party, enforceable against such Party in accordance with its terms and does not conflict with or violate any agreements such Party has with any third party. EACH OF THE WIZ PRODUCTS AND PARTNER PRODUCTS IS PROVIDED “AS IS” WITHOUT WARRANTY AND EACH PARTY HEREBY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF PRODUCT LIABILITY, MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY ARISING FROM COURSE OF DEALING OR PERFORMANCE.
- CONFIDENTIALITY.
- Each Party and its Affiliates may have access to non-public information of the other Party or its Affiliates, in any form or media, including without limitation, trade secrets and other information related to the products, software, technology, intellectual property, testing results, data, know-how, customers or prospective customers or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). For the avoidance of doubt, the Wiz Integration API and all information in the Wiz Partner Portal including the Wiz Integration Documentation are Wiz’s Confidential Information. In addition, to the extent the Parties share information with each other regarding customers or prospective customers, such information, and the existence of such discussions between the Parties shall be treated as Confidential Information. The receiving Party’s obligations under this section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing party’s Confidential Information, as evidenced by written records.
- The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. Neither Party shall use or disclose the Confidential Information of the other Party except for as reasonably necessary for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party’s Confidential Information to its and/or its Affiliates’ respective employees, consultants, subcontractors and advisors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement and shall notify the other Party immediately upon becoming aware of any unauthorized access or use of the other Party’s Confidential Information. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing Party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement.
- Unless otherwise agreed by the Parties, upon (a) the disclosing Party’s request (but only if such Confidential Information is not required to exercise a right or perform an obligation under this Agreement); or, (b) in any event, termination or expiration of this Agreement, each Party will return or destroy (and certify such destruction upon request of the disclosing Party) the Confidential Information of the other Party, and all copies thereof, in its possession or control, except such Confidential Information as is necessary to continue performing any obligations or exercising any rights that survive termination or expiration of this Agreement or as otherwise required to comply with applicable laws. The obligation to return or destroy all copies of Confidential Information does not extend to automatically generated copies which may still exists on servers and back-ups for a reasonable period in line with industry standards provided that the receiving Party shall make no further use of those copies and that the confidentiality obligations herein shall continue to apply until the Confidential Information is fully destroyed.
- All Confidential Information and any derivatives thereof are and shall remain the exclusive property of the disclosing Party and no rights, interests or license, are granted or implied hereby to have been granted to the receiving Party. Each Party acknowledges and agrees that its products and services contain proprietary information and trade secrets of the owner of the products and services. Each Party will not use any Confidential Information that it gains through use or study of the other Party’s products and services to facilitate its or any third party’s development of any software programs or other products that would compete with the other Party’s products and services. Notwithstanding the foregoing, each Party hereby acknowledges and agrees that the other Party may currently or in the future be developing information internally, or receiving information from other parties, that is similar to the Confidential Information of the disclosing Party. Accordingly, nothing in this Agreement will be construed as a representation or agreement that either Party will not develop or have developed products, services, concepts, systems or techniques that are similar to or compete with the products, concepts, systems or techniques contemplated by or embodied in the Confidential Information, provided that the receiving Party does not violate any of its obligations under this Agreement in connection with such development.
- Each Party acknowledges that a breach by the other Party of any confidentiality or proprietary rights provision of this Agreement may cause the non-breaching Party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching Party may seek an action to enjoin the breaching Party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a Party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching Party may be entitled at law or in equity.
- INDEMNIFICATION.
- Each Party (“Indemnifying Party”) will indemnify, defend and hold harmless the other Party, its Affiliates, directors and employees (collectively “Indemnified Party”) against any and all claims made by any third parties and all related losses, liabilities, damages, costs and expenses (including without limitation reasonable attorneys’ fees) directly resulting from any such claims that Indemnified Party’s use of the Indemnifying Party’s Products or integration contemplated hereunder as authorized by this Agreement violates, misappropriates or infringes upon the patent, copyright, trademark, trade secret, or other proprietary rights of any third party.
- The Indemnified Party will notify Indemnifying Party promptly of any such claims, suits, and proceedings in writing. Indemnifying Party will be given full and complete authority and information for the defense and settlement of the claim provided that Indemnifying Party will have no authority to enter into any settlement or compromise which imposes any obligation or admits any guilt on behalf of Indemnified Party without the prior written consent of Indemnified Party, which shall not be unreasonably withheld. At Indemnifying Party’s request, Indemnified Party will reasonably cooperate with Indemnifying Party in defending or settling any such action.
- Notwithstanding the foregoing, a Party will have no obligation under this section or otherwise with respect to any infringement claim to the extent based upon or it relates to: (i) any use of the other Party’s Products not in accordance with this Agreement or the relevant product documentation; (ii) any use of the other Party’s Products in combination with other products, hardware, equipment, software, or data not authorized in writing by such Party to be used with the technology; (iii) any modification of the other Party’s Products by any person other than other Party or its authorized agents or subcontractors; (iv) Indemnified Party’s gross negligence or willful misconduct, or (v) any refusal of Indemnified Party to use a non-infringing version of Product or integration contemplated hereunder or any part thereof (including any update, if such infringement could have been avoided by use of the most recent update) offered by Indemnifying Party at no cost to Indemnified Party. THIS SECTION STATES THE INDEMNIFYING PARTY’S ENTIRE LIABILITY AND THE INDEMNIFIED PARTY’S EXCLUSIVE REMEDY FOR INFRINGEMENT CLAIMS AND ACTIONS.
- LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) INDEMNIFICATION OBLIGATIONS IN THIS AGREEMENT, (3) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (4) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) INDEMNIFICATION OBLIGATIONS IN THIS AGREEMENT, (3) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (4) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, THE MAXIMUM LIABILITY OF EACH PARTY FOR ALL DAMAGES OR ALLEGED DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, IS LIMITED TO, AND SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, USD $1,000.
- TERM AND TERMINATION.
- Term. Unless terminated earlier as provided herein, the Term of this Agreement shall be one (1) year and will automatically renew for consecutive one (1) year term(s) (together, the “Term”) unless otherwise terminated in accordance with this section.
- Termination for Convenience. This Agreement may be terminated for convenience by a Party providing the other Party thirty (30) days prior written notice. Any accrued rights and obligations will survive termination.
- Termination for Cause. Either Party may immediately terminate this Agreement upon notice to the other Party if the other Party: (i) materially breaches this Agreement and, to the extent such breach is curable, fails to cure such breach within 30 days after receiving notice of the breach from the other Party, or (ii) commences bankruptcy or dissolution proceedings, has a receiver appointed for a substantial part of its assets, or ceases to operate in the ordinary course of business. Any accrued rights and obligations will survive termination.
- Effect of termination. Upon expiration or termination of this Agreement (a) all rights and obligations granted to each Party by the other Party hereunder shall immediately cease; (b) neither Party shall have the right to represent itself as a partner of the other Party; (c) each Party shall remove all references of the other Party from its website and marketing materials, and shall cease all use of the other Party’s Marks; and (d) within thirty (30) days, each Party shall return to the other Party and destroy all Products or other materials in its possession or control that belong to the other Party and shall certify compliance with this section upon request.
- Survival. Sections 3 (Prohibited Uses), 4 (Title and Ownership), 8 (Expenses), 9 (Limited Warranty) 10 (Confidentiality), 11 (Indemnity), 12 (Limitation of Liability), 13 (Term and Termination) and 14 (Miscellaneous) shall survive termination or expiration of this Agreement
- MISCELLANEOUS.
- Relationship of Parties. The Parties expressly agree that they are independent contractors under this Agreement and no other relationship is intended, including without limitation a partnership, franchise, joint venture, agency, employer/employee, fiduciary, master/servant relationship, or other special relationship. Neither Party shall have any right or authority to assume, create, or incur any liability or any obligation on behalf of the other Party. Neither Party shall take any action that expresses or implies a relationship other than that of independent contractor.
- No Third Party Beneficiaries. Unless otherwise expressly provided, no provisions of this Agreement are intended or shall be construed to confer upon or give to any person or entity other than Partner and Wiz any rights, remedies or other benefits under or by reason of this Agreement.
- Notices. All notices which are required to be given pursuant to this Agreement shall be in writing and shall be sent by overnight courier to the address listed on page 1, with receipt acknowledged, or by email with an electronic proof of transmission. In respect of Wiz, notices may be sent by email to legalnotices@wiz.io. Notices shall be deemed to have been delivered at the time delivered by overnight courier and transmitted by email.
- Force Majeure. Nonperformance by either Party will be excused to the extent that performance is rendered impossible by strike, fire, flood, riots, terrorism, governmental acts or orders or restrictions, or any other reason where failure to perform is beyond the reasonable control of the nonperforming Party and not caused by the negligence of the nonperforming Party.
- Assignment. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates, provided in any event that the assignee or successor agrees to be bound by all of the terms and conditions of this Agreement. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns.
- Export. Each Party represents and warrants that such Party, its Affiliates, or any director or officer thereof, is not, and is not owned or controlled by individuals or entities that are: (i) the target of any sanctions administered or enforced by the U.S. Department of the Treasury Office of Foreign Asset Control (“OFAC”), the U.S. State Department or any other U.S. government agency or department, the United Nations Security Council, the European Union or Her Majesty Treasury and/or the target of any Israeli sanctions (collectively, “Sanctions”), or (ii) located, organized or resident in a country or territory that is the subject of comprehensive territorial Sanctions. Each Party acknowledges that any use of its Products and services (the “Product Usage”) may not be provided to or used by any person in any of the countries that are subject to comprehensive economic sanctions under the EAR, OFAC, or Israeli regulations, which currently include Crimea, Donetsk and Luhansk - regions of Ukraine, Cuba, Iran, North Korea, and Syria. Moreover, each Party shall not allow and fully restrict any usage relating to its Products and services from persons identified on any Sanctions list, including but not limited to OFAC’s Specially Designated Nationals and Blocked Parties List (the “SDN List”), entities owned 50% or more by any individuals or entities on the SDN List, or individuals or entities that are located in any comprehensively sanctioned country. Each Party shall be responsible for complying with all applicable laws in connection with its use of the Products including, but not limited to, U.S. Export Administration Regulations, any other export laws, restrictions, and regulations to ensure that the products and any technical data related thereto is not exported or re-exported, directly or indirectly, in violation of or used for any purposes prohibited by such laws and regulations.
- Compliance with Laws & Data Protection. Each Party will comply with its respective legal obligations in exercising its rights and performing its duties under this Agreement including complying with all applicable international, federal, state and local laws and regulations, including all applicable data privacy, data protection and data security laws and regulations. The Parties agree that, for the purposes of the GDPR and any equivalent data protection laws, there is no controller-processor relationship between Wiz and Partner with regards to either Party’s customers’ personal data shared via the integration contemplated hereunder or personal data of users of the Wiz Partner Portal. In the event the Parties are required to enter into additional agreements to comply with applicable laws, including to put in place adequate data transfer mechanisms such as Standard Contractual Clauses, Partner agrees to execute such additional agreements as needed.
- Waiver, Severability and Modification. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable and will have no effect on the remainder of this Agreement. Any waiver, amendment or other modification of any provision of this Agreement will be effective only if in writing and signed by the Parties.
- Governing Law and Jurisdiction. This Agreement will be governed by and construed in accordance with the laws of New York, not including its law of conflicts of laws. The Parties irrevocably consent to the exclusive jurisdiction of the courts of Manhattan, New York, over any action, suit or proceeding arising hereunder.
- Entire Agreement. This Agreement, including all exhibits or terms that are incorporated herein by reference, constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous understandings or agreements, written or oral, regarding such subject matter, including prior non-disclosure agreements. Notwithstanding the foregoing, Wiz may make available other optional products, services, features or cooperation, which may be subject to additional terms to which Partner will be required to agree and to additional fees which Customer may be required to pay before being permitted to use such products, services, features or participate in such cooperation.
- Counterparts. This Agreement may be executed in electronic counterparts, each of which shall be an original and together which shall constitute one and the same instrument.
Effective June 20th 2024 to June 23rd 2024
DownloadTable of Contents
WIZ TECH INTEGRATION AGREEMENT
This WIZ TECH INTEGRATION AGREEMENT (the “Agreement”) is entered into on the date of the last signature below (the “Effective Date”), by and between:
- Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 52nd Floor, New York, NY 10001 (the “Wiz”); and
- the entity named in the box below (the “Partner”)
Partner Company Name | |
Registered Address | |
Partner Product for Integration[1] | |
Partner Contact | |
Partner Contact Email | |
Partner Technical Support Contact | |
Partner Technical Support Email |
1If no Partner product has been identified above, then the presumption shall be that the Parties intend to achieve interoperability between the selected Wiz Products and any and all Partner Product(s). If a specific Partner product has been identified above, Wiz and Partner may mutually agree to integrate other Products which shall be subject to the terms of this Agreement.
(each, a “Party” and collectively, the “Parties”)
- INTEROPERABILITY AND VALIDATION
- The Parties wish to achieve product interoperability and integration between the Wiz Cloud Security Platform (“Wiz Platform”) and the Partner Product(s) identified in the table on page 1 above (“Partner Products”) via the Wiz integration APIs made available by Wiz to Partner, (“Wiz Integration API” together with the Wiz Platform, the “Wiz Products”, the Wiz Products together with the Partner Products, shall be referred to as the “Products”). Following the Effective Date, Partner shall be granted access to the Wiz partner portal (“Wiz Partner Portal”) including the Wiz integration documentation which sets forth the technical requirements for building the integration (“Wiz Integration Documentation”) which shall be incorporated by reference to this Agreement and Partner agrees to adhere to the requirements set forth in such Wiz Integration Documentation.
- In order to obtain validation and certification by Wiz for such integration, Partner must complete the certification process as defined at https://www.wiz.io/integrations/apply, which shall include demonstration and testing of how the Partner Products operate with the Wiz Products. Within 90 days of the Effective Date, Partner shall provide Wiz with the queries that Partner shall use on top of the Wiz Integration API in order to allow Wiz to ensure that Partner’s use of the API queries meets Wiz’s Integration API best practices.
- Interoperability validation shall be confirmed by Wiz in writing and shall only apply to the Partner Products that were tested in accordance with this section. Wiz reserves the right to reject Partner in its sole discretion if Partner does not meet Wiz’s criteria or for any other reason at Wiz’s discretion. If Partner conforms to Wiz’s criteria, Wiz shall certify Partner as “Certified”.Wiz reserves the right to reject Partner in its sole discretion if Partner does not meet Wiz’s criteria or for any other reason at Wiz’s discretion. Notwithstanding the termination sections in Section 13 below, Wiz and may terminate this Agreement immediately upon written notice to Partner, as long as Partner has not been confirmed in writing by Wiz as “Certified”.
- Once successful product interoperability and integration has been achieved and Partner has been certified by Wiz, the Parties may engage in mutually agreed-upon marketing activities.
- If either Party releases a new version of a Product that requires revalidation of interoperability, the Parties shall work together to complete such testing of the new product version as required and each Party agrees to contribute reasonable technical resources for such purpose.
- Partner shall be responsible for supporting and maintaining the integration contemplated herein.
- Either Party may engage subcontractors and involve Affiliates to perform its obligations under this Agreement provided that each Party remains fully responsible and liable for the performance of its subcontractors and Affiliates. Each Party shall bind its subcontractors and Affiliates to terms and conditions necessary to ensure such subcontractor’s and Affiliate’s compliance with the duties and obligations in this Agreement.
- LIMITED LICENSE.
- License by Partner. Subject to the terms of this Agreement, Partner hereby grants to Wiz and its Affiliates a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Partner Products during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Product(s). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- License by Wiz. Subject to the terms of this Agreement, Wiz hereby grants to Partner a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Wiz Integration API and Wiz Integration Documentation during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Platform.
- Open Source. Any open source software that may be provided with either Party’s Products (including APIs) is licensed and distributed under the terms and conditions of the applicable open source software license accompanying the open source software or set forth in the open source licenses (“Open Source Terms”). Each Party may use such open source software pursuant to the Open Source Terms.
- PROHIBITED USES.
- Unless expressly permitted by a Party in writing in advance, a Party may not use the other Party’s Products for production or commercial purposes or to test or build a competitive product. For the avoidance of doubt, this Agreement governs all uses of each Party’s products by the other Party for the purposes of making the Products interoperable and supersedes any other license agreement, including any click-through terms on either Party’s websites or otherwise.
- Wiz and Partner each agree that they will not, and will not permit any third party to, without the other Party’s prior written consent in each case: (a) use the other Party’s Products in any manner not authorized by the applicable product documentation or applicable laws, or in a way that could create an unreasonable risk from a security or data privacy perspective, (b) distribute, lease, license, sublicense or otherwise disseminate the other Party’s Products to any third party (except as specifically allowed under this Agreement); (c) modify, enhance, create derivative works from, reverse engineer, disassemble, decompile or otherwise reduce the other Party’s Products to human-readable form or attempt to derive the source code, methodology, analysis, or results of the other Party’s Products; (d) use the other Party’s Products in a business production mode, as an end-use product, or use any third-party software embedded in or bundled with the other Party’s Product as a standalone program or in any way independently from other Party’s Product, as applicable; (e) reproduce or make more than a reasonable number of copies of the other Party’s Products; or (f) use the other Party’s Product for commercial purposes or to test a competitive product; (g) disclose, publish or otherwise make publicly available any benchmark, performance or comparison tests that a Party (or a third party contracted by the Party) runs on the other Party’s Products, in whole or in part; (h) remove, modify, or conceal any product identification, copyright, proprietary, intellectual property notices or other such marks on or within the other Party’s Product; (i) use the other Party’s Product to store or transmit infringing, libelous, or otherwise unlawful or tortious material, to store or transmit material in violation of third-party privacy or intellectual property rights, or to conduct any fraudulent or other unlawful activity; (j) interfere with, disrupt the integrity or performance of, or attempt to gain unauthorized access to the other Party’s Product, their related systems or networks, or any third-party data contained therein. Both Parties shall reproduce any copyright notices, legends and proprietary marking on any authorized copy of the other Party’s Products.
- In addition, Partner acknowledges and agrees that: (a) Partner shall only use Wiz’s official Integration APIs as provided in the Wiz Integration Documentation; and (b) it shall only provide access to the Wiz Partner Portal, Wiz Integration Documentation and Wiz Integration API to its employees or service providers on a need to know basis (“Permitted Users”). Partner will ensure that the Permitted Users comply with the terms of this Agreement and shall be fully responsible for any breach of this Agreement by a Permitted User. Partner and its Permitted Users shall not share user credentials to the Wiz Partner Portal with any third party and Partner shall promptly notify Wiz upon becoming aware of any breach of this section which shall be grounds for immediate termination of access to the Wiz Partner Portal and this Agreement by Wiz.
- Any rights not expressly granted herein are deemed reserved and neither Party shall make any other use of the other Party’s Products other than as expressly permitted in this Agreement.
- Wiz may refuse Partner’s access to Wiz Products and/or Wiz Integration Documentation and may delist the integration contemplated hereunder, where, acting reasonably and in good faith, Wiz knows or suspects that such access would violate the terms and conditions of this Agreement (including where Wiz knows or suspects that Partner may have been compromised by a malicious actor). In such circumstances, Wiz shall promptly inform Partner in writing of such refusal of access and/or delisting unless prohibited by applicable law or where Wiz reasonably believes that providing such notice poses a risk to the security of its customers or other Products. Wiz will promptly reinstate Partner’s access and use once the issue has been resolved.
- TITLE AND OWNERSHIP.
- Each Party acknowledges that the other Party and its licensors retain all right, title and interest in and to their respective Products including user manuals and other written materials for the Products and any other materials which are owned by either Party prior to beginning any work under this Agreement and which are not generated in the course of performing this Agreement, including any derivatives, enhancements, improvements or modifications thereof (together “Background Works”) and all intellectual property rights embodied in the Background Works. Except for the limited rights expressly granted herein, this Agreement does not transfer title of a Party’s Background Works from either Party to the other Party or to any third party, and all right, title and interest in and to either Parties’ Background Works will at all times remain solely and exclusively with the respective Party. Neither Party shall take any action inconsistent with such title and ownership.
- Subject to section 4.1 above, each Party shall own any developed work which is produced by that Party in order to fulfil the interoperation of the Party’s Products or otherwise to fulfil the objectives of this Agreement and such developed work shall not be deemed a “work made for hire”. Each Party hereby grants to the other Party a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use any of such developed work solely for purposes of and to the extent necessary to perform its obligations under this Agreement during the Term of this Agreement. Notwithstanding the foregoing, if the Parties or each Party develops such works pursuant to Open Source Terms, then such works will be licensed under the applicable Open Source Terms.
- During the course of their relationship, each Party may have opportunity to provide feedback to the other Party regarding the other Party’s Products. Each Party hereby assigns to the other Party all rights, title to and interest to such feedback it supplies to the other Party, including all intellectual property rights therein, provided that such feedback shall not contain any Confidential Information of the other Party. Each Party agrees to assist the other with and sign any and all documentation to secure those rights.
- SUPPORT.
- Each Party shall provide support for its own Product to its own customers according to such Party’s standard business practices. Notwithstanding the foregoing, the Parties agree to work together to jointly resolve any integration issues identified by mutual customers. Partner agrees to provide support during normal business hours to Wiz or mutual customers with issues concerning interoperability of the Products and agrees to respond to any support requests from Wiz or mutual customers within 3 business days of receipt. Any support provided herein shall be at no cost to either Party. Partner’s point of contact for such support requests is set out in the table on page 1.
- JOINT MARKETING.
- Once interoperability has been achieved, the Parties may jointly develop a marketing and promotions plan (the “Marketing Plan”) including to notify each other’s customers of the relationship between the Parties. The Marketing Plan must be mutually agreed by both Parties in writing prior to either Party taking any action and each Party will use commercially reasonable efforts to implement the Marketing Plan.
- In furtherance of marketing the Products and services of the other Party, each Party shall:
- Avoid deceptive, misleading, misrepresentative, illegal, or unethical practices that may be detrimental to the other Party or to the Products and services of such other Party;
- Not make any representations, warranties, or guarantees to customers concerning the other Party’s Products or services that are inconsistent with or in addition to those made in this Agreement or the Marketing Plan; and
- Comply with all applicable international, federal, state and local laws and regulations, including privacy and data protection laws, in performing marketing activities and its duties with respect to its own Products and services.
- Each Party shall obtain the other Party’s prior written approval in each case for all publicity concerning the other Party including, but not limited to, any press release or marketing statements.
- Notwithstanding the foregoing, it is agreed and understood that either Party shall have unrestricted rights to pursue any business or sales opportunity alone or with any third parties. The Parties agree that this Agreement does not authorize or require either Party to sell the other Party’s Products.
- To the extent that the Parties share or disclose personal data or information of potential or actual customers (“Prospect Information”) with each other in connection with joint marketing activities under this Agreement: (i) the Privacy Addendum set forth at https://www.wiz.io/legal/privacy-addendum shall apply; (ii) each Party will treat Prospect Information provided by the other as Confidential Information; and (iii) will only share or use such Prospect Information under this Agreement in accordance with the Agreement and applicable laws, including privacy and data protection laws. Without limiting the foregoing, each Party will be solely responsible for any Prospect Information it elects to provide to the other Party, including providing any required notices to, and receiving any required consents and authorizations from, the prospects and individuals that are the subjects of such Prospect Information.
- TRADEMARK LICENSE.
- Subject to the terms of this Agreement and any additional policies and instructions identified by a Party with respect to the use of its Marks, once validation and certification has been confirmed by Wiz to Partner in writing, each Party grants to the other Party and its Affiliates a limited, revocable, non-exclusive, non-transferable, royalty-free license for the Term of this Agreement to use the other Party’s trademarks, trade names and/or logos (“Marks”) solely in connection with the integration of the Party’s Products in accordance with this Agreement.
- Each Party maintains exclusive title to its Marks and retains all rights not explicitly granted by the Agreement. Neither Party will: (i) challenge or take any action which interferes with the other Party’s rights in its Marks; (ii) directly or indirectly use any Marks or any mark or name confusingly similar to any Marks of the other Party, as part of its business names or in any manner except as explicitly authorized by the other Party; (iii) register or attempt to register any trademark, any part of trademark, or any mark or name confusingly similar to any of the other Party’s Marks. Each Party shall have the right to object to and thereby prohibit the use of its Marks on or in any materials at any time in its sole discretion, provided that if Partner prohibits the use of its Marks by Wiz after certification has been achieved, Wiz shall not be obligated to provide Partner with any support and may, at its discretion, terminate this Agreement immediately upon written notice to Partner by email. If the Party owning the Marks notifies the other Party that the use of the Marks is not in compliance with the Mark owner’s policies or is otherwise in breach of this Agreement, then the Party using the Marks will promptly take such reasonable corrective action as directed by the Mark owner. All of the benefit and goodwill associated with the use of the Marks will inure entirely to the Mark owner. Either Party may terminate its trademark license if, in its reasonable discretion, the other Party’s use of one or more of its Marks tarnishes, blurs or dilutes the quality associated with the Marks or the associated goodwill.
- EXPENSES.
- Each Party shall bear its own costs and expenses incurred in performing its obligations under this Agreement, unless otherwise agreed by the Parties in writing.
- LIMITED WARRANTY.
- Each Party represents and warrants to the other Party that it has the right to enter into this Agreement, and that this Agreement constitutes a valid binding obligation of such Party, enforceable against such Party in accordance with its terms and does not conflict with or violate any agreements such Party has with any third party. EACH OF THE WIZ PRODUCTS AND PARTNER PRODUCTS IS PROVIDED “AS IS” WITHOUT WARRANTY AND EACH PARTY HEREBY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF PRODUCT LIABILITY, MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY ARISING FROM COURSE OF DEALING OR PERFORMANCE.
- CONFIDENTIALITY.
- Each Party and its Affiliates may have access to non-public information of the other Party or its Affiliates, in any form or media, including without limitation, trade secrets and other information related to the products, software, technology, intellectual property, testing results, data, know-how, customers or prospective customers or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). For the avoidance of doubt, the Wiz Integration API and all information in the Wiz Partner Portal including the Wiz Integration Documentation are Wiz’s Confidential Information. In addition, to the extent the Parties share information with each other regarding customers or prospective customers, such information, and the existence of such discussions between the Parties shall be treated as Confidential Information. The receiving Party’s obligations under this section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing party’s Confidential Information, as evidenced by written records.
- The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. Neither Party shall use or disclose the Confidential Information of the other Party except for as reasonably necessary for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party’s Confidential Information to its and/or its Affiliates’ respective employees, consultants, subcontractors and advisors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement and shall notify the other Party immediately upon becoming aware of any unauthorized access or use of the other Party’s Confidential Information. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing Party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement.
- Unless otherwise agreed by the Parties, upon (a) the disclosing Party’s request (but only if such Confidential Information is not required to exercise a right or perform an obligation under this Agreement); or, (b) in any event, termination or expiration of this Agreement, each Party will return or destroy (and certify such destruction upon request of the disclosing Party) the Confidential Information of the other Party, and all copies thereof, in its possession or control, except such Confidential Information as is necessary to continue performing any obligations or exercising any rights that survive termination or expiration of this Agreement or as otherwise required to comply with applicable laws. The obligation to return or destroy all copies of Confidential Information does not extend to automatically generated copies which may still exists on servers and back-ups for a reasonable period in line with industry standards provided that the receiving Party shall make no further use of those copies and that the confidentiality obligations herein shall continue to apply until the Confidential Information is fully destroyed.
- All Confidential Information and any derivatives thereof are and shall remain the exclusive property of the disclosing Party and no rights, interests or license, are granted or implied hereby to have been granted to the receiving Party. Each Party acknowledges and agrees that its products and services contain proprietary information and trade secrets of the owner of the products and services. Each Party will not use any Confidential Information that it gains through use or study of the other Party’s products and services to facilitate its or any third party’s development of any software programs or other products that would compete with the other Party’s products and services. Notwithstanding the foregoing, each Party hereby acknowledges and agrees that the other Party may currently or in the future be developing information internally, or receiving information from other parties, that is similar to the Confidential Information of the disclosing Party. Accordingly, nothing in this Agreement will be construed as a representation or agreement that either Party will not develop or have developed products, services, concepts, systems or techniques that are similar to or compete with the products, concepts, systems or techniques contemplated by or embodied in the Confidential Information, provided that the receiving Party does not violate any of its obligations under this Agreement in connection with such development.
- Each Party acknowledges that a breach by the other Party of any confidentiality or proprietary rights provision of this Agreement may cause the non-breaching Party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching Party may seek an action to enjoin the breaching Party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a Party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching Party may be entitled at law or in equity.
- INDEMNIFICATION.
- Each Party (“Indemnifying Party”) will indemnify, defend and hold harmless the other Party, its Affiliates, directors and employees (collectively “Indemnified Party”) against any and all claims made by any third parties and all related losses, liabilities, damages, costs and expenses (including without limitation reasonable attorneys’ fees) directly resulting from any such claims that Indemnified Party’s use of the Indemnifying Party’s Products or integration contemplated hereunder as authorized by this Agreement violates, misappropriates or infringes upon the patent, copyright, trademark, trade secret, or other proprietary rights of any third party.
- The Indemnified Party will notify Indemnifying Party promptly of any such claims, suits, and proceedings in writing. Indemnifying Party will be given full and complete authority and information for the defense and settlement of the claim provided that Indemnifying Party will have no authority to enter into any settlement or compromise which imposes any obligation or admits any guilt on behalf of Indemnified Party without the prior written consent of Indemnified Party, which shall not be unreasonably withheld. At Indemnifying Party’s request, Indemnified Party will reasonably cooperate with Indemnifying Party in defending or settling any such action.
- Notwithstanding the foregoing, a Party will have no obligation under this section or otherwise with respect to any infringement claim to the extent based upon or it relates to: (i) any use of the other Party’s Products not in accordance with this Agreement or the relevant product documentation; (ii) any use of the other Party’s Products in combination with other products, hardware, equipment, software, or data not authorized in writing by such Party to be used with the technology; (iii) any modification of the other Party’s Products by any person other than other Party or its authorized agents or subcontractors; (iv) Indemnified Party’s gross negligence or willful misconduct, or (v) any refusal of Indemnified Party to use a non-infringing version of Product or integration contemplated hereunder or any part thereof (including any update, if such infringement could have been avoided by use of the most recent update) offered by Indemnifying Party at no cost to Indemnified Party. THIS SECTION STATES THE INDEMNIFYING PARTY’S ENTIRE LIABILITY AND THE INDEMNIFIED PARTY’S EXCLUSIVE REMEDY FOR INFRINGEMENT CLAIMS AND ACTIONS.
- LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (3) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) INDEMNIFICATION OBLIGATIONS IN THIS AGREEMENT, (3) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (4) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, THE MAXIMUM LIABILITY OF EACH PARTY FOR ALL DAMAGES OR ALLEGED DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, IS LIMITED TO, AND SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, USD $1,000.
- TERM AND TERMINATION.
- Term. Unless terminated earlier as provided herein, the Term of this Agreement shall be one (1) year and will automatically renew for consecutive one (1) year term(s) (together, the “Term”) unless otherwise terminated in accordance with this section.
- Termination for Convenience. This Agreement may be terminated for convenience by a Party providing the other Party thirty (30) days prior written notice. Any accrued rights and obligations will survive termination.
- Termination for Cause. Either Party may immediately terminate this Agreement upon notice to the other Party if the other Party: (i) materially breaches this Agreement and, to the extent such breach is curable, fails to cure such breach within 30 days after receiving notice of the breach from the other Party, or (ii) commences bankruptcy or dissolution proceedings, has a receiver appointed for a substantial part of its assets, or ceases to operate in the ordinary course of business. Any accrued rights and obligations will survive termination.
- Effect of termination. Upon expiration or termination of this Agreement (a) all rights and obligations granted to each Party by the other Party hereunder shall immediately cease; (b) neither Party shall have the right to represent itself as a partner of the other Party; (c) each Party shall remove all references of the other Party from its website and marketing materials, and shall cease all use of the other Party’s Marks; and (d) within thirty (30) days, each Party shall return to the other Party and destroy all Products or other materials in its possession or control that belong to the other Party and shall certify compliance with this section upon request.
- Survival. Sections 3 (Prohibited Uses), 4 (Title and Ownership), 8 (Expenses), 9 (Limited Warranty) 10 (Confidentiality), 11 (Indemnity), 12 (Limitation of Liability), 13 (Term and Termination) and 14 (Miscellaneous) shall survive termination or expiration of this Agreement
- MISCELLANEOUS.
- Relationship of Parties. The Parties expressly agree that they are independent contractors under this Agreement and no other relationship is intended, including without limitation a partnership, franchise, joint venture, agency, employer/employee, fiduciary, master/servant relationship, or other special relationship. Neither Party shall have any right or authority to assume, create, or incur any liability or any obligation on behalf of the other Party. Neither Party shall take any action that expresses or implies a relationship other than that of independent contractor.
- No Third Party Beneficiaries. Unless otherwise expressly provided, no provisions of this Agreement are intended or shall be construed to confer upon or give to any person or entity other than Partner and Wiz any rights, remedies or other benefits under or by reason of this Agreement.
- Notices. All notices which are required to be given pursuant to this Agreement shall be in writing and shall be sent by overnight courier to the address listed on page 1, with receipt acknowledged, or by email with an electronic proof of transmission. In respect of Wiz, notices may be sent by email to legalnotices@wiz.io. Notices shall be deemed to have been delivered at the time delivered by overnight courier and transmitted by email.
- Force Majeure. Nonperformance by either Party will be excused to the extent that performance is rendered impossible by strike, fire, flood, riots, terrorism, governmental acts or orders or restrictions, or any other reason where failure to perform is beyond the reasonable control of the nonperforming Party and not caused by the negligence of the nonperforming Party.
- Assignment. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates, provided in any event that the assignee or successor agrees to be bound by all of the terms and conditions of this Agreement. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns.
- Export. Each Party represents and warrants that such Party, its Affiliates, or any director or officer thereof, is not, and is not owned or controlled by individuals or entities that are: (i) the target of any sanctions administered or enforced by the U.S. Department of the Treasury Office of Foreign Asset Control (“OFAC”), the U.S. State Department or any other U.S. government agency or department, the United Nations Security Council, the European Union or Her Majesty Treasury and/or the target of any Israeli sanctions (collectively, “Sanctions”), or (ii) located, organized or resident in a country or territory that is the subject of comprehensive territorial Sanctions. Each Party acknowledges that any use of its Products and services (the “Product Usage”) may not be provided to or used by any person in any of the countries that are subject to comprehensive economic sanctions under the EAR, OFAC, or Israeli regulations, which currently include Crimea, Donetsk and Luhansk - regions of Ukraine, Cuba, Iran, North Korea, and Syria. Moreover, each Party shall not allow and fully restrict any usage relating to its Products and services from persons identified on any Sanctions list, including but not limited to OFAC’s Specially Designated Nationals and Blocked Parties List (the “SDN List”), entities owned 50% or more by any individuals or entities on the SDN List, or individuals or entities that are located in any comprehensively sanctioned country. Each Party shall be responsible for complying with all applicable laws in connection with its use of the Products including, but not limited to, U.S. Export Administration Regulations, any other export laws, restrictions, and regulations to ensure that the products and any technical data related thereto is not exported or re-exported, directly or indirectly, in violation of or used for any purposes prohibited by such laws and regulations.
- Compliance with Laws & Data Protection. Each Party will comply with its respective legal obligations in exercising its rights and performing its duties under this Agreement including complying with all applicable international, federal, state and local laws and regulations, including all applicable data privacy, data protection and data security laws and regulations. The Parties agree that, for the purposes of the GDPR and any equivalent data protection laws, there is no controller-processor relationship between Wiz and Partner with regards to either Party’s customers’ personal data shared via the integration contemplated hereunder or personal data of users of the Wiz Partner Portal. In the event the Parties are required to enter into additional agreements to comply with applicable laws, including to put in place adequate data transfer mechanisms such as Standard Contractual Clauses, Partner agrees to execute such additional agreements as needed.
- Waiver, Severability and Modification. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable and will have no effect on the remainder of this Agreement. Any waiver, amendment or other modification of any provision of this Agreement will be effective only if in writing and signed by the Parties.
- Governing Law and Jurisdiction. This Agreement will be governed by and construed in accordance with the laws of New York, not including its law of conflicts of laws. The Parties irrevocably consent to the exclusive jurisdiction of the courts of Manhattan, New York, over any action, suit or proceeding arising hereunder.
- Entire Agreement. This Agreement, including all exhibits or terms that are incorporated herein by reference, constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous understandings or agreements, written or oral, regarding such subject matter, including prior non-disclosure agreements. Notwithstanding the foregoing, Wiz may make available other optional products, services, features or cooperation, which may be subject to additional terms to which Partner will be required to agree and to additional fees which Customer may be required to pay before being permitted to use such products, services, features or participate in such cooperation.
- Counterparts. This Agreement may be executed in electronic counterparts, each of which shall be an original and together which shall constitute one and the same instrument.
Effective June 5th 2024 to June 20th 2024
DownloadTable of Contents
WIZ TECH INTEGRATION AGREEMENT
This WIZ TECH INTEGRATION AGREEMENT (the “Agreement”) is entered into on the date of the last signature below (the “Effective Date”), by and between:
- Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 (the “Wiz”); and
- the entity named in the box below (the “Partner”)
Partner Company Name | |
Registered Address | |
Partner Product for Integration[1] | |
Partner Contact | |
Partner Contact Email | |
Partner Technical Support Contact | |
Partner Technical Support Email |
1If no Partner product has been identified above, then the presumption shall be that the Parties intend to achieve interoperability between the selected Wiz Products and any and all Partner Product(s). If a specific Partner product has been identified above, Wiz and Partner may mutually agree to integrate other Products which shall be subject to the terms of this Agreement.
(each, a “Party” and collectively, the “Parties”)
- INTEROPERABILITY AND VALIDATION
- The Parties wish to achieve product interoperability and integration between the Wiz Cloud Security Platform (“Wiz Platform”) and the Partner Product(s) identified in the table on page 1 above (“Partner Products”) via the Wiz integration APIs made available by Wiz to Partner, (“Wiz Integration API” together with the Wiz Platform, the “Wiz Products”, the Wiz Products together with the Partner Products, shall be referred to as the “Products”). Following the Effective Date, Partner shall be granted access to the Wiz partner portal (“Wiz Partner Portal”) including the Wiz integration documentation which sets forth the technical requirements for building the integration (“Wiz Integration Documentation”) which shall be incorporated by reference to this Agreement and Partner agrees to adhere to the requirements set forth in such Wiz Integration Documentation.
- In order to obtain validation and certification by Wiz for such integration, Partner must complete the certification process as defined at https://www.wiz.io/integrations/apply, which shall include demonstration and testing of how the Partner Products operate with the Wiz Products. Within 90 days of the Effective Date, Partner shall provide Wiz with the queries that Partner shall use on top of the Wiz Integration API in order to allow Wiz to ensure that Partner’s use of the API queries meets Wiz’s Integration API best practices.
- Interoperability validation shall be confirmed by Wiz in writing and shall only apply to the Partner Products that were tested in accordance with this section. Wiz reserves the right to reject Partner in its sole discretion if Partner does not meet Wiz’s criteria or for any other reason at Wiz’s discretion. If Partner conforms to Wiz’s criteria, Wiz shall certify Partner as “Certified”.Wiz reserves the right to reject Partner in its sole discretion if Partner does not meet Wiz’s criteria or for any other reason at Wiz’s discretion. Notwithstanding the termination sections in Section 13 below, Wiz and may terminate this Agreement immediately upon written notice to Partner, as long as Partner has not been confirmed in writing by Wiz as “Certified”.
- Once successful product interoperability and integration has been achieved and Partner has been certified by Wiz, the Parties may engage in mutually agreed-upon marketing activities.
- If either Party releases a new version of a Product that requires revalidation of interoperability, the Parties shall work together to complete such testing of the new product version as required and each Party agrees to contribute reasonable technical resources for such purpose.
- Partner shall be responsible for supporting and maintaining the integration contemplated herein.
- Either Party may engage subcontractors and involve Affiliates to perform its obligations under this Agreement provided that each Party remains fully responsible and liable for the performance of its subcontractors and Affiliates. Each Party shall bind its subcontractors and Affiliates to terms and conditions necessary to ensure such subcontractor’s and Affiliate’s compliance with the duties and obligations in this Agreement.
- LIMITED LICENSE.
- License by Partner. Subject to the terms of this Agreement, Partner hereby grants to Wiz and its Affiliates a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Partner Products during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Product(s). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- License by Wiz. Subject to the terms of this Agreement, Wiz hereby grants to Partner a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Wiz Integration API and Wiz Integration Documentation during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Platform.
- Open Source. Any open source software that may be provided with either Party’s Products (including APIs) is licensed and distributed under the terms and conditions of the applicable open source software license accompanying the open source software or set forth in the open source licenses (“Open Source Terms”). Each Party may use such open source software pursuant to the Open Source Terms.
- PROHIBITED USES.
- Unless expressly permitted by a Party in writing in advance, a Party may not use the other Party’s Products for production or commercial purposes or to test or build a competitive product. For the avoidance of doubt, this Agreement governs all uses of each Party’s products by the other Party for the purposes of making the Products interoperable and supersedes any other license agreement, including any click-through terms on either Party’s websites or otherwise.
- Wiz and Partner each agree that they will not, and will not permit any third party to, without the other Party’s prior written consent in each case: (a) use the other Party’s Products in any manner not authorized by the applicable product documentation or applicable laws, or in a way that could create an unreasonable risk from a security or data privacy perspective, (b) distribute, lease, license, sublicense or otherwise disseminate the other Party’s Products to any third party (except as specifically allowed under this Agreement); (c) modify, enhance, create derivative works from, reverse engineer, disassemble, decompile or otherwise reduce the other Party’s Products to human-readable form or attempt to derive the source code, methodology, analysis, or results of the other Party’s Products; (d) use the other Party’s Products in a business production mode, as an end-use product, or use any third-party software embedded in or bundled with the other Party’s Product as a standalone program or in any way independently from other Party’s Product, as applicable; (e) reproduce or make more than a reasonable number of copies of the other Party’s Products; or (f) use the other Party’s Product for commercial purposes or to test a competitive product; (g) disclose, publish or otherwise make publicly available any benchmark, performance or comparison tests that a Party (or a third party contracted by the Party) runs on the other Party’s Products, in whole or in part; (h) remove, modify, or conceal any product identification, copyright, proprietary, intellectual property notices or other such marks on or within the other Party’s Product; (i) use the other Party’s Product to store or transmit infringing, libelous, or otherwise unlawful or tortious material, to store or transmit material in violation of third-party privacy or intellectual property rights, or to conduct any fraudulent or other unlawful activity; (j) interfere with, disrupt the integrity or performance of, or attempt to gain unauthorized access to the other Party’s Product, their related systems or networks, or any third-party data contained therein. Both Parties shall reproduce any copyright notices, legends and proprietary marking on any authorized copy of the other Party’s Products.
- In addition, Partner acknowledges and agrees that: (a) Partner shall only use Wiz’s official Integration APIs as provided in the Wiz Integration Documentation; and (b) it shall only provide access to the Wiz Partner Portal, Wiz Integration Documentation and Wiz Integration API to its employees or service providers on a need to know basis (“Permitted Users”). Partner will ensure that the Permitted Users comply with the terms of this Agreement and shall be fully responsible for any breach of this Agreement by a Permitted User. Partner and its Permitted Users shall not share user credentials to the Wiz Partner Portal with any third party and Partner shall promptly notify Wiz upon becoming aware of any breach of this section which shall be grounds for immediate termination of access to the Wiz Partner Portal and this Agreement by Wiz.
- Any rights not expressly granted herein are deemed reserved and neither Party shall make any other use of the other Party’s Products other than as expressly permitted in this Agreement.
- Wiz may refuse Partner’s access to Wiz Products and/or Wiz Integration Documentation and may delist the integration contemplated hereunder, where, acting reasonably and in good faith, Wiz knows or suspects that such access would violate the terms and conditions of this Agreement (including where Wiz knows or suspects that Partner may have been compromised by a malicious actor). In such circumstances, Wiz shall promptly inform Partner in writing of such refusal of access and/or delisting unless prohibited by applicable law or where Wiz reasonably believes that providing such notice poses a risk to the security of its customers or other Products. Wiz will promptly reinstate Partner’s access and use once the issue has been resolved.
- TITLE AND OWNERSHIP.
- Each Party acknowledges that the other Party and its licensors retain all right, title and interest in and to their respective Products including user manuals and other written materials for the Products and any other materials which are owned by either Party prior to beginning any work under this Agreement and which are not generated in the course of performing this Agreement, including any derivatives, enhancements, improvements or modifications thereof (together “Background Works”) and all intellectual property rights embodied in the Background Works. Except for the limited rights expressly granted herein, this Agreement does not transfer title of a Party’s Background Works from either Party to the other Party or to any third party, and all right, title and interest in and to either Parties’ Background Works will at all times remain solely and exclusively with the respective Party. Neither Party shall take any action inconsistent with such title and ownership.
- Subject to section 4.1 above, each Party shall own any developed work which is produced by that Party in order to fulfil the interoperation of the Party’s Products or otherwise to fulfil the objectives of this Agreement and such developed work shall not be deemed a “work made for hire”. Each Party hereby grants to the other Party a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use any of such developed work solely for purposes of and to the extent necessary to perform its obligations under this Agreement during the Term of this Agreement. Notwithstanding the foregoing, if the Parties or each Party develops such works pursuant to Open Source Terms, then such works will be licensed under the applicable Open Source Terms.
- During the course of their relationship, each Party may have opportunity to provide feedback to the other Party regarding the other Party’s Products. Each Party hereby assigns to the other Party all rights, title to and interest to such feedback it supplies to the other Party, including all intellectual property rights therein, provided that such feedback shall not contain any Confidential Information of the other Party. Each Party agrees to assist the other with and sign any and all documentation to secure those rights.
- SUPPORT.
- Each Party shall provide support for its own Product to its own customers according to such Party’s standard business practices. Notwithstanding the foregoing, the Parties agree to work together to jointly resolve any integration issues identified by mutual customers. Partner agrees to provide support during normal business hours to Wiz or mutual customers with issues concerning interoperability of the Products and agrees to respond to any support requests from Wiz or mutual customers within 3 business days of receipt. Any support provided herein shall be at no cost to either Party. Partner’s point of contact for such support requests is set out in the table on page 1.
- JOINT MARKETING.
- Once interoperability has been achieved, the Parties may jointly develop a marketing and promotions plan (the “Marketing Plan”) including to notify each other’s customers of the relationship between the Parties. The Marketing Plan must be mutually agreed by both Parties in writing prior to either Party taking any action and each Party will use commercially reasonable efforts to implement the Marketing Plan.
- In furtherance of marketing the Products and services of the other Party, each Party shall:
- Avoid deceptive, misleading, misrepresentative, illegal, or unethical practices that may be detrimental to the other Party or to the Products and services of such other Party;
- Not make any representations, warranties, or guarantees to customers concerning the other Party’s Products or services that are inconsistent with or in addition to those made in this Agreement or the Marketing Plan; and
- Comply with all applicable international, federal, state and local laws and regulations, including privacy and data protection laws, in performing marketing activities and its duties with respect to its own Products and services.
- Each Party shall obtain the other Party’s prior written approval in each case for all publicity concerning the other Party including, but not limited to, any press release or marketing statements.
- Notwithstanding the foregoing, it is agreed and understood that either Party shall have unrestricted rights to pursue any business or sales opportunity alone or with any third parties. The Parties agree that this Agreement does not authorize or require either Party to sell the other Party’s Products.
- To the extent that the Parties share or disclose personal data or information of potential or actual customers (“Prospect Information”) with each other in connection with joint marketing activities under this Agreement: (i) the Privacy Addendum set forth at https://www.wiz.io/legal/privacy-addendum shall apply; (ii) each Party will treat Prospect Information provided by the other as Confidential Information; and (iii) will only share or use such Prospect Information under this Agreement in accordance with the Agreement and applicable laws, including privacy and data protection laws. Without limiting the foregoing, each Party will be solely responsible for any Prospect Information it elects to provide to the other Party, including providing any required notices to, and receiving any required consents and authorizations from, the prospects and individuals that are the subjects of such Prospect Information.
- TRADEMARK LICENSE.
- Subject to the terms of this Agreement and any additional policies and instructions identified by a Party with respect to the use of its Marks, once validation and certification has been confirmed by Wiz to Partner in writing, each Party grants to the other Party and its Affiliates a limited, revocable, non-exclusive, non-transferable, royalty-free license for the Term of this Agreement to use the other Party’s trademarks, trade names and/or logos (“Marks”) solely in connection with the integration of the Party’s Products in accordance with this Agreement.
- Each Party maintains exclusive title to its Marks and retains all rights not explicitly granted by the Agreement. Neither Party will: (i) challenge or take any action which interferes with the other Party’s rights in its Marks; (ii) directly or indirectly use any Marks or any mark or name confusingly similar to any Marks of the other Party, as part of its business names or in any manner except as explicitly authorized by the other Party; (iii) register or attempt to register any trademark, any part of trademark, or any mark or name confusingly similar to any of the other Party’s Marks. Each Party shall have the right to object to and thereby prohibit the use of its Marks on or in any materials at any time in its sole discretion, provided that if Partner prohibits the use of its Marks by Wiz after certification has been achieved, Wiz shall not be obligated to provide Partner with any support and may, at its discretion, terminate this Agreement immediately upon written notice to Partner by email. If the Party owning the Marks notifies the other Party that the use of the Marks is not in compliance with the Mark owner’s policies or is otherwise in breach of this Agreement, then the Party using the Marks will promptly take such reasonable corrective action as directed by the Mark owner. All of the benefit and goodwill associated with the use of the Marks will inure entirely to the Mark owner. Either Party may terminate its trademark license if, in its reasonable discretion, the other Party’s use of one or more of its Marks tarnishes, blurs or dilutes the quality associated with the Marks or the associated goodwill.
- EXPENSES.
- Each Party shall bear its own costs and expenses incurred in performing its obligations under this Agreement, unless otherwise agreed by the Parties in writing.
- LIMITED WARRANTY.
- Each Party represents and warrants to the other Party that it has the right to enter into this Agreement, and that this Agreement constitutes a valid binding obligation of such Party, enforceable against such Party in accordance with its terms and does not conflict with or violate any agreements such Party has with any third party. EACH OF THE WIZ PRODUCTS AND PARTNER PRODUCTS IS PROVIDED “AS IS” WITHOUT WARRANTY AND EACH PARTY HEREBY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF PRODUCT LIABILITY, MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY ARISING FROM COURSE OF DEALING OR PERFORMANCE.
- CONFIDENTIALITY.
- Each Party and its Affiliates may have access to non-public information of the other Party or its Affiliates, in any form or media, including without limitation, trade secrets and other information related to the products, software, technology, intellectual property, testing results, data, know-how, customers or prospective customers or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). For the avoidance of doubt, the Wiz Integration API and all information in the Wiz Partner Portal including the Wiz Integration Documentation are Wiz’s Confidential Information. In addition, to the extent the Parties share information with each other regarding customers or prospective customers, such information, and the existence of such discussions between the Parties shall be treated as Confidential Information. The receiving Party’s obligations under this section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing party’s Confidential Information, as evidenced by written records.
- The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. Neither Party shall use or disclose the Confidential Information of the other Party except for as reasonably necessary for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party’s Confidential Information to its and/or its Affiliates’ respective employees, consultants, subcontractors and advisors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement and shall notify the other Party immediately upon becoming aware of any unauthorized access or use of the other Party’s Confidential Information. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing Party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement.
- Unless otherwise agreed by the Parties, upon (a) the disclosing Party’s request (but only if such Confidential Information is not required to exercise a right or perform an obligation under this Agreement); or, (b) in any event, termination or expiration of this Agreement, each Party will return or destroy (and certify such destruction upon request of the disclosing Party) the Confidential Information of the other Party, and all copies thereof, in its possession or control, except such Confidential Information as is necessary to continue performing any obligations or exercising any rights that survive termination or expiration of this Agreement or as otherwise required to comply with applicable laws. The obligation to return or destroy all copies of Confidential Information does not extend to automatically generated copies which may still exists on servers and back-ups for a reasonable period in line with industry standards provided that the receiving Party shall make no further use of those copies and that the confidentiality obligations herein shall continue to apply until the Confidential Information is fully destroyed.
- All Confidential Information and any derivatives thereof are and shall remain the exclusive property of the disclosing Party and no rights, interests or license, are granted or implied hereby to have been granted to the receiving Party. Each Party acknowledges and agrees that its products and services contain proprietary information and trade secrets of the owner of the products and services. Each Party will not use any Confidential Information that it gains through use or study of the other Party’s products and services to facilitate its or any third party’s development of any software programs or other products that would compete with the other Party’s products and services. Notwithstanding the foregoing, each Party hereby acknowledges and agrees that the other Party may currently or in the future be developing information internally, or receiving information from other parties, that is similar to the Confidential Information of the disclosing Party. Accordingly, nothing in this Agreement will be construed as a representation or agreement that either Party will not develop or have developed products, services, concepts, systems or techniques that are similar to or compete with the products, concepts, systems or techniques contemplated by or embodied in the Confidential Information, provided that the receiving Party does not violate any of its obligations under this Agreement in connection with such development.
- Each Party acknowledges that a breach by the other Party of any confidentiality or proprietary rights provision of this Agreement may cause the non-breaching Party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching Party may seek an action to enjoin the breaching Party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a Party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching Party may be entitled at law or in equity.
- INDEMNIFICATION.
- Each Party (“Indemnifying Party”) will indemnify, defend and hold harmless the other Party, its Affiliates, directors and employees (collectively “Indemnified Party”) against any and all claims made by any third parties and all related losses, liabilities, damages, costs and expenses (including without limitation reasonable attorneys’ fees) directly resulting from any such claims that Indemnified Party’s use of the Indemnifying Party’s Products or integration contemplated hereunder as authorized by this Agreement violates, misappropriates or infringes upon the patent, copyright, trademark, trade secret, or other proprietary rights of any third party.
- The Indemnified Party will notify Indemnifying Party promptly of any such claims, suits, and proceedings in writing. Indemnifying Party will be given full and complete authority and information for the defense and settlement of the claim provided that Indemnifying Party will have no authority to enter into any settlement or compromise which imposes any obligation or admits any guilt on behalf of Indemnified Party without the prior written consent of Indemnified Party, which shall not be unreasonably withheld. At Indemnifying Party’s request, Indemnified Party will reasonably cooperate with Indemnifying Party in defending or settling any such action.
- Notwithstanding the foregoing, a Party will have no obligation under this section or otherwise with respect to any infringement claim to the extent based upon or it relates to: (i) any use of the other Party’s Products not in accordance with this Agreement or the relevant product documentation; (ii) any use of the other Party’s Products in combination with other products, hardware, equipment, software, or data not authorized in writing by such Party to be used with the technology; (iii) any modification of the other Party’s Products by any person other than other Party or its authorized agents or subcontractors; (iv) Indemnified Party’s gross negligence or willful misconduct, or (v) any refusal of Indemnified Party to use a non-infringing version of Product or integration contemplated hereunder or any part thereof (including any update, if such infringement could have been avoided by use of the most recent update) offered by Indemnifying Party at no cost to Indemnified Party. THIS SECTION STATES THE INDEMNIFYING PARTY’S ENTIRE LIABILITY AND THE INDEMNIFIED PARTY’S EXCLUSIVE REMEDY FOR INFRINGEMENT CLAIMS AND ACTIONS.
- LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (3) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) INDEMNIFICATION OBLIGATIONS IN THIS AGREEMENT, (3) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (4) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, THE MAXIMUM LIABILITY OF EACH PARTY FOR ALL DAMAGES OR ALLEGED DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, IS LIMITED TO, AND SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, USD $1,000.
- TERM AND TERMINATION.
- Term. Unless terminated earlier as provided herein, the Term of this Agreement shall be one (1) year and will automatically renew for consecutive one (1) year term(s) (together, the “Term”) unless otherwise terminated in accordance with this section.
- Termination for Convenience. This Agreement may be terminated for convenience by a Party providing the other Party thirty (30) days prior written notice. Any accrued rights and obligations will survive termination.
- Termination for Cause. Either Party may immediately terminate this Agreement upon notice to the other Party if the other Party: (i) materially breaches this Agreement and, to the extent such breach is curable, fails to cure such breach within 30 days after receiving notice of the breach from the other Party, or (ii) commences bankruptcy or dissolution proceedings, has a receiver appointed for a substantial part of its assets, or ceases to operate in the ordinary course of business. Any accrued rights and obligations will survive termination.
- Effect of termination. Upon expiration or termination of this Agreement (a) all rights and obligations granted to each Party by the other Party hereunder shall immediately cease; (b) neither Party shall have the right to represent itself as a partner of the other Party; (c) each Party shall remove all references of the other Party from its website and marketing materials, and shall cease all use of the other Party’s Marks; and (d) within thirty (30) days, each Party shall return to the other Party and destroy all Products or other materials in its possession or control that belong to the other Party and shall certify compliance with this section upon request.
- Survival. Sections 3 (Prohibited Uses), 4 (Title and Ownership), 8 (Expenses), 9 (Limited Warranty) 10 (Confidentiality), 11 (Indemnity), 12 (Limitation of Liability), 13 (Term and Termination) and 14 (Miscellaneous) shall survive termination or expiration of this Agreement
- MISCELLANEOUS.
- Relationship of Parties. The Parties expressly agree that they are independent contractors under this Agreement and no other relationship is intended, including without limitation a partnership, franchise, joint venture, agency, employer/employee, fiduciary, master/servant relationship, or other special relationship. Neither Party shall have any right or authority to assume, create, or incur any liability or any obligation on behalf of the other Party. Neither Party shall take any action that expresses or implies a relationship other than that of independent contractor.
- No Third Party Beneficiaries. Unless otherwise expressly provided, no provisions of this Agreement are intended or shall be construed to confer upon or give to any person or entity other than Partner and Wiz any rights, remedies or other benefits under or by reason of this Agreement.
- Notices. All notices which are required to be given pursuant to this Agreement shall be in writing and shall be sent by overnight courier to the address listed on page 1, with receipt acknowledged, or by email with an electronic proof of transmission. In respect of Wiz, notices may be sent by email to legalnotices@wiz.io. Notices shall be deemed to have been delivered at the time delivered by overnight courier and transmitted by email.
- Force Majeure. Nonperformance by either Party will be excused to the extent that performance is rendered impossible by strike, fire, flood, riots, terrorism, governmental acts or orders or restrictions, or any other reason where failure to perform is beyond the reasonable control of the nonperforming Party and not caused by the negligence of the nonperforming Party.
- Assignment. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates, provided in any event that the assignee or successor agrees to be bound by all of the terms and conditions of this Agreement. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns.
- Export. Each Party represents and warrants that such Party, its Affiliates, or any director or officer thereof, is not, and is not owned or controlled by individuals or entities that are: (i) the target of any sanctions administered or enforced by the U.S. Department of the Treasury Office of Foreign Asset Control (“OFAC”), the U.S. State Department or any other U.S. government agency or department, the United Nations Security Council, the European Union or Her Majesty Treasury and/or the target of any Israeli sanctions (collectively, “Sanctions”), or (ii) located, organized or resident in a country or territory that is the subject of comprehensive territorial Sanctions. Each Party acknowledges that any use of its Products and services (the “Product Usage”) may not be provided to or used by any person in any of the countries that are subject to comprehensive economic sanctions under the EAR, OFAC, or Israeli regulations, which currently include Crimea, Donetsk and Luhansk - regions of Ukraine, Cuba, Iran, North Korea, and Syria. Moreover, each Party shall not allow and fully restrict any usage relating to its Products and services from persons identified on any Sanctions list, including but not limited to OFAC’s Specially Designated Nationals and Blocked Parties List (the “SDN List”), entities owned 50% or more by any individuals or entities on the SDN List, or individuals or entities that are located in any comprehensively sanctioned country. Each Party shall be responsible for complying with all applicable laws in connection with its use of the Products including, but not limited to, U.S. Export Administration Regulations, any other export laws, restrictions, and regulations to ensure that the products and any technical data related thereto is not exported or re-exported, directly or indirectly, in violation of or used for any purposes prohibited by such laws and regulations.
- Compliance with Laws & Data Protection. Each Party will comply with its respective legal obligations in exercising its rights and performing its duties under this Agreement including complying with all applicable international, federal, state and local laws and regulations, including all applicable data privacy, data protection and data security laws and regulations. The Parties agree that, for the purposes of the GDPR and any equivalent data protection laws, there is no controller-processor relationship between Wiz and Partner with regards to either Party’s customers’ personal data shared via the integration contemplated hereunder or personal data of users of the Wiz Partner Portal. In the event the Parties are required to enter into additional agreements to comply with applicable laws, including to put in place adequate data transfer mechanisms such as Standard Contractual Clauses, Partner agrees to execute such additional agreements as needed.
- Waiver, Severability and Modification. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable and will have no effect on the remainder of this Agreement. Any waiver, amendment or other modification of any provision of this Agreement will be effective only if in writing and signed by the Parties.
- Governing Law and Jurisdiction. This Agreement will be governed by and construed in accordance with the laws of New York, not including its law of conflicts of laws. The Parties irrevocably consent to the exclusive jurisdiction of the courts of Manhattan, New York, over any action, suit or proceeding arising hereunder.
- Entire Agreement. This Agreement, including all exhibits or terms that are incorporated herein by reference, constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous understandings or agreements, written or oral, regarding such subject matter, including prior non-disclosure agreements. Notwithstanding the foregoing, Wiz may make available other optional products, services, features or cooperation, which may be subject to additional terms to which Partner will be required to agree and to additional fees which Customer may be required to pay before being permitted to use such products, services, features or participate in such cooperation.
- Counterparts. This Agreement may be executed in electronic counterparts, each of which shall be an original and together which shall constitute one and the same instrument.
Effective February 6th 2024 to June 5th 2024
DownloadTable of Contents
WIZ TECH INTEGRATION AGREEMENT
This WIZ TECH INTEGRATION AGREEMENT (the “Agreement”) is entered into on the date of the last signature below (the “Effective Date”), by and between:
- Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 (the “Wiz”); and
- the entity named in the box below (the “Partner”)
Partner Company Name | |
Registered Address | |
Partner Product for Integration[1] | |
Partner Contact | |
Partner Contact Email | |
Partner Technical Support Contact | |
Partner Technical Support Email |
(each, a “Party” and collectively, the “Parties”)
- INTEROPERABILITY AND VALIDATION
- The Parties wish to achieve product interoperability and integration between the Wiz Cloud Security Platform (“Wiz Platform”) and the Partner Product(s) identified in the table on page 1 above (“Partner Products”) via the Wiz integration APIs made available by Wiz to Partner, (“Wiz Integration API” together with the Wiz Platform, the “Wiz Products”, the Wiz Products together with the Partner Products, shall be referred to as the “Products”). Following the Effective Date, Partner shall be granted access to the Wiz partner portal (“Wiz Partner Portal”) including the Wiz integration documentation which sets forth the technical requirements for building the integration (“Wiz Integration Documentation”) which shall be incorporated by reference to this Agreement and Partner agrees to adhere to the requirements set forth in such Wiz Integration Documentation.
- In order to obtain validation and certification by Wiz for such integration, Partner must complete the certification process as defined at https://www.wiz.io/integrations/apply, which shall include demonstration and testing of how the Partner Products operate with the Wiz Products. Within 90 days of the Effective Date, Partner shall provide Wiz with the queries that Partner shall use on top of the Wiz Integration API in order to allow Wiz to ensure that Partner’s use of the API queries meets Wiz’s Integration API best practices. If Partner does not complete the validation and certification within 90 days from the day Partner has been granted access to the Wiz Integration API or refuses to co-operate with Wiz, Wiz shall have the right to terminate this Agreement immediately upon written notice to Partner by email to the Partner contact email specified in the table on page 1 above.
- Interoperability validation shall be confirmed by Wiz in writing and shall only apply to the Partner Products that were tested in accordance with this section. Wiz reserves the right to reject Partner in its sole discretion if Partner does not meet Wiz’s criteria or for any other reason at Wiz’s discretion. If Partner conforms to Wiz’s criteria, Wiz shall certify Partner as “Certified”.
- Once successful product interoperability and integration has been achieved and Partner has been certified by Wiz, the Parties may engage in mutually agreed-upon sales and marketing activities for the purpose of identifying business opportunities for both Parties as further described in this Agreement and subject to section 6.5.
- If either Party releases a new version of a Product that requires revalidation of interoperability, the Parties shall work together to complete such testing of the new product version as required and each Party agrees to contribute reasonable technical resources for such purpose.
- Partner shall be responsible for supporting and maintaining the integration contemplated herein.
- Either Party may engage subcontractors and involve Affiliates to perform its obligations under this Agreement provided that each Party remains fully responsible and liable for the performance of its subcontractors and Affiliates. Each Party shall bind its subcontractors and Affiliates to terms and conditions necessary to ensure such subcontractor’s and Affiliate’s compliance with the duties and obligations in this Agreement.
- LIMITED LICENSE.
- License by Partner. Subject to the terms of this Agreement, Partner hereby grants to Wiz and its Affiliates a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Partner Products during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Product(s). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- License by Wiz. Subject to the terms of this Agreement, Wiz hereby grants to Partner a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Wiz Integration API and Wiz Integration Documentation during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Platform.
- Open Source. Any open source software that may be provided with either Party’s Products (including APIs) is licensed and distributed under the terms and conditions of the applicable open source software license accompanying the open source software or set forth in the open source licenses (“Open Source Terms”). Each Party may use such open source software pursuant to the Open Source Terms.
- PROHIBITED USES.
- Unless expressly permitted by a Party in writing in advance, a Party may not use the other Party’s Products for production or commercial purposes or to test or build a competitive product. For the avoidance of doubt, this Agreement governs all uses of each Party’s products by the other Party for the purposes of making the Products interoperable and supersedes any other license agreement, including any click-through terms on either Party’s websites or otherwise.
- Wiz and Partner each agree that they will not, and will not permit any third party to, without the other Party’s prior written consent in each case: (a) use the other Party’s Products in any manner not authorized by the applicable product documentation or applicable laws, or in a way that could create an unreasonable risk from a security or data privacy perspective, (b) distribute, lease, license, sublicense or otherwise disseminate the other Party’s Products to any third party (except as specifically allowed under this Agreement); (c) modify, enhance, create derivative works from, reverse engineer, disassemble, decompile or otherwise reduce the other Party’s Products to human-readable form or attempt to derive the source code, methodology, analysis, or results of the other Party’s Products; (d) use the other Party’s Products in a business production mode, as an end-use product, or use any third-party software embedded in or bundled with the other Party’s Product as a standalone program or in any way independently from other Party’s Product, as applicable; (e) reproduce or make more than a reasonable number of copies of the other Party’s Products; or (f) use the other Party’s Product for commercial purposes or to test a competitive product; (g) disclose, publish or otherwise make publicly available any benchmark, performance or comparison tests that a Party (or a third party contracted by the Party) runs on the other Party’s Products, in whole or in part; (h) remove, modify, or conceal any product identification, copyright, proprietary, intellectual property notices or other such marks on or within the other Party’s Product; (i) use the other Party’s Product to store or transmit infringing, libelous, or otherwise unlawful or tortious material, to store or transmit material in violation of third-party privacy or intellectual property rights, or to conduct any fraudulent or other unlawful activity; (j) interfere with, disrupt the integrity or performance of, or attempt to gain unauthorized access to the other Party’s Product, their related systems or networks, or any third-party data contained therein. Both Parties shall reproduce any copyright notices, legends and proprietary marking on any authorized copy of the other Party’s Products.
- In addition, Partner acknowledges and agrees that: (a) Partner shall only use Wiz’s official Integration APIs as provided in the Wiz Integration Documentation; and (b) it shall only provide access to the Wiz Partner Portal, Wiz Integration Documentation and Wiz Integration API to its employees or service providers on a need to know basis (“Permitted Users”). Partner will ensure that the Permitted Users comply with the terms of this Agreement and shall be fully responsible for any breach of this Agreement by a Permitted User. Partner and its Permitted Users shall not share user credentials to the Wiz Partner Portal with any third party and Partner shall promptly notify Wiz upon becoming aware of any breach of this section which shall be grounds for immediate termination of access to the Wiz Partner Portal and this Agreement by Wiz.
- Any rights not expressly granted herein are deemed reserved and neither Party shall make any other use of the other Party’s Products other than as expressly permitted in this Agreement.
- Wiz may refuse Partner’s access to Wiz Products and/or Wiz Integration Documentation and may delist the integration contemplated hereunder, where, acting reasonably and in good faith, Wiz knows or suspects that such access would violate the terms and conditions of this Agreement (including where Wiz knows or suspects that Partner may have been compromised by a malicious actor). In such circumstances, Wiz shall promptly inform Partner in writing of such refusal of access and/or delisting unless prohibited by applicable law or where Wiz reasonably believes that providing such notice poses a risk to the security of its customers or other Products. Wiz will promptly reinstate Partner’s access and use once the issue has been resolved.
- TITLE AND OWNERSHIP.
- Each Party acknowledges that the other Party and its licensors retain all right, title and interest in and to their respective Products including user manuals and other written materials for the Products and any other materials which are owned by either Party prior to beginning any work under this Agreement and which are not generated in the course of performing this Agreement, including any derivatives, enhancements, improvements or modifications thereof (together “Background Works”) and all intellectual property rights embodied in the Background Works. Except for the limited rights expressly granted herein, this Agreement does not transfer title of a Party’s Background Works from either Party to the other Party or to any third party, and all right, title and interest in and to either Parties’ Background Works will at all times remain solely and exclusively with the respective Party. Neither Party shall take any action inconsistent with such title and ownership.
- Subject to section 4.1 above, each Party shall own any developed work which is produced by that Party in order to fulfil the interoperation of the Party’s Products or otherwise to fulfil the objectives of this Agreement and such developed work shall not be deemed a “work made for hire”. Each Party hereby grants to the other Party a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use any of such developed work solely for purposes of and to the extent necessary to perform its obligations under this Agreement during the Term of this Agreement. Notwithstanding the foregoing, if the Parties or each Party develops such works pursuant to Open Source Terms, then such works will be licensed under the applicable Open Source Terms.
- During the course of their relationship, each Party may have opportunity to provide feedback to the other Party regarding the other Party’s Products. Each Party hereby assigns to the other Party all rights, title to and interest to such feedback it supplies to the other Party, including all intellectual property rights therein, provided that such feedback shall not contain any Confidential Information of the other Party. Each Party agrees to assist the other with and sign any and all documentation to secure those rights.
- SUPPORT. Each Party shall provide support for its own Product to its own customers according to such Party’s standard business practices. Notwithstanding the foregoing, the Parties agree to work together to jointly resolve any integration issues identified by mutual customers. Partner agrees to provide support during normal business hours to Wiz or mutual customers with issues concerning interoperability of the Products and agrees to respond to any support requests from Wiz or mutual customers within 3 business days of receipt. Any support provided herein shall be at no cost to either Party. Partner’s point of contact for such support requests is set out in the table on page 1.
- JOINT MARKETING AND SALES ACTIVITIES.
- Once interoperability has been achieved, the Parties may jointly develop a marketing and promotions plan (the “Marketing Plan”) including to notify each other’s customers of the relationship between the Parties and develop qualified sales opportunities. The Marketing Plan must be mutually agreed by both Parties in writing prior to either Party taking any action and each Party will use commercially reasonable efforts to implement the Marketing Plan.
- In furtherance of marketing the Products and services of the other Party, each Party shall:
- Avoid deceptive, misleading, misrepresentative, illegal, or unethical practices that may be detrimental to the other Party or to the Products and services of such other Party;
- Not make any representations, warranties, or guarantees to customers concerning the other Party’s Products or services that are inconsistent with or in addition to those made in this Agreement or the Marketing Plan; and
- Comply with all applicable international, federal, state and local laws and regulations, including privacy and data protection laws, in performing marketing activities and its duties with respect to its own Products and services.
- Each Party shall obtain the other Party’s prior written approval in each case for all publicity concerning the other Party including, but not limited to, any press release, marketing statements or sales materials.
- Notwithstanding the foregoing, it is agreed and understood that either Party shall have unrestricted rights to pursue any business or sales opportunity alone or with any third parties. The Parties agree that this Agreement does not authorize or require either Party to sell the other Party’s Products. The Parties agree that neither Party shall earn or pay any type of commission or revenue share or other compensation in connection with sales referrals made under this Agreement unless mutually agreed by the Parties in writing.
- To the extent that the Parties share or disclose personal data or information of potential or actual customers (“Prospect Information”) with each other in connection with joint marketing activities under this Agreement: (i) the Privacy Addendum set forth at https://www.wiz.io/legal/privacy-addendum shall apply; (ii) each Party will treat Prospect Information provided by the other as Confidential Information; and (iii) will only share or use such Prospect Information under this Agreement in accordance with the Agreement and applicable laws, including privacy and data protection laws. Without limiting the foregoing, each Party will be solely responsible for any Prospect Information it elects to provide to the other Party, including providing any required notices to, and receiving any required consents and authorizations from, the prospects, customers and individuals that are the subjects of such Prospect Information.
- TRADEMARK LICENSE.
- Subject to the terms of this Agreement and any additional policies and instructions identified by a Party with respect to the use of its Marks, once validation and certification has been confirmed by Wiz to Partner in writing, each Party grants to the other Party and its Affiliates a limited, revocable, non-exclusive, non-transferable, royalty-free license for the Term of this Agreement to use the other Party’s trademarks, trade names and/or logos (“Marks”) solely in connection with the integration of the Party’s Products in accordance with this Agreement.
- Each Party maintains exclusive title to its Marks and retains all rights not explicitly granted by the Agreement. Neither Party will: (i) challenge or take any action which interferes with the other Party’s rights in its Marks; (ii) directly or indirectly use any Marks or any mark or name confusingly similar to any Marks of the other Party, as part of its business names or in any manner except as explicitly authorized by the other Party; (iii) register or attempt to register any trademark, any part of trademark, or any mark or name confusingly similar to any of the other Party’s Marks. Each Party shall have the right to object to and thereby prohibit the use of its Marks on or in any materials at any time in its sole discretion, provided that if Partner prohibits the use of its Marks by Wiz after certification has been achieved, Wiz shall not be obligated to provide Partner with any support and may, at its discretion, terminate this Agreement immediately upon written notice to Partner by email. If the Party owning the Marks notifies the other Party that the use of the Marks is not in compliance with the Mark owner’s policies or is otherwise in breach of this Agreement, then the Party using the Marks will promptly take such reasonable corrective action as directed by the Mark owner. All of the benefit and goodwill associated with the use of the Marks will inure entirely to the Mark owner. Either Party may terminate its trademark license if, in its reasonable discretion, the other Party’s use of one or more of its Marks tarnishes, blurs or dilutes the quality associated with the Marks or the associated goodwill.
- EXPENSES. Each Party shall bear its own costs and expenses incurred in performing its obligations under this Agreement, unless otherwise agreed by the Parties in writing.
- LIMITED WARRANTY. Each Party represents and warrants to the other Party that it has the right to enter into this Agreement, and that this Agreement constitutes a valid binding obligation of such Party, enforceable against such Party in accordance with its terms and does not conflict with or violate any agreements such Party has with any third party. EACH OF THE WIZ PRODUCTS AND PARTNER PRODUCTS IS PROVIDED “AS IS” WITHOUT WARRANTY AND EACH PARTY HEREBY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF PRODUCT LIABILITY, MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY ARISING FROM COURSE OF DEALING OR PERFORMANCE.
- CONFIDENTIALITY.
- Each Party and its Affiliates may have access to non-public information of the other Party or its Affiliates, in any form or media, including without limitation, trade secrets and other information related to the products, software, technology, intellectual property, testing results, data, know-how, customers or prospective customers or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). For the avoidance of doubt, the Wiz Integration API and all information in the Wiz Partner Portal including the Wiz Integration Documentation are Wiz’s Confidential Information. In addition, to the extent the Parties share information with each other regarding customers or prospective customers, such information, and the existence of such discussions between the Parties shall be treated as Confidential Information. The receiving Party’s obligations under this section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing party’s Confidential Information, as evidenced by written records.
- The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. Neither Party shall use or disclose the Confidential Information of the other Party except for as reasonably necessary for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party’s Confidential Information to its and/or its Affiliates’ respective employees, consultants, subcontractors and advisors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement and shall notify the other Party immediately upon becoming aware of any unauthorized access or use of the other Party’s Confidential Information. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing Party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement.
- Unless otherwise agreed by the Parties, upon (a) the disclosing Party’s request (but only if such Confidential Information is not required to exercise a right or perform an obligation under this Agreement); or, (b) in any event, termination or expiration of this Agreement, each Party will return or destroy (and certify such destruction upon request of the disclosing Party) the Confidential Information of the other Party, and all copies thereof, in its possession or control, except such Confidential Information as is necessary to continue performing any obligations or exercising any rights that survive termination or expiration of this Agreement or as otherwise required to comply with applicable laws. The obligation to return or destroy all copies of Confidential Information does not extend to automatically generated copies which may still exists on servers and back-ups for a reasonable period in line with industry standards provided that the receiving Party shall make no further use of those copies and that the confidentiality obligations herein shall continue to apply until the Confidential Information is fully destroyed.
- All Confidential Information and any derivatives thereof are and shall remain the exclusive property of the disclosing Party and no rights, interests or license, are granted or implied hereby to have been granted to the receiving Party. Each Party acknowledges and agrees that its products and services contain proprietary information and trade secrets of the owner of the products and services. Each Party will not use any Confidential Information that it gains through use or study of the other Party’s products and services to facilitate its or any third party’s development of any software programs or other products that would compete with the other Party’s products and services. Notwithstanding the foregoing, each Party hereby acknowledges and agrees that the other Party may currently or in the future be developing information internally, or receiving information from other parties, that is similar to the Confidential Information of the disclosing Party. Accordingly, nothing in this Agreement will be construed as a representation or agreement that either Party will not develop or have developed products, services, concepts, systems or techniques that are similar to or compete with the products, concepts, systems or techniques contemplated by or embodied in the Confidential Information, provided that the receiving Party does not violate any of its obligations under this Agreement in connection with such development.
- Each Party acknowledges that a breach by the other Party of any confidentiality or proprietary rights provision of this Agreement may cause the non-breaching Party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching Party may seek an action to enjoin the breaching Party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a Party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching Party may be entitled at law or in equity.
- INDEMNIFICATION.
- Each Party (“Indemnifying Party”) will indemnify, defend and hold harmless the other Party, its Affiliates, directors and employees (collectively “Indemnified Party”) against any and all claims made by any third parties and all related losses, liabilities, damages, costs and expenses (including without limitation reasonable attorneys’ fees) directly resulting from any such claims that Indemnified Party’s use of the Indemnifying Party’s Products or integration contemplated hereunder as authorized by this Agreement violates, misappropriates or infringes upon the patent, copyright, trademark, trade secret, or other proprietary rights of any third party.
- The Indemnified Party will notify Indemnifying Party promptly of any such claims, suits, and proceedings in writing. Indemnifying Party will be given full and complete authority and information for the defense and settlement of the claim provided that Indemnifying Party will have no authority to enter into any settlement or compromise which imposes any obligation or admits any guilt on behalf of Indemnified Party without the prior written consent of Indemnified Party, which shall not be unreasonably withheld. At Indemnifying Party’s request, Indemnified Party will reasonably cooperate with Indemnifying Party in defending or settling any such action.
- Notwithstanding the foregoing, a Party will have no obligation under this section or otherwise with respect to any infringement claim to the extent based upon or it relates to: (i) any use of the other Party’s Products not in accordance with this Agreement or the relevant product documentation; (ii) any use of the other Party’s Products in combination with other products, hardware, equipment, software, or data not authorized in writing by such Party to be used with the technology; (iii) any modification of the other Party’s Products by any person other than other Party or its authorized agents or subcontractors; (iv) Indemnified Party’s gross negligence or willful misconduct, or (v) any refusal of Indemnified Party to use a non-infringing version of Product or integration contemplated hereunder or any part thereof (including any update, if such infringement could have been avoided by use of the most recent update) offered by Indemnifying Party at no cost to Indemnified Party. THIS SECTION STATES THE INDEMNIFYING PARTY’S ENTIRE LIABILITY AND THE INDEMNIFIED PARTY’S EXCLUSIVE REMEDY FOR INFRINGEMENT CLAIMS AND ACTIONS.
- LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (3) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) INDEMNIFICATION OBLIGATIONS IN THIS AGREEMENT, (3) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (4) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, THE MAXIMUM LIABILITY OF EACH PARTY FOR ALL DAMAGES OR ALLEGED DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, IS LIMITED TO, AND SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, USD $1,000.
- TERM AND TERMINATION.
- Term. Unless terminated earlier as provided herein, the Term of this Agreement shall be one (1) year and will automatically renew for consecutive one (1) year term(s) (together, the “Term”) unless otherwise terminated in accordance with this section.
- Termination for Convenience. This Agreement may be terminated for convenience by a Party providing the other Party thirty (30) days prior written notice. Any accrued rights and obligations will survive termination.
- Termination for Cause. Either Party may immediately terminate this Agreement upon notice to the other Party if the other Party: (i) materially breaches this Agreement and, to the extent such breach is curable, fails to cure such breach within 30 days after receiving notice of the breach from the other Party, or (ii) commences bankruptcy or dissolution proceedings, has a receiver appointed for a substantial part of its assets, or ceases to operate in the ordinary course of business. Any accrued rights and obligations will survive termination.
- Effect of termination. Upon expiration or termination of this Agreement (a) all rights and obligations granted to each Party by the other Party hereunder shall immediately cease; (b) neither Party shall have the right to represent itself as a partner of the other Party; (c) each Party shall remove all references of the other Party from its website and marketing materials, and shall cease all use of the other Party’s Marks; and (d) within thirty (30) days, each Party shall return to the other Party and destroy all Products or other materials in its possession or control that belong to the other Party and shall certify compliance with this section upon request.
- Survival. Sections 3 (Prohibited Uses), 4 (Title and Ownership), 8 (Expenses), 9 (Limited Warranty) 10 (Confidentiality), 11 (Indemnity), 12 (Limitation of Liability), 13 (Term and Termination) and 14 (Miscellaneous) shall survive termination or expiration of this Agreement
- MISCELLANEOUS.
- Relationship of Parties. The Parties expressly agree that they are independent contractors under this Agreement and no other relationship is intended, including without limitation a partnership, franchise, joint venture, agency, employer/employee, fiduciary, master/servant relationship, or other special relationship. Neither Party shall have any right or authority to assume, create, or incur any liability or any obligation on behalf of the other Party. Neither Party shall take any action that expresses or implies a relationship other than that of independent contractor.
- No Third Party Beneficiaries. Unless otherwise expressly provided, no provisions of this Agreement are intended or shall be construed to confer upon or give to any person or entity other than Partner and Wiz any rights, remedies or other benefits under or by reason of this Agreement.
- Notices. All notices which are required to be given pursuant to this Agreement shall be in writing and shall be sent by overnight courier to the address listed on page 1, with receipt acknowledged, or by email with an electronic proof of transmission. In respect of Wiz, notices may be sent by email to legalnotices@wiz.io. Notices shall be deemed to have been delivered at the time delivered by overnight courier and transmitted by email.
- Force Majeure. Nonperformance by either Party will be excused to the extent that performance is rendered impossible by strike, fire, flood, riots, terrorism, governmental acts or orders or restrictions, or any other reason where failure to perform is beyond the reasonable control of the nonperforming Party and not caused by the negligence of the nonperforming Party.
- Assignment. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates, provided in any event that the assignee or successor agrees to be bound by all of the terms and conditions of this Agreement. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns.
- Export. Each Party represents and warrants that such Party, its Affiliates, or any director or officer thereof, is not, and is not owned or controlled by individuals or entities that are: (i) the target of any sanctions administered or enforced by the U.S. Department of the Treasury Office of Foreign Asset Control (“OFAC”), the U.S. State Department or any other U.S. government agency or department, the United Nations Security Council, the European Union or Her Majesty Treasury and/or the target of any Israeli sanctions (collectively, “Sanctions”), or (ii) located, organized or resident in a country or territory that is the subject of comprehensive territorial Sanctions. Each Party acknowledges that any use of its Products and services (the “Product Usage”) may not be provided to or used by any person in any of the countries that are subject to comprehensive economic sanctions under the EAR, OFAC, or Israeli regulations, which currently include Crimea, Donetsk and Luhansk - regions of Ukraine, Cuba, Iran, North Korea, and Syria. Moreover, each Party shall not allow and fully restrict any usage relating to its Products and services from persons identified on any Sanctions list, including but not limited to OFAC’s Specially Designated Nationals and Blocked Parties List (the “SDN List”), entities owned 50% or more by any individuals or entities on the SDN List, or individuals or entities that are located in any comprehensively sanctioned country. Each Party shall be responsible for complying with all applicable laws in connection with its use of the Products including, but not limited to, U.S. Export Administration Regulations, any other export laws, restrictions, and regulations to ensure that the products and any technical data related thereto is not exported or re-exported, directly or indirectly, in violation of or used for any purposes prohibited by such laws and regulations.
- Compliance with Laws & Data Protection. Each Party will comply with its respective legal obligations in exercising its rights and performing its duties under this Agreement including complying with all applicable international, federal, state and local laws and regulations, including all applicable data privacy, data protection and data security laws and regulations. The Parties agree that, for the purposes of the GDPR and any equivalent data protection laws, there is no controller-processor relationship between Wiz and Partner with regards to either Party’s customers’ personal data shared via the integration contemplated hereunder or personal data of usersof the Wiz Partner Portal. In the event the Parties are required to enter into additional agreements to comply with applicable laws, including to put in place adequate data transfer mechanisms such as Standard Contractual Clauses, Partner agrees to execute such additional agreements as needed.
- Waiver, Severability and Modification. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable and will have no effect on the remainder of this Agreement. Any waiver, amendment or other modification of any provision of this Agreement will be effective only if in writing and signed by the Parties.
- Governing Law and Jurisdiction. This Agreement will be governed by and construed in accordance with the laws of New York, not including its law of conflicts of laws. The Parties irrevocably consent to the exclusive jurisdiction of the courts of Manhattan, New York, over any action, suit or proceeding arising hereunder.
- Entire Agreement. This Agreement, including all exhibits or terms that are incorporated herein by reference, constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous understandings or agreements, written or oral, regarding such subject matter, including prior non-disclosure agreements. Notwithstanding the foregoing, Wiz may make available other optional products, services, features or cooperation, which may be subject to additional terms to which Partner will be required to agree and to additional fees which Customer may be required to pay before being permitted to use such products, services, features or participate in such cooperation.
- Counterparts. This Agreement may be executed in electronic counterparts, each of which shall be an original and together which shall constitute one and the same instrument.
- If no Partner product has been identified above, then the presumption shall be that the Parties intend to achieve interoperability between the selected Wiz Products and any and all Partner Product(s). If a specific Partner product has been identified above, Wiz and Partner may mutually agree to integrate other Products which shall be subject to the terms of this Agreement.
Effective January 23rd 2024 to February 6th 2024
DownloadTable of Contents
WIZ TECH INTEGRATION AGREEMENT
This WIZ TECH INTEGRATION AGREEMENT (the “Agreement”) is entered into on the date of the last signature below (the “Effective Date”), by and between:
- Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 (the “Wiz”); and
- the entity named in the box below (the “Partner”)
Partner Company Name | |
Registered Address | |
Partner Product for Integration[1] | |
Partner Contact | |
Partner Contact Email | |
Partner Technical Support Contact | |
Partner Technical Support Email |
(each, a “Party” and collectively, the “Parties”)
- INTEROPERABILITY AND VALIDATION
- The Parties wish to achieve product interoperability and integration between the Wiz Cloud Security Platform (“Wiz Platform”) and the Partner Product(s) identified in the table on page 1 above (“Partner Products”) via the Wiz integration APIs made available by Wiz to Partner, (“Wiz Integration API” together with the Wiz Platform, the “Wiz Products”, the Wiz Products together with the Partner Products, shall be referred to as the “Products”). Following the Effective Date, Partner shall be granted access to the Wiz partner portal (“Wiz Partner Portal”) including the Wiz integration documentation which sets forth the technical requirements for building the integration (“Wiz Integration Documentation”) which shall be incorporated by reference to this Agreement and Partner agrees to adhere to the requirements set forth in such Wiz Integration Documentation.
- In order to obtain validation and certification by Wiz for such integration, Partner must complete the certification process as defined at https://www.wiz.io/integrations/apply, which shall include demonstration and testing of how the Partner Products operate with the Wiz Products. Within 90 days of the Effective Date, Partner shall provide Wiz with the queries that Partner shall use on top of the Wiz Integration API in order to allow Wiz to ensure that Partner’s use of the API queries meets Wiz’s Integration API best practices. If Partner does not complete the validation and certification within 90 days from the day Partner has been granted access to the Wiz Integration API or refuses to co-operate with Wiz, Wiz shall have the right to terminate this Agreement immediately upon written notice to Partner by email to the Partner contact email specified in the table on page 1 above.
- Interoperability validation shall be confirmed by Wiz in writing and shall only apply to the Partner Products that were tested in accordance with this section. Wiz reserves the right to reject Partner in its sole discretion if Partner does not meet Wiz’s criteria or for any other reason at Wiz’s discretion. If Partner conforms to Wiz’s criteria, Wiz shall certify Partner as “Certified”.
- Once successful product interoperability and integration has been achieved and Partner has been certified by Wiz, the Parties may engage in mutually agreed-upon sales and marketing activities for the purpose of identifying business opportunities for both Parties as further described in this Agreement and subject to section 6.5.
- If either Party releases a new version of a Product that requires revalidation of interoperability, the Parties shall work together to complete such testing of the new product version as required and each Party agrees to contribute reasonable technical resources for such purpose.
- Partner shall be responsible for supporting and maintaining the integration contemplated herein.
- Either Party may engage subcontractors and involve Affiliates to perform its obligations under this Agreement provided that each Party remains fully responsible and liable for the performance of its subcontractors and Affiliates. Each Party shall bind its subcontractors and Affiliates to terms and conditions necessary to ensure such subcontractor’s and Affiliate’s compliance with the duties and obligations in this Agreement.
- LIMITED LICENSE.
- License by Partner. Subject to the terms of this Agreement, Partner hereby grants to Wiz and its Affiliates a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Partner Products during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Product(s). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- License by Wiz. Subject to the terms of this Agreement, Wiz hereby grants to Partner a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Wiz Integration API and Wiz Integration Documentation during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Platform.
- Open Source. Any open source software that may be provided with either Party’s Products (including APIs) is licensed and distributed under the terms and conditions of the applicable open source software license accompanying the open source software or set forth in the open source licenses (“Open Source Terms”). Each Party may use such open source software pursuant to the Open Source Terms.
- PROHIBITED USES.
- Unless expressly permitted by a Party in writing in advance, a Party may not use the other Party’s Products for production or commercial purposes or to test or build a competitive product. For the avoidance of doubt, this Agreement governs all uses of each Party’s products by the other Party for the purposes of making the Products interoperable and supersedes any other license agreement, including any click-through terms on either Party’s websites or otherwise.
- Wiz and Partner each agree that they will not, and will not permit any third party to, without the other Party’s prior written consent in each case: (a) use the other Party’s Products in any manner not authorized by the applicable product documentation or applicable laws, or in a way that could create an unreasonable risk from a security or data privacy perspective, (b) distribute, lease, license, sublicense or otherwise disseminate the other Party’s Products to any third party (except as specifically allowed under this Agreement); (c) modify, enhance, create derivative works from, reverse engineer, disassemble, decompile or otherwise reduce the other Party’s Products to human-readable form or attempt to derive the source code, methodology, analysis, or results of the other Party’s Products; (d) use the other Party’s Products in a business production mode, as an end-use product, or use any third-party software embedded in or bundled with the other Party’s Product as a standalone program or in any way independently from other Party’s Product, as applicable; (e) reproduce or make more than a reasonable number of copies of the other Party’s Products; or (f) use the other Party’s Product for commercial purposes or to test a competitive product; (g) disclose, publish or otherwise make publicly available any benchmark, performance or comparison tests that a Party (or a third party contracted by the Party) runs on the other Party’s Products, in whole or in part; (h) remove, modify, or conceal any product identification, copyright, proprietary, intellectual property notices or other such marks on or within the other Party’s Product; (i) use the other Party’s Product to store or transmit infringing, libelous, or otherwise unlawful or tortious material, to store or transmit material in violation of third-party privacy or intellectual property rights, or to conduct any fraudulent or other unlawful activity; (j) interfere with, disrupt the integrity or performance of, or attempt to gain unauthorized access to the other Party’s Product, their related systems or networks, or any third-party data contained therein. Both Parties shall reproduce any copyright notices, legends and proprietary marking on any authorized copy of the other Party’s Products.
- In addition, Partner acknowledges and agrees that: (a) Partner shall only use Wiz’s official Integration APIs as provided in the Wiz Integration Documentation; and (b) it shall only provide access to the Wiz Partner Portal, Wiz Integration Documentation and Wiz Integration API to its employees or service providers on a need to know basis (“Permitted Users”). Partner will ensure that the Permitted Users comply with the terms of this Agreement and shall be fully responsible for any breach of this Agreement by a Permitted User. Partner and its Permitted Users shall not share user credentials to the Wiz Partner Portal with any third party and Partner shall promptly notify Wiz upon becoming aware of any breach of this section which shall be grounds for immediate termination of access to the Wiz Partner Portal and this Agreement by Wiz.
- Any rights not expressly granted herein are deemed reserved and neither Party shall make any other use of the other Party’s Products other than as expressly permitted in this Agreement.
- Wiz may refuse Partner’s access to Wiz Products and/or Wiz Integration Documentation and may delist the integration contemplated hereunder, where, acting reasonably and in good faith, Wiz knows or suspects that such access would violate the terms and conditions of this Agreement (including where Wiz knows or suspects that Partner may have been compromised by a malicious actor). In such circumstances, Wiz shall promptly inform Partner in writing of such refusal of access and/or delisting unless prohibited by applicable law or where Wiz reasonably believes that providing such notice poses a risk to the security of its customers or other Products. Wiz will promptly reinstate Partner’s access and use once the issue has been resolved.
- TITLE AND OWNERSHIP.
- Each Party acknowledges that the other Party and its licensors retain all right, title and interest in and to their respective Products including user manuals and other written materials for the Products and any other materials which are owned by either Party prior to beginning any work under this Agreement and which are not generated in the course of performing this Agreement, including any derivatives, enhancements, improvements or modifications thereof (together “Background Works”) and all intellectual property rights embodied in the Background Works. Except for the limited rights expressly granted herein, this Agreement does not transfer title of a Party’s Background Works from either Party to the other Party or to any third party, and all right, title and interest in and to either Parties’ Background Works will at all times remain solely and exclusively with the respective Party. Neither Party shall take any action inconsistent with such title and ownership.
- Subject to section 4.1 above, each Party shall own any developed work which is produced by that Party in order to fulfil the interoperation of the Party’s Products or otherwise to fulfil the objectives of this Agreement and such developed work shall not be deemed a “work made for hire”. Each Party hereby grants to the other Party a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use any of such developed work solely for purposes of and to the extent necessary to perform its obligations under this Agreement during the Term of this Agreement. Notwithstanding the foregoing, if the Parties or each Party develops such works pursuant to Open Source Terms, then such works will be licensed under the applicable Open Source Terms.
- During the course of their relationship, each Party may have opportunity to provide feedback to the other Party regarding the other Party’s Products. Each Party hereby assigns to the other Party all rights, title to and interest to such feedback it supplies to the other Party, including all intellectual property rights therein, provided that such feedback shall not contain any Confidential Information of the other Party. Each Party agrees to assist the other with and sign any and all documentation to secure those rights.
- SUPPORT. Each Party shall provide support for its own Product to its own customers according to such Party’s standard business practices. Notwithstanding the foregoing, the Parties agree to work together to jointly resolve any integration issues identified by mutual customers. Partner agrees to provide support during normal business hours to Wiz or mutual customers with issues concerning interoperability of the Products and agrees to respond to any support requests from Wiz or mutual customers within 3 business days of receipt. Any support provided herein shall be at no cost to either Party. Partner’s point of contact for such support requests is set out in the table on page 1.
- JOINT MARKETING AND SALES ACTIVITIES.
- Once interoperability has been achieved, the Parties may jointly develop a marketing and promotions plan (the “Marketing Plan”) including to notify each other’s customers of the relationship between the Parties and develop qualified sales opportunities. The Marketing Plan must be mutually agreed by both Parties in writing prior to either Party taking any action and each Party will use commercially reasonable efforts to implement the Marketing Plan.
- In furtherance of marketing the Products and services of the other Party, each Party shall:
- Avoid deceptive, misleading, misrepresentative, illegal, or unethical practices that may be detrimental to the other Party or to the Products and services of such other Party;
- Not make any representations, warranties, or guarantees to customers concerning the other Party’s Products or services that are inconsistent with or in addition to those made in this Agreement or the Marketing Plan; and
- Comply with all applicable international, federal, state and local laws and regulations, including privacy and data protection laws, in performing marketing activities and its duties with respect to its own Products and services.
- Each Party shall obtain the other Party’s prior written approval in each case for all publicity concerning the other Party including, but not limited to, any press release, marketing statements or sales materials.
- Notwithstanding the foregoing, it is agreed and understood that either Party shall have unrestricted rights to pursue any business or sales opportunity alone or with any third parties. The Parties agree that this Agreement does not authorize or require either Party to sell the other Party’s Products. The Parties agree that neither Party shall earn or pay any type of commission or revenue share or other compensation in connection with sales referrals made under this Agreement unless mutually agreed by the Parties in writing.
- To the extent that the Parties share or disclose personal data or information of potential or actual customers (“Prospect Information”) with each other in connection with joint marketing activities under this Agreement: (i) the Privacy Addendum set forth at https://www.wiz.io/legal/privacy-addendum shall apply; (ii) each Party will treat Prospect Information provided by the other as Confidential Information; and (iii) will only share or use such Prospect Information under this Agreement in accordance with the Agreement and applicable laws, including privacy and data protection laws. Without limiting the foregoing, each Party will be solely responsible for any Prospect Information it elects to provide to the other Party, including providing any required notices to, and receiving any required consents and authorizations from, the prospects, customers and individuals that are the subjects of such Prospect Information.
- TRADEMARK LICENSE.
- Subject to the terms of this Agreement and any additional policies and instructions identified by a Party with respect to the use of its Marks, once validation and certification has been confirmed by Wiz to Partner in writing, each Party grants to the other Party and its Affiliates a limited, revocable, non-exclusive, non-transferable, royalty-free license for the Term of this Agreement to use the other Party’s trademarks, trade names and/or logos (“Marks”) solely in connection with the integration of the Party’s Products in accordance with this Agreement.
- Each Party maintains exclusive title to its Marks and retains all rights not explicitly granted by the Agreement. Neither Party will: (i) challenge or take any action which interferes with the other Party’s rights in its Marks; (ii) directly or indirectly use any Marks or any mark or name confusingly similar to any Marks of the other Party, as part of its business names or in any manner except as explicitly authorized by the other Party; (iii) register or attempt to register any trademark, any part of trademark, or any mark or name confusingly similar to any of the other Party’s Marks. Each Party shall have the right to object to and thereby prohibit the use of its Marks on or in any materials at any time in its sole discretion, provided that if Partner prohibits the use of its Marks by Wiz after certification has been achieved, Wiz shall not be obligated to provide Partner with any support and may, at its discretion, terminate this Agreement immediately upon written notice to Partner by email. If the Party owning the Marks notifies the other Party that the use of the Marks is not in compliance with the Mark owner’s policies or is otherwise in breach of this Agreement, then the Party using the Marks will promptly take such reasonable corrective action as directed by the Mark owner. All of the benefit and goodwill associated with the use of the Marks will inure entirely to the Mark owner. Either Party may terminate its trademark license if, in its reasonable discretion, the other Party’s use of one or more of its Marks tarnishes, blurs or dilutes the quality associated with the Marks or the associated goodwill.
- EXPENSES. Each Party shall bear its own costs and expenses incurred in performing its obligations under this Agreement, unless otherwise agreed by the Parties in writing.
- LIMITED WARRANTY. Each Party represents and warrants to the other Party that it has the right to enter into this Agreement, and that this Agreement constitutes a valid binding obligation of such Party, enforceable against such Party in accordance with its terms and does not conflict with or violate any agreements such Party has with any third party. EACH OF THE WIZ PRODUCTS AND PARTNER PRODUCTS IS PROVIDED “AS IS” WITHOUT WARRANTY AND EACH PARTY HEREBY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF PRODUCT LIABILITY, MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY ARISING FROM COURSE OF DEALING OR PERFORMANCE.
- CONFIDENTIALITY.
- Each Party and its Affiliates may have access to non-public information of the other Party or its Affiliates, in any form or media, including without limitation, trade secrets and other information related to the products, software, technology, intellectual property, testing results, data, know-how, customers or prospective customers or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). For the avoidance of doubt, the Wiz Integration API and all information in the Wiz Partner Portal including the Wiz Integration Documentation are Wiz’s Confidential Information. In addition, to the extent the Parties share information with each other regarding customers or prospective customers, such information, and the existence of such discussions between the Parties shall be treated as Confidential Information. The receiving Party’s obligations under this section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing party’s Confidential Information, as evidenced by written records.
- The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. Neither Party shall use or disclose the Confidential Information of the other Party except for as reasonably necessary for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party’s Confidential Information to its and/or its Affiliates’ respective employees, consultants, subcontractors and advisors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement and shall notify the other Party immediately upon becoming aware of any unauthorized access or use of the other Party’s Confidential Information. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing Party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement.
- Unless otherwise agreed by the Parties, upon (a) the disclosing Party’s request (but only if such Confidential Information is not required to exercise a right or perform an obligation under this Agreement); or, (b) in any event, termination or expiration of this Agreement, each Party will return or destroy (and certify such destruction upon request of the disclosing Party) the Confidential Information of the other Party, and all copies thereof, in its possession or control, except such Confidential Information as is necessary to continue performing any obligations or exercising any rights that survive termination or expiration of this Agreement or as otherwise required to comply with applicable laws. The obligation to return or destroy all copies of Confidential Information does not extend to automatically generated copies which may still exists on servers and back-ups for a reasonable period in line with industry standards provided that the receiving Party shall make no further use of those copies and that the confidentiality obligations herein shall continue to apply until the Confidential Information is fully destroyed.
- All Confidential Information and any derivatives thereof are and shall remain the exclusive property of the disclosing Party and no rights, interests or license, are granted or implied hereby to have been granted to the receiving Party. Each Party acknowledges and agrees that its products and services contain proprietary information and trade secrets of the owner of the products and services. Each Party will not use any Confidential Information that it gains through use or study of the other Party’s products and services to facilitate its or any third party’s development of any software programs or other products that would compete with the other Party’s products and services. Notwithstanding the foregoing, each Party hereby acknowledges and agrees that the other Party may currently or in the future be developing information internally, or receiving information from other parties, that is similar to the Confidential Information of the disclosing Party. Accordingly, nothing in this Agreement will be construed as a representation or agreement that either Party will not develop or have developed products, services, concepts, systems or techniques that are similar to or compete with the products, concepts, systems or techniques contemplated by or embodied in the Confidential Information, provided that the receiving Party does not violate any of its obligations under this Agreement in connection with such development.
- Each Party acknowledges that a breach by the other Party of any confidentiality or proprietary rights provision of this Agreement may cause the non-breaching Party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching Party may seek an action to enjoin the breaching Party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a Party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching Party may be entitled at law or in equity.
- INDEMNIFICATION.
- Each Party (“Indemnifying Party”) will indemnify, defend and hold harmless the other Party, its Affiliates, directors and employees (collectively “Indemnified Party”) against any and all claims made by any third parties and all related losses, liabilities, damages, costs and expenses (including without limitation reasonable attorneys’ fees) directly resulting from any such claims that Indemnified Party’s use of the Indemnifying Party’s Products or integration contemplated hereunder as authorized by this Agreement violates, misappropriates or infringes upon the patent, copyright, trademark, trade secret, or other proprietary rights of any third party.
- The Indemnified Party will promptly notify Indemnifying Party promptly of any such claims, suits, and proceedings in writing. Indemnifying Party will be given full and complete authority and information for the defense and settlement of the claim provided that Indemnifying Party will have no authority to enter into any settlement or compromise which imposes any obligation or admits any guilt on behalf of Indemnified Party without the prior written consent of Indemnified Party, which shall not be unreasonably withheld. At Indemnifying Party’s request, Indemnified Party will reasonably cooperate with Indemnifying Party in defending or settling any such action.
- Notwithstanding the foregoing, a Party will have no obligation under this section or otherwise with respect to any infringement claim to the extent based upon or it relates to: (i) any use of the other Party’s Products not in accordance with this Agreement or the relevant product documentation; (ii) any use of the other Party’s Products in combination with other products, hardware, equipment, software, or data not authorized in writing by such Party to be used with the technology; (iii) any modification of the other Party’s Products by any person other than other Party or its authorized agents or subcontractors; (iv) Indemnified Party’s gross negligence or willful misconduct, or (v) any refusal of Indemnified Party to use a non-infringing version of Product or integration contemplated hereunder or any part thereof (including any update, if such infringement could have been avoided by use of the most recent update) offered by Indemnifying Party at no cost to Indemnified Party. THIS SECTION STATES THE INDEMNIFYING PARTY’S ENTIRE LIABILITY AND THE INDEMNIFIED PARTY’S EXCLUSIVE REMEDY FOR INFRINGEMENT CLAIMS AND ACTIONS.
- LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) INDEMNIFICATION OBLIGATIONS IN THIS AGREEMENT, (3) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (4) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) INDEMNIFICATION OBLIGATIONS IN THIS AGREEMENT, (3) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (4) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, THE MAXIMUM LIABILITY OF EACH PARTY FOR ALL DAMAGES OR ALLEGED DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, IS LIMITED TO, AND SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, USD $1,000.
- TERM AND TERMINATION.
- Term. Unless terminated earlier as provided herein, the Term of this Agreement shall be one (1) year and will automatically renew for consecutive one (1) year term(s) (together, the “Term”) unless otherwise terminated in accordance with this section.
- Termination for Convenience. This Agreement may be terminated for convenience by a Party providing the other Party thirty (30) days prior written notice. Any accrued rights and obligations will survive termination.
- Termination for Cause. Either Party may immediately terminate this Agreement upon notice to the other Party if the other Party: (i) materially breaches this Agreement and, to the extent such breach is curable, fails to cure such breach within 30 days after receiving notice of the breach from the other Party, or (ii) commences bankruptcy or dissolution proceedings, has a receiver appointed for a substantial part of its assets, or ceases to operate in the ordinary course of business. Any accrued rights and obligations will survive termination.
- Effect of termination. Upon expiration or termination of this Agreement (a) all rights and obligations granted to each Party by the other Party hereunder shall immediately cease; (b) neither Party shall have the right to represent itself as a partner of the other Party; (c) each Party shall remove all references of the other Party from its website and marketing materials, and shall cease all use of the other Party’s Marks; and (d) within thirty (30) days, each Party shall return to the other Party and destroy all Products or other materials in its possession or control that belong to the other Party and shall certify compliance with this section upon request.
- Survival. Sections 3 (Prohibited Uses), 4 (Title and Ownership), 8 (Expenses), 9 (Limited Warranty) 10 (Confidentiality), 11 (Indemnity), 12 (Limitation of Liability), 13 (Term and Termination) and 14 (Miscellaneous) shall survive termination or expiration of this Agreement
- MISCELLANEOUS.
- Relationship of Parties. The Parties expressly agree that they are independent contractors under this Agreement and no other relationship is intended, including without limitation a partnership, franchise, joint venture, agency, employer/employee, fiduciary, master/servant relationship, or other special relationship. Neither Party shall have any right or authority to assume, create, or incur any liability or any obligation on behalf of the other Party. Neither Party shall take any action that expresses or implies a relationship other than that of independent contractor.
- No Third Party Beneficiaries. Unless otherwise expressly provided, no provisions of this Agreement are intended or shall be construed to confer upon or give to any person or entity other than Partner and Wiz any rights, remedies or other benefits under or by reason of this Agreement.
- Notices. All notices which are required to be given pursuant to this Agreement shall be in writing and shall be sent by overnight courier to the address listed on page 1, with receipt acknowledged, or by email with an electronic proof of transmission. In respect of Wiz, notices may be sent by email to legalnotices@wiz.io. Notices shall be deemed to have been delivered at the time delivered by overnight courier and transmitted by email.
- Force Majeure. Nonperformance by either Party will be excused to the extent that performance is rendered impossible by strike, fire, flood, riots, terrorism, governmental acts or orders or restrictions, or any other reason where failure to perform is beyond the reasonable control of the nonperforming Party and not caused by the negligence of the nonperforming Party.
- Assignment. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates, provided in any event that the assignee or successor agrees to be bound by all of the terms and conditions of this Agreement. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns.
- Export. Each Party represents and warrants that such Party, its Affiliates, or any director or officer thereof, is not, and is not owned or controlled by individuals or entities that are: (i) the target of any sanctions administered or enforced by the U.S. Department of the Treasury Office of Foreign Asset Control (“OFAC”), the U.S. State Department or any other U.S. government agency or department, the United Nations Security Council, the European Union or Her Majesty Treasury and/or the target of any Israeli sanctions (collectively, “Sanctions”), or (ii) located, organized or resident in a country or territory that is the subject of comprehensive territorial Sanctions. Each Party acknowledges that any use of its Products and services (the “Product Usage”) may not be provided to or used by any person in any of the countries that are subject to comprehensive economic sanctions under the EAR, OFAC, or Israeli regulations, which currently include Crimea, Donetsk and Luhansk - regions of Ukraine, Cuba, Iran, North Korea, and Syria. Moreover, each Party shall not allow and fully restrict any usage relating to its Products and services from persons identified on any Sanctions list, including but not limited to OFAC’s Specially Designated Nationals and Blocked Parties List (the “SDN List”), entities owned 50% or more by any individuals or entities on the SDN List, or individuals or entities that are located in any comprehensively sanctioned country. Each Party shall be responsible for complying with all applicable laws in connection with its use of the Products including, but not limited to, U.S. Export Administration Regulations, any other export laws, restrictions, and regulations to ensure that the products and any technical data related thereto is not exported or re-exported, directly or indirectly, in violation of or used for any purposes prohibited by such laws and regulations.
- Compliance with Laws & Data Protection. Each Party will comply with its respective legal obligations in exercising its rights and performing its duties under this Agreement including complying with all applicable international, federal, state and local laws and regulations, including all applicable data privacy, data protection and data security laws and regulations. The Parties agree that, for the purposes of the GDPR and any equivalent data protection laws, there is no controller-processor relationship between Wiz and Partner with regards to either Party’s customers’ personal data shared via the integration contemplated hereunder or personal data of usersof the Wiz Partner Portal. In the event the Parties are required to enter into additional agreements to comply with applicable laws, including to put in place adequate data transfer mechanisms such as Standard Contractual Clauses, Partner agrees to execute such additional agreements as needed.
- Waiver, Severability and Modification. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable and will have no effect on the remainder of this Agreement. Any waiver, amendment or other modification of any provision of this Agreement will be effective only if in writing and signed by the Parties.
- Governing Law and Jurisdiction. This Agreement will be governed by and construed in accordance with the laws of New York, not including its law of conflicts of laws. The Parties irrevocably consent to the exclusive jurisdiction of the courts of Manhattan, New York, over any action, suit or proceeding arising hereunder.
- Entire Agreement. This Agreement, including all exhibits or terms that are incorporated herein by reference, constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous understandings or agreements, written or oral, regarding such subject matter, including prior non-disclosure agreements. Notwithstanding the foregoing, Wiz may make available other optional products, services, features or cooperation, which may be subject to additional terms to which Partner will be required to agree and to additional fees which Customer may be required to pay before being permitted to use such products, services, features or participate in such cooperation.
- Counterparts. This Agreement may be executed in electronic counterparts, each of which shall be an original and together which shall constitute one and the same instrument.
- If no Partner product has been identified above, then the presumption shall be that the Parties intend to achieve interoperability between the selected Wiz Products and any and all Partner Product(s). If a specific Partner product has been identified above, Wiz and Partner may mutually agree to integrate other Products which shall be subject to the terms of this Agreement.
Effective November 17th 2023 to January 23rd 2024
DownloadTable of Contents
WIZ TECH INTEGRATION AGREEMENT
This WIZ TECH INTEGRATION AGREEMENT (the “Agreement”) is entered into on the date of the last signature below (the “Effective Date”), by and between:
- Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 (the “Wiz”); and
- the entity named in the box below (the “Partner”)
Partner Company Name | |
Registered Address | |
Partner Product for Integration[1] | |
Partner Contact | |
Partner Contact Email | |
Partner Technical Support Contact | |
Partner Technical Support Email |
(each, a “Party” and collectively, the “Parties”)
- INTEROPERABILITY AND VALIDATION
- The Parties wish to achieve product interoperability and integration between the Wiz Cloud Security Platform (“Wiz Platform”) and the Partner Product(s) identified in the table on page 1 above (“Partner Products”) via the Wiz integration APIs made available by Wiz to Partner, (“Wiz Integration API” together with the Wiz Platform, the “Wiz Products”, the Wiz Products together with the Partner Products, shall be referred to as the “Products”). Following the Effective Date, Partner shall be granted access to the Wiz partner portal (“Wiz Partner Portal”) including the Wiz integration documentation which sets forth the technical requirements for building the integration (“Wiz Integration Documentation”) which shall be incorporated by reference to this Agreement and Partner agrees to adhere to the requirements set forth in such Wiz Integration Documentation.
- In order to obtain validation and certification by Wiz for such integration, Partner must complete the certification process as defined at https://www.wiz.io/integrations/apply, which shall include demonstration and testing of how the Partner Products operate with the Wiz Products. Within 90 days of the Effective Date, Partner shall provide Wiz with the queries that Partner shall use on top of the Wiz Integration API in order to allow Wiz to ensure that Partner’s use of the API queries meets Wiz’s Integration API best practices. If Partner does not complete the validation and certification within 90 days from the day Partner has been granted access to the Wiz Integration API or refuses to co-operate with Wiz, Wiz shall have the right to terminate this Agreement immediately upon written notice to Partner by email to the Partner contact email specified in the table on page 1 above.
- Interoperability validation shall be confirmed by Wiz in writing and shall only apply to the Partner Products that were tested in accordance with this section. Wiz reserves the right to reject Partner in its sole discretion if Partner does not meet Wiz’s criteria or for any other reason at Wiz’s discretion. If Partner conforms to Wiz’s criteria, Wiz shall certify Partner as “Certified”.
- Once successful product interoperability and integration has been achieved and Partner has been certified by Wiz, the Parties may engage in mutually agreed-upon sales and marketing activities for the purpose of identifying business opportunities for both Parties as further described in this Agreement and subject to section 6.5.
- If either Party releases a new version of a Product that requires revalidation of interoperability, the Parties shall work together to complete such testing of the new product version as required and each Party agrees to contribute reasonable technical resources for such purpose.
- Partner shall be responsible for supporting and maintaining the integration contemplated herein.
- Either Party may engage subcontractors and involve Affiliates to perform its obligations under this Agreement provided that each Party remains fully responsible and liable for the performance of its subcontractors and Affiliates. Each Party shall bind its subcontractors and Affiliates to terms and conditions necessary to ensure such subcontractor’s and Affiliate’s compliance with the duties and obligations in this Agreement.
- LIMITED LICENSE.
- License by Partner. Subject to the terms of this Agreement, Partner hereby grants to Wiz and its Affiliates a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Partner Products during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Product(s). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- License by Wiz. Subject to the terms of this Agreement, Wiz hereby grants to Partner a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Wiz Integration API and Wiz Integration Documentation during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Platform.
- Open Source. Any open source software that may be provided with either Party’s Products (including APIs) is licensed and distributed under the terms and conditions of the applicable open source software license accompanying the open source software or set forth in the open source licenses (“Open Source Terms”). Each Party may use such open source software pursuant to the Open Source Terms.
- PROHIBITED USES.
- Unless expressly permitted by a Party in writing in advance, a Party may not use the other Party’s Products for production or commercial purposes or to test or build a competitive product. For the avoidance of doubt, this Agreement governs all uses of each Party’s products by the other Party for the purposes of making the Products interoperable and supersedes any other license agreement, including any click-through terms on either Party’s websites or otherwise.
- Wiz and Partner each agree that they will not, and will not permit any third party to, without the other Party’s prior written consent in each case: (a) use the other Party’s Products in any manner not authorized by the applicable product documentation or applicable laws, or in a way that could create an unreasonable risk from a security or data privacy perspective, (b) distribute, lease, license, sublicense or otherwise disseminate the other Party’s Products to any third party (except as specifically allowed under this Agreement); (c) modify, enhance, create derivative works from, reverse engineer, disassemble, decompile or otherwise reduce the other Party’s Products to human-readable form or attempt to derive the source code, methodology, analysis, or results of the other Party’s Products; (d) use the other Party’s Products in a business production mode, as an end-use product, or use any third-party software embedded in or bundled with the other Party’s Product as a standalone program or in any way independently from other Party’s Product, as applicable; (e) reproduce or make more than a reasonable number of copies of the other Party’s Products; or (f) use the other Party’s Product for commercial purposes or to test a competitive product; (g) disclose, publish or otherwise make publicly available any benchmark, performance or comparison tests that a Party (or a third party contracted by the Party) runs on the other Party’s Products, in whole or in part; (h) remove, modify, or conceal any product identification, copyright, proprietary, intellectual property notices or other such marks on or within the other Party’s Product; (i) use the other Party’s Product to store or transmit infringing, libelous, or otherwise unlawful or tortious material, to store or transmit material in violation of third-party privacy or intellectual property rights, or to conduct any fraudulent or other unlawful activity; (j) interfere with, disrupt the integrity or performance of, or attempt to gain unauthorized access to the other Party’s Product, their related systems or networks, or any third-party data contained therein. Both Parties shall reproduce any copyright notices, legends and proprietary marking on any authorized copy of the other Party’s Products.
- In addition, Partner acknowledges and agrees that: (a) Partner shall only use Wiz’s official Integration APIs as provided in the Wiz Integration Documentation; and (b) it shall only provide access to the Wiz Partner Portal, Wiz Integration Documentation and Wiz Integration API to its employees or service providers on a need to know basis (“Permitted Users”). Partner will ensure that the Permitted Users comply with the terms of this Agreement and shall be fully responsible for any breach of this Agreement by a Permitted User. Partner and its Permitted Users shall not share user credentials to the Wiz Partner Portal with any third party and Partner shall promptly notify Wiz upon becoming aware of any breach of this section which shall be grounds for immediate termination of access to the Wiz Partner Portal and this Agreement by Wiz.
- Any rights not expressly granted herein are deemed reserved and neither Party shall make any other use of the other Party’s Products other than as expressly permitted in this Agreement.
- Wiz may refuse Partner’s access to Wiz Products and/or Wiz Integration Documentation and may delist the integration contemplated hereunder, where, acting reasonably and in good faith, Wiz knows or suspects that such access would violate the terms and conditions of this Agreement (including where Wiz knows or suspects that Partner may have been compromised by a malicious actor). In such circumstances, Wiz shall promptly inform Partner in writing of such refusal of access and/or delisting unless prohibited by applicable law or where Wiz reasonably believes that providing such notice poses a risk to the security of its customers or other Products. Wiz will promptly reinstate Partner’s access and use once the issue has been resolved.
- TITLE AND OWNERSHIP.
- Each Party acknowledges that the other Party and its licensors retain all right, title and interest in and to their respective Products including user manuals and other written materials for the Products and any other materials which are owned by either Party prior to beginning any work under this Agreement and which are not generated in the course of performing this Agreement, including any derivatives, enhancements, improvements or modifications thereof (together “Background Works”) and all intellectual property rights embodied in the Background Works. Except for the limited rights expressly granted herein, this Agreement does not transfer title of a Party’s Background Works from either Party to the other Party or to any third party, and all right, title and interest in and to either Parties’ Background Works will at all times remain solely and exclusively with the respective Party. Neither Party shall take any action inconsistent with such title and ownership.
- Subject to section 4.1 above, each Party shall own any developed work which is produced by that Party in order to fulfil the interoperation of the Party’s Products or otherwise to fulfil the objectives of this Agreement and such developed work shall not be deemed a “work made for hire”. Each Party hereby grants to the other Party a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use any of such developed work solely for purposes of and to the extent necessary to perform its obligations under this Agreement during the Term of this Agreement. Notwithstanding the foregoing, if the Parties or each Party develops such works pursuant to Open Source Terms, then such works will be licensed under the applicable Open Source Terms.
- During the course of their relationship, each Party may have opportunity to provide feedback to the other Party regarding the other Party’s Products. Each Party hereby assigns to the other Party all rights, title to and interest to such feedback it supplies to the other Party, including all intellectual property rights therein, provided that such feedback shall not contain any Confidential Information of the other Party. Each Party agrees to assist the other with and sign any and all documentation to secure those rights.
- SUPPORT. Each Party shall provide support for its own Product to its own customers according to such Party’s standard business practices. Notwithstanding the foregoing, the Parties agree to work together to jointly resolve any integration issues identified by mutual customers. Partner agrees to provide support during normal business hours to Wiz or mutual customers with issues concerning interoperability of the Products and agrees to respond to any support requests from Wiz or mutual customers within 3 business days of receipt. Any support provided herein shall be at no cost to either Party. Partner’s point of contact for such support requests is set out in the table on page 1.
- JOINT MARKETING AND SALES ACTIVITIES.
- Once interoperability has been achieved, the Parties may jointly develop a marketing and promotions plan (the “Marketing Plan”) including to notify each other’s customers of the relationship between the Parties and develop qualified sales opportunities. The Marketing Plan must be mutually agreed by both Parties in writing prior to either Party taking any action and each Party will use commercially reasonable efforts to implement the Marketing Plan.
- In furtherance of marketing the Products and services of the other Party, each Party shall:
- Avoid deceptive, misleading, misrepresentative, illegal, or unethical practices that may be detrimental to the other Party or to the Products and services of such other Party;
- Not make any representations, warranties, or guarantees to customers concerning the other Party’s Products or services that are inconsistent with or in addition to those made in this Agreement or the Marketing Plan; and
- Comply with all applicable international, federal, state and local laws and regulations, including privacy and data protection laws, in performing marketing activities and its duties with respect to its own Products and services.
- Each Party shall obtain the other Party’s prior written approval in each case for all publicity concerning the other Party including, but not limited to, any press release, marketing statements or sales materials.
- Notwithstanding the foregoing, it is agreed and understood that either Party shall have unrestricted rights to pursue any business or sales opportunity alone or with any third parties. The Parties agree that this Agreement does not authorize or require either Party to sell the other Party’s Products. The Parties agree that neither Party shall earn or pay any type of commission or revenue share or other compensation in connection with sales referrals made under this Agreement unless mutually agreed by the Parties in writing.
- To the extent that the Parties share or disclose personal data or information of potential or actual customers (“Prospect Information”) with each other in connection with joint marketing activities under this Agreement: (i) the Privacy Addendum set forth at https://www.wiz.io/legal/privacy-addendum shall apply; (ii) each Party will treat Prospect Information provided by the other as Confidential Information; and (iii) will only share or use such Prospect Information under this Agreement in accordance with the Agreement and applicable laws, including privacy and data protection laws. Without limiting the foregoing, each Party will be solely responsible for any Prospect Information it elects to provide to the other Party, including providing any required notices to, and receiving any required consents and authorizations from, the prospects, customers and individuals that are the subjects of such Prospect Information.
- TRADEMARK LICENSE.
- Subject to the terms of this Agreement and any additional policies and instructions identified by a Party with respect to the use of its Marks, once validation and certification has been confirmed by Wiz to Partner in writing, each Party grants to the other Party and its Affiliates a limited, revocable, non-exclusive, non-transferable, royalty-free license for the Term of this Agreement to use the other Party’s trademarks, trade names and/or logos (“Marks”) solely in connection with the integration of the Party’s Products in accordance with this Agreement.
- Each Party maintains exclusive title to its Marks and retains all rights not explicitly granted by the Agreement. Neither Party will: (i) challenge or take any action which interferes with the other Party’s rights in its Marks; (ii) directly or indirectly use any Marks or any mark or name confusingly similar to any Marks of the other Party, as part of its business names or in any manner except as explicitly authorized by the other Party; (iii) register or attempt to register any trademark, any part of trademark, or any mark or name confusingly similar to any of the other Party’s Marks. Each Party shall have the right to object to and thereby prohibit the use of its Marks on or in any materials at any time in its sole discretion, provided that if Partner prohibits the use of its Marks by Wiz after certification has been achieved, Wiz shall not be obligated to provide Partner with any support and may, at its discretion, terminate this Agreement immediately upon written notice to Partner by email. If the Party owning the Marks notifies the other Party that the use of the Marks is not in compliance with the Mark owner’s policies or is otherwise in breach of this Agreement, then the Party using the Marks will promptly take such reasonable corrective action as directed by the Mark owner. All of the benefit and goodwill associated with the use of the Marks will inure entirely to the Mark owner. Either Party may terminate its trademark license if, in its reasonable discretion, the other Party’s use of one or more of its Marks tarnishes, blurs or dilutes the quality associated with the Marks or the associated goodwill.
- EXPENSES. Each Party shall bear its own costs and expenses incurred in performing its obligations under this Agreement, unless otherwise agreed by the Parties in writing.
- LIMITED WARRANTY. Each Party represents and warrants to the other Party that it has the right to enter into this Agreement, and that this Agreement constitutes a valid binding obligation of such Party, enforceable against such Party in accordance with its terms and does not conflict with or violate any agreements such Party has with any third party. EACH OF THE WIZ PRODUCTS AND PARTNER PRODUCTS IS PROVIDED “AS IS” WITHOUT WARRANTY AND EACH PARTY HEREBY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF PRODUCT LIABILITY, MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY ARISING FROM COURSE OF DEALING OR PERFORMANCE.
- CONFIDENTIALITY.
- Each Party and its Affiliates may have access to non-public information of the other Party or its Affiliates, in any form or media, including without limitation, trade secrets and other information related to the products, software, technology, intellectual property, testing results, data, know-how, customers or prospective customers or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). For the avoidance of doubt, the Wiz Integration API and all information in the Wiz Partner Portal including the Wiz Integration Documentation are Wiz’s Confidential Information. In addition, to the extent the Parties share information with each other regarding customers or prospective customers, such information, and the existence of such discussions between the Parties shall be treated as Confidential Information. The receiving Party’s obligations under this section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing party’s Confidential Information, as evidenced by written records.
- The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. Neither Party shall use or disclose the Confidential Information of the other Party except for as reasonably necessary for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party’s Confidential Information to its and/or its Affiliates’ respective employees, consultants, subcontractors and advisors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement and shall notify the other Party immediately upon becoming aware of any unauthorized access or use of the other Party’s Confidential Information. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing Party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement.
- Unless otherwise agreed by the Parties, upon (a) the disclosing Party’s request (but only if such Confidential Information is not required to exercise a right or perform an obligation under this Agreement); or, (b) in any event, termination or expiration of this Agreement, each Party will return or destroy (and certify such destruction upon request of the disclosing Party) the Confidential Information of the other Party, and all copies thereof, in its possession or control, except such Confidential Information as is necessary to continue performing any obligations or exercising any rights that survive termination or expiration of this Agreement or as otherwise required to comply with applicable laws. The obligation to return or destroy all copies of Confidential Information does not extend to automatically generated copies which may still exists on servers and back-ups for a reasonable period in line with industry standards provided that the receiving Party shall make no further use of those copies and that the confidentiality obligations herein shall continue to apply until the Confidential Information is fully destroyed.
- All Confidential Information and any derivatives thereof are and shall remain the exclusive property of the disclosing Party and no rights, interests or license, are granted or implied hereby to have been granted to the receiving Party. Each Party acknowledges and agrees that its products and services contain proprietary information and trade secrets of the owner of the products and services. Each Party will not use any Confidential Information that it gains through use or study of the other Party’s products and services to facilitate its or any third party’s development of any software programs or other products that would compete with the other Party’s products and services. Notwithstanding the foregoing, each Party hereby acknowledges and agrees that the other Party may currently or in the future be developing information internally, or receiving information from other parties, that is similar to the Confidential Information of the disclosing Party. Accordingly, nothing in this Agreement will be construed as a representation or agreement that either Party will not develop or have developed products, services, concepts, systems or techniques that are similar to or compete with the products, concepts, systems or techniques contemplated by or embodied in the Confidential Information, provided that the receiving Party does not violate any of its obligations under this Agreement in connection with such development.
- Each Party acknowledges that a breach by the other Party of any confidentiality or proprietary rights provision of this Agreement may cause the non-breaching Party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching Party may seek an action to enjoin the breaching Party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a Party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching Party may be entitled at law or in equity.
- INDEMNIFICATION.
- Each Party (“Indemnifying Party”) will indemnify, defend and hold harmless the other Party, its Affiliates, directors and employees (collectively “Indemnified Party”) against any and all claims made by any third parties and all related losses, liabilities, damages, costs and expenses (including without limitation reasonable attorneys’ fees) directly resulting from any such claims that Indemnified Party’s use of the Indemnifying Party’s Products or integration contemplated hereunder as authorized by this Agreement violates, misappropriates or infringes upon the patent, copyright, trademark, trade secret, or other proprietary rights of any third party.
- The Indemnified Party will promptly notify Indemnifying Party promptly of any such claims, suits, and proceedings in writing. Indemnifying Party will be given full and complete authority and information for the defense and settlement of the claim provided that Indemnifying Party will have no authority to enter into any settlement or compromise which imposes any obligation or admits any guilt on behalf of Indemnified Party without the prior written consent of Indemnified Party, which shall not be unreasonably withheld. At Indemnifying Party’s request, Indemnified Party will reasonably cooperate with Indemnifying Party in defending or settling any such action.
- Notwithstanding the foregoing, a Party will have no obligation under this section or otherwise with respect to any infringement claim to the extent based upon or it relates to: (i) any use of the other Party’s Products not in accordance with this Agreement or the relevant product documentation; (ii) any use of the other Party’s Products in combination with other products, hardware, equipment, software, or data not authorized in writing by such Party to be used with the technology; (iii) any modification of the other Party’s Products by any person other than other Party or its authorized agents or subcontractors; (iv) Indemnified Party’s gross negligence or willful misconduct, or (v) any refusal of Indemnified Party to use a non-infringing version of Product or integration contemplated hereunder or any part thereof (including any update, if such infringement could have been avoided by use of the most recent update) offered by Indemnifying Party at no cost to Indemnified Party. THIS SECTION STATES THE INDEMNIFYING PARTY’S ENTIRE LIABILITY AND THE INDEMNIFIED PARTY’S EXCLUSIVE REMEDY FOR INFRINGEMENT CLAIMS AND ACTIONS.
- LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (3) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) INDEMNIFICATION OBLIGATIONS IN THIS AGREEMENT, (3) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (4) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, THE MAXIMUM LIABILITY OF EACH PARTY FOR ALL DAMAGES OR ALLEGED DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, IS LIMITED TO, AND SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, USD $1,000.
- TERM AND TERMINATION.
- Term. Unless terminated earlier as provided herein, the Term of this Agreement shall be one (1) year and will automatically renew for consecutive one (1) year term(s) (together, the “Term”) unless otherwise terminated in accordance with this section.
- Termination for Convenience. This Agreement may be terminated for convenience by a Party providing the other Party thirty (30) days prior written notice. Any accrued rights and obligations will survive termination.
- Termination for Cause. Either Party may immediately terminate this Agreement upon notice to the other Party if the other Party: (i) materially breaches this Agreement and, to the extent such breach is curable, fails to cure such breach within 30 days after receiving notice of the breach from the other Party, or (ii) commences bankruptcy or dissolution proceedings, has a receiver appointed for a substantial part of its assets, or ceases to operate in the ordinary course of business. Any accrued rights and obligations will survive termination.
- Effect of termination. Upon expiration or termination of this Agreement (a) all rights and obligations granted to each Party by the other Party hereunder shall immediately cease; (b) neither Party shall have the right to represent itself as a partner of the other Party; (c) each Party shall remove all references of the other Party from its website and marketing materials, and shall cease all use of the other Party’s Marks; and (d) within thirty (30) days, each Party shall return to the other Party and destroy all Products or other materials in its possession or control that belong to the other Party and shall certify compliance with this section upon request.
- Survival. Sections 3 (Prohibited Uses), 4 (Title and Ownership), 8 (Expenses), 9 (Limited Warranty) 10 (Confidentiality), 11 (Indemnity), 12 (Limitation of Liability), 13 (Term and Termination) and 14 (Miscellaneous) shall survive termination or expiration of this Agreement
- MISCELLANEOUS.
- Relationship of Parties. The Parties expressly agree that they are independent contractors under this Agreement and no other relationship is intended, including without limitation a partnership, franchise, joint venture, agency, employer/employee, fiduciary, master/servant relationship, or other special relationship. Neither Party shall have any right or authority to assume, create, or incur any liability or any obligation on behalf of the other Party. Neither Party shall take any action that expresses or implies a relationship other than that of independent contractor.
- No Third Party Beneficiaries. Unless otherwise expressly provided, no provisions of this Agreement are intended or shall be construed to confer upon or give to any person or entity other than Partner and Wiz any rights, remedies or other benefits under or by reason of this Agreement.
- Notices. All notices which are required to be given pursuant to this Agreement shall be in writing and shall be sent by overnight courier to the address listed on page 1, with receipt acknowledged, or by email with an electronic proof of transmission. In respect of Wiz, notices may be sent by email to legalnotices@wiz.io. Notices shall be deemed to have been delivered at the time delivered by overnight courier and transmitted by email.
- Force Majeure. Nonperformance by either Party will be excused to the extent that performance is rendered impossible by strike, fire, flood, riots, terrorism, governmental acts or orders or restrictions, or any other reason where failure to perform is beyond the reasonable control of the nonperforming Party and not caused by the negligence of the nonperforming Party.
- Assignment. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates, provided in any event that the assignee or successor agrees to be bound by all of the terms and conditions of this Agreement. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns.
- Export. Each Party represents and warrants that such Party, its Affiliates, or any director or officer thereof, is not, and is not owned or controlled by individuals or entities that are: (i) the target of any sanctions administered or enforced by the U.S. Department of the Treasury Office of Foreign Asset Control (“OFAC”), the U.S. State Department or any other U.S. government agency or department, the United Nations Security Council, the European Union or Her Majesty Treasury and/or the target of any Israeli sanctions (collectively, “Sanctions”), or (ii) located, organized or resident in a country or territory that is the subject of comprehensive territorial Sanctions. Each Party acknowledges that any use of its Products and services (the “Product Usage”) may not be provided to or used by any person in any of the countries that are subject to comprehensive economic sanctions under the EAR, OFAC, or Israeli regulations, which currently include Crimea, Donetsk and Luhansk - regions of Ukraine, Cuba, Iran, North Korea, and Syria. Moreover, each Party shall not allow and fully restrict any usage relating to its Products and services from persons identified on any Sanctions list, including but not limited to OFAC’s Specially Designated Nationals and Blocked Parties List (the “SDN List”), entities owned 50% or more by any individuals or entities on the SDN List, or individuals or entities that are located in any comprehensively sanctioned country. Each Party shall be responsible for complying with all applicable laws in connection with its use of the Products including, but not limited to, U.S. Export Administration Regulations, any other export laws, restrictions, and regulations to ensure that the products and any technical data related thereto is not exported or re-exported, directly or indirectly, in violation of or used for any purposes prohibited by such laws and regulations.
- Compliance with Laws & Data Protection. Each Party will comply with its respective legal obligations in exercising its rights and performing its duties under this Agreement including complying with all applicable international, federal, state and local laws and regulations, including all applicable data privacy, data protection and data security laws and regulations. The Parties agree that, for the purposes of the GDPR and any equivalent data protection laws, there is no controller-processor relationship between Wiz and Partner with regards to either Party’s customers’ personal data shared via the integration contemplated hereunder or personal data of usersof the Wiz Partner Portal. In the event the Parties are required to enter into additional agreements to comply with applicable laws, including to put in place adequate data transfer mechanisms such as Standard Contractual Clauses, Partner agrees to execute such additional agreements as needed.
- Waiver, Severability and Modification. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable and will have no effect on the remainder of this Agreement. Any waiver, amendment or other modification of any provision of this Agreement will be effective only if in writing and signed by the Parties.
- Governing Law and Jurisdiction. This Agreement will be governed by and construed in accordance with the laws of New York, not including its law of conflicts of laws. The Parties irrevocably consent to the exclusive jurisdiction of the courts of Manhattan, New York, over any action, suit or proceeding arising hereunder.
- Entire Agreement. This Agreement, including all exhibits or terms that are incorporated herein by reference, constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous understandings or agreements, written or oral, regarding such subject matter, including prior non-disclosure agreements. Notwithstanding the foregoing, Wiz may make available other optional products, services, features or cooperation, which may be subject to additional terms to which Partner will be required to agree and to additional fees which Customer may be required to pay before being permitted to use such products, services, features or participate in such cooperation.
- Counterparts. This Agreement may be executed in electronic counterparts, each of which shall be an original and together which shall constitute one and the same instrument.
- If no Partner product has been identified above, then the presumption shall be that the Parties intend to achieve interoperability between the selected Wiz Products and any and all Partner Product(s). If a specific Partner product has been identified above, Wiz and Partner may mutually agree to integrate other Products which shall be subject to the terms of this Agreement.
Effective November 7th 2023 to November 17th 2023
DownloadTable of Contents
WIZ TECH INTEGRATION AGREEMENT
This WIZ TECH INTEGRATION AGREEMENT (the “Agreement”) is entered into on the date of the last signature below (the “Effective Date”), by and between:
- Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 (the “Wiz”); and
- the entity named in the box below (the “Partner”)
Partner Company Name | |
Registered Address | |
Partner Product for Integration[1] | |
Partner Contact | |
Partner Contact Email | |
Partner Technical Support Contact | |
Partner Technical Support Email |
(each, a “Party” and collectively, the “Parties”)
- INTEROPERABILITY AND VALIDATION
- The Parties wish to achieve product interoperability and integration between the Wiz Cloud Security Platform (“Wiz Platform”) and the Partner Product(s) identified in the table on page 1 above (“Partner Products”) via the Wiz integration APIs made available by Wiz to Partner, (“Wiz Integration API” together with the Wiz Platform, the “Wiz Products”, the Wiz Products together with the Partner Products, shall be referred to as the “Products”). Following the Effective Date, Partner shall be granted access to the Wiz partner portal (“Wiz Partner Portal”) including the Wiz integration documentation which sets forth the technical requirements for building the integration (“Wiz Integration Documentation”) which shall be incorporated by reference to this Agreement and Partner agrees to adhere to the requirements set forth in such Wiz Integration Documentation.
- In order to obtain validation and certification by Wiz for such integration, Partner must complete the certification process as defined at https://www.wiz.io/integrations/apply, which shall include demonstration and testing of how the Partner Products operate with the Wiz Products. Within 90 days of the Effective Date, Partner shall provide Wiz with the queries that Partner shall use on top of the Wiz Integration API in order to allow Wiz to ensure that Partner’s use of the API queries meets Wiz’s Integration API best practices. If Partner does not complete the validation and certification within 90 days from the day Partner has been granted access to the Wiz Integration API or refuses to co-operate with Wiz, Wiz shall have the right to terminate this Agreement immediately upon written notice to Partner by email to the Partner contact email specified in the table on page 1 above.
- Interoperability validation shall be confirmed by Wiz in writing and shall only apply to the Partner Products that were tested in accordance with this section. Wiz reserves the right to reject Partner in its sole discretion if Partner does not meet Wiz’s criteria or for any other reason at Wiz’s discretion. If Partner conforms to Wiz’s criteria, Wiz shall certify Partner as “Certified”.
- Once successful product interoperability and integration has been achieved and Partner has been certified by Wiz, the Parties may engage in mutually agreed-upon sales and marketing activities for the purpose of identifying business opportunities for both Parties as further described in this Agreement and subject to section 6.5.
- If either Party releases a new version of a Product that requires revalidation of interoperability, the Parties shall work together to complete such testing of the new product version as required and each Party agrees to contribute reasonable technical resources for such purpose.
- Partner shall be responsible for supporting and maintaining the integration contemplated herein.
- Either Party may engage subcontractors and involve Affiliates to perform its obligations under this Agreement provided that each Party remains fully responsible and liable for the performance of its subcontractors and Affiliates. Each Party shall bind its subcontractors and Affiliates to terms and conditions necessary to ensure such subcontractor’s and Affiliate’s compliance with the duties and obligations in this Agreement.
- LIMITED LICENSE.
- License by Partner. Subject to the terms of this Agreement, Partner hereby grants to Wiz and its Affiliates a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Partner Products during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Product(s). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- License by Wiz. Subject to the terms of this Agreement, Wiz hereby grants to Partner a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Wiz Integration API and Wiz Integration Documentation during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Platform.
- Open Source. Any open source software that may be provided with either Party’s Products (including APIs) is licensed and distributed under the terms and conditions of the applicable open source software license accompanying the open source software or set forth in the open source licenses (“Open Source Terms”). Each Party may use such open source software pursuant to the Open Source Terms.
- PROHIBITED USES.
- Unless expressly permitted by a Party in writing in advance, a Party may not use the other Party’s Products for production or commercial purposes or to test or build a competitive product. For the avoidance of doubt, this Agreement governs all uses of each Party’s products by the other Party for the purposes of making the Products interoperable and supersedes any other license agreement, including any click-through terms on either Party’s websites or otherwise.
- Wiz and Partner each agree that they will not, and will not permit any third party to, without the other Party’s prior written consent in each case: (a) use the other Party’s Products in any manner not authorized by the applicable product documentation or applicable laws, or in a way that could create an unreasonable risk from a security or data privacy perspective, (b) distribute, lease, license, sublicense or otherwise disseminate the other Party’s Products to any third party (except as specifically allowed under this Agreement); (c) modify, enhance, create derivative works from, reverse engineer, disassemble, decompile or otherwise reduce the other Party’s Products to human-readable form or attempt to derive the source code, methodology, analysis, or results of the other Party’s Products; (d) use the other Party’s Products in a business production mode, as an end-use product, or use any third-party software embedded in or bundled with the other Party’s Product as a standalone program or in any way independently from other Party’s Product, as applicable; (e) reproduce or make more than a reasonable number of copies of the other Party’s Products; or (f) use the other Party’s Product for commercial purposes or to test a competitive product; (g) disclose, publish or otherwise make publicly available any benchmark, performance or comparison tests that a Party (or a third party contracted by the Party) runs on the other Party’s Products, in whole or in part; (h) remove, modify, or conceal any product identification, copyright, proprietary, intellectual property notices or other such marks on or within the other Party’s Product; (i) use the other Party’s Product to store or transmit infringing, libelous, or otherwise unlawful or tortious material, to store or transmit material in violation of third-party privacy or intellectual property rights, or to conduct any fraudulent or other unlawful activity; (j) interfere with, disrupt the integrity or performance of, or attempt to gain unauthorized access to the other Party’s Product, their related systems or networks, or any third-party data contained therein. Both Parties shall reproduce any copyright notices, legends and proprietary marking on any authorized copy of the other Party’s Products.
- In addition, Partner acknowledges and agrees that: (a) Partner shall only use Wiz’s official Integration APIs as provided in the Wiz Integration Documentation; and (b) it shall only provide access to the Wiz Partner Portal, Wiz Integration Documentation and Wiz Integration API to its employees or service providers on a need to know basis (“Permitted Users”). Partner will ensure that the Permitted Users comply with the terms of this Agreement and shall be fully responsible for any breach of this Agreement by a Permitted User. Partner and its Permitted Users shall not share user credentials to the Wiz Partner Portal with any third party and Partner shall promptly notify Wiz upon becoming aware of any breach of this section which shall be grounds for immediate termination of access to the Wiz Partner Portal and this Agreement by Wiz.
- Any rights not expressly granted herein are deemed reserved and neither Party shall make any other use of the other Party’s Products other than as expressly permitted in this Agreement.
- Wiz may refuse Partner’s access to Wiz Products and/or Wiz Integration Documentation and may delist the integration contemplated hereunder, where, acting reasonably and in good faith, Wiz knows or suspects that such access would violate the terms and conditions of this Agreement (including where Wiz knows or suspects that Partner may have been compromised by a malicious actor). In such circumstances, Wiz shall promptly inform Partner in writing of such refusal of access and/or delisting unless prohibited by applicable law or where Wiz reasonably believes that providing such notice poses a risk to the security of its customers or other Products. Wiz will promptly reinstate Partner’s access and use once the issue has been resolved.
- TITLE AND OWNERSHIP.
- Each Party acknowledges that the other Party and its licensors retain all right, title and interest in and to their respective Products including user manuals and other written materials for the Products and any other materials which are owned by either Party prior to beginning any work under this Agreement and which are not generated in the course of performing this Agreement, including any derivatives, enhancements, improvements or modifications thereof (together “Background Works”) and all intellectual property rights embodied in the Background Works. Except for the limited rights expressly granted herein, this Agreement does not transfer title of a Party’s Background Works from either Party to the other Party or to any third party, and all right, title and interest in and to either Parties’ Background Works will at all times remain solely and exclusively with the respective Party. Neither Party shall take any action inconsistent with such title and ownership.
- Subject to section 4.1 above, each Party shall own any developed work which is produced by that Party in order to fulfil the interoperation of the Party’s Products or otherwise to fulfil the objectives of this Agreement and such developed work shall not be deemed a “work made for hire”. Each Party hereby grants to the other Party a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use any of such developed work solely for purposes of and to the extent necessary to perform its obligations under this Agreement during the Term of this Agreement. Notwithstanding the foregoing, if the Parties or each Party develops such works pursuant to Open Source Terms, then such works will be licensed under the applicable Open Source Terms.
- During the course of their relationship, each Party may have opportunity to provide feedback to the other Party regarding the other Party’s Products. Each Party hereby assigns to the other Party all rights, title to and interest to such feedback it supplies to the other Party, including all intellectual property rights therein, provided that such feedback shall not contain any Confidential Information of the other Party. Each Party agrees to assist the other with and sign any and all documentation to secure those rights.
- SUPPORT. Each Party shall provide support for its own Product to its own customers according to such Party’s standard business practices. Notwithstanding the foregoing, the Parties agree to work together to jointly resolve any integration issues identified by mutual customers. Partner agrees to provide support during normal business hours to Wiz or mutual customers with issues concerning interoperability of the Products and agrees to respond to any support requests from Wiz or mutual customers within 3 business days of receipt. Any support provided herein shall be at no cost to either Party. Partner’s point of contact for such support requests is set out in the table on page 1.
- JOINT MARKETING AND SALES ACTIVITIES.
- Once interoperability has been achieved, the Parties may jointly develop a marketing and promotions plan (the “Marketing Plan”) including to notify each other’s customers of the relationship between the Parties and develop qualified sales opportunities. The Marketing Plan must be mutually agreed by both Parties in writing prior to either Party taking any action and each Party will use commercially reasonable efforts to implement the Marketing Plan.
- In furtherance of marketing the Products and services of the other Party, each Party shall:
- Avoid deceptive, misleading, misrepresentative, illegal, or unethical practices that may be detrimental to the other Party or to the Products and services of such other Party;
- Not make any representations, warranties, or guarantees to customers concerning the other Party’s Products or services that are inconsistent with or in addition to those made in this Agreement or the Marketing Plan; and
- Comply with all applicable international, federal, state and local laws and regulations, including privacy and data protection laws, in performing marketing activities and its duties with respect to its own Products and services.
- Each Party shall obtain the other Party’s prior written approval in each case for all publicity concerning the other Party including, but not limited to, any press release, marketing statements or sales materials.
- Notwithstanding the foregoing, it is agreed and understood that either Party shall have unrestricted rights to pursue any business or sales opportunity alone or with any third parties. The Parties agree that this Agreement does not authorize or require either Party to sell the other Party’s Products. The Parties agree that neither Party shall earn or pay any type of commission or revenue share or other compensation in connection with sales referrals made under this Agreement unless mutually agreed by the Parties in writing.
- To the extent that the Parties share or disclose personal data or information of potential or actual customers (“Prospect Information”) with each other in connection with joint marketing activities under this Agreement: (i) the Privacy Addendum set forth at https://www.wiz.io/legal/privacy-addendum shall apply; (ii) each Party will treat Prospect Information provided by the other as Confidential Information; and (iii) will only share or use such Prospect Information under this Agreement in accordance with the Agreement and applicable laws, including privacy and data protection laws. Without limiting the foregoing, each Party will be solely responsible for any Prospect Information it elects to provide to the other Party, including providing any required notices to, and receiving any required consents and authorizations from, the prospects, customers and individuals that are the subjects of such Prospect Information.
- TRADEMARK LICENSE.
- Subject to the terms of this Agreement and any additional policies and instructions identified by a Party with respect to the use of its Marks, once validation and certification has been confirmed by Wiz to Partner in writing, each Party grants to the other Party and its Affiliates a limited, revocable, non-exclusive, non-transferable, royalty-free license for the Term of this Agreement to use the other Party’s trademarks, trade names and/or logos (“Marks”) solely in connection with the integration of the Party’s Products in accordance with this Agreement.
- Each Party maintains exclusive title to its Marks and retains all rights not explicitly granted by the Agreement. Neither Party will: (i) challenge or take any action which interferes with the other Party’s rights in its Marks; (ii) directly or indirectly use any Marks or any mark or name confusingly similar to any Marks of the other Party, as part of its business names or in any manner except as explicitly authorized by the other Party; (iii) register or attempt to register any trademark, any part of trademark, or any mark or name confusingly similar to any of the other Party’s Marks. Each Party shall have the right to object to and thereby prohibit the use of its Marks on or in any materials at any time in its sole discretion, provided that if Partner prohibits the use of its Marks by Wiz after certification has been achieved, Wiz shall not be obligated to provide Partner with any support and may, at its discretion, terminate this Agreement immediately upon written notice to Partner by email. If the Party owning the Marks notifies the other Party that the use of the Marks is not in compliance with the Mark owner’s policies or is otherwise in breach of this Agreement, then the Party using the Marks will promptly take such reasonable corrective action as directed by the Mark owner. All of the benefit and goodwill associated with the use of the Marks will inure entirely to the Mark owner. Either Party may terminate its trademark license if, in its reasonable discretion, the other Party’s use of one or more of its Marks tarnishes, blurs or dilutes the quality associated with the Marks or the associated goodwill.
- EXPENSES. Each Party shall bear its own costs and expenses incurred in performing its obligations under this Agreement, unless otherwise agreed by the Parties in writing.
- LIMITED WARRANTY. Each Party represents and warrants to the other Party that it has the right to enter into this Agreement, and that this Agreement constitutes a valid binding obligation of such Party, enforceable against such Party in accordance with its terms and does not conflict with or violate any agreements such Party has with any third party. EACH OF THE WIZ PRODUCTS AND PARTNER PRODUCTS IS PROVIDED “AS IS” WITHOUT WARRANTY AND EACH PARTY HEREBY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF PRODUCT LIABILITY, MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY ARISING FROM COURSE OF DEALING OR PERFORMANCE.
- CONFIDENTIALITY.
- Each Party and its Affiliates may have access to non-public information of the other Party or its Affiliates, in any form or media, including without limitation, trade secrets and other information related to the products, software, technology, intellectual property, testing results, data, know-how, customers or prospective customers or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). For the avoidance of doubt, the Wiz Integration API and all information in the Wiz Partner Portal including the Wiz Integration Documentation are Wiz’s Confidential Information. In addition, to the extent the Parties share information with each other regarding customers or prospective customers, such information, and the existence of such discussions between the Parties shall be treated as Confidential Information. The receiving Party’s obligations under this section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing party’s Confidential Information, as evidenced by written records.
- The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. Neither Party shall use or disclose the Confidential Information of the other Party except for as reasonably necessary for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party’s Confidential Information to its and/or its Affiliates’ respective employees, consultants, subcontractors and advisors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement and shall notify the other Party immediately upon becoming aware of any unauthorized access or use of the other Party’s Confidential Information. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing Party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement.
- Unless otherwise agreed by the Parties, upon (a) the disclosing Party’s request (but only if such Confidential Information is not required to exercise a right or perform an obligation under this Agreement); or, (b) in any event, termination or expiration of this Agreement, each Party will return or destroy (and certify such destruction upon request of the disclosing Party) the Confidential Information of the other Party, and all copies thereof, in its possession or control, except such Confidential Information as is necessary to continue performing any obligations or exercising any rights that survive termination or expiration of this Agreement or as otherwise required to comply with applicable laws. The obligation to return or destroy all copies of Confidential Information does not extend to automatically generated copies which may still exists on servers and back-ups for a reasonable period in line with industry standards provided that the receiving Party shall make no further use of those copies and that the confidentiality obligations herein shall continue to apply until the Confidential Information is fully destroyed.
- All Confidential Information and any derivatives thereof are and shall remain the exclusive property of the disclosing Party and no rights, interests or license, are granted or implied hereby to have been granted to the receiving Party. Each Party acknowledges and agrees that its products and services contain proprietary information and trade secrets of the owner of the products and services. Each Party will not use any Confidential Information that it gains through use or study of the other Party’s products and services to facilitate its or any third party’s development of any software programs or other products that would compete with the other Party’s products and services. Notwithstanding the foregoing, each Party hereby acknowledges and agrees that the other Party may currently or in the future be developing information internally, or receiving information from other parties, that is similar to the Confidential Information of the disclosing Party. Accordingly, nothing in this Agreement will be construed as a representation or agreement that either Party will not develop or have developed products, services, concepts, systems or techniques that are similar to or compete with the products, concepts, systems or techniques contemplated by or embodied in the Confidential Information, provided that the receiving Party does not violate any of its obligations under this Agreement in connection with such development.
- Each Party acknowledges that a breach by the other Party of any confidentiality or proprietary rights provision of this Agreement may cause the non-breaching Party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching Party may seek an action to enjoin the breaching Party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a Party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching Party may be entitled at law or in equity.
- INDEMNIFICATION.
- Each Party (“Indemnifying Party”) will indemnify, defend and hold harmless the other Party, its Affiliates, directors and employees (collectively “Indemnified Party”) against any and all claims made by any third parties and all related losses, liabilities, damages, costs and expenses (including without limitation reasonable attorneys’ fees) directly resulting from any such claims that Indemnified Party’s use of the Indemnifying Party’s Products or integration contemplated hereunder as authorized by this Agreement violates, misappropriates or infringes upon the patent, copyright, trademark, trade secret, or other proprietary rights of any third party.
- The Indemnified Party will promptly notify Indemnifying Party promptly of any such claims, suits, and proceedings in writing. Indemnifying Party will be given full and complete authority and information for the defense and settlement of the claim provided that Indemnifying Party will have no authority to enter into any settlement or compromise which imposes any obligation or admits any guilt on behalf of Indemnified Party without the prior written consent of Indemnified Party, which shall not be unreasonably withheld. At Indemnifying Party’s request, Indemnified Party will reasonably cooperate with Indemnifying Party in defending or settling any such action.
- Notwithstanding the foregoing, a Party will have no obligation under this section or otherwise with respect to any infringement claim to the extent based upon or it relates to: (i) any use of the other Party’s Products not in accordance with this Agreement or the relevant product documentation; (ii) any use of the other Party’s Products in combination with other products, hardware, equipment, software, or data not authorized in writing by such Party to be used with the technology; (iii) any modification of the other Party’s Products by any person other than other Party or its authorized agents or subcontractors; (iv) Indemnified Party’s gross negligence or willful misconduct, or (v) any refusal of Indemnified Party to use a non-infringing version of Product or integration contemplated hereunder or any part thereof (including any update, if such infringement could have been avoided by use of the most recent update) offered by Indemnifying Party at no cost to Indemnified Party. THIS SECTION STATES THE INDEMNIFYING PARTY’S ENTIRE LIABILITY AND THE INDEMNIFIED PARTY’S EXCLUSIVE REMEDY FOR INFRINGEMENT CLAIMS AND ACTIONS.
- LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (3) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) INDEMNIFICATION OBLIGATIONS IN THIS AGREEMENT, (3) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (4) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, THE MAXIMUM LIABILITY OF EACH PARTY FOR ALL DAMAGES OR ALLEGED DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, IS LIMITED TO, AND SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, USD $1,000.
- TERM AND TERMINATION.
- Term. Unless terminated earlier as provided herein, the Term of this Agreement shall be one (1) year and will automatically renew for consecutive one (1) year term(s) (together, the “Term”) unless otherwise terminated in accordance with this section.
- Termination for Convenience. This Agreement may be terminated for convenience by a Party providing the other Party thirty (30) days prior written notice. Any accrued rights and obligations will survive termination.
- Termination for Cause. Either Party may immediately terminate this Agreement upon notice to the other Party if the other Party: (i) materially breaches this Agreement and, to the extent such breach is curable, fails to cure such breach within 30 days after receiving notice of the breach from the other Party, or (ii) commences bankruptcy or dissolution proceedings, has a receiver appointed for a substantial part of its assets, or ceases to operate in the ordinary course of business. Any accrued rights and obligations will survive termination.
- Effect of termination. Upon expiration or termination of this Agreement (a) all rights and obligations granted to each Party by the other Party hereunder shall immediately cease; (b) neither Party shall have the right to represent itself as a partner of the other Party; (c) each Party shall remove all references of the other Party from its website and marketing materials, and shall cease all use of the other Party’s Marks; and (d) within thirty (30) days, each Party shall return to the other Party and destroy all Products or other materials in its possession or control that belong to the other Party and shall certify compliance with this section upon request.
- Survival. Sections 3 (Prohibited Uses), 4 (Title and Ownership), 8 (Expenses), 9 (Limited Warranty) 10 (Confidentiality), 11 (Indemnity), 12 (Limitation of Liability), 13 (Term and Termination) and 14 (Miscellaneous) shall survive termination or expiration of this Agreement
- MISCELLANEOUS.
- Relationship of Parties. The Parties expressly agree that they are independent contractors under this Agreement and no other relationship is intended, including without limitation a partnership, franchise, joint venture, agency, employer/employee, fiduciary, master/servant relationship, or other special relationship. Neither Party shall have any right or authority to assume, create, or incur any liability or any obligation on behalf of the other Party. Neither Party shall take any action that expresses or implies a relationship other than that of independent contractor.
- No Third Party Beneficiaries. Unless otherwise expressly provided, no provisions of this Agreement are intended or shall be construed to confer upon or give to any person or entity other than Partner and Wiz any rights, remedies or other benefits under or by reason of this Agreement.
- Notices. All notices which are required to be given pursuant to this Agreement shall be in writing and shall be sent by overnight courier to the address listed on page 1, with receipt acknowledged, or by email with an electronic proof of transmission. In respect of Wiz, notices may be sent by email to legalnotices@wiz.io. Notices shall be deemed to have been delivered at the time delivered by overnight courier and transmitted by email.
- Force Majeure. Nonperformance by either Party will be excused to the extent that performance is rendered impossible by strike, fire, flood, riots, terrorism, governmental acts or orders or restrictions, or any other reason where failure to perform is beyond the reasonable control of the nonperforming Party and not caused by the negligence of the nonperforming Party.
- Assignment. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates, provided in any event that the assignee or successor agrees to be bound by all of the terms and conditions of this Agreement. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns.
- Export. Each Party represents and warrants that such Party, its Affiliates, or any director or officer thereof, is not, and is not owned or controlled by individuals or entities that are: (i) the target of any sanctions administered or enforced by the U.S. Department of the Treasury Office of Foreign Asset Control (“OFAC”), the U.S. State Department or any other U.S. government agency or department, the United Nations Security Council, the European Union or Her Majesty Treasury and/or the target of any Israeli sanctions (collectively, “Sanctions”), or (ii) located, organized or resident in a country or territory that is the subject of comprehensive territorial Sanctions. Each Party acknowledges that any use of its Products and services (the “Product Usage”) may not be provided to or used by any person in any of the countries that are subject to comprehensive economic sanctions under the EAR, OFAC, or Israeli regulations, which currently include Crimea, Donetsk and Luhansk - regions of Ukraine, Cuba, Iran, North Korea, and Syria. Moreover, each Party shall not allow and fully restrict any usage relating to its Products and services from persons identified on any Sanctions list, including but not limited to OFAC’s Specially Designated Nationals and Blocked Parties List (the “SDN List”), entities owned 50% or more by any individuals or entities on the SDN List, or individuals or entities that are located in any comprehensively sanctioned country. Each Party shall be responsible for complying with all applicable laws in connection with its use of the Products including, but not limited to, U.S. Export Administration Regulations, any other export laws, restrictions, and regulations to ensure that the products and any technical data related thereto is not exported or re-exported, directly or indirectly, in violation of or used for any purposes prohibited by such laws and regulations.
- Compliance with Laws & Data Protection. Each Party will comply with its respective legal obligations in exercising its rights and performing its duties under this Agreement including complying with all applicable international, federal, state and local laws and regulations, including all applicable data privacy, data protection and data security laws and regulations. The Parties agree that, for the purposes of the GDPR and any equivalent data protection laws, there is no controller-processor relationship between Wiz and Partner with regards to either Party’s customers’ personal data shared via the integration contemplated hereunder or personal data of usersof the Wiz Partner Portal. In the event the Parties are required to enter into additional agreements to comply with applicable laws, including to put in place adequate data transfer mechanisms such as Standard Contractual Clauses, Partner agrees to execute such additional agreements as needed.
- Waiver, Severability and Modification. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable and will have no effect on the remainder of this Agreement. Any waiver, amendment or other modification of any provision of this Agreement will be effective only if in writing and signed by the Parties.
- Governing Law and Jurisdiction. This Agreement will be governed by and construed in accordance with the laws of New York, not including its law of conflicts of laws. The Parties irrevocably consent to the exclusive jurisdiction of the courts of Manhattan, New York, over any action, suit or proceeding arising hereunder.
- Entire Agreement. This Agreement, including all exhibits or terms that are incorporated herein by reference, constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous understandings or agreements, written or oral, regarding such subject matter, including prior non-disclosure agreements. Notwithstanding the foregoing, Wiz may make available other optional products, services, features or cooperation, which may be subject to additional terms to which Partner will be required to agree and to additional fees which Customer may be required to pay before being permitted to use such products, services, features or participate in such cooperation.
- Counterparts. This Agreement may be executed in electronic counterparts, each of which shall be an original and together which shall constitute one and the same instrument.
- If no Partner product has been identified above, then the presumption shall be that the Parties intend to achieve interoperability between the selected Wiz Products and any and all Partner Product(s). If a specific Partner product has been identified above, Wiz and Partner may mutually agree to integrate other Products which shall be subject to the terms of this Agreement. ↑
Effective October 29th 2023 to November 7th 2023
DownloadTable of Contents
- Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 (the “Wiz”); and
- the entity named in the box below (the “Partner”)
Partner Company Name | |
Registered Address | |
Partner Product for Integration[1] | |
Partner Contact | |
Partner Contact Email | |
Partner Technical Support Contact | |
Partner Technical Support Email |
- INTEROPERABILITY AND VALIDATION
- The Parties wish to achieve product interoperability and integration between the Wiz Cloud Security Platform (“Wiz Platform”) and the Partner Product(s) identified in the table on page 1 above (“Partner Products”) via the Wiz integration APIs made available by Wiz to Partner, (“Wiz Integration API” together with the Wiz Platform, the “Wiz Products”, the Wiz Products together with the Partner Products, shall be referred to as the “Products”). Following the Effective Date, Partner shall be granted access to the Wiz partner portal (“Wiz Partner Portal”) including the Wiz integration documentation which sets forth the technical requirements for building the integration (“Wiz Integration Documentation”) which shall be incorporated by reference to this Agreement and Partner agrees to adhere to the requirements set forth in such Wiz Integration Documentation.
- In order to obtain validation and certification by Wiz for such integration, Partner must complete the certification process as defined at https://www.wiz.io/integrations/apply, which shall include demonstration and testing of how the Partner Products operate with the Wiz Products. Within 90 days of the Effective Date, Partner shall provide Wiz with the queries that Partner shall use on top of the Wiz Integration API in order to allow Wiz to ensure that Partner’s use of the API queries meets Wiz’s Integration API best practices. If Partner does not complete the validation and certification within 90 days from the day Partner has been granted access to the Wiz Integration API or refuses to co-operate with Wiz, Wiz shall have the right to terminate this Agreement immediately upon written notice to Partner by email to the Partner contact email specified in the table on page 1 above.
- Interoperability validation shall be confirmed by Wiz in writing and shall only apply to the Partner Products that were tested in accordance with this section. Wiz reserves the right to reject Partner in its sole discretion if Partner does not meet Wiz’s criteria or for any other reason at Wiz’s discretion. If Partner conforms to Wiz’s criteria, Wiz shall certify Partner as “Certified”.
- Once successful product interoperability and integration has been achieved and Partner has been certified by Wiz, the Parties may engage in mutually agreed-upon sales and marketing activities for the purpose of identifying business opportunities for both Parties as further described in this Agreement and subject to section 6.5.
- If either Party releases a new version of a Product that requires revalidation of interoperability, the Parties shall work together to complete such testing of the new product version as required and each Party agrees to contribute reasonable technical resources for such purpose.
- Partner shall be responsible for supporting and maintaining the integration contemplated herein.
- Either Party may engage subcontractors and involve Affiliates to perform its obligations under this Agreement provided that each Party remains fully responsible and liable for the performance of its subcontractors and Affiliates. Each Party shall bind its subcontractors and Affiliates to terms and conditions necessary to ensure such subcontractor’s and Affiliate’s compliance with the duties and obligations in this Agreement.
- LIMITED LICENSE.
- License by Partner. Subject to the terms of this Agreement, Partner hereby grants to Wiz and its Affiliates a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Partner Products during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Product(s). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- License by Wiz. Subject to the terms of this Agreement, Wiz hereby grants to Partner a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Wiz Integration API and Wiz Integration Documentation during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Platform.
- Open Source. Any open source software that may be provided with either Party’s Products (including APIs) is licensed and distributed under the terms and conditions of the applicable open source software license accompanying the open source software or set forth in the open source licenses (“Open Source Terms”). Each Party may use such open source software pursuant to the Open Source Terms.
- PROHIBITED USES.
- Unless expressly permitted by a Party in writing in advance, a Party may not use the other Party’s Products for production or commercial purposes or to test or build a competitive product. For the avoidance of doubt, this Agreement governs all uses of each Party’s products by the other Party for the purposes of making the Products interoperable and supersedes any other license agreement, including any click-through terms on either Party’s websites or otherwise.
- Wiz and Partner each agree that they will not, and will not permit any third party to, without the other Party’s prior written consent in each case: (a) use the other Party’s Products in any manner not authorized by the applicable product documentation or applicable laws, or in a way that could create an unreasonable risk from a security or data privacy perspective, (b) distribute, lease, license, sublicense or otherwise disseminate the other Party’s Products to any third party (except as specifically allowed under this Agreement); (c) modify, enhance, create derivative works from, reverse engineer, disassemble, decompile or otherwise reduce the other Party’s Products to human-readable form or attempt to derive the source code, methodology, analysis, or results of the other Party’s Products; (d) use the other Party’s Products in a business production mode, as an end-use product, or use any third-party software embedded in or bundled with the other Party’s Product as a standalone program or in any way independently from other Party’s Product, as applicable; (e) reproduce or make more than a reasonable number of copies of the other Party’s Products; or (f) use the other Party’s Product for commercial purposes or to test a competitive product; (g) disclose, publish or otherwise make publicly available any benchmark, performance or comparison tests that a Party (or a third party contracted by the Party) runs on the other Party’s Products, in whole or in part; (h) remove, modify, or conceal any product identification, copyright, proprietary, intellectual property notices or other such marks on or within the other Party’s Product; (i) use the other Party’s Product to store or transmit infringing, libelous, or otherwise unlawful or tortious material, to store or transmit material in violation of third-party privacy or intellectual property rights, or to conduct any fraudulent or other unlawful activity; (j) interfere with, disrupt the integrity or performance of, or attempt to gain unauthorized access to the other Party’s Product, their related systems or networks, or any third-party data contained therein. Both Parties shall reproduce any copyright notices, legends and proprietary marking on any authorized copy of the other Party’s Products.
- In addition, Partner acknowledges and agrees that: (a) Partner shall only use Wiz’s official Integration APIs as provided in the Wiz Integration Documentation; and (b) it shall only provide access to the Wiz Partner Portal, Wiz Integration Documentation and Wiz Integration API to its employees or service providers on a need to know basis (“Permitted Users”). Partner will ensure that the Permitted Users comply with the terms of this Agreement and shall be fully responsible for any breach of this Agreement by a Permitted User. Partner and its Permitted Users shall not share user credentials to the Wiz Partner Portal with any third party and Partner shall promptly notify Wiz upon becoming aware of any breach of this section which shall be grounds for immediate termination of access to the Wiz Partner Portal and this Agreement by Wiz.
- Any rights not expressly granted herein are deemed reserved and neither Party shall make any other use of the other Party’s Products other than as expressly permitted in this Agreement.
- Wiz may refuse Partner’s access to Wiz Products and/or Wiz Integration Documentation and may delist the integration contemplated hereunder, where, acting reasonably and in good faith, Wiz knows or suspects that such access would violate the terms and conditions of this Agreement (including where Wiz knows or suspects that Partner may have been compromised by a malicious actor). In such circumstances, Wiz shall promptly inform Partner in writing of such refusal of access and/or delisting unless prohibited by applicable law or where Wiz reasonably believes that providing such notice poses a risk to the security of its customers or other Products. Wiz will promptly reinstate Partner’s access and use once the issue has been resolved.
- TITLE AND OWNERSHIP.
- Each Party acknowledges that the other Party and its licensors retain all right, title and interest in and to their respective Products including user manuals and other written materials for the Products and any other materials which are owned by either Party prior to beginning any work under this Agreement and which are not generated in the course of performing this Agreement, including any derivatives, enhancements, improvements or modifications thereof (together “Background Works”) and all intellectual property rights embodied in the Background Works. Except for the limited rights expressly granted herein, this Agreement does not transfer title of a Party’s Background Works from either Party to the other Party or to any third party, and all right, title and interest in and to either Parties’ Background Works will at all times remain solely and exclusively with the respective Party. Neither Party shall take any action inconsistent with such title and ownership.
- Subject to section 4.1 above, each Party shall own any developed work which is produced by that Party in order to fulfil the interoperation of the Party’s Products or otherwise to fulfil the objectives of this Agreement and such developed work shall not be deemed a “work made for hire”. Each Party hereby grants to the other Party a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use any of such developed work solely for purposes of and to the extent necessary to perform its obligations under this Agreement during the Term of this Agreement. Notwithstanding the foregoing, if the Parties or each Party develops such works pursuant to Open Source Terms, then such works will be licensed under the applicable Open Source Terms.
- During the course of their relationship, each Party may have opportunity to provide feedback to the other Party regarding the other Party’s Products. Each Party hereby assigns to the other Party all rights, title to and interest to such feedback it supplies to the other Party, including all intellectual property rights therein, provided that such feedback shall not contain any Confidential Information of the other Party. Each Party agrees to assist the other with and sign any and all documentation to secure those rights.
- SUPPORT. Each Party shall provide support for its own Product to its own customers according to such Party’s standard business practices. Notwithstanding the foregoing, the Parties agree to work together to jointly resolve any integration issues identified by mutual customers. Partner agrees to provide support during normal business hours to Wiz or mutual customers with issues concerning interoperability of the Products and agrees to respond to any support requests from Wiz or mutual customers within 3 business days of receipt. Any support provided herein shall be at no cost to either Party. Partner’s point of contact for such support requests is set out in the table on page 1.
- JOINT MARKETING AND SALES ACTIVITIES.
- Once interoperability has been achieved, the Parties may jointly develop a marketing and promotions plan (the “Marketing Plan”) including to notify each other’s customers of the relationship between the Parties and develop qualified sales opportunities. The Marketing Plan must be mutually agreed by both Parties in writing prior to either Party taking any action and each Party will use commercially reasonable efforts to implement the Marketing Plan.
- In furtherance of marketing the Products and services of the other Party, each Party shall:
- Avoid deceptive, misleading, misrepresentative, illegal, or unethical practices that may be detrimental to the other Party or to the Products and services of such other Party;
- Not make any representations, warranties, or guarantees to customers concerning the other Party’s Products or services that are inconsistent with or in addition to those made in this Agreement or the Marketing Plan; and
- Comply with all applicable international, federal, state and local laws and regulations, including privacy and data protection laws, in performing marketing activities and its duties with respect to its own Products and services.
- Each Party shall obtain the other Party’s prior written approval in each case for all publicity concerning the other Party including, but not limited to, any press release, marketing statements or sales materials.
- Notwithstanding the foregoing, it is agreed and understood that either Party shall have unrestricted rights to pursue any business or sales opportunity alone or with any third parties. The Parties agree that this Agreement does not authorize or require either Party to sell the other Party’s Products. The Parties agree that neither Party shall earn or pay any type of commission or revenue share or other compensation in connection with sales referrals made under this Agreement unless mutually agreed by the Parties in writing.
- To the extent that the Parties share or disclose personal data or information of potential or actual customers (“Prospect Information”) with each other in connection with joint marketing activities under this Agreement: (i) the Privacy Addendum set forth at https://www.wiz.io/legal/privacy-addendum shall apply; (ii) each Party will treat Prospect Information provided by the other as Confidential Information; and (iii) will only share or use such Prospect Information under this Agreement in accordance with the Agreement and applicable laws, including privacy and data protection laws. Without limiting the foregoing, each Party will be solely responsible for any Prospect Information it elects to provide to the other Party, including providing any required notices to, and receiving any required consents and authorizations from, the prospects, customers and individuals that are the subjects of such Prospect Information.
- TRADEMARK LICENSE.
- Subject to the terms of this Agreement and any additional policies and instructions identified by a Party with respect to the use of its Marks, once validation and certification has been confirmed by Wiz to Partner in writing, each Party grants to the other Party and its Affiliates a limited, revocable, non-exclusive, non-transferable, royalty-free license for the Term of this Agreement to use the other Party’s trademarks, trade names and/or logos (“Marks”) solely in connection with the integration of the Party’s Products in accordance with this Agreement.
- Each Party maintains exclusive title to its Marks and retains all rights not explicitly granted by the Agreement. Neither Party will: (i) challenge or take any action which interferes with the other Party’s rights in its Marks; (ii) directly or indirectly use any Marks or any mark or name confusingly similar to any Marks of the other Party, as part of its business names or in any manner except as explicitly authorized by the other Party; (iii) register or attempt to register any trademark, any part of trademark, or any mark or name confusingly similar to any of the other Party’s Marks. Each Party shall have the right to object to and thereby prohibit the use of its Marks on or in any materials at any time in its sole discretion, provided that if Partner prohibits the use of its Marks by Wiz after certification has been achieved, Wiz shall not be obligated to provide Partner with any support and may, at its discretion, terminate this Agreement immediately upon written notice to Partner by email. If the Party owning the Marks notifies the other Party that the use of the Marks is not in compliance with the Mark owner’s policies or is otherwise in breach of this Agreement, then the Party using the Marks will promptly take such reasonable corrective action as directed by the Mark owner. All of the benefit and goodwill associated with the use of the Marks will inure entirely to the Mark owner. Either Party may terminate its trademark license if, in its reasonable discretion, the other Party’s use of one or more of its Marks tarnishes, blurs or dilutes the quality associated with the Marks or the associated goodwill.
- EXPENSES. Each Party shall bear its own costs and expenses incurred in performing its obligations under this Agreement, unless otherwise agreed by the Parties in writing.
- LIMITED WARRANTY. Each Party represents and warrants to the other Party that it has the right to enter into this Agreement, and that this Agreement constitutes a valid binding obligation of such Party, enforceable against such Party in accordance with its terms and does not conflict with or violate any agreements such Party has with any third party. EACH OF THE WIZ PRODUCTS AND PARTNER PRODUCTS IS PROVIDED “AS IS” WITHOUT WARRANTY AND EACH PARTY HEREBY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF PRODUCT LIABILITY, MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY ARISING FROM COURSE OF DEALING OR PERFORMANCE.
- CONFIDENTIALITY.
- Each Party and its Affiliates may have access to non-public information of the other Party or its Affiliates, in any form or media, including without limitation, trade secrets and other information related to the products, software, technology, intellectual property, testing results, data, know-how, customers or prospective customers or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). For the avoidance of doubt, the Wiz Integration API and all information in the Wiz Partner Portal including the Wiz Integration Documentation are Wiz’s Confidential Information. In addition, to the extent the Parties share information with each other regarding customers or prospective customers, such information, and the existence of such discussions between the Parties shall be treated as Confidential Information. The receiving Party’s obligations under this section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing party’s Confidential Information, as evidenced by written records.
- The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. Neither Party shall use or disclose the Confidential Information of the other Party except for as reasonably necessary for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party’s Confidential Information to its and/or its Affiliates’ respective employees, consultants, subcontractors and advisors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement and shall notify the other Party immediately upon becoming aware of any unauthorized access or use of the other Party’s Confidential Information. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing Party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement.
- Unless otherwise agreed by the Parties, upon (a) the disclosing Party’s request (but only if such Confidential Information is not required to exercise a right or perform an obligation under this Agreement); or, (b) in any event, termination or expiration of this Agreement, each Party will return or destroy (and certify such destruction upon request of the disclosing Party) the Confidential Information of the other Party, and all copies thereof, in its possession or control, except such Confidential Information as is necessary to continue performing any obligations or exercising any rights that survive termination or expiration of this Agreement or as otherwise required to comply with applicable laws. The obligation to return or destroy all copies of Confidential Information does not extend to automatically generated copies which may still exists on servers and back-ups for a reasonable period in line with industry standards provided that the receiving Party shall make no further use of those copies and that the confidentiality obligations herein shall continue to apply until the Confidential Information is fully destroyed.
- All Confidential Information and any derivatives thereof are and shall remain the exclusive property of the disclosing Party and no rights, interests or license, are granted or implied hereby to have been granted to the receiving Party. Each Party acknowledges and agrees that its products and services contain proprietary information and trade secrets of the owner of the products and services. Each Party will not use any Confidential Information that it gains through use or study of the other Party’s products and services to facilitate its or any third party’s development of any software programs or other products that would compete with the other Party’s products and services. Notwithstanding the foregoing, each Party hereby acknowledges and agrees that the other Party may currently or in the future be developing information internally, or receiving information from other parties, that is similar to the Confidential Information of the disclosing Party. Accordingly, nothing in this Agreement will be construed as a representation or agreement that either Party will not develop or have developed products, services, concepts, systems or techniques that are similar to or compete with the products, concepts, systems or techniques contemplated by or embodied in the Confidential Information, provided that the receiving Party does not violate any of its obligations under this Agreement in connection with such development.
- Each Party acknowledges that a breach by the other Party of any confidentiality or proprietary rights provision of this Agreement may cause the non-breaching Party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching Party may seek an action to enjoin the breaching Party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a Party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching Party may be entitled at law or in equity.
- INDEMNIFICATION.
- Each Party (“Indemnifying Party”) will indemnify, defend and hold harmless the other Party, its Affiliates, directors and employees (collectively “Indemnified Party”) against any and all claims made by any third parties and all related losses, liabilities, damages, costs and expenses (including without limitation reasonable attorneys’ fees) directly resulting from any such claims that Indemnified Party’s use of the Indemnifying Party’s Products or integration contemplated hereunder as authorized by this Agreement violates, misappropriates or infringes upon the patent, copyright, trademark, trade secret, or other proprietary rights of any third party.
- The Indemnified Party will promptly notify Indemnifying Party promptly of any such claims, suits, and proceedings in writing. Indemnifying Party will be given full and complete authority and information for the defense and settlement of the claim provided that Indemnifying Party will have no authority to enter into any settlement or compromise which imposes any obligation or admits any guilt on behalf of Indemnified Party without the prior written consent of Indemnified Party, which shall not be unreasonably withheld. At Indemnifying Party’s request, Indemnified Party will reasonably cooperate with Indemnifying Party in defending or settling any such action.
- Notwithstanding the foregoing, a Party will have no obligation under this section or otherwise with respect to any infringement claim to the extent based upon or it relates to: (i) any use of the other Party’s Products not in accordance with this Agreement or the relevant product documentation; (ii) any use of the other Party’s Products in combination with other products, hardware, equipment, software, or data not authorized in writing by such Party to be used with the technology; (iii) any modification of the other Party’s Products by any person other than other Party or its authorized agents or subcontractors; (iv) Indemnified Party’s gross negligence or willful misconduct, or (v) any refusal of Indemnified Party to use a non-infringing version of Product or integration contemplated hereunder or any part thereof (including any update, if such infringement could have been avoided by use of the most recent update) offered by Indemnifying Party at no cost to Indemnified Party. THIS SECTION STATES THE INDEMNIFYING PARTY’S ENTIRE LIABILITY AND THE INDEMNIFIED PARTY’S EXCLUSIVE REMEDY FOR INFRINGEMENT CLAIMS AND ACTIONS.
- LIMITATION OF LIABILITY.
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (3) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) INDEMNIFICATION OBLIGATIONS IN THIS AGREEMENT, (3) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (4) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, THE MAXIMUM LIABILITY OF EACH PARTY FOR ALL DAMAGES OR ALLEGED DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, IS LIMITED TO, AND SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, USD $1,000.
- TERM AND TERMINATION.
- Term. Unless terminated earlier as provided herein, the Term of this Agreement shall be one (1) year and will automatically renew for consecutive one (1) year term(s) (together, the “Term”) unless otherwise terminated in accordance with this section.
- Termination for Convenience. This Agreement may be terminated for convenience by a Party providing the other Party thirty (30) days prior written notice. Any accrued rights and obligations will survive termination.
- Termination for Cause. Either Party may immediately terminate this Agreement upon notice to the other Party if the other Party: (i) materially breaches this Agreement and, to the extent such breach is curable, fails to cure such breach within 30 days after receiving notice of the breach from the other Party, or (ii) commences bankruptcy or dissolution proceedings, has a receiver appointed for a substantial part of its assets, or ceases to operate in the ordinary course of business. Any accrued rights and obligations will survive termination.
- Effect of termination. Upon expiration or termination of this Agreement (a) all rights and obligations granted to each Party by the other Party hereunder shall immediately cease; (b) neither Party shall have the right to represent itself as a partner of the other Party; (c) each Party shall remove all references of the other Party from its website and marketing materials, and shall cease all use of the other Party’s Marks; and (d) within thirty (30) days, each Party shall return to the other Party and destroy all Products or other materials in its possession or control that belong to the other Party and shall certify compliance with this section upon request.
- Survival. Sections 3 (Prohibited Uses), 4 (Title and Ownership), 8 (Expenses), 9 (Limited Warranty) 10 (Confidentiality), 11 (Indemnity), 12 (Limitation of Liability), 13 (Term and Termination) and 14 (Miscellaneous) shall survive termination or expiration of this Agreement
- MISCELLANEOUS.
- Relationship of Parties. The Parties expressly agree that they are independent contractors under this Agreement and no other relationship is intended, including without limitation a partnership, franchise, joint venture, agency, employer/employee, fiduciary, master/servant relationship, or other special relationship. Neither Party shall have any right or authority to assume, create, or incur any liability or any obligation on behalf of the other Party. Neither Party shall take any action that expresses or implies a relationship other than that of independent contractor.
- No Third Party Beneficiaries. Unless otherwise expressly provided, no provisions of this Agreement are intended or shall be construed to confer upon or give to any person or entity other than Partner and Wiz any rights, remedies or other benefits under or by reason of this Agreement.
- Notices. All notices which are required to be given pursuant to this Agreement shall be in writing and shall be sent by overnight courier to the address listed on page 1, with receipt acknowledged, or by email with an electronic proof of transmission. In respect of Wiz, notices may be sent by email to legalnotices@wiz.io. Notices shall be deemed to have been delivered at the time delivered by overnight courier and transmitted by email.
- Force Majeure. Nonperformance by either Party will be excused to the extent that performance is rendered impossible by strike, fire, flood, riots, terrorism, governmental acts or orders or restrictions, or any other reason where failure to perform is beyond the reasonable control of the nonperforming Party and not caused by the negligence of the nonperforming Party.
- Assignment. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates, provided in any event that the assignee or successor agrees to be bound by all of the terms and conditions of this Agreement. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns.
- Export. Each Party represents and warrants that such Party, its Affiliates, or any director or officer thereof, is, or is owned or controlled by individuals or entities that are: (i) the target of any sanctions administered or enforced by the U.S. Department of the Treasury Office of Foreign Asset Control (“OFAC”), the U.S. State Department or any other U.S. government agency or department, the United Nations Security Council, the European Union or Her Majesty Treasury and/or the target of any Israeli sanctions (collectively, “Sanctions”), or (ii) located, organized or resident in a country or territory that is the subject of comprehensive territorial Sanctions. Each Party acknowledges that any use of its Products and services (the “Product Usage”) may not be provided to or used by any person in any of the countries that are subject to comprehensive economic sanctions under the EAR, OFAC, or Israeli regulations, which currently include Crimea, Donetsk and Luhansk - regions of Ukraine, Cuba, Iran, North Korea, and Syria. Moreover, each Party shall not allow and fully restrict any usage relating to its Products and services from persons identified on any Sanctions list, including but not limited to OFAC’s Specially Designated Nationals and Blocked Parties List (the “SDN List”), entities owned 50% or more by any individuals or entities on the SDN List, or individuals or entities that are located in any comprehensively sanctioned country. Each Party shall be responsible for complying with all applicable laws in connection with its use of the Products including, but not limited to, U.S. Export Administration Regulations, any other export laws, restrictions, and regulations to ensure that the products and any technical data related thereto is not exported or re-exported, directly or indirectly, in violation of or used for any purposes prohibited by such laws and regulations.
- Compliance with Laws & Data Protection. Each Party will comply with its respective legal obligations in exercising its rights and performing its duties under this Agreement including complying with all applicable international, federal, state and local laws and regulations, including all applicable data privacy, data protection and data security laws and regulations. The Parties agree that, for the purposes of the GDPR and any equivalent data protection laws, there is no controller-processor relationship between Wiz and Partner with regards to either Party’s customers’ personal data shared via the integration contemplated hereunder or personal data of usersof the Wiz Partner Portal. In the event the Parties are required to enter into additional agreements to comply with applicable laws, including to put in place adequate data transfer mechanisms such as Standard Contractual Clauses, Partner agrees to execute such additional agreements as needed.
- Waiver, Severability and Modification. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable and will have no effect on the remainder of this Agreement. Any waiver, amendment or other modification of any provision of this Agreement will be effective only if in writing and signed by the Parties.
- Governing Law and Jurisdiction. This Agreement will be governed by and construed in accordance with the laws of New York, not including its law of conflicts of laws. The Parties irrevocably consent to the exclusive jurisdiction of the courts of Manhattan, New York, over any action, suit or proceeding arising hereunder.
- Entire Agreement. This Agreement, including all exhibits or terms that are incorporated herein by reference, constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous understandings or agreements, written or oral, regarding such subject matter, including prior non-disclosure agreements. Notwithstanding the foregoing, Wiz may make available other optional products, services, features or cooperation, which may be subject to additional terms to which Partner will be required to agree and to additional fees which Customer may be required to pay before being permitted to use such products, services, features or participate in such cooperation.
- Counterparts. This Agreement may be executed in electronic counterparts, each of which shall be an original and together which shall constitute one and the same instrument.
Effective October 29th 2023 to October 29th 2023
DownloadTable of Contents
- Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 (the “Wiz”); and
- the entity named in the box below (the “Partner”)
Partner Company Name | |
Registered Address | |
Partner Product for Integration[1] | |
Partner Contact | |
Partner Contact Email | |
Partner Technical Support Contact | |
Partner Technical Support Email |
- INTEROPERABILITY AND VALIDATION
- The Parties wish to achieve product interoperability and integration between the Wiz Cloud Security Platform (“Wiz Platform”) and the Partner Product(s) identified in the table on page 1 above (“Partner Products”) via the Wiz integration APIs made available by Wiz to Partner, (“Wiz Integration API” together with the Wiz Platform, the “Wiz Products”, the Wiz Products together with the Partner Products, shall be referred to as the “Products”). Following the Effective Date, Partner shall be granted access to the Wiz partner portal (“Wiz Partner Portal”) including the Wiz integration documentation which sets forth the technical requirements for building the integration (“Wiz Integration Documentation”) which shall be incorporated by reference to this Agreement and Partner agrees to adhere to the requirements set forth in such Wiz Integration Documentation.
- In order to obtain validation and certification by Wiz for such integration, Partner must complete the certification process as defined at https://www.wiz.io/integrations/apply, which shall include demonstration and testing of how the Partner Products operate with the Wiz Products. Within 90 days of the Effective Date, Partner shall provide Wiz with the queries that Partner shall use on top of the Wiz Integration API in order to allow Wiz to ensure that Partner’s use of the API queries meets Wiz’s Integration API best practices. If Partner does not complete the validation and certification within 90 days from the day Partner has been granted access to the Wiz Integration API or refuses to co-operate with Wiz, Wiz shall have the right to terminate this Agreement immediately upon written notice to Partner by email to the Partner contact email specified in the table on page 1 above.
- Interoperability validation shall be confirmed by Wiz in writing and shall only apply to the Partner Products that were tested in accordance with this section. Wiz reserves the right to reject Partner in its sole discretion if Partner does not meet Wiz’s criteria or for any other reason at Wiz’s discretion. If Partner conforms to Wiz’s criteria, Wiz shall certify Partner as “Certified”.
- Once successful product interoperability and integration has been achieved and Partner has been certified by Wiz, the Parties may engage in mutually agreed-upon sales and marketing activities for the purpose of identifying business opportunities for both Parties as further described in this Agreement and subject to section 6.5.
- If either Party releases a new version of a Product that requires revalidation of interoperability, the Parties shall work together to complete such testing of the new product version as required and each Party agrees to contribute reasonable technical resources for such purpose.
- Partner shall be responsible for supporting and maintaining the integration contemplated herein.
- Either Party may engage subcontractors and involve Affiliates to perform its obligations under this Agreement provided that each Party remains fully responsible and liable for the performance of its subcontractors and Affiliates. Each Party shall bind its subcontractors and Affiliates to terms and conditions necessary to ensure such subcontractor’s and Affiliate’s compliance with the duties and obligations in this Agreement.
- LIMITED LICENSE.
- License by Partner. Subject to the terms of this Agreement, Partner hereby grants to Wiz and its Affiliates a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Partner Products during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Product(s). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- License by Wiz. Subject to the terms of this Agreement, Wiz hereby grants to Partner a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Wiz Integration API and Wiz Integration Documentation during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Platform.
- Open Source. Any open source software that may be provided with either Party’s Products (including APIs) is licensed and distributed under the terms and conditions of the applicable open source software license accompanying the open source software or set forth in the open source licenses (“Open Source Terms”). Each Party may use such open source software pursuant to the Open Source Terms.
- PROHIBITED USES.
- Unless expressly permitted by a Party in writing in advance, a Party may not use the other Party’s Products for production or commercial purposes or to test or build a competitive product. For the avoidance of doubt, this Agreement governs all uses of each Party’s products by the other Party for the purposes of making the Products interoperable and supersedes any other license agreement, including any click-through terms on either Party’s websites or otherwise.
- Wiz and Partner each agree that they will not, and will not permit any third party to, without the other Party’s prior written consent in each case: (a) use the other Party’s Products in any manner not authorized by the applicable product documentation or applicable laws, or in a way that could create an unreasonable risk from a security or data privacy perspective, (b) distribute, lease, license, sublicense or otherwise disseminate the other Party’s Products to any third party (except as specifically allowed under this Agreement); (c) modify, enhance, create derivative works from, reverse engineer, disassemble, decompile or otherwise reduce the other Party’s Products to human-readable form or attempt to derive the source code, methodology, analysis, or results of the other Party’s Products; (d) use the other Party’s Products in a business production mode, as an end-use product, or use any third-party software embedded in or bundled with the other Party’s Product as a standalone program or in any way independently from other Party’s Product, as applicable; (e) reproduce or make more than a reasonable number of copies of the other Party’s Products; or (f) use the other Party’s Product for commercial purposes or to test a competitive product; (g) disclose, publish or otherwise make publicly available any benchmark, performance or comparison tests that a Party (or a third party contracted by the Party) runs on the other Party’s Products, in whole or in part; (h) remove, modify, or conceal any product identification, copyright, proprietary, intellectual property notices or other such marks on or within the other Party’s Product; (i) use the other Party’s Product to store or transmit infringing, libelous, or otherwise unlawful or tortious material, to store or transmit material in violation of third-party privacy or intellectual property rights, or to conduct any fraudulent or other unlawful activity; (j) interfere with, disrupt the integrity or performance of, or attempt to gain unauthorized access to the other Party’s Product, their related systems or networks, or any third-party data contained therein. Both Parties shall reproduce any copyright notices, legends and proprietary marking on any authorized copy of the other Party’s Products.
- In addition, Partner acknowledges and agrees that: (a) Partner shall only use Wiz’s official Integration APIs as provided in the Wiz Integration Documentation; and (b) it shall only provide access to the Wiz Partner Portal, Wiz Integration Documentation and Wiz Integration API to its employees or service providers on a need to know basis (“Permitted Users”). Partner will ensure that the Permitted Users comply with the terms of this Agreement and shall be fully responsible for any breach of this Agreement by a Permitted User. Partner and its Permitted Users shall not share user credentials to the Wiz Partner Portal with any third party and Partner shall promptly notify Wiz upon becoming aware of any breach of this section which shall be grounds for immediate termination of access to the Wiz Partner Portal and this Agreement by Wiz.
- Any rights not expressly granted herein are deemed reserved and neither Party shall make any other use of the other Party’s Products other than as expressly permitted in this Agreement.
- Wiz may refuse Partner’s access to Wiz Products and/or Wiz Integration Documentation and may delist the integration contemplated hereunder, where, acting reasonably and in good faith, Wiz knows or suspects that such access would violate the terms and conditions of this Agreement (including where Wiz knows or suspects that Partner may have been compromised by a malicious actor). In such circumstances, Wiz shall promptly inform Partner in writing of such refusal of access and/or delisting unless prohibited by applicable law or where Wiz reasonably believes that providing such notice poses a risk to the security of its customers or other Products. Wiz will promptly reinstate Partner’s access and use once the issue has been resolved.
- TITLE AND OWNERSHIP.
- Each Party acknowledges that the other Party and its licensors retain all right, title and interest in and to their respective Products including user manuals and other written materials for the Products and any other materials which are owned by either Party prior to beginning any work under this Agreement and which are not generated in the course of performing this Agreement, including any derivatives, enhancements, improvements or modifications thereof (together “Background Works”) and all intellectual property rights embodied in the Background Works. Except for the limited rights expressly granted herein, this Agreement does not transfer title of a Party’s Background Works from either Party to the other Party or to any third party, and all right, title and interest in and to either Parties’ Background Works will at all times remain solely and exclusively with the respective Party. Neither Party shall take any action inconsistent with such title and ownership.
- Subject to section 4.1 above, each Party shall own any developed work which is produced by that Party in order to fulfil the interoperation of the Party’s Products or otherwise to fulfil the objectives of this Agreement and such developed work shall not be deemed a “work made for hire”. Each Party hereby grants to the other Party a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use any of such developed work solely for purposes of and to the extent necessary to perform its obligations under this Agreement during the Term of this Agreement. Notwithstanding the foregoing, if the Parties or each Party develops such works pursuant to Open Source Terms, then such works will be licensed under the applicable Open Source Terms.
- During the course of their relationship, each Party may have opportunity to provide feedback to the other Party regarding the other Party’s Products. Each Party hereby assigns to the other Party all rights, title to and interest to such feedback it supplies to the other Party, including all intellectual property rights therein, provided that such feedback shall not contain any Confidential Information of the other Party. Each Party agrees to assist the other with and sign any and all documentation to secure those rights.
- SUPPORT. Each Party shall provide support for its own Product to its own customers according to such Party’s standard business practices. Notwithstanding the foregoing, the Parties agree to work together to jointly resolve any integration issues identified by mutual customers. Partner agrees to provide support during normal business hours to Wiz or mutual customers with issues concerning interoperability of the Products and agrees to respond to any support requests from Wiz or mutual customers within 3 business days of receipt. Any support provided herein shall be at no cost to either Party. Partner’s point of contact for such support requests is set out in the table on page 1.
- JOINT MARKETING AND SALES ACTIVITIES.
- Once interoperability has been achieved, the Parties may jointly develop a marketing and promotions plan (the “Marketing Plan”) including to notify each other’s customers of the relationship between the Parties and develop qualified sales opportunities. The Marketing Plan must be mutually agreed by both Parties in writing prior to either Party taking any action and each Party will use commercially reasonable efforts to implement the Marketing Plan.
- In furtherance of marketing the Products and services of the other Party, each Party shall:
- Avoid deceptive, misleading, misrepresentative, illegal, or unethical practices that may be detrimental to the other Party or to the Products and services of such other Party;
- Not make any representations, warranties, or guarantees to customers concerning the other Party’s Products or services that are inconsistent with or in addition to those made in this Agreement or the Marketing Plan; and
- Comply with all applicable international, federal, state and local laws and regulations, including privacy and data protection laws, in performing marketing activities and its duties with respect to its own Products and services.
- Each Party shall obtain the other Party’s prior written approval in each case for all publicity concerning the other Party including, but not limited to, any press release, marketing statements or sales materials.
- Notwithstanding the foregoing, it is agreed and understood that either Party shall have unrestricted rights to pursue any business or sales opportunity alone or with any third parties. The Parties agree that this Agreement does not authorize or require either Party to sell the other Party’s Products. The Parties agree that neither Party shall earn or pay any type of commission or revenue share or other compensation in connection with sales referrals made under this Agreement unless mutually agreed by the Parties in writing.
- To the extent that the Parties share or disclose personal data or information of potential or actual customers (“Prospect Information”) with each other in connection with joint marketing activities under this Agreement: (i) the Privacy Addendum set forth at https://www.wiz.io/legal/privacy-addendum shall apply; (ii) each Party will treat Prospect Information provided by the other as Confidential Information; and (iii) will only share or use such Prospect Information under this Agreement in accordance with the Agreement and applicable laws, including privacy and data protection laws. Without limiting the foregoing, each Party will be solely responsible for any Prospect Information it elects to provide to the other Party, including providing any required notices to, and receiving any required consents and authorizations from, the prospects, customers and individuals that are the subjects of such Prospect Information.
- TRADEMARK LICENSE.
- Subject to the terms of this Agreement and any additional policies and instructions identified by a Party with respect to the use of its Marks, once validation and certification has been confirmed by Wiz to Partner in writing, each Party grants to the other Party and its Affiliates a limited, revocable, non-exclusive, non-transferable, royalty-free license for the Term of this Agreement to use the other Party’s trademarks, trade names and/or logos (“Marks”) solely in connection with the integration of the Party’s Products in accordance with this Agreement.
- Each Party maintains exclusive title to its Marks and retains all rights not explicitly granted by the Agreement. Neither Party will: (i) challenge or take any action which interferes with the other Party’s rights in its Marks; (ii) directly or indirectly use any Marks or any mark or name confusingly similar to any Marks of the other Party, as part of its business names or in any manner except as explicitly authorized by the other Party; (iii) register or attempt to register any trademark, any part of trademark, or any mark or name confusingly similar to any of the other Party’s Marks. Each Party shall have the right to object to and thereby prohibit the use of its Marks on or in any materials at any time in its sole discretion, provided that if Partner prohibits the use of its Marks by Wiz after certification has been achieved, Wiz shall not be obligated to provide Partner with any support and may, at its discretion, terminate this Agreement immediately upon written notice to Partner by email. If the Party owning the Marks notifies the other Party that the use of the Marks is not in compliance with the Mark owner’s policies or is otherwise in breach of this Agreement, then the Party using the Marks will promptly take such reasonable corrective action as directed by the Mark owner. All of the benefit and goodwill associated with the use of the Marks will inure entirely to the Mark owner. Either Party may terminate its trademark license if, in its reasonable discretion, the other Party’s use of one or more of its Marks tarnishes, blurs or dilutes the quality associated with the Marks or the associated goodwill.
- EXPENSES. Each Party shall bear its own costs and expenses incurred in performing its obligations under this Agreement, unless otherwise agreed by the Parties in writing.
- LIMITED WARRANTY. Each Party represents and warrants to the other Party that it has the right to enter into this Agreement, and that this Agreement constitutes a valid binding obligation of such Party, enforceable against such Party in accordance with its terms and does not conflict with or violate any agreements such Party has with any third party. EACH OF THE WIZ PRODUCTS AND PARTNER PRODUCTS IS PROVIDED “AS IS” WITHOUT WARRANTY AND EACH PARTY HEREBY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF PRODUCT LIABILITY, MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY ARISING FROM COURSE OF DEALING OR PERFORMANCE.
- CONFIDENTIALITY.
- Each Party and its Affiliates may have access to non-public information of the other Party or its Affiliates, in any form or media, including without limitation, trade secrets and other information related to the products, software, technology, intellectual property, testing results, data, know-how, customers or prospective customers or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). For the avoidance of doubt, the Wiz Integration API and all information in the Wiz Partner Portal including the Wiz Integration Documentation are Wiz’s Confidential Information. In addition, to the extent the Parties share information with each other regarding customers or prospective customers, such information, and the existence of such discussions between the Parties shall be treated as Confidential Information. The receiving Party’s obligations under this section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing party’s Confidential Information, as evidenced by written records.
- The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. Neither Party shall use or disclose the Confidential Information of the other Party except for as reasonably necessary for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party’s Confidential Information to its and/or its Affiliates’ respective employees, consultants, subcontractors and advisors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement and shall notify the other Party immediately upon becoming aware of any unauthorized access or use of the other Party’s Confidential Information. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing Party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement.
- Unless otherwise agreed by the Parties, upon (a) the disclosing Party’s request (but only if such Confidential Information is not required to exercise a right or perform an obligation under this Agreement); or, (b) in any event, termination or expiration of this Agreement, each Party will return or destroy (and certify such destruction upon request of the disclosing Party) the Confidential Information of the other Party, and all copies thereof, in its possession or control, except such Confidential Information as is necessary to continue performing any obligations or exercising any rights that survive termination or expiration of this Agreement or as otherwise required to comply with applicable laws. The obligation to return or destroy all copies of Confidential Information does not extend to automatically generated copies which may still exists on servers and back-ups for a reasonable period in line with industry standards provided that the receiving Party shall make no further use of those copies and that the confidentiality obligations herein shall continue to apply until the Confidential Information is fully destroyed.
- All Confidential Information and any derivatives thereof are and shall remain the exclusive property of the disclosing Party and no rights, interests or license, are granted or implied hereby to have been granted to the receiving Party. Each Party acknowledges and agrees that its products and services contain proprietary information and trade secrets of the owner of the products and services. Each Party will not use any Confidential Information that it gains through use or study of the other Party’s products and services to facilitate its or any third party’s development of any software programs or other products that would compete with the other Party’s products and services. Notwithstanding the foregoing, each Party hereby acknowledges and agrees that the other Party may currently or in the future be developing information internally, or receiving information from other parties, that is similar to the Confidential Information of the disclosing Party. Accordingly, nothing in this Agreement will be construed as a representation or agreement that either Party will not develop or have developed products, services, concepts, systems or techniques that are similar to or compete with the products, concepts, systems or techniques contemplated by or embodied in the Confidential Information, provided that the receiving Party does not violate any of its obligations under this Agreement in connection with such development.
- Each Party acknowledges that a breach by the other Party of any confidentiality or proprietary rights provision of this Agreement may cause the non-breaching Party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching Party may seek an action to enjoin the breaching Party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a Party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching Party may be entitled at law or in equity.
- INDEMNIFICATION.
- Each Party (“Indemnifying Party”) will indemnify, defend and hold harmless the other Party, its Affiliates, directors and employees (collectively “Indemnified Party”) against any and all claims made by any third parties and all related losses, liabilities, damages, costs and expenses (including without limitation reasonable attorneys’ fees) directly resulting from any such claims that Indemnified Party’s use of the Indemnifying Party’s Products or integration contemplated hereunder as authorized by this Agreement violates, misappropriates or infringes upon the patent, copyright, trademark, trade secret, or other proprietary rights of any third party.
- The Indemnified Party will promptly notify Indemnifying Party promptly of any such claims, suits, and proceedings in writing. Indemnifying Party will be given full and complete authority and information for the defense and settlement of the claim provided that Indemnifying Party will have no authority to enter into any settlement or compromise which imposes any obligation or admits any guilt on behalf of Indemnified Party without the prior written consent of Indemnified Party, which shall not be unreasonably withheld. At Indemnifying Party’s request, Indemnified Party will reasonably cooperate with Indemnifying Party in defending or settling any such action.
- Notwithstanding the foregoing, a Party will have no obligation under this section or otherwise with respect to any infringement claim to the extent based upon or it relates to: (i) any use of the other Party’s Products not in accordance with this Agreement or the relevant product documentation; (ii) any use of the other Party’s Products in combination with other products, hardware, equipment, software, or data not authorized in writing by such Party to be used with the technology; (iii) any modification of the other Party’s Products by any person other than other Party or its authorized agents or subcontractors; (iv) Indemnified Party’s gross negligence or willful misconduct, or (v) any refusal of Indemnified Party to use a non-infringing version of Product or integration contemplated hereunder or any part thereof (including any update, if such infringement could have been avoided by use of the most recent update) offered by Indemnifying Party at no cost to Indemnified Party. THIS SECTION STATES THE INDEMNIFYING PARTY’S ENTIRE LIABILITY AND THE INDEMNIFIED PARTY’S EXCLUSIVE REMEDY FOR INFRINGEMENT CLAIMS AND ACTIONS.
- LIMITATION OF LIABILITY.
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (3) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) INDEMNIFICATION OBLIGATIONS IN THIS AGREEMENT, (3) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (4) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, THE MAXIMUM LIABILITY OF EACH PARTY FOR ALL DAMAGES OR ALLEGED DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, IS LIMITED TO, AND SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, USD $1,000.
- TERM AND TERMINATION.
- Term. Unless terminated earlier as provided herein, the Term of this Agreement shall be one (1) year and will automatically renew for consecutive one (1) year term(s) (together, the “Term”) unless otherwise terminated in accordance with this section.
- Termination for Convenience. This Agreement may be terminated for convenience by a Party providing the other Party thirty (30) days prior written notice. Any accrued rights and obligations will survive termination.
- Termination for Cause. Either Party may immediately terminate this Agreement upon notice to the other Party if the other Party: (i) materially breaches this Agreement and, to the extent such breach is curable, fails to cure such breach within 30 days after receiving notice of the breach from the other Party, or (ii) commences bankruptcy or dissolution proceedings, has a receiver appointed for a substantial part of its assets, or ceases to operate in the ordinary course of business. Any accrued rights and obligations will survive termination.
- Effect of termination. Upon expiration or termination of this Agreement (a) all rights and obligations granted to each Party by the other Party hereunder shall immediately cease; (b) neither Party shall have the right to represent itself as a partner of the other Party; (c) each Party shall remove all references of the other Party from its website and marketing materials, and shall cease all use of the other Party’s Marks; and (d) within thirty (30) days, each Party shall return to the other Party and destroy all Products or other materials in its possession or control that belong to the other Party and shall certify compliance with this section upon request.
- Survival. Sections 3 (Prohibited Uses), 4 (Title and Ownership), 8 (Expenses), 9 (Limited Warranty) 10 (Confidentiality), 11 (Indemnity), 12 (Limitation of Liability), 13 (Term and Termination) and 14 (Miscellaneous) shall survive termination or expiration of this Agreement
- MISCELLANEOUS.
- Relationship of Parties. The Parties expressly agree that they are independent contractors under this Agreement and no other relationship is intended, including without limitation a partnership, franchise, joint venture, agency, employer/employee, fiduciary, master/servant relationship, or other special relationship. Neither Party shall have any right or authority to assume, create, or incur any liability or any obligation on behalf of the other Party. Neither Party shall take any action that expresses or implies a relationship other than that of independent contractor.
- No Third Party Beneficiaries. Unless otherwise expressly provided, no provisions of this Agreement are intended or shall be construed to confer upon or give to any person or entity other than Partner and Wiz any rights, remedies or other benefits under or by reason of this Agreement.
- Notices. All notices which are required to be given pursuant to this Agreement shall be in writing and shall be sent by overnight courier to the address listed on page 1, with receipt acknowledged, or by email with an electronic proof of transmission. In respect of Wiz, notices may be sent by email to legalnotices@wiz.io. Notices shall be deemed to have been delivered at the time delivered by overnight courier and transmitted by email.
- Force Majeure. Nonperformance by either Party will be excused to the extent that performance is rendered impossible by strike, fire, flood, riots, terrorism, governmental acts or orders or restrictions, or any other reason where failure to perform is beyond the reasonable control of the nonperforming Party and not caused by the negligence of the nonperforming Party.
- Assignment. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates, provided in any event that the assignee or successor agrees to be bound by all of the terms and conditions of this Agreement. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns.
- Export. Each Party represents and warrants that such Party, its Affiliates, or any director or officer thereof, is, or is owned or controlled by individuals or entities that are: (i) the target of any sanctions administered or enforced by the U.S. Department of the Treasury Office of Foreign Asset Control (“OFAC”), the U.S. State Department or any other U.S. government agency or department, the United Nations Security Council, the European Union or Her Majesty Treasury and/or the target of any Israeli sanctions (collectively, “Sanctions”), or (ii) located, organized or resident in a country or territory that is the subject of comprehensive territorial Sanctions. Each Party acknowledges that any use of its Products and services (the “Product Usage”) may not be provided to or used by any person in any of the countries that are subject to comprehensive economic sanctions under the EAR, OFAC, or Israeli regulations, which currently include Crimea, Donetsk and Luhansk - regions of Ukraine, Cuba, Iran, North Korea, and Syria. Moreover, each Party shall not allow and fully restrict any usage relating to its Products and services from persons identified on any Sanctions list, including but not limited to OFAC’s Specially Designated Nationals and Blocked Parties List (the “SDN List”), entities owned 50% or more by any individuals or entities on the SDN List, or individuals or entities that are located in any comprehensively sanctioned country. Each Party shall be responsible for complying with all applicable laws in connection with its use of the Products including, but not limited to, U.S. Export Administration Regulations, any other export laws, restrictions, and regulations to ensure that the products and any technical data related thereto is not exported or re-exported, directly or indirectly, in violation of or used for any purposes prohibited by such laws and regulations.
- Compliance with Laws & Data Protection. Each Party will comply with its respective legal obligations in exercising its rights and performing its duties under this Agreement including complying with all applicable international, federal, state and local laws and regulations, including all applicable data privacy, data protection and data security laws and regulations. The Parties agree that, for the purposes of the GDPR and any equivalent data protection laws, there is no controller-processor relationship between Wiz and Partner with regards to either Party’s customers’ personal data shared via the integration contemplated hereunder or personal data of usersof the Wiz Partner Portal. In the event the Parties are required to enter into additional agreements to comply with applicable laws, including to put in place adequate data transfer mechanisms such as Standard Contractual Clauses, Partner agrees to execute such additional agreements as needed.
- Waiver, Severability and Modification. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable and will have no effect on the remainder of this Agreement. Any waiver, amendment or other modification of any provision of this Agreement will be effective only if in writing and signed by the Parties.
- Governing Law and Jurisdiction. This Agreement will be governed by and construed in accordance with the laws of New York, not including its law of conflicts of laws. The Parties irrevocably consent to the exclusive jurisdiction of the courts of Manhattan, New York, over any action, suit or proceeding arising hereunder.
- Entire Agreement. This Agreement, including all exhibits or terms that are incorporated herein by reference, constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous understandings or agreements, written or oral, regarding such subject matter, including prior non-disclosure agreements. Notwithstanding the foregoing, Wiz may make available other optional products, services, features or cooperation, which may be subject to additional terms to which Partner will be required to agree and to additional fees which Customer may be required to pay before being permitted to use such products, services, features or participate in such cooperation.
- Counterparts. This Agreement may be executed in electronic counterparts, each of which shall be an original and together which shall constitute one and the same instrument.
Effective October 9th 2023 to October 29th 2023
DownloadTable of Contents
- Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 (the “Wiz”); and
- the entity named in the box below (the “Partner”)
Partner Company Name | |
Registered Address | |
Partner Product for Integration[1] | |
Partner Contact | |
Partner Contact Email | |
Partner Technical Support Contact | |
Partner Technical Support Email |
- INTEROPERABILITY AND VALIDATION
- The Parties wish to achieve product interoperability and integration between the Wiz Cloud Security Platform (“Wiz Platform”) and the Partner Product(s) identified in the table on page 1 above (“Partner Products”) via the Wiz integration APIs made available by Wiz to Partner, (“Wiz Integration API” together with the Wiz Platform, the “Wiz Products”, the Wiz Products together with the Partner Products, shall be referred to as the “Products”). Following the Effective Date, Partner shall be granted access to the Wiz partner portal (“Wiz Partner Portal”) including the Wiz integration documentation which sets forth the technical requirements for building the integration (“Wiz Integration Documentation”) which shall be incorporated by reference to this Agreement and Partner agrees to adhere to the requirements set forth in such Wiz Integration Documentation.
- In order to obtain validation and certification by Wiz for such integration, Partner must complete the certification process as defined at https://www.wiz.io/integrations/apply, which shall include demonstration and testing of how the Partner Products operate with the Wiz Products. Within 90 days of the Effective Date, Partner shall provide Wiz with the queries that Partner shall use on top of the Wiz Integration API in order to allow Wiz to ensure that Partner’s use of the API queries meets Wiz’s Integration API best practices. If Partner does not complete the validation and certification within 90 days from the day Partner has been granted access to the Wiz Integration API or refuses to co-operate with Wiz, Wiz shall have the right to terminate this Agreement immediately upon written notice to Partner by email to the Partner contact email specified in the table on page 1 above.
- Interoperability validation shall be confirmed by Wiz in writing and shall only apply to the Partner Products that were tested in accordance with this section. Wiz reserves the right to reject Partner in its sole discretion if Partner does not meet Wiz’s criteria or for any other reason at Wiz’s discretion. If Partner conforms to Wiz’s criteria, Wiz shall certify Partner as “Certified”.
- Once successful product interoperability and integration has been achieved and Partner has been certified by Wiz, the Parties may engage in mutually agreed-upon sales and marketing activities for the purpose of identifying business opportunities for both Parties as further described in this Agreement and subject to section 6.5.
- If either Party releases a new version of a Product that requires revalidation of interoperability, the Parties shall work together to complete such testing of the new product version as required and each Party agrees to contribute reasonable technical resources for such purpose.
- Partner shall be responsible for supporting and maintaining the integration contemplated herein.
- Either Party may engage subcontractors and involve Affiliates to perform its obligations under this Agreement provided that each Party remains fully responsible and liable for the performance of its subcontractors and Affiliates. Each Party shall bind its subcontractors and Affiliates to terms and conditions necessary to ensure such subcontractor’s and Affiliate’s compliance with the duties and obligations in this Agreement.
- LIMITED LICENSE.
- License by Partner. Subject to the terms of this Agreement, Partner hereby grants to Wiz and its Affiliates a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Partner Products during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Product(s). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- License by Wiz. Subject to the terms of this Agreement, Wiz hereby grants to Partner a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use the Wiz Integration API and Wiz Integration Documentation during the Term of this Agreement, solely internally for the purpose of making the Partner Product(s) interoperable with the Wiz Platform.
- Open Source. Any open source software that may be provided with either Party’s Products (including APIs) is licensed and distributed under the terms and conditions of the applicable open source software license accompanying the open source software or set forth in the open source licenses (“Open Source Terms”). Each Party may use such open source software pursuant to the Open Source Terms.
- PROHIBITED USES.
- Unless expressly permitted by a Party in writing in advance, a Party may not use the other Party’s Products for production or commercial purposes or to test or build a competitive product. For the avoidance of doubt, this Agreement governs all uses of each Party’s products by the other Party for the purposes of making the Products interoperable and supersedes any other license agreement, including any click-through terms on either Party’s websites or otherwise.
- Wiz and Partner each agree that they will not, and will not permit any third party to, without the other Party’s prior written consent in each case: (a) use the other Party’s Products in any manner not authorized by the applicable product documentation or applicable laws, or in a way that could create an unreasonable risk from a security or data privacy perspective, (b) distribute, lease, license, sublicense or otherwise disseminate the other Party’s Products to any third party (except as specifically allowed under this Agreement); (c) modify, enhance, create derivative works from, reverse engineer, disassemble, decompile or otherwise reduce the other Party’s Products to human-readable form or attempt to derive the source code, methodology, analysis, or results of the other Party’s Products; (d) use the other Party’s Products in a business production mode, as an end-use product, or use any third-party software embedded in or bundled with the other Party’s Product as a standalone program or in any way independently from other Party’s Product, as applicable; (e) reproduce or make more than a reasonable number of copies of the other Party’s Products; or (f) use the other Party’s Product for commercial purposes or to test a competitive product; (g) disclose, publish or otherwise make publicly available any benchmark, performance or comparison tests that a Party (or a third party contracted by the Party) runs on the other Party’s Products, in whole or in part; (h) remove, modify, or conceal any product identification, copyright, proprietary, intellectual property notices or other such marks on or within the other Party’s Product; (i) use the other Party’s Product to store or transmit infringing, libelous, or otherwise unlawful or tortious material, to store or transmit material in violation of third-party privacy or intellectual property rights, or to conduct any fraudulent or other unlawful activity; (j) interfere with, disrupt the integrity or performance of, or attempt to gain unauthorized access to the other Party’s Product, their related systems or networks, or any third-party data contained therein. Both Parties shall reproduce any copyright notices, legends and proprietary marking on any authorized copy of the other Party’s Products.
- In addition, Partner acknowledges and agrees that: (a) Partner shall only use Wiz’s official Integration APIs as provided in the Wiz Integration Documentation; and (b) it shall only provide access to the Wiz Partner Portal, Wiz Integration Documentation and Wiz Integration API to its employees or service providers on a need to know basis (“Permitted Users”). Partner will ensure that the Permitted Users comply with the terms of this Agreement and shall be fully responsible for any breach of this Agreement by a Permitted User. Partner and its Permitted Users shall not share user credentials to the Wiz Partner Portal with any third party and Partner shall promptly notify Wiz upon becoming aware of any breach of this section which shall be grounds for immediate termination of access to the Wiz Partner Portal and this Agreement by Wiz.
- Any rights not expressly granted herein are deemed reserved and neither Party shall make any other use of the other Party’s Products other than as expressly permitted in this Agreement.
- Wiz may refuse Partner’s access to Wiz Products and/or Wiz Integration Documentation and may delist the integration contemplated hereunder, where, acting reasonably and in good faith, Wiz knows or suspects that such access would violate the terms and conditions of this Agreement (including where Wiz knows or suspects that Partner may have been compromised by a malicious actor). In such circumstances, Wiz shall promptly inform Partner in writing of such refusal of access and/or delisting unless prohibited by applicable law or where Wiz reasonably believes that providing such notice poses a risk to the security of its customers or other Products. Wiz will promptly reinstate Partner’s access and use once the issue has been resolved.
- TITLE AND OWNERSHIP.
- Each Party acknowledges that the other Party and its licensors retain all right, title and interest in and to their respective Products including user manuals and other written materials for the Products and any other materials which are owned by either Party prior to beginning any work under this Agreement and which are not generated in the course of performing this Agreement, including any derivatives, enhancements, improvements or modifications thereof (together “Background Works”) and all intellectual property rights embodied in the Background Works. Except for the limited rights expressly granted herein, this Agreement does not transfer title of a Party’s Background Works from either Party to the other Party or to any third party, and all right, title and interest in and to either Parties’ Background Works will at all times remain solely and exclusively with the respective Party. Neither Party shall take any action inconsistent with such title and ownership.
- Subject to section 4.1 above, each Party shall own any developed work which is produced by that Party in order to fulfil the interoperation of the Party’s Products or otherwise to fulfil the objectives of this Agreement and such developed work shall not be deemed a “work made for hire”. Each Party hereby grants to the other Party a non-exclusive, non-transferable, non-sub-licensable, revocable and limited license to use any of such developed work solely for purposes of and to the extent necessary to perform its obligations under this Agreement during the Term of this Agreement. Notwithstanding the foregoing, if the Parties or each Party develops such works pursuant to Open Source Terms, then such works will be licensed under the applicable Open Source Terms.
- During the course of their relationship, each Party may have opportunity to provide feedback to the other Party regarding the other Party’s Products. Each Party hereby assigns to the other Party all rights, title to and interest to such feedback it supplies to the other Party, including all intellectual property rights therein, provided that such feedback shall not contain any Confidential Information of the other Party. Each Party agrees to assist the other with and sign any and all documentation to secure those rights.
- SUPPORT.
- JOINT MARKETING AND SALES ACTIVITIES.
- Once interoperability has been achieved, the Parties may jointly develop a marketing and promotions plan (the “Marketing Plan”) including to notify each other’s customers of the relationship between the Parties and develop qualified sales opportunities. The Marketing Plan must be mutually agreed by both Parties in writing prior to either Party taking any action and each Party will use commercially reasonable efforts to implement the Marketing Plan.
- In furtherance of marketing the Products and services of the other Party, each Party shall:
- Avoid deceptive, misleading, misrepresentative, illegal, or unethical practices that may be detrimental to the other Party or to the Products and services of such other Party;
- Not make any representations, warranties, or guarantees to customers concerning the other Party’s Products or services that are inconsistent with or in addition to those made in this Agreement or the Marketing Plan; and
- Comply with all applicable international, federal, state and local laws and regulations, including privacy and data protection laws, in performing marketing activities and its duties with respect to its own Products and services.
- Each Party shall obtain the other Party’s prior written approval in each case for all publicity concerning the other Party including, but not limited to, any press release, marketing statements or sales materials.
- Notwithstanding the foregoing, it is agreed and understood that either Party shall have unrestricted rights to pursue any business or sales opportunity alone or with any third parties. The Parties agree that this Agreement does not authorize or require either Party to sell the other Party’s Products. The Parties agree that neither Party shall earn or pay any type of commission or revenue share or other compensation in connection with sales referrals made under this Agreement unless mutually agreed by the Parties in writing.
- To the extent that the Parties share or disclose personal data or information of potential or actual customers (“Prospect Information”) with each other in connection with joint marketing activities under this Agreement: (i) the Privacy Addendum set forth at https://www.wiz.io/legal/privacy-addendum shall apply; (ii) each Party will treat Prospect Information provided by the other as Confidential Information; and (iii) will only share or use such Prospect Information under this Agreement in accordance with the Agreement and applicable laws, including privacy and data protection laws. Without limiting the foregoing, each Party will be solely responsible for any Prospect Information it elects to provide to the other Party, including providing any required notices to, and receiving any required consents and authorizations from, the prospects, customers and individuals that are the subjects of such Prospect Information.
- TRADEMARK LICENSE.
- Subject to the terms of this Agreement and any additional policies and instructions identified by a Party with respect to the use of its Marks, once validation and certification has been confirmed by Wiz to Partner in writing, each Party grants to the other Party and its Affiliates a limited, revocable, non-exclusive, non-transferable, royalty-free license for the Term of this Agreement to use the other Party’s trademarks, trade names and/or logos (“Marks”) solely in connection with the integration of the Party’s Products in accordance with this Agreement.
- Each Party maintains exclusive title to its Marks and retains all rights not explicitly granted by the Agreement. Neither Party will: (i) challenge or take any action which interferes with the other Party’s rights in its Marks; (ii) directly or indirectly use any Marks or any mark or name confusingly similar to any Marks of the other Party, as part of its business names or in any manner except as explicitly authorized by the other Party; (iii) register or attempt to register any trademark, any part of trademark, or any mark or name confusingly similar to any of the other Party’s Marks. Each Party shall have the right to object to and thereby prohibit the use of its Marks on or in any materials at any time in its sole discretion, provided that if Partner prohibits the use of its Marks by Wiz after certification has been achieved, Wiz shall not be obligated to provide Partner with any support and may, at its discretion, terminate this Agreement immediately upon written notice to Partner by email. If the Party owning the Marks notifies the other Party that the use of the Marks is not in compliance with the Mark owner’s policies or is otherwise in breach of this Agreement, then the Party using the Marks will promptly take such reasonable corrective action as directed by the Mark owner. All of the benefit and goodwill associated with the use of the Marks will inure entirely to the Mark owner. Either Party may terminate its trademark license if, in its reasonable discretion, the other Party’s use of one or more of its Marks tarnishes, blurs or dilutes the quality associated with the Marks or the associated goodwill.
- EXPENSES.
- LIMITED WARRANTY.
- CONFIDENTIALITY.
- Each Party and its Affiliates may have access to non-public information of the other Party or its Affiliates, in any form or media, including without limitation, trade secrets and other information related to the products, software, technology, intellectual property, testing results, data, know-how, customers or prospective customers or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). For the avoidance of doubt, the Wiz Integration API and all information in the Wiz Partner Portal including the Wiz Integration Documentation are Wiz’s Confidential Information. In addition, to the extent the Parties share information with each other regarding customers or prospective customers, such information, and the existence of such discussions between the Parties shall be treated as Confidential Information. The receiving Party’s obligations under this section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing party’s Confidential Information, as evidenced by written records.
- The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. Neither Party shall use or disclose the Confidential Information of the other Party except for as reasonably necessary for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party’s Confidential Information to its and/or its Affiliates’ respective employees, consultants, subcontractors and advisors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement and shall notify the other Party immediately upon becoming aware of any unauthorized access or use of the other Party’s Confidential Information. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing Party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement.
- Unless otherwise agreed by the Parties, upon (a) the disclosing Party’s request (but only if such Confidential Information is not required to exercise a right or perform an obligation under this Agreement); or, (b) in any event, termination or expiration of this Agreement, each Party will return or destroy (and certify such destruction upon request of the disclosing Party) the Confidential Information of the other Party, and all copies thereof, in its possession or control, except such Confidential Information as is necessary to continue performing any obligations or exercising any rights that survive termination or expiration of this Agreement or as otherwise required to comply with applicable laws. The obligation to return or destroy all copies of Confidential Information does not extend to automatically generated copies which may still exists on servers and back-ups for a reasonable period in line with industry standards provided that the receiving Party shall make no further use of those copies and that the confidentiality obligations herein shall continue to apply until the Confidential Information is fully destroyed.
- All Confidential Information and any derivatives thereof are and shall remain the exclusive property of the disclosing Party and no rights, interests or license, are granted or implied hereby to have been granted to the receiving Party. Each Party acknowledges and agrees that its products and services contain proprietary information and trade secrets of the owner of the products and services. Each Party will not use any Confidential Information that it gains through use or study of the other Party’s products and services to facilitate its or any third party’s development of any software programs or other products that would compete with the other Party’s products and services. Notwithstanding the foregoing, each Party hereby acknowledges and agrees that the other Party may currently or in the future be developing information internally, or receiving information from other parties, that is similar to the Confidential Information of the disclosing Party. Accordingly, nothing in this Agreement will be construed as a representation or agreement that either Party will not develop or have developed products, services, concepts, systems or techniques that are similar to or compete with the products, concepts, systems or techniques contemplated by or embodied in the Confidential Information, provided that the receiving Party does not violate any of its obligations under this Agreement in connection with such development.
- Each Party acknowledges that a breach by the other Party of any confidentiality or proprietary rights provision of this Agreement may cause the non-breaching Party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching Party may seek an action to enjoin the breaching Party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a Party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching Party may be entitled at law or in equity.
- INDEMNIFICATION.
- Each Party (“Indemnifying Party”) will indemnify, defend and hold harmless the other Party, its Affiliates, directors and employees (collectively “Indemnified Party”) against any and all claims made by any third parties and all related losses, liabilities, damages, costs and expenses (including without limitation reasonable attorneys’ fees) directly resulting from any such claims that Indemnified Party’s use of the Indemnifying Party’s Products or integration contemplated hereunder as authorized by this Agreement violates, misappropriates or infringes upon the patent, copyright, trademark, trade secret, or other proprietary rights of any third party.
- The Indemnified Party will promptly notify Indemnifying Party promptly of any such claims, suits, and proceedings in writing. Indemnifying Party will be given full and complete authority and information for the defense and settlement of the claim provided that Indemnifying Party will have no authority to enter into any settlement or compromise which imposes any obligation or admits any guilt on behalf of Indemnified Party without the prior written consent of Indemnified Party, which shall not be unreasonably withheld. At Indemnifying Party’s request, Indemnified Party will reasonably cooperate with Indemnifying Party in defending or settling any such action.
- Notwithstanding the foregoing, a Party will have no obligation under this section or otherwise with respect to any infringement claim to the extent based upon or it relates to: (i) any use of the other Party’s Products not in accordance with this Agreement or the relevant product documentation; (ii) any use of the other Party’s Products in combination with other products, hardware, equipment, software, or data not authorized in writing by such Party to be used with the technology; (iii) any modification of the other Party’s Products by any person other than other Party or its authorized agents or subcontractors; (iv) Indemnified Party’s gross negligence or willful misconduct, or (v) any refusal of Indemnified Party to use a non-infringing version of Product or integration contemplated hereunder or any part thereof (including any update, if such infringement could have been avoided by use of the most recent update) offered by Indemnifying Party at no cost to Indemnified Party. THIS SECTION STATES THE INDEMNIFYING PARTY’S ENTIRE LIABILITY AND THE INDEMNIFIED PARTY’S EXCLUSIVE REMEDY FOR INFRINGEMENT CLAIMS AND ACTIONS.
- LIMITATION OF LIABILITY.
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (3) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
- EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) INDEMNIFICATION OBLIGATIONS IN THIS AGREEMENT, (3) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (4) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, THE MAXIMUM LIABILITY OF EACH PARTY FOR ALL DAMAGES OR ALLEGED DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, IS LIMITED TO, AND SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, USD $1,000.
- TERM AND TERMINATION.
- Term. Unless terminated earlier as provided herein, the Term of this Agreement shall be one (1) year and will automatically renew for consecutive one (1) year term(s) (together, the “Term”) unless otherwise terminated in accordance with this section.
- Termination for Convenience. This Agreement may be terminated for convenience by a Party providing the other Party thirty (30) days prior written notice. Any accrued rights and obligations will survive termination.
- Termination for Cause. Either Party may immediately terminate this Agreement upon notice to the other Party if the other Party: (i) materially breaches this Agreement and, to the extent such breach is curable, fails to cure such breach within 30 days after receiving notice of the breach from the other Party, or (ii) commences bankruptcy or dissolution proceedings, has a receiver appointed for a substantial part of its assets, or ceases to operate in the ordinary course of business. Any accrued rights and obligations will survive termination.
- Effect of termination. Upon expiration or termination of this Agreement (a) all rights and obligations granted to each Party by the other Party hereunder shall immediately cease; (b) neither Party shall have the right to represent itself as a partner of the other Party; (c) each Party shall remove all references of the other Party from its website and marketing materials, and shall cease all use of the other Party’s Marks; and (d) within thirty (30) days, each Party shall return to the other Party and destroy all Products or other materials in its possession or control that belong to the other Party and shall certify compliance with this section upon request.
- Survival. Sections 3 (Prohibited Uses), 4 (Title and Ownership), 8 (Expenses), 9 (Limited Warranty) 10 (Confidentiality), 11 (Indemnity), 12 (Limitation of Liability), 13 (Term and Termination) and 14 (Miscellaneous) shall survive termination or expiration of this Agreement
- MISCELLANEOUS.
- Relationship of Parties. The Parties expressly agree that they are independent contractors under this Agreement and no other relationship is intended, including without limitation a partnership, franchise, joint venture, agency, employer/employee, fiduciary, master/servant relationship, or other special relationship. Neither Party shall have any right or authority to assume, create, or incur any liability or any obligation on behalf of the other Party. Neither Party shall take any action that expresses or implies a relationship other than that of independent contractor.
- No Third Party Beneficiaries. Unless otherwise expressly provided, no provisions of this Agreement are intended or shall be construed to confer upon or give to any person or entity other than Partner and Wiz any rights, remedies or other benefits under or by reason of this Agreement.
- Notices. All notices which are required to be given pursuant to this Agreement shall be in writing and shall be sent by overnight courier to the address listed on page 1, with receipt acknowledged, or by email with an electronic proof of transmission. In respect of Wiz, notices may be sent by email to legalnotices@wiz.io. Notices shall be deemed to have been delivered at the time delivered by overnight courier and transmitted by email.
- Force Majeure. Nonperformance by either Party will be excused to the extent that performance is rendered impossible by strike, fire, flood, riots, terrorism, governmental acts or orders or restrictions, or any other reason where failure to perform is beyond the reasonable control of the nonperforming Party and not caused by the negligence of the nonperforming Party.
- Assignment. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates, provided in any event that the assignee or successor agrees to be bound by all of the terms and conditions of this Agreement. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns.
- Export. Each Party represents and warrants that such Party, its Affiliates, or any director or officer thereof, is, or is owned or controlled by individuals or entities that are: (i) the target of any sanctions administered or enforced by the U.S. Department of the Treasury Office of Foreign Asset Control (“OFAC”), the U.S. State Department or any other U.S. government agency or department, the United Nations Security Council, the European Union or Her Majesty Treasury and/or the target of any Israeli sanctions (collectively, “Sanctions”), or (ii) located, organized or resident in a country or territory that is the subject of comprehensive territorial Sanctions. Each Party acknowledges that any use of its Products and services (the “Product Usage”) may not be provided to or used by any person in any of the countries that are subject to comprehensive economic sanctions under the EAR, OFAC, or Israeli regulations, which currently include Crimea, Donetsk and Luhansk - regions of Ukraine, Cuba, Iran, North Korea, and Syria. Moreover, each Party shall not allow and fully restrict any usage relating to its Products and services from persons identified on any Sanctions list, including but not limited to OFAC’s Specially Designated Nationals and Blocked Parties List (the “SDN List”), entities owned 50% or more by any individuals or entities on the SDN List, or individuals or entities that are located in any comprehensively sanctioned country. Each Party shall be responsible for complying with all applicable laws in connection with its use of the Products including, but not limited to, U.S. Export Administration Regulations, any other export laws, restrictions, and regulations to ensure that the products and any technical data related thereto is not exported or re-exported, directly or indirectly, in violation of or used for any purposes prohibited by such laws and regulations.
- Compliance with Laws & Data Protection. Each Party will comply with its respective legal obligations in exercising its rights and performing its duties under this Agreement including complying with all applicable international, federal, state and local laws and regulations, including all applicable data privacy, data protection and data security laws and regulations. The Parties agree that, for the purposes of the GDPR and any equivalent data protection laws, there is no controller-processor relationship between Wiz and Partner with regards to either Party’s customers’ personal data shared via the integration contemplated hereunder or personal data of usersof the Wiz Partner Portal. In the event the Parties are required to enter into additional agreements to comply with applicable laws, including to put in place adequate data transfer mechanisms such as Standard Contractual Clauses, Partner agrees to execute such additional agreements as needed.
- Waiver, Severability and Modification. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable and will have no effect on the remainder of this Agreement. Any waiver, amendment or other modification of any provision of this Agreement will be effective only if in writing and signed by the Parties.
- Governing Law and Jurisdiction. This Agreement will be governed by and construed in accordance with the laws of New York, not including its law of conflicts of laws. The Parties irrevocably consent to the exclusive jurisdiction of the courts of Manhattan, New York, over any action, suit or proceeding arising hereunder.
- Entire Agreement. This Agreement, including all exhibits or terms that are incorporated herein by reference, constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous understandings or agreements, written or oral, regarding such subject matter, including prior non-disclosure agreements. Notwithstanding the foregoing, Wiz may make available other optional products, services, features or cooperation, which may be subject to additional terms to which Partner will be required to agree and to additional fees which Customer may be required to pay before being permitted to use such products, services, features or participate in such cooperation.
- Counterparts. This Agreement may be executed in electronic counterparts, each of which shall be an original and together which shall constitute one and the same instrument.
- If no Partner product has been identified above, then the presumption shall be that the Parties intend to achieve interoperability between the selected Wiz Products and any and all Partner Product(s). If a specific Partner product has been identified above, Wiz and Partner may mutually agree to integrate other Products which shall be subject to the terms of this Agreement. ↑
Wiz Cooperation Agreement
Effective June 20th 2024
DownloadTable of Contents
WIZ COOPERATION AGREEMENT
This COOPERATION AGREEMENT (the “Agreement”) is entered into on the date of acceptance (the “Effective Date”), by and between:
(1) Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 52nd Floor, New York, NY 10001 (the “Wiz”); and
(2) the entity named in the box below (the “Partner”).
Partner Company Name | |
Registered Address | |
Partner Contact | |
Partner Contact Email |
(each, a “Party” and collectively, the “Parties”)
1. COOPERATION
Following the Effective Date, Partner shall be granted access to the Wiz partner portal that may include information about Wiz’s partner programs, products and services, training and enablement, marketing assets and other topics found in the Wiz partner portal (“Wiz Partner Portal”), and the Parties may engage in mutually agreed-upon sales and marketing activities as further described in this Agreement (“Cooperation”).
2. LICENSE
Subject to Partner’s compliance with this Agreement, Wiz hereby grants Partner a non-exclusive, non-transferable, non-sublicensable, revocable, limited right to access and use the Wiz Partner Portal solely for the purposes of the Cooperation as set forth in this Agreement.
3. PROHIBITED USES
3.1. Partner agrees that it will not, and will not permit any third party to, without Wiz’s prior written consent in each case: (a) use the Wiz Partner Portal in any manner not authorized by this Agreement or applicable laws, or in a way that could create an unreasonable risk from a security or data privacy perspective; (b) distribute, lease, license, sublicense or otherwise disseminate the Wiz Partner Portal to any third party; (c) modify, enhance, create derivative works from, reverse engineer, disassemble, decompile or otherwise reduce the Wiz Partner Portal to human-readable form or attempt to derive the source code, methodology, analysis, or results of the Wiz Partner Portal; (d) use the Wiz Partner Portal in a business production mode, as an end-use product, or use any third-party software embedded in or bundled with the Wiz Partner Portal as a standalone program or in any way independently from Wiz Partner Portal, as applicable; (e) use the Wiz Partner Portal for commercial purposes or to test a competitive product; (f) disclose, publish or otherwise make publicly available any benchmark, performance or comparison tests that Partner (or a third party contracted by Partner) runs on the Wiz Partner Portal, in whole or in part; (g) remove, modify, or conceal any product identification, copyright, proprietary, intellectual property notices or other such marks on or within the Wiz Partner Portal; (h) use the Wiz Partner Portal to store or transmit infringing, libelous, or otherwise unlawful or tortious material, to store or transmit material in violation of third-party privacy or intellectual property rights, or to conduct any fraudulent or other unlawful activity; (i) interfere with, disrupt the integrity or performance of, or attempt to gain unauthorized access to the Wiz Partner Portal, its related systems or networks, or any third-party data contained therein; or (j) automatedly crawl or query the Wiz Partner Portal for any purpose or by any means (including screen and database scraping, spiders, robots, crawlers and any other automated activity with the purpose of obtaining information from the Wiz Partner Portal).
3.2. Partner acknowledges and agrees that it shall only provide access to the Wiz Partner Portal to its employees or service providers on a need-to-know basis (“Permitted Users”). Partner will ensure that the Permitted Users comply with the terms of this Agreement and shall be fully responsible for any breach of this Agreement by a Permitted User. Partner and its Permitted Users shall not share user credentials to the Wiz Partner Portal with any third party. Partner will ensure that all Permitted Users keep their login credentials confidential and shall be primarily responsible for any activity carried out using those login credentials. Partner shall promptly notify Wiz upon becoming aware of any breach of this section which shall be grounds for immediate termination of access to the Wiz Partner Portal and this Agreement by Wiz.
3.3. Wiz may refuse Partner’s access to the Wiz Partner Portal, where, acting reasonably and in good faith, Wiz knows or suspects that such access would violate the terms and conditions of this Agreement (including where Wiz knows or suspects that Partner may have been compromised by a malicious actor). In such circumstances, Wiz shall promptly inform Partner in writing of such refusal of access unless prohibited by applicable law or where Wiz reasonably believes that providing such notice poses a risk to the security of its customers or its products or services. Wiz will promptly reinstate Partner’s access and use once the issue has been resolved.
4. TITLE AND OWNERSHIP
4.1. Each Party acknowledges that the other Party and its licensors retain all right, title and interest in and to its respective products including user manuals and other written materials for its products and services and any other materials which are owned by either Party prior to beginning any work under this Agreement and which are not generated in the course of performing this Agreement, including any derivatives, enhancements, improvements or modifications thereof (together “Background Works”) and all intellectual property rights embodied in the Background Works. Except for the limited rights expressly granted herein, this Agreement does not transfer title of a Party’s Background Works from either Party to the other Party or to any third party, and all right, title and interest in and to either Parties’ Background Works will at all times remain solely and exclusively with the respective Party. Neither Party shall take any action inconsistent with such title and ownership.
4.2. Partner acknowledges that Wiz and its licensors retain all right, title and interest in and to the Wiz Partner Portal including any and all materials available in the Wiz Partner Portal, which are considered, among others, Wiz’s Background Works.
4.3. During the course of their relationship, each Party may have opportunity to provide feedback to the other Party regarding the other Party’s products or services. Each Party hereby assigns to the other Party all rights, title to and interest to such feedback it supplies to the other Party, including all intellectual property rights therein, provided that such feedback shall not contain any Confidential Information of the other Party. Each Party agrees to assist the other with and sign any and all documentation to secure those rights.
5. JOINT MARKETING
5.1. The Parties may jointly develop a marketing and promotions plan (the “Marketing Plan”) including to notify each other’s customers of the relationship between the Parties. The Marketing Plan must be mutually agreed upon by both Parties in writing prior to either Party taking any action and each Party will use commercially reasonable efforts to implement the Marketing Plan.
5.2. In furtherance of marketing the products and services of the other Party, each Party shall:
(i) Avoid deceptive, misleading, misrepresentative, illegal, or unethical practices that may be detrimental to the other Party or to the products and services of such other Party;
(ii) Not make any representations, warranties, or guarantees to customers concerning the other Party’s products or services that are inconsistent with or in addition to those made in this Agreement or the Marketing Plan; and
(iii) Comply with all applicable international, federal, state and local laws and regulations, including privacy and data protection laws, in performing marketing activities and its duties with respect to its own products and services.
5.3. Each Party shall obtain the other Party’s prior written approval in each case for all publicity concerning the other Party including, but not limited to, any press release or marketing statements.
5.4. Notwithstanding the foregoing, it is agreed and understood that either Party shall have unrestricted rights to pursue any business or sales opportunity alone or with any third parties. The Parties agree that this Agreement does not authorize or require either Party to sell the other Party’s products.
5.5. To the extent that the Parties share or disclose personal data or information of potential customers (“Prospect Information”) with each other in connection with joint marketing activities under this Agreement: (i) the Privacy Addendum set forth at https://www.wiz.io/legal/privacy-addendum shall apply; (ii) each Party will treat Prospect Information provided by the other as Confidential Information; and (iii) will only share or use such Prospect Information under this Agreement in accordance with the Agreement and applicable laws, including privacy and data protection laws. Without limiting the foregoing, each Party will be solely responsible for any Prospect Information it elects to provide to the other Party, including providing any required notices to, and receiving any required consents and authorizations from, the prospects, and individuals that are the subjects of such Prospect Information.
6. TRADEMARK LICENSE
6.1. Subject to the terms of this Agreement and any additional policies and instructions identified by a Party with respect to the use of its Marks, each Party grants to the other Party and its Affiliates a limited, revocable, non-exclusive, non-transferable, royalty-free license for the Term of this Agreement to use the other Party’s trademarks, trade names and/or logos (“Marks”) solely in connection with performing and in accordance with this Agreement. “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
6.2. Each Party maintains exclusive title to its Marks and retains all rights not explicitly granted by the Agreement. Neither Party will: (i) challenge or take any action which interferes with the other Party’s rights in its Marks; (ii) directly or indirectly use any Marks or any mark or name confusingly similar to any Marks of the other Party, as part of its business names or in any manner except as explicitly authorized by the other Party; (iii) register or attempt to register any trademark, any part of trademark, or any mark or name confusingly similar to any of the other Party’s Marks. Each Party shall have the right to object to and thereby prohibit the use of its Marks on or in any materials at any time in its sole discretion. If the Party owning the Marks notifies the other Party that the use of the Marks is not in compliance with the Mark owner’s policies or is otherwise in breach of this Agreement, then the Party using the Marks will promptly take such reasonable corrective action as directed by the Mark owner. All of the benefit and goodwill associated with the use of the Marks will inure entirely to the Mark owner. Either Party may terminate its trademark license if, in its reasonable discretion, the other Party’s use of one or more of its Marks tarnishes, blurs or dilutes the quality associated with the Marks or the associated goodwill.
7. EXPENSES
Each Party shall bear its own costs and expenses incurred in performing its obligations under this Agreement, unless otherwise agreed by the Parties in writing.
8. LIMITED WARRANTY
Each Party represents and warrants to the other Party that it has the right to enter into this Agreement, and that this Agreement constitutes a valid binding obligation of such Party, enforceable against such Party in accordance with its terms and does not conflict with or violate any agreements such Party has with any third party. WIZ PARTNER PORTAL AND THE CONTENT AND OFFERINGS POSTED THEREON ARE PROVIDED “AS IS” WITHOUT WARRANTY AND PARTNER HEREBY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF PRODUCT LIABILITY, MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY ARISING FROM COURSE OF DEALING OR PERFORMANCE. STATEMENTS AND EXPLANATIONS TO THE WIZ PARTNER PORTAL, IN THE CONTENT, OFFERING, PROMOTIONAL MATERIALS AND THE DOCUMENTATION POSTED ON THE WIZ PARTNER PORTAL ARE MADE FOR EXPLANATORY PURPOSES ONLY. WIZ DOES NOT GIVE ANY WARRANTY, GUARANTEE, REPRESENTATION OR UNDERTAKING AS TO THE UNINTERRUPTED AVAILABILITY OF THE WIZ PARTNER PORTAL.
9. CONFIDENTIALITY
9.1. Each Party and its Affiliates may have access to non-public information of the other Party or its Affiliates, in any form or media, including without limitation, trade secrets and other information related to the products, software, technology, intellectual property, testing results, data, know-how, customers or prospective customers or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). For the avoidance of doubt, all information in the Wiz Partner Portal is considered Wiz’s Confidential Information. In addition, to the extent the Parties share information with each other regarding customers or prospective customers, such information, and the existence of such discussions between the Parties shall be treated as Confidential Information. The receiving Party’s obligations under this section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing Party’s Confidential Information, as evidenced by written records.
9.2. The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. Neither Party shall use or disclose the Confidential Information of the other Party except for as reasonably necessary for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party’s Confidential Information to its and/or its Affiliates’ respective employees, consultants, subcontractors and advisors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement and shall notify the other Party immediately upon becoming aware of any unauthorized access or use of the other Party’s Confidential Information. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing Party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement.
9.3. Unless otherwise agreed by the Parties, upon (a) the disclosing Party’s request (but only if such Confidential Information is not required to exercise a right or perform an obligation under this Agreement); or (b) in any event, termination or expiration of this Agreement, each Party will return or destroy (and certify such destruction upon request of the disclosing Party) the Confidential Information of the other Party, and all copies thereof, in its possession or control, except such Confidential Information as is necessary to continue performing any obligations or exercising any rights that survive termination or expiration of this Agreement or as otherwise required to comply with applicable laws. The obligation to return or destroy all copies of Confidential Information does not extend to automatically generated copies which may still exists on servers and back-ups for a reasonable period in line with industry standards provided that the receiving Party shall make no further use of those copies and that the confidentiality obligations herein shall continue to apply until the Confidential Information is fully destroyed.
9.4. All Confidential Information and any derivatives thereof are and shall remain the exclusive property of the disclosing Party and no rights, interests or license, are granted or implied hereby to have been granted to the receiving Party. Each Party acknowledges and agrees that its products and services contain proprietary information and trade secrets of the owner of the products and services. Each Party will not use any Confidential Information that it gains through use or study of the other Party’s products and services (including the Wiz Partner Portal, as applicable) to facilitate it's or any third party’s development of any software programs or other products that would compete with the other Party’s products and services. Notwithstanding the foregoing, each Party hereby acknowledges and agrees that the other Party may currently or in the future be developing information internally, or receiving information from other parties, that is similar to the Confidential Information of the disclosing Party. Accordingly, nothing in this Agreement will be construed as a representation or agreement that either Party will not develop or have developed products, services, concepts, systems or techniques that are similar to or compete with the products, concepts, systems or techniques contemplated by or embodied in the Confidential Information, provided that the receiving Party does not violate any of its obligations under this Agreement in connection with such development.
9.5. Each Party acknowledges that a breach by the other Party of any confidentiality or proprietary rights provision of this Agreement may cause the non-breaching Party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching Party may seek an action to enjoin the breaching Party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a Party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching Party may be entitled at law or in equity.
10. INDEMNIFICATION
10.1. Each Party (“Indemnifying Party”) will indemnify, defend and hold harmless the other Party, its Affiliates, directors and employees (collectively “Indemnified Party”) against any and all claims made by any third party and all related losses, liabilities, damages, costs and expenses (including without limitation reasonable attorneys’ fees) directly resulting from Indemnifying Party’s violation of any rights of any third party, including without limitation, any intellectual property rights, publicity, confidentiality, property or privacy rights.
10.2. The Indemnified Party will promptly notify Indemnifying Party of any such claims, suits, and proceedings in writing. Indemnifying Party will be given full and complete authority and information for the defense and settlement of the claim provided that Indemnifying Party will have no authority to enter into any settlement or compromise which imposes any obligation or admits any guilt on behalf of Indemnified Party without the prior written consent of Indemnified Party, which shall not be unreasonably withheld. At Indemnifying Party’s request, Indemnified Party will reasonably cooperate with Indemnifying Party in defending or settling any such action.
11. LIMITATION OF LIABILITY
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:
11.1. EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (3) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, AND EXCEPT FOR ANY INDEMNIFICATION OBLIGATIONS HEREIN, NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
11.2. EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (3) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, AND EXCEPT FOR ANY INDEMNIFICATION OBLIGATIONS HEREIN, THE MAXIMUM LIABILITY OF EACH PARTY FOR ALL DAMAGES OR ALLEGED DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, IS LIMITED TO, AND SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, USD $1,000.
12. TERM AND TERMINATION
12.1. Term. Unless terminated earlier as provided herein, the Term of this Agreement shall be one (1) year and will automatically renew for consecutive one (1) year term(s) (together, the “Term”) unless otherwise terminated in accordance with this section.
12.2. Termination for Convenience. This Agreement may be terminated for convenience by a Party providing the other Party seven (7) days prior written notice. Any accrued rights and obligations will survive termination.
12.3. Termination for Cause. Either Party may immediately terminate this Agreement upon notice to the other Party if the other Party: (i) materially breaches this Agreement and, to the extent such breach is curable, fails to cure such breach within 30 days after receiving notice of the breach from the other Party, or (ii) commences bankruptcy or dissolution proceedings, has a receiver appointed for a substantial part of its assets, or ceases to operate in the ordinary course of business. Any accrued rights and obligations will survive termination.
12.4. Effect of termination. Upon expiration or termination of this Agreement (a) all rights and obligations granted to each Party by the other Party hereunder shall immediately cease; (b) neither Party shall have the right to represent itself as a partner of the other Party; (c) each Party shall remove all references of the other Party from its website and marketing materials, and shall cease all use of the other Party’s Marks; and (d) within thirty (30) days, each Party shall, upon request, return to the other Party or destroy all Confidential Information in its possession or control that belong to the other Party and shall certify compliance with this section upon request.
12.5. Survival. Sections 3 (Prohibited Uses), 4 (Title and Ownership), 7 (Expenses), 8 (Limited Warranty), 9 (Confidentiality), 10 (Indemnification), 11 (Limitation of Liability), 12 (Term and Termination) and 13 (Miscellaneous) shall survive termination or expiration of this Agreement.
13. MISCELLANEOUS
13.1. Relationship of Parties. The Parties expressly agree that they are independent contractors under this Agreement and no other relationship is intended, including without limitation a partnership, franchise, joint venture, agency, employer/employee, fiduciary, master/servant relationship, or other special relationship. Neither Party shall have any right or authority to assume, create, or incur any liability or any obligation on behalf of the other Party. Neither Party shall take any action that expresses or implies a relationship other than that of independent contractor.
13.2. No Third-Party Beneficiaries. Unless otherwise expressly provided, no provisions of this Agreement are intended or shall be construed to confer upon or give to any person or entity other than Partner and Wiz any rights, remedies or other benefits under or by reason of this Agreement.
13.3. Notices. All notices which are required to be given pursuant to this Agreement shall be in writing and shall be sent by overnight courier to the address listed on page 1, with receipt acknowledged, or by email with an electronic proof of transmission. In respect of Wiz, notices may be sent by email to legalnotices@wiz.io. Notices shall be deemed to have been delivered at the time delivered by overnight courier and transmitted by email.
13.4. Force Majeure. Nonperformance by either Party will be excused to the extent that performance is rendered impossible by strike, fire, flood, riots, terrorism, governmental acts or orders or restrictions, or any other reason where failure to perform is beyond the reasonable control of the nonperforming Party and not caused by the negligence of the nonperforming Party.
13.5. Assignment. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates, provided in any event that the assignee or successor agrees to be bound by all of the terms and conditions of this Agreement. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns.
13.6. Export. Each Party represents and warrants that such Party, its Affiliates, or any director or officer thereof, is not, and is not owned or controlled by individuals or entities that are: (i) the target of any sanctions administered or enforced by the U.S. Department of the Treasury Office of Foreign Asset Control (“OFAC”), the U.S. State Department or any other U.S. government agency or department, the United Nations Security Council, the European Union or Her Majesty Treasury and/or the target of any Israeli sanctions (collectively, “Sanctions”), or (ii) located, organized or resident in a country or territory that is the subject of comprehensive territorial Sanctions. Each Party shall not allow and fully restrict any usage relating to its products and services from persons identified on any Sanctions list, including but not limited to OFAC’s Specially Designated Nationals and Blocked Parties List (the “SDN List”), entities owned 50% or more by any individuals or entities on the SDN List, or individuals or entities that are located in any comprehensively sanctioned country. Each Party shall be responsible for complying with all applicable laws in connection with its use of the products including, but not limited to, U.S. Export Administration Regulations, any other export laws, restrictions, and regulations to ensure that the products and any technical data related thereto is not exported or re-exported, directly or indirectly, in violation of or used for any purposes prohibited by such laws and regulations.
13.7. Compliance with Laws & Data Protection. Each Party will comply with its respective legal obligations in exercising its rights and performing its duties under this Agreement including complying with all applicable international, federal, state and local laws and regulations, including all applicable data privacy, data protection and data security laws and regulations. The Parties agree that, for the purposes of the GDPR and any equivalent data protection laws, there is no controller-processor relationship between Wiz and Partner with regards to either Party’s customers’ personal data shared under this Agreement or personal data of users of the Wiz Partner Portal. In the event the Parties are required to enter into additional agreements to comply with applicable laws, including to put in place adequate data transfer mechanisms such as Standard Contractual Clauses, Partner agrees to execute such additional agreements as needed.
13.8. Waiver, Severability and Modification. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable and will have no effect on the remainder of this Agreement. Any waiver, amendment or other modification of any provision of this Agreement will be effective only if in writing and signed by the Parties.
13.9. Governing Law and Jurisdiction. This Agreement will be governed by and construed in accordance with the laws of New York, not including its law of conflicts of laws. The Parties irrevocably consent to the exclusive jurisdiction of the courts of Manhattan, New York, over any action, suit or proceeding arising hereunder.
13.10. Entire Agreement. This Agreement, including all exhibits or terms that are incorporated herein by reference, constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous understandings or agreements, written or oral, regarding such subject matter, including prior non-disclosure agreements.
13.11. Counterparts. This Agreement may be executed in electronic counterparts, each of which shall be an original and together which shall constitute one and the same instrument.
Effective June 13th 2024 to June 20th 2024
DownloadTable of Contents
WIZ COOPERATION AGREEMENT
This COOPERATION AGREEMENT (the “Agreement”) is entered into on the date of acceptance (the “Effective Date”), by and between:
(1) Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 (the “Wiz”); and
(2) the entity named in the box below (the “Partner”).
Partner Company Name | |
Registered Address | |
Partner Contact | |
Partner Contact Email |
(each, a “Party” and collectively, the “Parties”)
1. COOPERATION
Following the Effective Date, Partner shall be granted access to the Wiz partner portal that may include information about Wiz’s partner programs, products and services, training and enablement, marketing assets and other topics found in the Wiz partner portal (“Wiz Partner Portal”), and the Parties may engage in mutually agreed-upon sales and marketing activities as further described in this Agreement (“Cooperation”).
2. LICENSE
Subject to Partner’s compliance with this Agreement, Wiz hereby grants Partner a non-exclusive, non-transferable, non-sublicensable, revocable, limited right to access and use the Wiz Partner Portal solely for the purposes of the Cooperation as set forth in this Agreement.
3. PROHIBITED USES
3.1. Partner agrees that it will not, and will not permit any third party to, without Wiz’s prior written consent in each case: (a) use the Wiz Partner Portal in any manner not authorized by this Agreement or applicable laws, or in a way that could create an unreasonable risk from a security or data privacy perspective; (b) distribute, lease, license, sublicense or otherwise disseminate the Wiz Partner Portal to any third party; (c) modify, enhance, create derivative works from, reverse engineer, disassemble, decompile or otherwise reduce the Wiz Partner Portal to human-readable form or attempt to derive the source code, methodology, analysis, or results of the Wiz Partner Portal; (d) use the Wiz Partner Portal in a business production mode, as an end-use product, or use any third-party software embedded in or bundled with the Wiz Partner Portal as a standalone program or in any way independently from Wiz Partner Portal, as applicable; (e) use the Wiz Partner Portal for commercial purposes or to test a competitive product; (f) disclose, publish or otherwise make publicly available any benchmark, performance or comparison tests that Partner (or a third party contracted by Partner) runs on the Wiz Partner Portal, in whole or in part; (g) remove, modify, or conceal any product identification, copyright, proprietary, intellectual property notices or other such marks on or within the Wiz Partner Portal; (h) use the Wiz Partner Portal to store or transmit infringing, libelous, or otherwise unlawful or tortious material, to store or transmit material in violation of third-party privacy or intellectual property rights, or to conduct any fraudulent or other unlawful activity; (i) interfere with, disrupt the integrity or performance of, or attempt to gain unauthorized access to the Wiz Partner Portal, its related systems or networks, or any third-party data contained therein; or (j) automatedly crawl or query the Wiz Partner Portal for any purpose or by any means (including screen and database scraping, spiders, robots, crawlers and any other automated activity with the purpose of obtaining information from the Wiz Partner Portal).
3.2. Partner acknowledges and agrees that it shall only provide access to the Wiz Partner Portal to its employees or service providers on a need-to-know basis (“Permitted Users”). Partner will ensure that the Permitted Users comply with the terms of this Agreement and shall be fully responsible for any breach of this Agreement by a Permitted User. Partner and its Permitted Users shall not share user credentials to the Wiz Partner Portal with any third party. Partner will ensure that all Permitted Users keep their login credentials confidential and shall be primarily responsible for any activity carried out using those login credentials. Partner shall promptly notify Wiz upon becoming aware of any breach of this section which shall be grounds for immediate termination of access to the Wiz Partner Portal and this Agreement by Wiz.
3.3. Wiz may refuse Partner’s access to the Wiz Partner Portal, where, acting reasonably and in good faith, Wiz knows or suspects that such access would violate the terms and conditions of this Agreement (including where Wiz knows or suspects that Partner may have been compromised by a malicious actor). In such circumstances, Wiz shall promptly inform Partner in writing of such refusal of access unless prohibited by applicable law or where Wiz reasonably believes that providing such notice poses a risk to the security of its customers or its products or services. Wiz will promptly reinstate Partner’s access and use once the issue has been resolved.
4. TITLE AND OWNERSHIP
4.1. Each Party acknowledges that the other Party and its licensors retain all right, title and interest in and to its respective products including user manuals and other written materials for its products and services and any other materials which are owned by either Party prior to beginning any work under this Agreement and which are not generated in the course of performing this Agreement, including any derivatives, enhancements, improvements or modifications thereof (together “Background Works”) and all intellectual property rights embodied in the Background Works. Except for the limited rights expressly granted herein, this Agreement does not transfer title of a Party’s Background Works from either Party to the other Party or to any third party, and all right, title and interest in and to either Parties’ Background Works will at all times remain solely and exclusively with the respective Party. Neither Party shall take any action inconsistent with such title and ownership.
4.2. Partner acknowledges that Wiz and its licensors retain all right, title and interest in and to the Wiz Partner Portal including any and all materials available in the Wiz Partner Portal, which are considered, among others, Wiz’s Background Works.
4.3. During the course of their relationship, each Party may have opportunity to provide feedback to the other Party regarding the other Party’s products or services. Each Party hereby assigns to the other Party all rights, title to and interest to such feedback it supplies to the other Party, including all intellectual property rights therein, provided that such feedback shall not contain any Confidential Information of the other Party. Each Party agrees to assist the other with and sign any and all documentation to secure those rights.
5. JOINT MARKETING
5.1. The Parties may jointly develop a marketing and promotions plan (the “Marketing Plan”) including to notify each other’s customers of the relationship between the Parties. The Marketing Plan must be mutually agreed upon by both Parties in writing prior to either Party taking any action and each Party will use commercially reasonable efforts to implement the Marketing Plan.
5.2. In furtherance of marketing the products and services of the other Party, each Party shall:
(i) Avoid deceptive, misleading, misrepresentative, illegal, or unethical practices that may be detrimental to the other Party or to the products and services of such other Party;
(ii) Not make any representations, warranties, or guarantees to customers concerning the other Party’s products or services that are inconsistent with or in addition to those made in this Agreement or the Marketing Plan; and
(iii) Comply with all applicable international, federal, state and local laws and regulations, including privacy and data protection laws, in performing marketing activities and its duties with respect to its own products and services.
5.3. Each Party shall obtain the other Party’s prior written approval in each case for all publicity concerning the other Party including, but not limited to, any press release or marketing statements.
5.4. Notwithstanding the foregoing, it is agreed and understood that either Party shall have unrestricted rights to pursue any business or sales opportunity alone or with any third parties. The Parties agree that this Agreement does not authorize or require either Party to sell the other Party’s products.
5.5. To the extent that the Parties share or disclose personal data or information of potential customers (“Prospect Information”) with each other in connection with joint marketing activities under this Agreement: (i) the Privacy Addendum set forth at https://www.wiz.io/legal/privacy-addendum shall apply; (ii) each Party will treat Prospect Information provided by the other as Confidential Information; and (iii) will only share or use such Prospect Information under this Agreement in accordance with the Agreement and applicable laws, including privacy and data protection laws. Without limiting the foregoing, each Party will be solely responsible for any Prospect Information it elects to provide to the other Party, including providing any required notices to, and receiving any required consents and authorizations from, the prospects, and individuals that are the subjects of such Prospect Information.
6. TRADEMARK LICENSE
6.1. Subject to the terms of this Agreement and any additional policies and instructions identified by a Party with respect to the use of its Marks, each Party grants to the other Party and its Affiliates a limited, revocable, non-exclusive, non-transferable, royalty-free license for the Term of this Agreement to use the other Party’s trademarks, trade names and/or logos (“Marks”) solely in connection with performing and in accordance with this Agreement. “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
6.2. Each Party maintains exclusive title to its Marks and retains all rights not explicitly granted by the Agreement. Neither Party will: (i) challenge or take any action which interferes with the other Party’s rights in its Marks; (ii) directly or indirectly use any Marks or any mark or name confusingly similar to any Marks of the other Party, as part of its business names or in any manner except as explicitly authorized by the other Party; (iii) register or attempt to register any trademark, any part of trademark, or any mark or name confusingly similar to any of the other Party’s Marks. Each Party shall have the right to object to and thereby prohibit the use of its Marks on or in any materials at any time in its sole discretion. If the Party owning the Marks notifies the other Party that the use of the Marks is not in compliance with the Mark owner’s policies or is otherwise in breach of this Agreement, then the Party using the Marks will promptly take such reasonable corrective action as directed by the Mark owner. All of the benefit and goodwill associated with the use of the Marks will inure entirely to the Mark owner. Either Party may terminate its trademark license if, in its reasonable discretion, the other Party’s use of one or more of its Marks tarnishes, blurs or dilutes the quality associated with the Marks or the associated goodwill.
7. EXPENSES
Each Party shall bear its own costs and expenses incurred in performing its obligations under this Agreement, unless otherwise agreed by the Parties in writing.
8. LIMITED WARRANTY
Each Party represents and warrants to the other Party that it has the right to enter into this Agreement, and that this Agreement constitutes a valid binding obligation of such Party, enforceable against such Party in accordance with its terms and does not conflict with or violate any agreements such Party has with any third party. WIZ PARTNER PORTAL AND THE CONTENT AND OFFERINGS POSTED THEREON ARE PROVIDED “AS IS” WITHOUT WARRANTY AND PARTNER HEREBY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF PRODUCT LIABILITY, MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY ARISING FROM COURSE OF DEALING OR PERFORMANCE. STATEMENTS AND EXPLANATIONS TO THE WIZ PARTNER PORTAL, IN THE CONTENT, OFFERING, PROMOTIONAL MATERIALS AND THE DOCUMENTATION POSTED ON THE WIZ PARTNER PORTAL ARE MADE FOR EXPLANATORY PURPOSES ONLY. WIZ DOES NOT GIVE ANY WARRANTY, GUARANTEE, REPRESENTATION OR UNDERTAKING AS TO THE UNINTERRUPTED AVAILABILITY OF THE WIZ PARTNER PORTAL.
9. CONFIDENTIALITY
9.1. Each Party and its Affiliates may have access to non-public information of the other Party or its Affiliates, in any form or media, including without limitation, trade secrets and other information related to the products, software, technology, intellectual property, testing results, data, know-how, customers or prospective customers or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). For the avoidance of doubt, all information in the Wiz Partner Portal is considered Wiz’s Confidential Information. In addition, to the extent the Parties share information with each other regarding customers or prospective customers, such information, and the existence of such discussions between the Parties shall be treated as Confidential Information. The receiving Party’s obligations under this section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing Party’s Confidential Information, as evidenced by written records.
9.2. The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. Neither Party shall use or disclose the Confidential Information of the other Party except for as reasonably necessary for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party’s Confidential Information to its and/or its Affiliates’ respective employees, consultants, subcontractors and advisors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement and shall notify the other Party immediately upon becoming aware of any unauthorized access or use of the other Party’s Confidential Information. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing Party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement.
9.3. Unless otherwise agreed by the Parties, upon (a) the disclosing Party’s request (but only if such Confidential Information is not required to exercise a right or perform an obligation under this Agreement); or (b) in any event, termination or expiration of this Agreement, each Party will return or destroy (and certify such destruction upon request of the disclosing Party) the Confidential Information of the other Party, and all copies thereof, in its possession or control, except such Confidential Information as is necessary to continue performing any obligations or exercising any rights that survive termination or expiration of this Agreement or as otherwise required to comply with applicable laws. The obligation to return or destroy all copies of Confidential Information does not extend to automatically generated copies which may still exists on servers and back-ups for a reasonable period in line with industry standards provided that the receiving Party shall make no further use of those copies and that the confidentiality obligations herein shall continue to apply until the Confidential Information is fully destroyed.
9.4. All Confidential Information and any derivatives thereof are and shall remain the exclusive property of the disclosing Party and no rights, interests or license, are granted or implied hereby to have been granted to the receiving Party. Each Party acknowledges and agrees that its products and services contain proprietary information and trade secrets of the owner of the products and services. Each Party will not use any Confidential Information that it gains through use or study of the other Party’s products and services (including the Wiz Partner Portal, as applicable) to facilitate it's or any third party’s development of any software programs or other products that would compete with the other Party’s products and services. Notwithstanding the foregoing, each Party hereby acknowledges and agrees that the other Party may currently or in the future be developing information internally, or receiving information from other parties, that is similar to the Confidential Information of the disclosing Party. Accordingly, nothing in this Agreement will be construed as a representation or agreement that either Party will not develop or have developed products, services, concepts, systems or techniques that are similar to or compete with the products, concepts, systems or techniques contemplated by or embodied in the Confidential Information, provided that the receiving Party does not violate any of its obligations under this Agreement in connection with such development.
9.5. Each Party acknowledges that a breach by the other Party of any confidentiality or proprietary rights provision of this Agreement may cause the non-breaching Party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching Party may seek an action to enjoin the breaching Party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a Party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching Party may be entitled at law or in equity.
10. INDEMNIFICATION
10.1. Each Party (“Indemnifying Party”) will indemnify, defend and hold harmless the other Party, its Affiliates, directors and employees (collectively “Indemnified Party”) against any and all claims made by any third party and all related losses, liabilities, damages, costs and expenses (including without limitation reasonable attorneys’ fees) directly resulting from Indemnifying Party’s violation of any rights of any third party, including without limitation, any intellectual property rights, publicity, confidentiality, property or privacy rights.
10.2. The Indemnified Party will promptly notify Indemnifying Party of any such claims, suits, and proceedings in writing. Indemnifying Party will be given full and complete authority and information for the defense and settlement of the claim provided that Indemnifying Party will have no authority to enter into any settlement or compromise which imposes any obligation or admits any guilt on behalf of Indemnified Party without the prior written consent of Indemnified Party, which shall not be unreasonably withheld. At Indemnifying Party’s request, Indemnified Party will reasonably cooperate with Indemnifying Party in defending or settling any such action.
11. LIMITATION OF LIABILITY
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:
11.1. EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (3) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, AND EXCEPT FOR ANY INDEMNIFICATION OBLIGATIONS HEREIN, NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
11.2. EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (3) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, AND EXCEPT FOR ANY INDEMNIFICATION OBLIGATIONS HEREIN, THE MAXIMUM LIABILITY OF EACH PARTY FOR ALL DAMAGES OR ALLEGED DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, IS LIMITED TO, AND SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, USD $1,000.
12. TERM AND TERMINATION
12.1. Term. Unless terminated earlier as provided herein, the Term of this Agreement shall be one (1) year and will automatically renew for consecutive one (1) year term(s) (together, the “Term”) unless otherwise terminated in accordance with this section.
12.2. Termination for Convenience. This Agreement may be terminated for convenience by a Party providing the other Party seven (7) days prior written notice. Any accrued rights and obligations will survive termination.
12.3. Termination for Cause. Either Party may immediately terminate this Agreement upon notice to the other Party if the other Party: (i) materially breaches this Agreement and, to the extent such breach is curable, fails to cure such breach within 30 days after receiving notice of the breach from the other Party, or (ii) commences bankruptcy or dissolution proceedings, has a receiver appointed for a substantial part of its assets, or ceases to operate in the ordinary course of business. Any accrued rights and obligations will survive termination.
12.4. Effect of termination. Upon expiration or termination of this Agreement (a) all rights and obligations granted to each Party by the other Party hereunder shall immediately cease; (b) neither Party shall have the right to represent itself as a partner of the other Party; (c) each Party shall remove all references of the other Party from its website and marketing materials, and shall cease all use of the other Party’s Marks; and (d) within thirty (30) days, each Party shall, upon request, return to the other Party or destroy all Confidential Information in its possession or control that belong to the other Party and shall certify compliance with this section upon request.
12.5. Survival. Sections 3 (Prohibited Uses), 4 (Title and Ownership), 7 (Expenses), 8 (Limited Warranty), 9 (Confidentiality), 10 (Indemnification), 11 (Limitation of Liability), 12 (Term and Termination) and 13 (Miscellaneous) shall survive termination or expiration of this Agreement.
13. MISCELLANEOUS
13.1. Relationship of Parties. The Parties expressly agree that they are independent contractors under this Agreement and no other relationship is intended, including without limitation a partnership, franchise, joint venture, agency, employer/employee, fiduciary, master/servant relationship, or other special relationship. Neither Party shall have any right or authority to assume, create, or incur any liability or any obligation on behalf of the other Party. Neither Party shall take any action that expresses or implies a relationship other than that of independent contractor.
13.2. No Third-Party Beneficiaries. Unless otherwise expressly provided, no provisions of this Agreement are intended or shall be construed to confer upon or give to any person or entity other than Partner and Wiz any rights, remedies or other benefits under or by reason of this Agreement.
13.3. Notices. All notices which are required to be given pursuant to this Agreement shall be in writing and shall be sent by overnight courier to the address listed on page 1, with receipt acknowledged, or by email with an electronic proof of transmission. In respect of Wiz, notices may be sent by email to legalnotices@wiz.io. Notices shall be deemed to have been delivered at the time delivered by overnight courier and transmitted by email.
13.4. Force Majeure. Nonperformance by either Party will be excused to the extent that performance is rendered impossible by strike, fire, flood, riots, terrorism, governmental acts or orders or restrictions, or any other reason where failure to perform is beyond the reasonable control of the nonperforming Party and not caused by the negligence of the nonperforming Party.
13.5. Assignment. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates, provided in any event that the assignee or successor agrees to be bound by all of the terms and conditions of this Agreement. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns.
13.6. Export. Each Party represents and warrants that such Party, its Affiliates, or any director or officer thereof, is not, and is not owned or controlled by individuals or entities that are: (i) the target of any sanctions administered or enforced by the U.S. Department of the Treasury Office of Foreign Asset Control (“OFAC”), the U.S. State Department or any other U.S. government agency or department, the United Nations Security Council, the European Union or Her Majesty Treasury and/or the target of any Israeli sanctions (collectively, “Sanctions”), or (ii) located, organized or resident in a country or territory that is the subject of comprehensive territorial Sanctions. Each Party shall not allow and fully restrict any usage relating to its products and services from persons identified on any Sanctions list, including but not limited to OFAC’s Specially Designated Nationals and Blocked Parties List (the “SDN List”), entities owned 50% or more by any individuals or entities on the SDN List, or individuals or entities that are located in any comprehensively sanctioned country. Each Party shall be responsible for complying with all applicable laws in connection with its use of the products including, but not limited to, U.S. Export Administration Regulations, any other export laws, restrictions, and regulations to ensure that the products and any technical data related thereto is not exported or re-exported, directly or indirectly, in violation of or used for any purposes prohibited by such laws and regulations.
13.7. Compliance with Laws & Data Protection. Each Party will comply with its respective legal obligations in exercising its rights and performing its duties under this Agreement including complying with all applicable international, federal, state and local laws and regulations, including all applicable data privacy, data protection and data security laws and regulations. The Parties agree that, for the purposes of the GDPR and any equivalent data protection laws, there is no controller-processor relationship between Wiz and Partner with regards to either Party’s customers’ personal data shared under this Agreement or personal data of users of the Wiz Partner Portal. In the event the Parties are required to enter into additional agreements to comply with applicable laws, including to put in place adequate data transfer mechanisms such as Standard Contractual Clauses, Partner agrees to execute such additional agreements as needed.
13.8. Waiver, Severability and Modification. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable and will have no effect on the remainder of this Agreement. Any waiver, amendment or other modification of any provision of this Agreement will be effective only if in writing and signed by the Parties.
13.9. Governing Law and Jurisdiction. This Agreement will be governed by and construed in accordance with the laws of New York, not including its law of conflicts of laws. The Parties irrevocably consent to the exclusive jurisdiction of the courts of Manhattan, New York, over any action, suit or proceeding arising hereunder.
13.10. Entire Agreement. This Agreement, including all exhibits or terms that are incorporated herein by reference, constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous understandings or agreements, written or oral, regarding such subject matter, including prior non-disclosure agreements.
13.11. Counterparts. This Agreement may be executed in electronic counterparts, each of which shall be an original and together which shall constitute one and the same instrument.
Effective February 8th 2024 to June 13th 2024
DownloadTable of Contents
WIZ COOPERATION AGREEMENT
This COOPERATION AGREEMENT (the “Agreement”) is entered into on the date of acceptance (the “Effective Date”), by and between:
(1) Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 (the “Wiz”); and
(2) the entity named in the box below (the “Partner”).
Partner Company Name | |
Registered Address | |
Partner Contact | |
Partner Contact Email |
(each, a “Party” and collectively, the “Parties”)
1. COOPERATION
Following the Effective Date, Partner shall be granted access to the Wiz partner portal that may include information about Wiz’s partner programs, products and services, deal registration, training and enablement, marketing assets and other topics found in the Wiz partner portal (“Wiz Partner Portal”), and the Parties may engage in mutually agreed-upon sales and marketing activities for the purpose of identifying business opportunities for both Parties as further described in this Agreement (“Cooperation”).
2. LICENSE
Subject to Partner’s compliance with this Agreement, Wiz hereby grants Partner a non-exclusive, non-transferable, non-sublicensable, revocable, limited right to access and use the Wiz Partner Portal solely for the purposes of the Cooperation as set forth in this Agreement.
3. PROHIBITED USES
3.1. Partner agrees that it will not, and will not permit any third party to, without Wiz’s prior written consent in each case: (a) use the Wiz Partner Portal in any manner not authorized by this Agreement or applicable laws, or in a way that could create an unreasonable risk from a security or data privacy perspective; (b) distribute, lease, license, sublicense or otherwise disseminate the Wiz Partner Portal to any third party; (c) modify, enhance, create derivative works from, reverse engineer, disassemble, decompile or otherwise reduce the Wiz Partner Portal to human-readable form or attempt to derive the source code, methodology, analysis, or results of the Wiz Partner Portal; (d) use the Wiz Partner Portal in a business production mode, as an end-use product, or use any third-party software embedded in or bundled with the Wiz Partner Portal as a standalone program or in any way independently from Wiz Partner Portal, as applicable; (e) use the Wiz Partner Portal for commercial purposes or to test a competitive product; (f) disclose, publish or otherwise make publicly available any benchmark, performance or comparison tests that Partner (or a third party contracted by Partner) runs on the Wiz Partner Portal, in whole or in part; (g) remove, modify, or conceal any product identification, copyright, proprietary, intellectual property notices or other such marks on or within the Wiz Partner Portal; (h) use the Wiz Partner Portal to store or transmit infringing, libelous, or otherwise unlawful or tortious material, to store or transmit material in violation of third-party privacy or intellectual property rights, or to conduct any fraudulent or other unlawful activity; (i) interfere with, disrupt the integrity or performance of, or attempt to gain unauthorized access to the Wiz Partner Portal, its related systems or networks, or any third-party data contained therein; or (j) automatedly crawl or query the Wiz Partner Portal for any purpose or by any means (including screen and database scraping, spiders, robots, crawlers and any other automated activity with the purpose of obtaining information from the Wiz Partner Portal).
3.2. Partner acknowledges and agrees that it shall only provide access to the Wiz Partner Portal to its employees or service providers on a need-to-know basis (“Permitted Users”). Partner will ensure that the Permitted Users comply with the terms of this Agreement and shall be fully responsible for any breach of this Agreement by a Permitted User. Partner and its Permitted Users shall not share user credentials to the Wiz Partner Portal with any third party. Partner will ensure that all Permitted Users keep their login credentials confidential and shall be primarily responsible for any activity carried out using those login credentials. Partner shall promptly notify Wiz upon becoming aware of any breach of this section which shall be grounds for immediate termination of access to the Wiz Partner Portal and this Agreement by Wiz.
3.3. Wiz may refuse Partner’s access to the Wiz Partner Portal, where, acting reasonably and in good faith, Wiz knows or suspects that such access would violate the terms and conditions of this Agreement (including where Wiz knows or suspects that Partner may have been compromised by a malicious actor). In such circumstances, Wiz shall promptly inform Partner in writing of such refusal of access unless prohibited by applicable law or where Wiz reasonably believes that providing such notice poses a risk to the security of its customers or its products or services. Wiz will promptly reinstate Partner’s access and use once the issue has been resolved.
4. TITLE AND OWNERSHIP
4.1. Each Party acknowledges that the other Party and its licensors retain all right, title and interest in and to its respective products including user manuals and other written materials for its products and services and any other materials which are owned by either Party prior to beginning any work under this Agreement and which are not generated in the course of performing this Agreement, including any derivatives, enhancements, improvements or modifications thereof (together “Background Works”) and all intellectual property rights embodied in the Background Works. Except for the limited rights expressly granted herein, this Agreement does not transfer title of a Party’s Background Works from either Party to the other Party or to any third party, and all right, title and interest in and to either Parties’ Background Works will at all times remain solely and exclusively with the respective Party. Neither Party shall take any action inconsistent with such title and ownership.
4.2. Partner acknowledges that Wiz and its licensors retain all right, title and interest in and to the Wiz Partner Portal including any and all materials available in the Wiz Partner Portal, which are considered, among others, Wiz’s Background Works.
4.3. During the course of their relationship, each Party may have opportunity to provide feedback to the other Party regarding the other Party’s products or services. Each Party hereby assigns to the other Party all rights, title to and interest to such feedback it supplies to the other Party, including all intellectual property rights therein, provided that such feedback shall not contain any Confidential Information of the other Party. Each Party agrees to assist the other with and sign any and all documentation to secure those rights.
5. JOINT MARKETING AND SALES ACTIVITIES
5.1. The Parties may jointly develop a marketing and promotions plan (the “Marketing Plan”) including to notify each other’s customers of the relationship between the Parties and develop qualified sales opportunities. The Marketing Plan must be mutually agreed upon by both Parties in writing prior to either Party taking any action and each Party will use commercially reasonable efforts to implement the Marketing Plan.
5.2. In furtherance of marketing the products and services of the other Party, each Party shall:
(i) Avoid deceptive, misleading, misrepresentative, illegal, or unethical practices that may be detrimental to the other Party or to the products and services of such other Party;
(ii) Not make any representations, warranties, or guarantees to customers concerning the other Party’s products or services that are inconsistent with or in addition to those made in this Agreement or the Marketing Plan; and
(iii) Comply with all applicable international, federal, state and local laws and regulations, including privacy and data protection laws, in performing marketing activities and its duties with respect to its own products and services.
5.3. Each Party shall obtain the other Party’s prior written approval in each case for all publicity concerning the other Party including, but not limited to, any press release, marketing statements or sales materials.
5.4. Notwithstanding the foregoing, it is agreed and understood that either Party shall have unrestricted rights to pursue any business or sales opportunity alone or with any third parties. The Parties agree that this Agreement does not authorize or require either Party to sell the other Party’s products.
5.5. To the extent that the Parties share or disclose personal data or information of potential or actual customers (“Prospect Information”) with each other in connection with joint marketing activities under this Agreement: (i) the Privacy Addendum set forth at https://www.wiz.io/legal/privacy-addendum shall apply; (ii) each Party will treat Prospect Information provided by the other as Confidential Information; and (iii) will only share or use such Prospect Information under this Agreement in accordance with the Agreement and applicable laws, including privacy and data protection laws. Without limiting the foregoing, each Party will be solely responsible for any Prospect Information it elects to provide to the other Party, including providing any required notices to, and receiving any required consents and authorizations from, the prospects, customers and individuals that are the subjects of such Prospect Information.
6. TRADEMARK LICENSE
6.1. Subject to the terms of this Agreement and any additional policies and instructions identified by a Party with respect to the use of its Marks, each Party grants to the other Party and its Affiliates a limited, revocable, non-exclusive, non-transferable, royalty-free license for the Term of this Agreement to use the other Party’s trademarks, trade names and/or logos (“Marks”) solely in connection with performing and in accordance with this Agreement. “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
6.2. Each Party maintains exclusive title to its Marks and retains all rights not explicitly granted by the Agreement. Neither Party will: (i) challenge or take any action which interferes with the other Party’s rights in its Marks; (ii) directly or indirectly use any Marks or any mark or name confusingly similar to any Marks of the other Party, as part of its business names or in any manner except as explicitly authorized by the other Party; (iii) register or attempt to register any trademark, any part of trademark, or any mark or name confusingly similar to any of the other Party’s Marks. Each Party shall have the right to object to and thereby prohibit the use of its Marks on or in any materials at any time in its sole discretion. If the Party owning the Marks notifies the other Party that the use of the Marks is not in compliance with the Mark owner’s policies or is otherwise in breach of this Agreement, then the Party using the Marks will promptly take such reasonable corrective action as directed by the Mark owner. All of the benefit and goodwill associated with the use of the Marks will inure entirely to the Mark owner. Either Party may terminate its trademark license if, in its reasonable discretion, the other Party’s use of one or more of its Marks tarnishes, blurs or dilutes the quality associated with the Marks or the associated goodwill.
7. EXPENSES
Each Party shall bear its own costs and expenses incurred in performing its obligations under this Agreement, unless otherwise agreed by the Parties in writing.
8. LIMITED WARRANTY
Each Party represents and warrants to the other Party that it has the right to enter into this Agreement, and that this Agreement constitutes a valid binding obligation of such Party, enforceable against such Party in accordance with its terms and does not conflict with or violate any agreements such Party has with any third party. WIZ PARTNER PORTAL AND THE CONTENT AND OFFERINGS POSTED THEREON ARE PROVIDED “AS IS” WITHOUT WARRANTY AND PARTNER HEREBY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF PRODUCT LIABILITY, MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY ARISING FROM COURSE OF DEALING OR PERFORMANCE. STATEMENTS AND EXPLANATIONS TO THE WIZ PARTNER PORTAL, IN THE CONTENT, OFFERING, PROMOTIONAL MATERIALS AND THE DOCUMENTATION POSTED ON THE WIZ PARTNER PORTAL ARE MADE FOR EXPLANATORY PURPOSES ONLY. WIZ DOES NOT GIVE ANY WARRANTY, GUARANTEE, REPRESENTATION OR UNDERTAKING AS TO THE UNINTERRUPTED AVAILABILITY OF THE WIZ PARTNER PORTAL.
9. CONFIDENTIALITY
9.1. Each Party and its Affiliates may have access to non-public information of the other Party or its Affiliates, in any form or media, including without limitation, trade secrets and other information related to the products, software, technology, intellectual property, testing results, data, know-how, customers or prospective customers or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). For the avoidance of doubt, all information in the Wiz Partner Portal is considered Wiz’s Confidential Information. In addition, to the extent the Parties share information with each other regarding customers or prospective customers, such information, and the existence of such discussions between the Parties shall be treated as Confidential Information. The receiving Party’s obligations under this section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing Party’s Confidential Information, as evidenced by written records.
9.2. The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. Neither Party shall use or disclose the Confidential Information of the other Party except for as reasonably necessary for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party’s Confidential Information to its and/or its Affiliates’ respective employees, consultants, subcontractors and advisors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement and shall notify the other Party immediately upon becoming aware of any unauthorized access or use of the other Party’s Confidential Information. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing Party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement.
9.3. Unless otherwise agreed by the Parties, upon (a) the disclosing Party’s request (but only if such Confidential Information is not required to exercise a right or perform an obligation under this Agreement); or (b) in any event, termination or expiration of this Agreement, each Party will return or destroy (and certify such destruction upon request of the disclosing Party) the Confidential Information of the other Party, and all copies thereof, in its possession or control, except such Confidential Information as is necessary to continue performing any obligations or exercising any rights that survive termination or expiration of this Agreement or as otherwise required to comply with applicable laws. The obligation to return or destroy all copies of Confidential Information does not extend to automatically generated copies which may still exists on servers and back-ups for a reasonable period in line with industry standards provided that the receiving Party shall make no further use of those copies and that the confidentiality obligations herein shall continue to apply until the Confidential Information is fully destroyed.
9.4. All Confidential Information and any derivatives thereof are and shall remain the exclusive property of the disclosing Party and no rights, interests or license, are granted or implied hereby to have been granted to the receiving Party. Each Party acknowledges and agrees that its products and services contain proprietary information and trade secrets of the owner of the products and services. Each Party will not use any Confidential Information that it gains through use or study of the other Party’s products and services (including the Wiz Partner Portal, as applicable) to facilitate its or any third party’s development of any software programs or other products that would compete with the other Party’s products and services. Notwithstanding the foregoing, each Party hereby acknowledges and agrees that the other Party may currently or in the future be developing information internally, or receiving information from other parties, that is similar to the Confidential Information of the disclosing Party. Accordingly, nothing in this Agreement will be construed as a representation or agreement that either Party will not develop or have developed products, services, concepts, systems or techniques that are similar to or compete with the products, concepts, systems or techniques contemplated by or embodied in the Confidential Information, provided that the receiving Party does not violate any of its obligations under this Agreement in connection with such development.
9.5. Each Party acknowledges that a breach by the other Party of any confidentiality or proprietary rights provision of this Agreement may cause the non-breaching Party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching Party may seek an action to enjoin the breaching Party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a Party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching Party may be entitled at law or in equity.
10. INDEMNIFICATION
10.1. Each Party (“Indemnifying Party”) will indemnify, defend and hold harmless the other Party, its Affiliates, directors and employees (collectively “Indemnified Party”) against any and all claims made by any third party and all related losses, liabilities, damages, costs and expenses (including without limitation reasonable attorneys’ fees) directly resulting from Indemnifying Party’s violation of any rights of any third party, including without limitation, any intellectual property rights, publicity, confidentiality, property or privacy rights.
10.2. The Indemnified Party will promptly notify Indemnifying Party of any such claims, suits, and proceedings in writing. Indemnifying Party will be given full and complete authority and information for the defense and settlement of the claim provided that Indemnifying Party will have no authority to enter into any settlement or compromise which imposes any obligation or admits any guilt on behalf of Indemnified Party without the prior written consent of Indemnified Party, which shall not be unreasonably withheld. At Indemnifying Party’s request, Indemnified Party will reasonably cooperate with Indemnifying Party in defending or settling any such action.
11. LIMITATION OF LIABILITY
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:
11.1. EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (3) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, AND EXCEPT FOR ANY INDEMNIFICATION OBLIGATIONS HEREIN, NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
11.2. EXCEPT FOR ANY DAMAGES ARISING OUT OF A PARTY’S: (1) GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR FRAUDULENT ACT, (2) MISAPPROPRIATION OR OTHERWISE VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR (3) BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREIN, AND EXCEPT FOR ANY INDEMNIFICATION OBLIGATIONS HEREIN, THE MAXIMUM LIABILITY OF EACH PARTY FOR ALL DAMAGES OR ALLEGED DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, IS LIMITED TO, AND SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, USD $1,000.
12. TERM AND TERMINATION
12.1. Term. Unless terminated earlier as provided herein, the Term of this Agreement shall be one (1) year and will automatically renew for consecutive one (1) year term(s) (together, the “Term”) unless otherwise terminated in accordance with this section.
12.2. Termination for Convenience. This Agreement may be terminated for convenience by a Party providing the other Party seven (7) days prior written notice. Any accrued rights and obligations will survive termination.
12.3. Termination for Cause. Either Party may immediately terminate this Agreement upon notice to the other Party if the other Party: (i) materially breaches this Agreement and, to the extent such breach is curable, fails to cure such breach within 30 days after receiving notice of the breach from the other Party, or (ii) commences bankruptcy or dissolution proceedings, has a receiver appointed for a substantial part of its assets, or ceases to operate in the ordinary course of business. Any accrued rights and obligations will survive termination.
12.4. Effect of termination. Upon expiration or termination of this Agreement (a) all rights and obligations granted to each Party by the other Party hereunder shall immediately cease; (b) neither Party shall have the right to represent itself as a partner of the other Party; (c) each Party shall remove all references of the other Party from its website and marketing materials, and shall cease all use of the other Party’s Marks; and (d) within thirty (30) days, each Party shall, upon request, return to the other Party or destroy all Confidential Information in its possession or control that belong to the other Party and shall certify compliance with this section upon request.
12.5. Survival. Sections 3 (Prohibited Uses), 4 (Title and Ownership), 7 (Expenses), 8 (Limited Warranty), 9 (Confidentiality), 10 (Indemnification), 11 (Limitation of Liability), 12 (Term and Termination) and 13 (Miscellaneous) shall survive termination or expiration of this Agreement.
13. MISCELLANEOUS
13.1. Relationship of Parties. The Parties expressly agree that they are independent contractors under this Agreement and no other relationship is intended, including without limitation a partnership, franchise, joint venture, agency, employer/employee, fiduciary, master/servant relationship, or other special relationship. Neither Party shall have any right or authority to assume, create, or incur any liability or any obligation on behalf of the other Party. Neither Party shall take any action that expresses or implies a relationship other than that of independent contractor.
13.2. No Third-Party Beneficiaries. Unless otherwise expressly provided, no provisions of this Agreement are intended or shall be construed to confer upon or give to any person or entity other than Partner and Wiz any rights, remedies or other benefits under or by reason of this Agreement.
13.3. Notices. All notices which are required to be given pursuant to this Agreement shall be in writing and shall be sent by overnight courier to the address listed on page 1, with receipt acknowledged, or by email with an electronic proof of transmission. In respect of Wiz, notices may be sent by email to legalnotices@wiz.io. Notices shall be deemed to have been delivered at the time delivered by overnight courier and transmitted by email.
13.4. Force Majeure. Nonperformance by either Party will be excused to the extent that performance is rendered impossible by strike, fire, flood, riots, terrorism, governmental acts or orders or restrictions, or any other reason where failure to perform is beyond the reasonable control of the nonperforming Party and not caused by the negligence of the nonperforming Party.
13.5. Assignment. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates, provided in any event that the assignee or successor agrees to be bound by all of the terms and conditions of this Agreement. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns.
13.6. Export. Each Party represents and warrants that such Party, its Affiliates, or any director or officer thereof, is not, and is not owned or controlled by individuals or entities that are: (i) the target of any sanctions administered or enforced by the U.S. Department of the Treasury Office of Foreign Asset Control (“OFAC”), the U.S. State Department or any other U.S. government agency or department, the United Nations Security Council, the European Union or Her Majesty Treasury and/or the target of any Israeli sanctions (collectively, “Sanctions”), or (ii) located, organized or resident in a country or territory that is the subject of comprehensive territorial Sanctions. Each Party shall not allow and fully restrict any usage relating to its products and services from persons identified on any Sanctions list, including but not limited to OFAC’s Specially Designated Nationals and Blocked Parties List (the “SDN List”), entities owned 50% or more by any individuals or entities on the SDN List, or individuals or entities that are located in any comprehensively sanctioned country. Each Party shall be responsible for complying with all applicable laws in connection with its use of the products including, but not limited to, U.S. Export Administration Regulations, any other export laws, restrictions, and regulations to ensure that the products and any technical data related thereto is not exported or re-exported, directly or indirectly, in violation of or used for any purposes prohibited by such laws and regulations.
13.7. Compliance with Laws & Data Protection. Each Party will comply with its respective legal obligations in exercising its rights and performing its duties under this Agreement including complying with all applicable international, federal, state and local laws and regulations, including all applicable data privacy, data protection and data security laws and regulations. The Parties agree that, for the purposes of the GDPR and any equivalent data protection laws, there is no controller-processor relationship between Wiz and Partner with regards to either Party’s customers’ personal data shared under this Agreement or personal data of users of the Wiz Partner Portal. In the event the Parties are required to enter into additional agreements to comply with applicable laws, including to put in place adequate data transfer mechanisms such as Standard Contractual Clauses, Partner agrees to execute such additional agreements as needed.
13.8. Waiver, Severability and Modification. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable and will have no effect on the remainder of this Agreement. Any waiver, amendment or other modification of any provision of this Agreement will be effective only if in writing and signed by the Parties.
13.9. Governing Law and Jurisdiction. This Agreement will be governed by and construed in accordance with the laws of New York, not including its law of conflicts of laws. The Parties irrevocably consent to the exclusive jurisdiction of the courts of Manhattan, New York, over any action, suit or proceeding arising hereunder.
13.10. Entire Agreement. This Agreement, including all exhibits or terms that are incorporated herein by reference, constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous understandings or agreements, written or oral, regarding such subject matter, including prior non-disclosure agreements.
13.11. Counterparts. This Agreement may be executed in electronic counterparts, each of which shall be an original and together which shall constitute one and the same instrument.
Master Subscription Agreement
Effective August 27th 2024
DownloadTable of Contents
For any further inquiries, don't hesitate to reach out to us. We appreciate your attention to this update.
Effective June 20th 2024 to August 27th 2024
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
3. Fees.
The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least thirty (30) days’ prior written notice to Customer, to suspend Customer’s access to the Services for non or late payment of any amounts not subject to a good faith dispute. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Direct Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties (“Taxes”). If Customer has purchased a subscription pursuant to the terms hereof from a Partner, all Taxes to be applied to the Fees shall be as agreed between Customer and the Partner. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
4. Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
5. Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Wiz, Customer shall not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products); (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) disclose the results of any testing or benchmarking of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform for any use in competition with Wiz’s Services; (vi) use the Platform in a manner that violates or infringes any rights of any third party; (vii) remove or alter any trademarks or other proprietary notices related to the Platform; or (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations.
6. Customer Data.
6.3 Customer agrees not to process any Protected Health Information or other information that is subject to HIPAA (“HIPAA Data”) via the Services unless Customer has entered into a Business Associate Agreement (“BAA”) with Wiz. Wiz’s Business Associate Agreement shall be provided to Customer upon request. Unless a BAA is in place, Wiz will have no liability under this Agreement for HIPAA Data, notwithstanding anything to the contrary in this Agreement or in HIPAA. Upon mutual execution of the BAA, the BAA is incorporated by reference into this Agreement.
7.1 Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise.
7.2 Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer including product usage and support metrics, logs and findings, threat intelligence or threat actor data and potentially malicious artifacts scanned or generated by the Services (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services, in each case without derogating from Wiz's confidentiality, data and security obligations hereunder and without identifying Customer or Customer Data to other customers or third parties which are not deemed Authorized Recipients under this Agreement. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized in accordance with applicable laws (“Anonymized Data”).
7.3 Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
7.4 Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
7.5 AI Features. From time to time, Wiz may make available certain functionalities that allow Customer to utilize artificial intelligence, machine learning, or similar technologies through the Platform in connection with the Services’ processing of Customer Data (the “AI Features”). Customer’s use of such AI Features is optional. If Customer elects to use AI Features, Customer Data will not be used to train or improve third-party foundation models without Customer’s prior written consent. Customer or its Permitted Users may provide input, including Customer Data, for use with the AI Features (“AI Input”) and receive output generated and returned by the AI Features based on the AI Input (“AI Output”). Other customers providing similar AI Input to the Al Features may receive the same or similar AI Output. Customer acknowledges and agrees that Customer is responsible for reviewing and validating AI Output for its needs and technical environment before electing to use AI Output. Customer agrees to comply with any applicable AI Feature restrictions described in the Documentation. NOTWITHSTANDING ANY CONTRARY PROVISION HEREIN, WIZ DOES NOT REPRESENT OR WARRANT THAT THE AI OUTPUT WILL BE ACCURATE, COMPLETE, ERROR-FREE, OR FIT FOR A PARTICULAR PURPOSE.
9. Warranties. Each Party represents and warrants that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; and that the execution and performance of this Agreement will not conflict with other agreements to which it is bound or violate applicable law.
All written or oral comments, ideas, suggestions made by Customer to Wiz regarding the Services (including user experience, functionality, and performance of the Services; collectively, “Feedback”) may be freely utilized by Wiz without attribution or compensation of any kind to Customer. Feedback shall not include any Customer Confidential Information, and Wiz shall not disclose the source of any Feedback.
12. LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, and/or (b) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON-INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
13. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT:
(A) EXCEPT AS TO EXCLUDED CLAIMS (DEFINED BELOW) AND SUBJECT TO SUBSECTION (C) BELOW, NEITHER PARTY NOR ITS AFFILIATES SHALL BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OFREVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.
(B) EXCEPT AS TO EXCLUDED CLAIMS AND EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE), SHALL NOT EXCEED THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“GENERAL LIABILITY CAP”).
(C) IN THE CASE OF PROTECTED INFORMATION CLAIMS (DEFINED BELOW), EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) SHALL NOT EXCEED TWO TIMES (2X) THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“EXPANDED LIABILITY CAP”).
(D) THE PARTIES AGREE THAT SECTION 13 WILL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
(E) “EXCLUDED CLAIMS” MEANS (I) WIZ’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER SECTION 14 FOR IP INFRINGEMENT CLAIMS; AND/OR (II) ANY DAMAGES ARISING FROM EITHER PARTY’S GROSS NEGLIGENCE AND/OR WILFUL MISCONDUCT; AND/OR (III) ANY OTHER LIABILITY WHICH CANNOT BE LIMITED BY LAW. “PROTECTED INFORMATION CLAIMS” MEANS ANY DAMAGES ARISING FROM A PARTY’S BREACH OF SECTION 6 (CUSTOMER DATA), SECTION 8 (SECURITY), AND/OR SECTION 11 (CONFIDENTIALITY).
14. Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
15. Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 16, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
16. Termination. Either Party may terminate an Order and/or this Agreement for cause with immediate effect if (a) the other Party breaches any material term or condition of an Order and/or this Agreement, and (b) such breach remains uncured thirty (30) days after the breaching Party receives written notice thereof. Upon termination or expiration of this Agreement and/or an Order: (i) all rights granted to Customer in the Platform shall expire, and Customer shall discontinue any further use and access thereof including deinstalling any Wiz provided software; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; (iii) Wiz shall make available any Customer Data in Wiz’s possession available for Customer to download via the Platform for up to 90 days; and (iv)in the event of termination by Customer for cause, Customer shall receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. Thereafter, Wiz shall delete such Customer Data, provided that Wiz may retain Customer Data (a) stored in backups for a limited period of time in accordance with its industry standard customer deletion and backup policy or (b) as otherwise required by applicable law, and in either case, any Customer Data so retained shall remain subject to the confidentiality, privacy and security obligations in this Agreement. Section5 (Prohibited Uses), Section 6 (Customer Data),Section 7 (Additional Service Terms). Section 8 (Security), Section 10 (Intellectual Property), Section 11 (Confidentiality),Section 12 (Limited Warranties), Section13 (Limitation of Liability), Section 16 (Termination), Section 20 (Contracting Entity) and Section 21 (Miscellaneous) shall survive termination or expiration of this Agreement for any reason.
17. Customer Reference. Unless stated otherwise in an Order, Wiz shall not use Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites or public marketing materials without Customer’s prior written consent.
18. Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
19. Insurance. Wiz agrees to maintain no less than the following amounts of insurance during the Term of this Agreement: (a)
$2,000,000 USD in commercial general liability (or equivalent), per occurrence and in the aggregate; (b) $5,000,000 USD in technology errors and omissions/professional liability combined with cyber liability insurance, per occurrence and in the aggregate. All insurance policies will be issued by insurance companies with an AM Best Rating of no less than A-VII. Upon receipt of a written request, Wiz will provide Customer with a copy of its certificate of insurance evidencing the foregoing coverage.
20. Contracting Entity. For the purposes of this Agreement “Wiz” means Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 52nd Floor, New York, NY 10001 or its Affiliates, as applicable. For clarity, unless a Direct Order specifies otherwise, the Wiz entity contracting with Customer hereunder will be (i) Wiz, Inc., if Customer is located outside of the UK or Europe or is purchasing via a cloud service provider marketplace; or (ii) Wiz Cloud Limited, a private limited company under the laws of England and Wales, if Customer is located in the UK or Europe and not purchasing via a cloud service provider.
21. Miscellaneous. This Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof and may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. Except as otherwise provided in this introductory paragraph to this Agreement, this Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings, agreements and statements by the Parties with respect to such subject matter (for the sake of clarity, if Customer is purchasing a commercial subscription to the Services and the Parties have not entered into a separate MSA, then this Agreement supersedes and replaces any prior POV Agreements).
Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably with held or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the State of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities' actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective April 18th 2024 to June 20th 2024
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
3. Fees.
The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least thirty (30) days’ prior written notice to Customer, to suspend Customer’s access to the Services for non or late payment of any amounts not subject to a good faith dispute. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Direct Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties (“Taxes”). If Customer has purchased a subscription pursuant to the terms hereof from a Partner, all Taxes to be applied to the Fees shall be as agreed between Customer and the Partner. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
4. Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
5. Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Wiz, Customer shall not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products); (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) disclose the results of any testing or benchmarking of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform for any use in competition with Wiz’s Services; (vi) use the Platform in a manner that violates or infringes any rights of any third party; (vii) remove or alter any trademarks or other proprietary notices related to the Platform; or (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations.
6. Customer Data.
6.3 Customer agrees not to process any Protected Health Information or other information that is subject to HIPAA (“HIPAA Data”) via the Services unless Customer has entered into a Business Associate Agreement (“BAA”) with Wiz. Wiz’s Business Associate Agreement shall be provided to Customer upon request. Unless a BAA is in place, Wiz will have no liability under this Agreement for HIPAA Data, notwithstanding anything to the contrary in this Agreement or in HIPAA. Upon mutual execution of the BAA, the BAA is incorporated by reference into this Agreement.
7.1 Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise.
7.2 Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer including product usage and support metrics, logs and findings, threat intelligence or threat actor data and potentially malicious artifacts scanned or generated by the Services (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services, in each case without derogating from Wiz's confidentiality, data and security obligations hereunder and without identifying Customer or Customer Data to other customers or third parties which are not deemed Authorized Recipients under this Agreement. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized in accordance with applicable laws (“Anonymized Data”).
7.3 Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
7.4 Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
7.5 AI Features. From time to time, Wiz may make available certain functionalities that allow Customer to utilize artificial intelligence, machine learning, or similar technologies through the Platform in connection with the Services’ processing of Customer Data (the “AI Features”). Customer’s use of such AI Features is optional. If Customer elects to use AI Features, Customer Data will not be used to train or improve third-party foundation models without Customer’s prior written consent. Customer or its Permitted Users may provide input, including Customer Data, for use with the AI Features (“AI Input”) and receive output generated and returned by the AI Features based on the AI Input (“AI Output”). Other customers providing similar AI Input to the Al Features may receive the same or similar AI Output. Customer acknowledges and agrees that Customer is responsible for reviewing and validating AI Output for its needs and technical environment before electing to use AI Output. Customer agrees to comply with any applicable AI Feature restrictions described in the Documentation. NOTWITHSTANDING ANY CONTRARY PROVISION HEREIN, WIZ DOES NOT REPRESENT OR WARRANT THAT THE AI OUTPUT WILL BE ACCURATE, COMPLETE, ERROR-FREE, OR FIT FOR A PARTICULAR PURPOSE.
9. Warranties. Each Party represents and warrants that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; and that the execution and performance of this Agreement will not conflict with other agreements to which it is bound or violate applicable law.
All written or oral comments, ideas, suggestions made by Customer to Wiz regarding the Services (including user experience, functionality, and performance of the Services; collectively, “Feedback”) may be freely utilized by Wiz without attribution or compensation of any kind to Customer. Feedback shall not include any Customer Confidential Information, and Wiz shall not disclose the source of any Feedback.
12. LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, and/or (b) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON-INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
13. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT:
(A) EXCEPT AS TO EXCLUDED CLAIMS (DEFINED BELOW) AND SUBJECT TO SUBSECTION (C) BELOW, NEITHER PARTY NOR ITS AFFILIATES SHALL BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OFREVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.
(B) EXCEPT AS TO EXCLUDED CLAIMS AND EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE), SHALL NOT EXCEED THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“GENERAL LIABILITY CAP”).
(C) IN THE CASE OF PROTECTED INFORMATION CLAIMS (DEFINED BELOW), EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) SHALL NOT EXCEED TWO TIMES (2X) THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“EXPANDED LIABILITY CAP”).
(D) THE PARTIES AGREE THAT SECTION 13 WILL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
(E) “EXCLUDED CLAIMS” MEANS (I) WIZ’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER SECTION 14 FOR IP INFRINGEMENT CLAIMS; AND/OR (II) ANY DAMAGES ARISING FROM EITHER PARTY’S GROSS NEGLIGENCE AND/OR WILFUL MISCONDUCT; AND/OR (III) ANY OTHER LIABILITY WHICH CANNOT BE LIMITED BY LAW. “PROTECTED INFORMATION CLAIMS” MEANS ANY DAMAGES ARISING FROM A PARTY’S BREACH OF SECTION 6 (CUSTOMER DATA), SECTION 8 (SECURITY), AND/OR SECTION 11 (CONFIDENTIALITY).
14. Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
15. Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 16, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
16. Termination. Either Party may terminate an Order and/or this Agreement for cause with immediate effect if (a) the other Party breaches any material term or condition of an Order and/or this Agreement, and (b) such breach remains uncured thirty (30) days after the breaching Party receives written notice thereof. Upon termination or expiration of this Agreement and/or an Order: (i) all rights granted to Customer in the Platform shall expire, and Customer shall discontinue any further use and access thereof including deinstalling any Wiz provided software; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; (iii) Wiz shall make available any Customer Data in Wiz’s possession available for Customer to download via the Platform for up to 90 days; and (iv)in the event of termination by Customer for cause, Customer shall receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. Thereafter, Wiz shall delete such Customer Data, provided that Wiz may retain Customer Data (a) stored in backups for a limited period of time in accordance with its industry standard customer deletion and backup policy or (b) as otherwise required by applicable law, and in either case, any Customer Data so retained shall remain subject to the confidentiality, privacy and security obligations in this Agreement. Section5 (Prohibited Uses), Section 6 (Customer Data),Section 7 (Additional Service Terms). Section 8 (Security), Section 10 (Intellectual Property), Section 11 (Confidentiality),Section 12 (Limited Warranties), Section13 (Limitation of Liability), Section 16 (Termination), Section 20 (Contracting Entity) and Section 21 (Miscellaneous) shall survive termination or expiration of this Agreement for any reason.
17. Customer Reference. Unless stated otherwise in an Order, Wiz shall not use Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites or public marketing materials without Customer’s prior written consent.
18. Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
19. Insurance. Wiz agrees to maintain no less than the following amounts of insurance during the Term of this Agreement: (a)
$2,000,000 USD in commercial general liability (or equivalent), per occurrence and in the aggregate; (b) $5,000,000 USD in technology errors and omissions/professional liability combined with cyber liability insurance, per occurrence and in the aggregate. All insurance policies will be issued by insurance companies with an AM Best Rating of no less than A-VII. Upon receipt of a written request, Wiz will provide Customer with a copy of its certificate of insurance evidencing the foregoing coverage.
20. Contracting Entity. For the purposes of this Agreement “Wiz” means Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 or its Affiliates, as applicable. For clarity, unless a Direct Order specifies otherwise, the Wiz entity contracting with Customer hereunder will be (i) Wiz, Inc., if Customer is located outside of the UK or Europe or is purchasing via a cloud service provider marketplace; or (ii) Wiz Cloud Limited, a private limited company under the laws of England and Wales, if Customer is located in the UK or Europe and not purchasing via a cloud service provider.
21. Miscellaneous. This Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof and may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. Except as otherwise provided in this introductory paragraph to this Agreement, this Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings, agreements and statements by the Parties with respect to such subject matter (for the sake of clarity, if Customer is purchasing a commercial subscription to the Services and the Parties have not entered into a separate MSA, then this Agreement supersedes and replaces any prior POV Agreements).
Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably with held or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the State of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities' actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective March 3rd 2024 to April 18th 2024
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
3. Fees.
The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least thirty (30) days’ prior written notice to Customer, to suspend Customer’s access to the Services for non or late payment of any amounts not subject to a good faith dispute. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Direct Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties (“Taxes”). If Customer has purchased a subscription pursuant to the terms hereof from a Partner, all Taxes to be applied to the Fees shall be as agreed between Customer and the Partner. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
4. Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
5. Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Wiz, Customer shall not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products); (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) disclose the results of any testing or benchmarking of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform for any use in competition with Wiz’s Services; (vi) use the Platform in a manner that violates or infringes any rights of any third party; (vii) remove or alter any trademarks or other proprietary notices related to the Platform; or (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations.
6. Customer Data.
6.3 Customer agrees not to process any Protected Health Information or other information that is subject to HIPAA (“HIPAA Data”) via the Services unless Customer has entered into a Business Associate Agreement (“BAA”) with Wiz. Wiz’s Business Associate Agreement shall be provided to Customer upon request. Unless a BAA is in place, Wiz will have no liability under this Agreement for HIPAA Data, notwithstanding anything to the contrary in this Agreement or in HIPAA. Upon mutual execution of the BAA, the BAA is incorporated by reference into this Agreement.
7.1 Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise.
7.2 Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer including product usage metrics and findings generated by the Platform (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services and to fulfill legal obligations. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized and/or aggregated, provided that such data does not in any way identify and cannot be reasonably associated with Customer, its Affiliates, Permitted Users or any individuals connected to Customer or Customer Confidential Information (“Anonymized Data”).
7.3 Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
7.4 Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
7.5 AI Features. From time to time, Wiz may make available certain functionalities that allow Customer to utilize artificial intelligence, machine learning, or similar technologies through the Platform in connection with the Services’ processing of Customer Data (the “AI Features”). Customer’s use of such AI Features is optional. If Customer elects to use AI Features, Customer Data will not be used to train or improve third-party foundation models without Customer’s prior written consent. Customer or its Permitted Users may provide input, including Customer Data, for use with the AI Features (“AI Input”) and receive output generated and returned by the AI Features based on the AI Input (“AI Output”). Other customers providing similar AI Input to the Al Features may receive the same or similar AI Output. Customer acknowledges and agrees that Customer is responsible for reviewing and validating AI Output for its needs and technical environment before electing to use AI Output. Customer agrees to comply with any applicable AI Feature restrictions described in the Documentation. NOTWITHSTANDING ANY CONTRARY PROVISION HEREIN, WIZ DOES NOT REPRESENT OR WARRANT THAT THE AI OUTPUT WILL BE ACCURATE, COMPLETE, ERROR-FREE, OR FIT FOR A PARTICULAR PURPOSE.
8. Security. The Parties shall comply with the Wiz Security Addendum which is available at https://www.wiz.io/legal/security-addendum (“Security Addendum”)
9. Warranties. Each Party represents and warrants that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; and that the execution and performance of this Agreement will not conflict with other agreements to which it is bound or violate applicable law.
All written or oral comments, ideas, suggestions made by Customer to Wiz regarding the Services (including user experience, functionality, and performance of the Services; collectively, “Feedback”) may be freely utilized by Wiz without attribution or compensation of any kind to Customer. Feedback shall not include any Customer Confidential Information, and Wiz shall not disclose the source of any Feedback.
12. LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, and/or (b) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON-INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
13. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT:
(A) EXCEPT AS TO EXCLUDED CLAIMS (DEFINED BELOW) AND SUBJECT TO SUBSECTION (C) BELOW, NEITHER PARTY NOR ITS AFFILIATES SHALL BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OFREVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.
(B) EXCEPT AS TO EXCLUDED CLAIMS AND EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE), SHALL NOT EXCEED THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“GENERAL LIABILITY CAP”).
(C) IN THE CASE OF PROTECTED INFORMATION CLAIMS (DEFINED BELOW), EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) SHALL NOT EXCEED TWO TIMES (2X) THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“EXPANDED LIABILITY CAP”).
(D) THE PARTIES AGREE THAT SECTION 13 WILL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
(E) “EXCLUDED CLAIMS” MEANS (I) WIZ’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER SECTION 14 FOR IP INFRINGEMENT CLAIMS; AND/OR (II) ANY DAMAGES ARISING FROM EITHER PARTY’S GROSS NEGLIGENCE AND/OR WILFUL MISCONDUCT; AND/OR (III) ANY OTHER LIABILITY WHICH CANNOT BE LIMITED BY LAW. “PROTECTED INFORMATION CLAIMS” MEANS ANY DAMAGES ARISING FROM A PARTY’S BREACH OF SECTION 6 (CUSTOMER DATA), SECTION 8 (SECURITY), AND/OR SECTION 11 (CONFIDENTIALITY).
14. Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
15. Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 16, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
16. Termination. Either Party may terminate an Order and/or this Agreement for cause with immediate effect if (a) the other Party breaches any material term or condition of an Order and/or this Agreement, and (b) such breach remains uncured thirty (30) days after the breaching Party receives written notice thereof. Upon termination or expiration of this Agreement and/or an Order: (i) all rights granted to Customer in the Platform shall expire, and Customer shall discontinue any further use and access thereof including deinstalling any Wiz provided software; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; (iii) Wiz shall make available any Customer Data in Wiz’s possession available for Customer to download via the Platform for up to 90 days; and (iv)in the event of termination by Customer for cause, Customer shall receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. Thereafter, Wiz shall delete such Customer Data, provided that Wiz may retain Customer Data (a) stored in backups for a limited period of time in accordance with its industry standard customer deletion and backup policy or (b) as otherwise required by applicable law, and in either case, any Customer Data so retained shall remain subject to the confidentiality, privacy and security obligations in this Agreement. Section5 (Prohibited Uses), Section 6 (Customer Data),Section 7 (Additional Service Terms). Section 8 (Security), Section 10 (Intellectual Property), Section 11 (Confidentiality),Section 12 (Limited Warranties), Section13 (Limitation of Liability), Section 16 (Termination), Section 20 (Contracting Entity) and Section 21 (Miscellaneous) shall survive termination or expiration of this Agreement for any reason.
17. Customer Reference. Unless stated otherwise in an Order, Wiz shall not use Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites or public marketing materials without Customer’s prior written consent.
18. Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
19. Insurance. Wiz agrees to maintain no less than the following amounts of insurance during the term of this Agreement: (a)
$2,000,000 USD in commercial general liability, per occurrence and in the aggregate; (b) $5,000,000 USD in technology errors and omissions/professional liability, per occurrence and in the aggregate, which may be combined with cyber liability; and (c) $5,000,000 USD in cyber-liability insurance, per occurrence and in the aggregate, which may be combined with technology errors and omissions/professional liability. All insurance policies will be issued by insurance companies with an AM Best Rating of no less than A-VII. Upon receipt of a written request, Wiz will provide Customer with a copy of its certificate of insurance evidencing the foregoing coverage.
20. Contracting Entity. For the purposes of this Agreement “Wiz” means Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 or its Affiliates, as applicable. For clarity, unless a Direct Order specifies otherwise, the Wiz entity contracting with Customer hereunder will be (i) Wiz, Inc., if Customer is located outside of the UK or Europe or is purchasing via a cloud service provider marketplace; or (ii) Wiz Cloud Limited, a private limited company under the laws of England and Wales, if Customer is located in the UK or Europe and not purchasing via a cloud service provider.
21. Miscellaneous. This Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof and may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. Except as otherwise provided in this introductory paragraph to this Agreement, this Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings, agreements and statements by the Parties with respect to such subject matter (for the sake of clarity, if Customer is purchasing a commercial subscription to the Services and the Parties have not entered into a separate MSA, then this Agreement supersedes and replaces any prior POV Agreements).
Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably with held or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the State of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective February 7th 2024 to March 3rd 2024
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least thirty (30) days’ prior written notice to Customer, to suspend Customer’s access to the Services for non or late payment of any amounts not subject to a good faith dispute. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Direct Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties (“Taxes”). If Customer has purchased a subscription pursuant to the terms hereof from a Partner, all Taxes to be applied to the Fees shall be as agreed between Customer and the Partner. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
4. Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
5. Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Wiz, Customer shall not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products); (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) disclose the results of any testing or benchmarking of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform for any use in competition with Wiz’s Services; (vi) use the Platform in a manner that violates or infringes any rights of any third party; (vii) remove or alter any trademarks or other proprietary notices related to the Platform; or (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations.
6. Customer Data.
6.3 Customer agrees not to process any Protected Health Information or other information that is subject to HIPAA (“HIPAA Data”) via the Services unless Customer has entered into a Business Associate Agreement (“BAA”) with Wiz. Wiz’s Business Associate Agreement shall be provided to Customer upon request. Unless a BAA is in place, Wiz will have no liability under this Agreement for HIPAA Data, notwithstanding anything to the contrary in this Agreement or in HIPAA. Upon mutual execution of the BAA, the BAA is incorporated by reference into this Agreement.
7.1 Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise.
7.2 Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer including product usage metrics and findings generated by the Platform (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services and to fulfill legal obligations. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized and/or aggregated, provided that such data does not in any way identify and cannot be reasonably associated with Customer, its Affiliates, Permitted Users or any individuals connected to Customer or Customer Confidential Information (“Anonymized Data”).
7.3 Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
7.4 Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
7.5 AI Features. From time to time, Wiz may make available certain functionalities that allow Customer to utilize artificial intelligence, machine learning, or similar technologies through the Platform in connection with the Services’ processing of Customer Data (the “AI Features”). Customer’s use of such AI Features is optional. If Customer elects to use AI Features, Customer Data will not be used to train or improve third-party foundation models without Customer’s prior written consent. Customer or its Permitted Users may provide input, including Customer Data, for use with the AI Features (“AI Input”) and receive output generated and returned by the AI Features based on the AI Input (“AI Output”). Other customers providing similar AI Input to the Al Features may receive the same or similar AI Output. Customer acknowledges and agrees that Customer is responsible for reviewing and validating AI Output for its needs and technical environment before electing to use AI Output. Customer agrees to comply with any applicable AI Feature restrictions described in the Documentation. NOTWITHSTANDING ANY CONTRARY PROVISION HEREIN, WIZ DOES NOT REPRESENT OR WARRANT THAT THE AI OUTPUT WILL BE ACCURATE, COMPLETE, ERROR-FREE, OR FIT FOR A PARTICULAR PURPOSE.
8. Security. The Parties shall comply with the Wiz Security Addendum which is available at https://www.wiz.io/legal/security-addendum (“Security Addendum”)
9. Warranties. Each Party represents and warrants that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; and that the execution and performance of this Agreement will not conflict with other agreements to which it is bound or violate applicable law.
All written or oral comments, ideas, suggestions made by Customer to Wiz regarding the Services (including user experience, functionality, and performance of the Services; collectively, “Feedback”) may be freely utilized by Wiz without attribution or compensation of any kind to Customer. Feedback shall not include any Customer Confidential Information, and Wiz shall not disclose the source of any Feedback.
12. LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, and/or (b) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON-INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
13. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT:
(A) EXCEPT AS TO EXCLUDED CLAIMS (DEFINED BELOW) AND SUBJECT TO SUBSECTION (C) BELOW, NEITHER PARTY NOR ITS AFFILIATES SHALL BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OFREVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.
(B) EXCEPT AS TO EXCLUDED CLAIMS AND EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE), SHALL NOT EXCEED THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“GENERAL LIABILITY CAP”).
(C) IN THE CASE OF PROTECTED INFORMATION CLAIMS (DEFINED BELOW), EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) SHALL NOT EXCEED TWO TIMES (2X) THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“EXPANDED LIABILITY CAP”).
(D) THE PARTIES AGREE THAT SECTION 13 WILL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
(E) “EXCLUDED CLAIMS” MEANS (I) WIZ’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER SECTION 14 FOR IP INFRINGEMENT CLAIMS; AND/OR (II) ANY DAMAGES ARISING FROM EITHER PARTY’S GROSS NEGLIGENCE AND/OR WILFUL MISCONDUCT; AND/OR (III) ANY OTHER LIABILITY WHICH CANNOT BE LIMITED BY LAW. “PROTECTED INFORMATION CLAIMS” MEANS ANY DAMAGES ARISING FROM A PARTY’S BREACH OF SECTION 6 (CUSTOMER DATA), SECTION 8 (SECURITY), AND/OR SECTION 11 (CONFIDENTIALITY).
14. Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
15. Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 16, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
16. Termination. Either Party may terminate an Order and/or this Agreement for cause with immediate effect if (a) the other Party breaches any material term or condition of an Order and/or this Agreement, and (b) such breach remains uncured thirty (30) days after the breaching Party receives written notice thereof. Upon termination or expiration of this Agreement and/or an Order: (i) all rights granted to Customer in the Platform shall expire, and Customer shall discontinue any further use and access thereof including deinstalling any Wiz provided software; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; (iii) Wiz shall make available any Customer Data in Wiz’s possession available for Customer to download via the Platform for up to 90 days; and (iv)in the event of termination by Customer for cause, Customer shall receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. Thereafter, Wiz shall delete such Customer Data, provided that Wiz may retain Customer Data (a) stored in backups for a limited period of time in accordance with its industry standard customer deletion and backup policy or (b) as otherwise required by applicable law, and in either case, any Customer Data so retained shall remain subject to the confidentiality, privacy and security obligations in this Agreement. Section5 (Prohibited Uses), Section 6 (Customer Data),Section 7 (Additional Service Terms). Section 8 (Security), Section 10 (Intellectual Property), Section 11 (Confidentiality),Section 12 (Limited Warranties), Section13 (Limitation of Liability), Section 16 (Termination), Section 20 (Contracting Entity) and Section 21 (Miscellaneous) shall survive termination or expiration of this Agreement for any reason.
17. Customer Reference. Unless stated otherwise in an Order, Wiz shall not use Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites or public marketing materials without Customer’s prior written consent.
18. Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
19. Insurance. Wiz agrees to maintain no less than the following amounts of insurance during the term of this Agreement: (a)
$2,000,000 USD in commercial general liability, per occurrence and in the aggregate; (b) $5,000,000 USD in technology errors and omissions/professional liability, per occurrence and in the aggregate, which may be combined with cyber liability; and (c) $5,000,000 USD in cyber-liability insurance, per occurrence and in the aggregate, which may be combined with technology errors and omissions/professional liability. All insurance policies will be issued by insurance companies with an AM Best Rating of no less than A-VII. Upon receipt of a written request, Wiz will provide Customer with a copy of its certificate of insurance evidencing the foregoing coverage.
20. Contracting Entity. For the purposes of this Agreement “Wiz” means Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 or its Affiliates, as applicable. For clarity, unless a Direct Order specifies otherwise, the Wiz entity contracting with Customer hereunder will be (i) Wiz, Inc., if Customer is located outside of the UK or Europe or is purchasing via a cloud service provider marketplace; or (ii) Wiz Cloud Limited, a private limited company under the laws of England and Wales, if Customer is located in the UK or Europe and not purchasing via a cloud service provider.
21. Miscellaneous. This Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof and may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. Except as otherwise provided in this introductory paragraph to this Agreement, this Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings, agreements and statements by the Parties with respect to such subject matter (for the sake of clarity, if Customer is purchasing a commercial subscription to the Services and the Parties have not entered into a separate MSA, then this Agreement supersedes and replaces any prior POV Agreements).
Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably with held or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the State of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective February 7th 2024 to February 7th 2024
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least thirty (30) days’ prior written notice to Customer, to suspend Customer’s access to the Services for non or late payment of any amounts not subject to a good faith dispute. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Direct Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties (“Taxes”). If Customer has purchased a subscription pursuant to the terms hereof from a Partner, all Taxes to be applied to the Fees shall be as agreed between Customer and the Partner. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
4. Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
5. Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Wiz, Customer shall not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products); (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) disclose the results of any testing or benchmarking of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform for any use in competition with Wiz’s Services; (vi) use the Platform in a manner that violates or infringes any rights of any third party; (vii) remove or alter any trademarks or other proprietary notices related to the Platform; or (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations.
6. Customer Data.
6.1 As between the parties, Customer owns and retains all right, title and interest (including all intellectual property rights) in and to any data or information that originates, resides on, or is otherwise processed through Customer's systems and processed by Wiz in the provision of the Services (“Customer Data”). Customer has exclusive control and responsibility for determining what Customer Data it and its Permitted Users submit into the Services and for obtaining all necessary rights, consents and permissions for submission of Customer Data and processing instructions to Wiz. Customer hereby grants to Wiz a non-exclusive, worldwide, royalty-free right to use Customer Data to provide the Services and perform its obligations under this Agreement.
6.3 Customer agrees not to process any Protected Health Information or other information that is subject to HIPAA (“HIPAA Data”) via the Services unless Customer has entered into a Business Associate Agreement (“BAA”) with Wiz. Wiz’s Business Associate Agreement shall be provided to Customer upon request. Unless a BAA is in place, Wiz will have no liability under this Agreement for HIPAA Data, notwithstanding anything to the contrary in this Agreement or in HIPAA. Upon mutual execution of the BAA, the BAA is incorporated by reference into this Agreement.
7.1 Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise.
7.2 Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer including product usage metrics and findings generated by the Platform (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services and to fulfill legal obligations. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized and/or aggregated, provided that such data does not in any way identify and cannot be reasonably associated with Customer, its Affiliates, Permitted Users or any individuals connected to Customer or Customer Confidential Information (“Anonymized Data”).
7.3 Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
7.4 Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
7.5 AI Features. From time to time, Wiz may make available certain functionalities that allow Customer to utilize artificial intelligence, machine learning, or similar technologies through the Platform in connection with the Services’ processing of Customer Data (the “AI Features”). Customer’s use of such AI Features is optional. If Customer elects to use AI Features, Customer Data will not be used to train or improve third-party foundation models without Customer’s prior written consent. Customer or its Permitted Users may provide input, including Customer Data, for use with the AI Features (“AI Input”) and receive output generated and returned by the AI Features based on the AI Input (“AI Output”). Other customers providing similar AI Input to the Al Features may receive the same or similar AI Output. Customer acknowledges and agrees that Customer is responsible for reviewing and validating AI Output for its needs and technical environment before electing to use AI Output. Customer agrees to comply with any applicable AI Feature restrictions described in the Documentation. NOTWITHSTANDING ANY CONTRARY PROVISION HEREIN, WIZ DOES NOT REPRESENT OR WARRANT THAT THE AI OUTPUT WILL BE ACCURATE, COMPLETE, ERROR-FREE, OR FIT FOR A PARTICULAR PURPOSE.
8. Security. The Parties shall comply with the Wiz Security Addendum which is available at https://www.wiz.io/legal/security-addendum (“Security Addendum”)
9. Warranties. Each Party represents and warrants that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; and that the execution and performance of this Agreement will not conflict with other agreements to which it is bound or violate applicable law.
All written or oral comments, ideas, suggestions made by Customer to Wiz regarding the Services (including user experience, functionality, and performance of the Services; collectively, “Feedback”) may be freely utilized by Wiz without attribution or compensation of any kind to Customer. Feedback shall not include any Customer Confidential Information, and Wiz shall not disclose the source of any Feedback.
12. LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, and/or (b) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON-INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
13. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT:
(A) EXCEPT AS TO EXCLUDED CLAIMS (DEFINED BELOW) AND SUBJECT TO SUBSECTION (C) BELOW, NEITHER PARTY NOR ITS AFFILIATES SHALL BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OFREVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.
(B) EXCEPT AS TO EXCLUDED CLAIMS AND EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE), SHALL NOT EXCEED THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“GENERAL LIABILITY CAP”).
(C) IN THE CASE OF PROTECTED INFORMATION CLAIMS (DEFINED BELOW), EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) SHALL NOT EXCEED TWO TIMES (2X) THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“EXPANDED LIABILITY CAP”).
(D) THE PARTIES AGREE THAT SECTION 13 WILL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
(E) “EXCLUDED CLAIMS” MEANS (I) WIZ’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER SECTION 14 FOR IP INFRINGEMENT CLAIMS; AND/OR (II) ANY DAMAGES ARISING FROM EITHER PARTY’S GROSS NEGLIGENCE AND/OR WILFUL MISCONDUCT; AND/OR (III) ANY OTHER LIABILITY WHICH CANNOT BE LIMITED BY LAW. “PROTECTED INFORMATION CLAIMS” MEANS ANY DAMAGES ARISING FROM A PARTY’S BREACH OF SECTION 6 (CUSTOMER DATA), SECTION 8 (SECURITY), AND/OR SECTION 11 (CONFIDENTIALITY).
14. Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
15. Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 16, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
16. Termination. Either Party may terminate an Order and/or this Agreement for cause with immediate effect if (a) the other Party breaches any material term or condition of an Order and/or this Agreement, and (b) such breach remains uncured thirty (30) days after the breaching Party receives written notice thereof. Upon termination or expiration of this Agreement and/or an Order: (i) all rights granted to Customer in the Platform shall expire, and Customer shall discontinue any further use and access thereof including deinstalling any Wiz provided software; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; (iii) Wiz shall make available any Customer Data in Wiz’s possession available for Customer to download via the Platform for up to 90 days; and (iv)in the event of termination by Customer for cause, Customer shall receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. Thereafter, Wiz shall delete such Customer Data, provided that Wiz may retain Customer Data (a) stored in backups for a limited period of time in accordance with its industry standard customer deletion and backup policy or (b) as otherwise required by applicable law, and in either case, any Customer Data so retained shall remain subject to the confidentiality, privacy and security obligations in this Agreement. Section5 (Prohibited Uses), Section 6 (Customer Data),Section 7 (Additional Service Terms). Section 8 (Security), Section 10 (Intellectual Property), Section 11 (Confidentiality),Section 12 (Limited Warranties), Section13 (Limitation of Liability), Section 16 (Termination), Section 20 (Contracting Entity) and Section 21 (Miscellaneous) shall survive termination or expiration of this Agreement for any reason.
17. Customer Reference. Unless stated otherwise in an Order, Wiz shall not use Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites or public marketing materials without Customer’s prior written consent.
18. Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
19. Insurance. Wiz agrees to maintain no less than the following amounts of insurance during the term of this Agreement: (a)
$2,000,000 USD in commercial general liability, per occurrence and inthe aggregate; (b) $5,000,000 USD in technology errors and omissions/professional liability, per occurrence and in the aggregate, which may be combined with cyber liability; and (c) $5,000,000 USD in cyber-liability insurance, per occurrence and in the aggregate, which may be combined with technology errors and omissions/professional liability. All insurance policies will be issued by insurance companies with an AM Best Rating of no less than A-VII. Upon receipt of a written request, Wiz will provide Customer with a copy of its certificate of insurance evidencing the foregoing coverage.
20. Contracting Entity. For the purposes of this Agreement “Wiz” means Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 or its Affiliates, as applicable. For clarity, unless a Direct Order specifies otherwise, the Wiz entity contracting with Customer hereunder will be (i) Wiz, Inc., if Customer is located outside of the UK or Europe or is purchasing via a cloud service provider marketplace; or (ii) Wiz Cloud Limited, a private limited company under the laws of England and Wales, if Customer is located in the UK or Europe and not purchasing via a cloud service provider.
21. Miscellaneous. This Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof and may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. Except as otherwise provided in this introductory paragraph to this Agreement, this Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings, agreements and statements by the Parties with respect to such subject matter (for the sake of clarity, if Customer is purchasing a commercial subscription to the Services and the Parties have not executed a separate MSA, then this Agreement supersedes and replaces any prior POV Agreements).
Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably with held or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the State of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective February 7th 2024 to February 7th 2024
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
1. Ordering.
1.1 Customer may place an order for Services directly with Wiz via an order form (a “Direct Order”). Direct Orders may be entered into by Wiz with Customer or Customer Affiliates. A Customer Affiliate will have the right to enter into an Order referencing this Agreement which shall be deemed a separate agreement between such Customer Affiliate and Wiz on the terms of this Agreement. In such case, for purposes of such Order, such Customer Affiliate will be deemed to be the “Customer” hereunder. To the extent of any conflict or inconsistency between the terms and conditions of this Agreement and a Direct Order, this Agreement shall prevail (unless a Direct Order specifically states otherwise). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
1.2 If Customer has purchased a subscription pursuant to the terms hereof from a reseller or distributor authorized by Wiz (“Partner”) to the extent there is any conflict between this Agreement and the agreement entered between Customer and the respective Partner, including any purchase order (“Partner Order”), then, as between Customer and Wiz, this Agreement shall prevail. Any rights granted to Customer in such Partner Order which are not contained in this Agreement apply only in connection with such Partner. An “Order” means a Direct Order or a Partner Order, as applicable.
Subject to the terms and conditions of this Agreement (including payment obligations), Wiz hereby grants Customer and its Affiliates, in connection with each Order, a limited, non-exclusive, non-sublicensable, non-transferable and revocable (as provided herein) right to use the Wiz cloud security platform (“Platform”) in object code form, during the corresponding Subscription Term (as defined in an Order), solely for Customer and its Affiliates’ internal business purposes and in accordance with the subscriptions specified in the applicable Order. Unless otherwise indicated, the term “Platform” also includes all software, revisions, fixes, improvements and/or updates to the subscription type specified in an Order and any user manuals and documentation available within the Platform (“Documentation”) provided to Customer in connection with the operation of the Platform. Customer may only use the Platform in accordance with the Documentation, subject to any use limitations indicated in an Order, and applicable laws and regulations. The Platform and any related services provided to Customer and detailed in an Order shall be referred to as the “Services”.
The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least thirty (30) days’ prior written notice to Customer, to suspend Customer’s access to the Services for non or late payment of any amounts not subject to a good faith dispute. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Direct Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties (“Taxes”). If Customer has purchased a subscription pursuant to the terms hereof from a Partner, all Taxes to be applied to the Fees shall be as agreed between Customer and the Partner. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
4. Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
5. Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Wiz, Customer shall not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products); (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) disclose the results of any testing or benchmarking of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform for any use in competition with Wiz’s Services; (vi) use the Platform in a manner that violates or infringes any rights of any third party; (vii) remove or alter any trademarks or other proprietary notices related to the Platform; or (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations.
6. Customer Data.
6.1 As between the parties, Customer owns and retains all right, title and interest (including all intellectual property rights) in and to any data or information that originates, resides on, or is otherwise processed through Customer's systems and processed by Wiz in the provision of the Services (“Customer Data”). Customer has exclusive control and responsibility for determining what Customer Data it and its Permitted Users submit into the Services and for obtaining all necessary rights, consents and permissions for submission of Customer Data and processing instructions to Wiz. Customer hereby grants to Wiz a non-exclusive, worldwide, royalty-free right to use Customer Data to provide the Services and perform its obligations under this Agreement.
6.3 Customer agrees not to process any Protected Health Information or other information that is subject to HIPAA (“HIPAA Data”) via the Services unless Customer has entered into a Business Associate Agreement (“BAA”) with Wiz. Wiz’s Business Associate Agreement shall be provided to Customer upon request. Unless a BAA is in place, Wiz will have no liability under this Agreement for HIPAA Data, notwithstanding anything to the contrary in this Agreement or in HIPAA. Upon mutual execution of the BAA, the BAA is incorporated by reference into this Agreement.
7.1 Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise.
7.2 Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer including product usage metrics and findings generated by the Platform (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services and to fulfill legal obligations. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized and/or aggregated, provided that such data does not in any way identify and cannot be reasonably associated with Customer, its Affiliates, Permitted Users or any individuals connected to Customer or Customer Confidential Information (“Anonymized Data”).
7.3 Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
7.4 Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
7.5 AI Features. From time to time, Wiz may make available certain functionalities that allow Customer to utilize artificial intelligence, machine learning, or similar technologies through the Platform in connection with the Services’ processing of Customer Data (the “AI Features”). Customer’s use of such AI Features is optional. If Customer elects to use AI Features, Customer Data will not be used to train or improve third-party foundation models without Customer’s prior written consent. Customer or its Permitted Users may provide input, including Customer Data, for use with the AI Features (“AI Input”) and receive output generated and returned by the AI Features based on the AI Input (“AI Output”). Other customers providing similar AI Input to the Al Features may receive the same or similar AI Output. Customer acknowledges and agrees that Customer is responsible for reviewing and validating AI Output for its needs and technical environment before electing to use AI Output. Customer agrees to comply with any applicable AI Feature restrictions described in the Documentation. NOTWITHSTANDING ANY CONTRARY PROVISION HEREIN, WIZ DOES NOT REPRESENT OR WARRANT THAT THE AI OUTPUT WILL BE ACCURATE, COMPLETE, ERROR-FREE, OR FIT FOR A PARTICULAR PURPOSE.
8. Security. The Parties shall comply with the Wiz Security Addendum which is available at https://www.wiz.io/legal/security-addendum (“Security Addendum”)
9. Warranties. Each Party represents and warrants that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; and that the execution and performance of this Agreement will not conflict with other agreements to which it is bound or violate applicable law.
All written or oral comments, ideas, suggestions made by Customer to Wiz regarding the Services (including user experience, functionality, and performance of the Services; collectively, “Feedback”) may be freely utilized by Wiz without attribution or compensation of any kind to Customer. Feedback shall not include any Customer Confidential Information, and Wiz shall not disclose the source of any Feedback.
12. LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, and/or (b) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON-INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
13. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT:
(A) EXCEPT AS TO EXCLUDED CLAIMS (DEFINED BELOW) AND SUBJECT TO SUBSECTION (C) BELOW, NEITHER PARTY NOR ITS AFFILIATES SHALL BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OFREVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.
(B) EXCEPT AS TO EXCLUDED CLAIMS AND EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE), SHALL NOT EXCEED THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“GENERAL LIABILITY CAP”).
(C) IN THE CASE OF PROTECTED INFORMATION CLAIMS (DEFINED BELOW), EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) SHALL NOT EXCEED TWO TIMES (2X) THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“EXPANDED LIABILITY CAP”).
(D) THE PARTIES AGREE THAT SECTION 13 WILL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
(E) “EXCLUDED CLAIMS” MEANS (I) WIZ’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER SECTION 14 FOR IP INFRINGEMENT CLAIMS; AND/OR (II) ANY DAMAGES ARISING FROM EITHER PARTY’S GROSS NEGLIGENCE AND/OR WILFUL MISCONDUCT; AND/OR (III) ANY OTHER LIABILITY WHICH CANNOT BE LIMITED BY LAW. “PROTECTED INFORMATION CLAIMS” MEANS ANY DAMAGES ARISING FROM A PARTY’S BREACH OF SECTION 6 (CUSTOMER DATA), SECTION 8 (SECURITY), AND/OR SECTION 11 (CONFIDENTIALITY).
14. Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
15. Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 16, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
16. Termination. Either Party may terminate an Order and/or this Agreement for cause with immediate effect if (a) the other Party breaches any material term or condition of an Order and/or this Agreement, and (b) such breach remains uncured thirty (30) days after the breaching Party receives written notice thereof. Upon termination or expiration of this Agreement and/or an Order: (i) all rights granted to Customer in the Platform shall expire, and Customer shall discontinue any further use and access thereof including deinstalling any Wiz provided software; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; (iii) Wiz shall make available any Customer Data in Wiz’s possession available for Customer to download via the Platform for up to 90 days; and (iv)in the event of termination by Customer for cause, Customer shall receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. Thereafter, Wiz shall delete such Customer Data, provided that Wiz may retain Customer Data (a) stored in backups for a limited period of time in accordance with its industry standard customer deletion and backup policy or (b) as otherwise required by applicable law, and in either case, any Customer Data so retained shall remain subject to the confidentiality, privacy and security obligations in this Agreement. Section5 (Prohibited Uses), Section 6 (Customer Data),Section 7 (Additional Service Terms). Section 8 (Security), Section 10 (Intellectual Property), Section 11 (Confidentiality),Section 12 (Limited Warranties), Section13 (Limitation of Liability), Section 16 (Termination), Section 20 (Contracting Entity) and Section 21 (Miscellaneous) shall survive termination or expiration of this Agreement for any reason.
17. Customer Reference. Unless stated otherwise in an Order, Wiz shall not use Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites or public marketing materials without Customer’s prior written consent.
18. Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
19. Insurance. Wiz agrees to maintain no less than the following amounts of insurance during the term of this Agreement: (a)
$2,000,000 USD in commercial general liability, per occurrence and inthe aggregate; (b) $5,000,000 USD in technology errors and omissions/professional liability, per occurrence and in the aggregate, which may be combined with cyber liability;and (c)
$5,000,000 USD in cyber-liability insurance, per occurrence and in the aggregate, which may be combined with technology errors and omissions/professional liability. All insurance policies will be issued by insurance companies with an AM Best Rating of no less than A-VII. Upon receipt of a written request, Wiz will provide Customer with a copy of its certificate of insurance evidencing the foregoing coverage.
20. Contracting Entity. For the purposes of this Agreement “Wiz” means Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 or its Affiliates, as applicable. For clarity, unless a Direct Order specifies otherwise, the Wiz entity contracting with Customer hereunder will be (i) Wiz, Inc., if Customer is located outside of the UK or Europe or is purchasing via a cloud service provider marketplace; or (ii) Wiz Cloud Limited, a private limited company under the laws of England and Wales, if Customer is located in the UK or Europe and not purchasing via a cloud service provider.
21. Miscellaneous. This Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof and may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. Except as otherwise provided in this introductory paragraph to this Agreement, this Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings, agreements and statements by the Parties with respect to such subject matter (for the sake of clarity, if Customer is purchasing a commercial subscription to the Services and the Parties have not executed a separate MSA, then this Agreement supersedes and replaces any prior POV Agreements).
Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably with held or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the State of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective January 15th 2024 to February 7th 2024
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
BY ACCEPTING THIS AGREEMENT OR ACCESSING OR USING THE SERVICES, YOU ARE ACCEPTING THE TERMS AND CONDITIONS OF THIS AGREEMENT, UNLESS A SEPARATE WRITTEN AGREEMENT IS IN EFFECT THAT SPECIFICALLY GOVERNS THE SUBJECT MATTER HEREOF. IF YOU DO NOT AGREE TO THIS AGREEMENT, YOU MAY NOT USE THE SERVICE. YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT; IF YOU ARE USING THE SERVICE AS AN EMPLOYEE OR AGENT OF AN ORGANIZATION OR ENTITY, THEN YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO SIGN FOR AND BIND SUCH ORGANIZATION OR ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT. IF YOU DO NOT HAVE AUTHORITY TO BIND YOUR EMPLOYER OR OTHER LEGAL ENTITY, PLEASE DO NOT ACCEPT THIS AGREEMENT AND IMMEDIATELY REFRAIN FROM ACCESSING AND/OR USING THE SERVICES.
IF YOU ARE USING THE SERVICE AS A PROOF OF CONCEPT OR FOR EVALUATION PURPOSES, THE SERVICES ARE PROVIDED “AS IS” WITHOUT WARRANTY OFANY KIND AND IN ACCORDANCE WITH THE TERMS OF SECTION (“EVALUATIONS”) BELOW.
This Master Subscription Agreement (the “Agreement”) is effective on the earlier of the date of (i) the execution of an Order referencing this Agreement; or (ii) Customer’s use of the Services (the “Effective Date”), by and between Wiz (as defined in Section 20 below) and you or the entity you represent referenced in the Order or otherwise accessing the Services (the “Customer”) (each, a “Party” and collectively, the “Parties”). Customer may use the Services (as defined below) subject to the terms below.
1. Ordering.
1.1 Customer may place an order for Services directly with Wiz via an order form (a “Direct Order”). Direct Orders may be entered into by Wiz with Customer or Customer Affiliates. A Customer Affiliate will have the right to enter into an Order referencing this Agreement which shall be deemed a separate agreement between such Customer Affiliate and Wiz on the terms of this Agreement. In such case, for purposes of such Order, such Customer Affiliate will be deemed to be the “Customer” hereunder. To the extent of any conflict or inconsistency between the terms and conditions of this Agreement and a Direct Order, this Agreement shall prevail (unless a Direct Order specifically states otherwise). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
1.2 If Customer has purchased a subscription pursuant to the terms hereof from a reseller or distributor authorized by Wiz (“Partner”) to the extent there is any conflict between this Agreement and the agreement entered between Customer and the respective Partner, including any purchase order (“Partner Order”), then, as between Customer and Wiz, this Agreement shall prevail. Any rights granted to Customer in such Partner Order which are not contained in this Agreement apply only in connection with such Partner. An “Order” means a Direct Order or a Partner Order, as applicable.
Subject to the terms and conditions of this Agreement (including payment obligations), Wiz hereby grants Customer and its Affiliates, in connection with each Order, a limited, non-exclusive, non-sublicensable, non-transferable and revocable (as provided herein) right to use the Wiz cloud security platform (“Platform”) in object code form, during the corresponding Subscription Term (as defined in an Order), solely for Customer and its Affiliates’ internal business purposes and in accordance with the subscriptions specified in the applicable Order. Unless otherwise indicated, the term “Platform” also includes all software, revisions, fixes, improvements and/or updates to the subscription type specified in an Order and any user manuals and documentation available within the Platform (“Documentation”) provided to Customer in connection with the operation of the Platform. Customer may only use the Platform in accordance with the Documentation, subject to any use limitations indicated in an Order, and applicable laws and regulations. The Platform and any related services provided to Customer and detailed in an Order shall be referred to as the “Services”.
The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least thirty (30) days’ prior written notice to Customer, to suspend Customer’s access to the Services for non or late payment of any amounts not subject to a good faith dispute. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Direct Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties (“Taxes”). If Customer has purchased a subscription pursuant to the terms hereof from a Partner, all Taxes to be applied to the Fees shall be as agreed between Customer and the Partner. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
4. Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
5. Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Wiz, Customer shall not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products); (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) disclose the results of any testing or benchmarking of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform for any use in competition with Wiz’s Services; (vi) use the Platform in a manner that violates or infringes any rights of any third party; (vii) remove or alter any trademarks or other proprietary notices related to the Platform; or (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations.
6. Customer Data.
6.1 As between the parties, Customer owns and retains all right, title and interest (including all intellectual property rights) in and to any data or information that originates, resides on, or is otherwise processed through Customer's systems and processed by Wiz in the provision of the Services (“Customer Data”). Customer has exclusive control and responsibility for determining what Customer Data it and its Permitted Users submit into the Services and for obtaining all necessary rights, consents and permissions for submission of Customer Data and processing instructions to Wiz. Customer hereby grants to Wiz a non-exclusive, worldwide, royalty-free right to use Customer Data to provide the Services and perform its obligations under this Agreement.
6.3 Customer agrees not to process any Protected Health Information or other information that is subject to HIPAA (“HIPAA Data”) via the Services unless Customer has entered into a Business Associate Agreement (“BAA”) with Wiz. Wiz’s Business Associate Agreement shall be provided to Customer upon request. Unless a BAA is in place, Wiz will have no liability under this Agreement for HIPAA Data, notwithstanding anything to the contrary in this Agreement or in HIPAA. Upon mutual execution of the BAA, the BAA is incorporated by reference into this Agreement.
7.1 Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise.
7.2 Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer including product usage metrics and findings generated by the Platform (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services and to fulfill legal obligations. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized and/or aggregated, provided that such data does not in any way identify and cannot be reasonably associated with Customer, its Affiliates, Permitted Users or any individuals connected to Customer or Customer Confidential Information (“Anonymized Data”).
7.3 Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
7.4 Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
7.5 AI Features. From time to time, Wiz may make available certain functionalities that allow Customer to utilize artificial intelligence, machine learning, or similar technologies through the Platform in connection with the Services’ processing of Customer Data (the “AI Features”). Customer’s use of such AI Features is optional. If Customer elects to use AI Features, Customer Data will not be used to train or improve third-party foundation models without Customer’s prior written consent. Customer or its Permitted Users may provide input, including Customer Data, for use with the AI Features (“AI Input”) and receive output generated and returned by the AI Features based on the AI Input (“AI Output”). Other customers providing similar AI Input to the Al Features may receive the same or similar AI Output. Customer acknowledges and agrees that Customer is responsible for reviewing and validating AI Output for its needs and technical environment before electing to use AI Output. Customer agrees to comply with any applicable AI Feature restrictions described in the Documentation. NOTWITHSTANDING ANY CONTRARY PROVISION HEREIN, WIZ DOES NOT REPRESENT OR WARRANT THAT THE AI OUTPUT WILL BE ACCURATE, COMPLETE, ERROR-FREE, OR FIT FOR A PARTICULAR PURPOSE.
8. Security. The Parties shall comply with the Wiz Security Addendum which is available at https://www.wiz.io/legal/security-addendum (“Security Addendum”)
9. Warranties. Each Party represents and warrants that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; and that the execution and performance of this Agreement will not conflict with other agreements to which it is bound or violate applicable law.
All written or oral comments, ideas, suggestions made by Customer to Wiz regarding the Services (including user experience, functionality, and performance of the Services; collectively, “Feedback”) may be freely utilized by Wiz without attribution or compensation of any kind to Customer. Feedback shall not include any Customer Confidential Information, and Wiz shall not disclose the source of any Feedback.
12. LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, and/or (b) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON-INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
13. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT:
(A) EXCEPT AS TO EXCLUDED CLAIMS (DEFINED BELOW) AND SUBJECT TO SUBSECTION (C) BELOW, NEITHER PARTY NOR ITS AFFILIATES SHALL BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OFREVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.
(B) EXCEPT AS TO EXCLUDED CLAIMS AND EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE), SHALL NOT EXCEED THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“GENERAL LIABILITY CAP”).
(C) IN THE CASE OF PROTECTED INFORMATION CLAIMS (DEFINED BELOW), EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) SHALL NOT EXCEED TWO TIMES (2X) THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“EXPANDED LIABILITY CAP”).
(D) THE PARTIES AGREE THAT SECTION 13 WILL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
(E) “EXCLUDED CLAIMS” MEANS (I) WIZ’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER SECTION 14 FOR IP INFRINGEMENT CLAIMS; AND/OR (II) ANY DAMAGES ARISING FROM EITHER PARTY’S GROSS NEGLIGENCE AND/OR WILFUL MISCONDUCT; AND/OR (III) ANY OTHER LIABILITY WHICH CANNOT BE LIMITED BY LAW. “PROTECTED INFORMATION CLAIMS” MEANS ANY DAMAGES ARISING FROM A PARTY’S BREACH OF SECTION 6 (CUSTOMER DATA), SECTION 8 (SECURITY), AND/OR SECTION 11 (CONFIDENTIALITY).
14. Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
15. Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 16, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
16. Termination. Either Party may terminate an Order and/or this Agreement for cause with immediate effect if (a) the other Party breaches any material term or condition of an Order and/or this Agreement, and (b) such breach remains uncured thirty (30) days after the breaching Party receives written notice thereof. Upon termination or expiration of this Agreement and/or an Order: (i) all rights granted to Customer in the Platform shall expire, and Customer shall discontinue any further use and access thereof including deinstalling any Wiz provided software; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; (iii) Wiz shall make available any Customer Data in Wiz’s possession available for Customer to download via the Platform for up to 90 days; and (iv)in the event of termination by Customer for cause, Customer shall receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. Thereafter, Wiz shall delete such Customer Data, provided that Wiz may retain Customer Data (a) stored in backups for a limited period of time in accordance with its industry standard customer deletion and backup policy or (b) as otherwise required by applicable law, and in either case, any Customer Data so retained shall remain subject to the confidentiality, privacy and security obligations in this Agreement. Section5 (Prohibited Uses), Section 6 (Customer Data),Section 7 (Additional Service Terms). Section 8 (Security), Section 10 (Intellectual Property), Section 11 (Confidentiality),Section 12 (Limited Warranties), Section13 (Limitation of Liability), Section 16 (Termination), Section 20 (Contracting Entity) and Section 21 (Miscellaneous) shall survive termination or expiration of this Agreement for any reason.
17. Customer Reference. Unless stated otherwise in an Order, Wiz shall not use Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites or public marketing materials without Customer’s prior written consent.
18. Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
19. Insurance. Wiz agrees to maintain no less than the following amounts of insurance during the term of this Agreement: (a)
$2,000,000 USD in commercial general liability, per occurrence and inthe aggregate; (b) $5,000,000 USD in technology errors and omissions/professional liability, per occurrence and in the aggregate, which may be combined with cyber liability;and (c)
$5,000,000 USD in cyber-liability insurance, per occurrence and in the aggregate, which may be combined with technology errors and omissions/professional liability. All insurance policies will be issued by insurance companies with an AM Best Rating of no less than A-VII. Upon receipt of a written request, Wiz will provide Customer with a copy of its certificate of insurance evidencing the foregoing coverage.
20. Contracting Entity. For the purposes of this Agreement “Wiz” means Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 or its Affiliates, as applicable. For clarity, unless a Direct Order specifies otherwise, the Wiz entity contracting with Customer hereunder will be (i) Wiz, Inc., if Customer is located outside of the UK or Europe or is purchasing via a cloud service provider marketplace; or (ii) Wiz Cloud Limited, a private limited company under the laws of England and Wales, if Customer is located in the UK or Europe and not purchasing via a cloud service provider.
21. Miscellaneous. This Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof and may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This Agreement represents the entire agreement of the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings, agreements and statements by the Parties with respect to such subject matter, including prior non-disclosure agreements or evaluation agreements.
Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably with held or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the state of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective January 9th 2024 to January 15th 2024
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
BY ACCEPTING THIS AGREEMENT OR ACCESSING OR USING THE SERVICES, YOU ARE ACCEPTING THE TERMS AND CONDITIONS OF THIS AGREEMENT, UNLESS A SEPARATE WRITTEN AGREEMENT IS IN EFFECT THAT SPECIFICALLY GOVERNS THE SUBJECT MATTER HEREOF. IF YOU DO NOT AGREE TO THIS AGREEMENT, YOU MAY NOT USE THE SERVICE. YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT; IF YOU ARE USING THE SERVICE AS AN EMPLOYEE OR AGENT OF AN ORGANIZATION OR ENTITY, THEN YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO SIGN FOR AND BIND SUCH ORGANIZATION OR ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT. IF YOU DO NOT HAVE AUTHORITY TO BIND YOUR EMPLOYER OR OTHER LEGAL ENTITY, PLEASE DO NOT ACCEPT THIS AGREEMENT AND IMMEDIATELY REFRAIN FROM ACCESSING AND/OR USING THE SERVICES.
IF YOU ARE USING THE SERVICE AS A PROOF OF CONCEPT OR FOR EVALUATION PURPOSES, THE SERVICES ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND AND IN ACCORDANCE WITH THE TERMS OF SECTION (“EVALUATIONS”) BELOW.
This Master Subscription Agreement (the “Agreement”) is effective on the earlier of: the date of (i) the execution of an Order referencing this Agreement; or (ii) Customer’s use of the Services (the “Effective Date”), by and between Wiz (as defined in Section 21 below) and you or the entity you represent referenced in the Order or otherwise accessing the Services (the “Customer”) (each, a “Party” and collectively, the “Parties”). Customer may use the Services (as defined below) subject to the terms below.
- Ordering.
- Customer may place an order for Services directly with Wiz via an order form (a “Direct Order”). Direct Orders may be entered into by Wiz or Wiz Affiliates with Customer or Customer Affiliates. Each Direct Order is hereby incorporated into this Agreement by reference and shall be deemed to be a stand-alone agreement that incorporates by reference the terms of this Agreement (mutatis mutandis) whereby each signing entity to the Direct Order shall be considered to be either “Wiz” or “Customer” referenced herein. A Customer Affiliate will have the right to enter into an Order referencing this Agreement and thereby indicating its agreement to be bound by the terms of this Agreement as if it were an original party hereto. In such case, for purposes of such Order, such Customer Affiliate will be deemed to be the “Customer” hereunder. To the extent of any conflict or inconsistency between the terms and conditions of this Agreement and a Direct Order, this Agreement shall prevail (unless a Direct Order specifically states otherwise). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- If Customer has purchased a subscription pursuant to the terms hereof from a partner, reseller or distributor authorized by Wiz (“Partner”), to the extent there is any conflict between this Agreement and the agreement entered between Customer and the respective Partner, including any purchase order (“Partner Order”), then, as between Customer and Wiz, this Agreement shall prevail. Any rights granted to Customer in such Partner Order which are not contained in this Agreement, apply only in connection with such Partner. In that case, Customer must seek redress or realization or enforcement of such rights solely with such Partner and not Wiz. An “Order” means a Direct Order or a Partner Order, as applicable.
- Subscription. Subject to the terms and conditions of this Agreement (including payment obligations), Wiz hereby grants Customer, in connection with each Order, a limited, non-exclusive, non-sublicensable, non-transferable and revocable (as provided herein) right to use the Wiz cloud security platform (“Platform”) in object code form, during the corresponding Subscription Term (as defined in an Order), solely for Customer's internal business purposes and in accordance with the subscriptions specified in the applicable Order. Unless otherwise indicated, the term “Platform” also includes all software, revisions, fixes, improvements and/or updates to the subscription type specified in an Order and any user manuals and documentation available within the Platform (“Documentation”) provided to Customer in connection with the operation of the Platform. Customer may only use the Platform in accordance with the Documentation, subject to any use limitations indicated in an Order, and applicable laws and regulations. The Platform and any related services provided to Customer and detailed in an Order shall be referred to as the “Services”.
- Fees. The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least 15 days’ prior written notice to Customer, to suspend Customer’s access to the Services for non or late payment. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
- Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
- Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Wiz, Customer shall not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products); (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) disclose the results of any testing or benchmarking of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform for any use in competition with Wiz’s Services; (vi) use the Platform in a manner that violates or infringes any rights of any third party; (vii) remove or alter any trademarks or other proprietary notices related to the Platform; or (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations.
- Customer Data.
- As between the parties, Customer owns and retains all right, title and interest (including all intellectual property rights) in and to any data or information that originates, resides on, or is otherwise processed through Customer's systems and processed by Wiz in the provision of the Services (“Customer Data”). Customer has exclusive control and responsibility for determining what Customer Data it and its Permitted Users submit into the Services and for obtaining all necessary rights, consents and permissions for submission of Customer Data and processing instructions to Wiz. Customer hereby grants to Wiz a non-exclusive, worldwide, royalty-free right to use Customer Data to provide the Services and perform its obligations under this Agreement.
- If Customer Data contains personally identifiable information, to the extent applicable, the Parties shall comply with Wiz’s Data Processing Agreement (“DPA”), which is available at https://www.wiz.io/legal/data-processing-agreement and forms an integral part of this Agreement.
- Customer agrees not to process any Protected Health Information or other information that is subject to HIPAA (“HIPAA Data”) via the Services unless Customer has entered into a Business Associate Agreement (“BAA”) with Wiz. Wiz’s Business Associate Agreement shall be provided to Customer upon request. Unless a BAA is in place, Wiz will have no liability under this Agreement for HIPAA Data, notwithstanding anything to the contrary in this Agreement or in HIPAA. Upon mutual execution of the BAA, the BAA is incorporated by reference into this Agreement.
- Additional Service Terms.
- Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise. Notwithstanding Section 15 (Limitation of Liability) or any other provision of this Agreement, Wiz’s maximum aggregate liability under any Evaluation shall be capped at one thousand dollars US ($1,000 US).
- Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer including product usage metrics and findings generated by the Platform (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services and to fulfill legal obligations. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized and/or aggregated, provided that such data does not in any way identify and cannot be reasonably associated with Customer, its Affiliates, Permitted Users or any individuals connected to Customer or Customer Confidential Information (“Anonymized Data”).
- Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
- Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations built by either Wiz or the Third Party Service provider (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
- Security. The Parties shall comply with the Wiz Security Addendum which is available at https://www.wiz.io/legal/security-addendum (“Security Addendum”).
- Warranties. Each Party represents and warrants that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; and that the execution and performance of this Agreement will not conflict with other agreements to which it is bound or violate applicable law.
- Intellectual Property Rights. All right, title, and interest, including any intellectual property rights evidenced by or embodied in, attached, connected, and/or related to the Platform (and any and all improvements enhancements, corrections, modifications, alterations, revisions, extensions and updates and derivative works thereof) and any other products, deliverables or services provided by Wiz; are and shall remain owned solely by Wiz or its licensors. This Agreement does not convey to Customer any interest in or to the Platform other than a limited right to use the Platform in accordance with Section 2 (Subscription). Nothing herein constitutes a waiver of Wiz’s intellectual property rights under any law. Wiz reserves all rights not expressly granted herein to the Platform.
- Confidentiality. Each Party may have access to certain non-public information of the other Party, in any form or media, including without limitation trade secrets and other information related to the products, software, technology, data, know-how, or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. The receiving Party’s obligations under this Section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing Party’s Confidential Information. Neither Party shall use or disclose the Confidential Information of the other Party except for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party's Confidential Information to its and/or its Affiliates’ respective employees, consultants, affiliates, service providers, agents, partners, and subcontractors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence review (i.e., a potential investment in a Party or a going-public transaction) subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement. All right, title and interest in and to Confidential Information are and shall remain the sole and exclusive property of the disclosing Party.
- LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, (b) any incompatibility between the Customer's systems and the Platform and/or (c) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON- INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
- Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
- Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 18, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
- Termination. Either Party may terminate an Order and/or this Agreement for cause with immediate effect if (a) the other Party breaches any material term or condition of an Order and/or this Agreement, and (b) such breach remains uncured thirty (30) days after the breaching Party receives written notice thereof. Upon termination or expiration of this Agreement and/or an Order: (i) all rights granted to Customer in the Platform shall expire, and Customer shall discontinue any further use and access thereof including deinstalling any Wiz provided software; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; and (iii) Wiz shall make available any Customer Data in Wiz’s possession available for Customer to download via the Platform for up to 90 days and thereafter Wiz shall delete such Customer Data, provided that Wiz may retain Customer Data (a) stored in backups for a limited period of time in accordance with its industry standard customer deletion and backup policy or (b) as otherwise required by applicable law, and in either case, any Customer Data so retained shall remain subject to the confidentiality, privacy and security obligations in this Agreement.. Section 5 (Prohibited Uses), Section 6 (Customer Data), Section 7 (Additional Service Terms), Section 8 (Security), Section 10 (Intellectual Property), Section 11 (Confidentiality), Section 12 (Limited Warranties), Section 13 (Limitation of Liability), Section 16 (Termination), Section 20 (Contracting Entity) and Section 21 (Miscellaneous) shall survive termination or expiration of this Agreement for any reason.
- Customer Reference. Unless stated otherwise in an Order, Wiz shall not use Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites or public marketing materials without Customer’s prior written consent.
- Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
- Insurance. Wiz agrees to maintain no less than the following amounts of insurance during the term of this Agreement: (a) $2,000,000 USD in commercial general liability, per occurrence and in the aggregate; (b) $5,000,000 USD in technology errors and omissions/professional liability, per occurrence and in the aggregate, which may be combined with cyber liability; and (c) $5,000,000 USD in cyber-liability insurance, per occurrence and in the aggregate, which may be combined with technology errors and omissions/professional liability. All insurance policies will be issued by insurance companies with an AM Best Rating of no less than A-VII. Upon receipt of a written request, Wiz will provide Customer with a copy of its certificate of insurance evidencing the foregoing coverage.
- Contracting Entity. For the purposes of this Agreement “Wiz” means Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 or its Affiliates, as applicable. For clarity, unless a Direct Order specifies otherwise, the Wiz entity contracting with Customer hereunder will be (i) Wiz, Inc., if Customer is located outside of the UK or Europe or is purchasing via a cloud service provider marketplace; or (ii) Wiz Cloud Limited, a private limited company under the laws of England and Wales, if Customer is located in the UK or Europe and not purchasing via a cloud service provider.
- Miscellaneous. This Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof and may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This Agreement represents the entire agreement of the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings, agreements and statements by the Parties with respect to such subject matter, including prior non-disclosure agreements or evaluation agreements. Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the state of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective November 23rd 2023 to January 9th 2024
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
BY ACCEPTING THIS AGREEMENT OR ACCESSING OR USING THE SERVICES, YOU ARE ACCEPTING THE TERMS AND CONDITIONS OF THIS AGREEMENT, UNLESS A SEPARATE WRITTEN AGREEMENT IS IN EFFECT THAT SPECIFICALLY GOVERNS THE SUBJECT MATTER HEREOF. IF YOU DO NOT AGREE TO THIS AGREEMENT, YOU MAY NOT USE THE SERVICE. YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT; IF YOU ARE USING THE SERVICE AS AN EMPLOYEE OR AGENT OF AN ORGANIZATION OR ENTITY, THEN YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO SIGN FOR AND BIND SUCH ORGANIZATION OR ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT. IF YOU DO NOT HAVE AUTHORITY TO BIND YOUR EMPLOYER OR OTHER LEGAL ENTITY, PLEASE DO NOT ACCEPT THIS AGREEMENT AND IMMEDIATELY REFRAIN FROM ACCESSING AND/OR USING THE SERVICES.
IF YOU ARE USING THE SERVICE AS A PROOF OF CONCEPT OR FOR EVALUATION PURPOSES, THE SERVICES ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND AND IN ACCORDANCE WITH THE TERMS OF SECTION (“EVALUATIONS”) BELOW.
This Master Subscription Agreement (the “Agreement”) is effective on the earlier of: the date of (i) the execution of an Order referencing this Agreement; or (ii) Customer’s use of the Services (the “Effective Date”), by and between Wiz (as defined in Section 21 below) and you or the entity you represent referenced in the Order or otherwise accessing the Services (the “Customer”) (each, a “Party” and collectively, the “Parties”). Customer may use the Services (as defined below) subject to the terms below.
- Ordering.
- Customer may place an order for Services directly with Wiz via an order form (a “Direct Order”). Direct Orders may be entered into by Wiz or Wiz Affiliates with Customer or Customer Affiliates. Each Direct Order is hereby incorporated into this Agreement by reference and shall be deemed to be a stand-alone agreement that incorporates by reference the terms of this Agreement (mutatis mutandis) whereby each signing entity to the Direct Order shall be considered to be either “Wiz” or “Customer” referenced herein. A Customer Affiliate will have the right to enter into an Order referencing this Agreement and thereby indicating its agreement to be bound by the terms of this Agreement as if it were an original party hereto. In such case, for purposes of such Order, such Customer Affiliate will be deemed to be the “Customer” hereunder. To the extent of any conflict or inconsistency between the terms and conditions of this Agreement and a Direct Order, this Agreement shall prevail (unless a Direct Order specifically states otherwise). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- If Customer has purchased a subscription pursuant to the terms hereof from a partner, reseller or distributor authorized by Wiz (“Partner”), to the extent there is any conflict between this Agreement and the agreement entered between Customer and the respective Partner, including any purchase order (“Partner Order”), then, as between Customer and Wiz, this Agreement shall prevail. Any rights granted to Customer in such Partner Order which are not contained in this Agreement, apply only in connection with such Partner. In that case, Customer must seek redress or realization or enforcement of such rights solely with such Partner and not Wiz. An “Order” means a Direct Order or a Partner Order, as applicable.
- Subscription. Subject to the terms and conditions of this Agreement (including payment obligations), Wiz hereby grants Customer, in connection with each Order, a limited, non-exclusive, non-sublicensable, non-transferable and revocable (as provided herein) right to use the Wiz cloud security platform (“Platform”) in object code form, during the corresponding Subscription Term (as defined in an Order), solely for Customer's internal business purposes and in accordance with the subscriptions specified in the applicable Order. Unless otherwise indicated, the term “Platform” also includes all software, revisions, fixes, improvements and/or updates to the subscription type specified in an Order and any user manuals and documentation available within the Platform (“Documentation”) provided to Customer in connection with the operation of the Platform. Customer may only use the Platform in accordance with the Documentation, subject to any use limitations indicated in an Order, and applicable laws and regulations. The Platform and any related services provided to Customer and detailed in an Order shall be referred to as the “Services”.
- Fees. The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least 15 days’ prior written notice to Customer, to suspend Customer’s access to the Services for non or late payment. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
- Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
- Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Wiz, Customer shall not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products); (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) disclose the results of any testing or benchmarking of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform for any use in competition with Wiz’s Services; (vi) use the Platform in a manner that violates or infringes any rights of any third party; (vii) remove or alter any trademarks or other proprietary notices related to the Platform; or (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations.
- Customer Data.
- As between the parties, Customer owns and retains all right, title and interest (including all intellectual property rights) in and to any data or information that originates, resides on, or is otherwise processed through Customer's systems and processed by Wiz in the provision of the Services (“Customer Data”). Customer has exclusive control and responsibility for determining what Customer Data it and its Permitted Users submit into the Services and for obtaining all necessary rights, consents and permissions for submission of Customer Data and processing instructions to Wiz. Customer hereby grants to Wiz a non-exclusive, worldwide, royalty-free right to use Customer Data to provide the Services and perform its obligations under this Agreement.
- If Customer Data contains personally identifiable information, to the extent applicable, the Parties shall comply with Wiz’s Data Processing Agreement (“DPA”), which is available at https://www.wiz.io/legal/data-processing-agreement and forms an integral part of this Agreement.
- Customer agrees not to process any Protected Health Information or other information that is subject to HIPAA (“HIPAA Data”) via the Services unless Customer has entered into a Business Associate Agreement (“BAA”) with Wiz. Wiz’s Business Associate Agreement shall be provided to Customer upon request. Unless a BAA is in place, Wiz will have no liability under this Agreement for HIPAA Data, notwithstanding anything to the contrary in this Agreement or in HIPAA. Upon mutual execution of the BAA, the BAA is incorporated by reference into this Agreement.
- Additional Service Terms.
- Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise. Notwithstanding Section 15 (Limitation of Liability) or any other provision of this Agreement, Wiz’s maximum aggregate liability under any Evaluation shall be capped at one thousand dollars US ($1,000 US).
- Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer including product usage metrics and findings generated by the Platform (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services and to fulfill legal obligations. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized and/or aggregated, provided that such data does not in any way identify and cannot be reasonably associated with Customer, its Affiliates, Permitted Users or any individuals connected to Customer or Customer Confidential Information (“Anonymized Data”).
- Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
- Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations built by either Wiz or the Third Party Service provider (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
- Security. The Parties shall comply with the Wiz Security Addendum which is available at https://www.wiz.io/legal/security-addendum (“Security Addendum”).
- Warranties. Each Party represents and warrants that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; and that the execution and performance of this Agreement will not conflict with other agreements to which it is bound or violate applicable law.
- Intellectual Property Rights. All right, title, and interest, including any intellectual property rights evidenced by or embodied in, attached, connected, and/or related to the Platform (and any and all improvements enhancements, corrections, modifications, alterations, revisions, extensions and updates and derivative works thereof) and any other products, deliverables or services provided by Wiz; are and shall remain owned solely by Wiz or its licensors. This Agreement does not convey to Customer any interest in or to the Platform other than a limited right to use the Platform in accordance with Section 2 (Subscription). Nothing herein constitutes a waiver of Wiz’s intellectual property rights under any law. Wiz reserves all rights not expressly granted herein to the Platform.
- Confidentiality. Each Party may have access to certain non-public information of the other Party, in any form or media, including without limitation trade secrets and other information related to the products, software, technology, data, know-how, or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. The receiving Party’s obligations under this Section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing Party’s Confidential Information. Neither Party shall use or disclose the Confidential Information of the other Party except for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party's Confidential Information to its and/or its Affiliates’ respective employees, consultants, affiliates, service providers, agents, partners, and subcontractors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence review (i.e., a potential investment in a Party or a going-public transaction) subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement. All right, title and interest in and to Confidential Information are and shall remain the sole and exclusive property of the disclosing Party.
- LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, (b) any incompatibility between the Customer's systems and the Platform and/or (c) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON- INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
- Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
- Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 18, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
- Termination. Either Party may terminate an Order and/or this Agreement for cause with immediate effect if (a) the other Party breaches any material term or condition of an Order and/or this Agreement, and (b) such breach remains uncured thirty (30) days after the breaching Party receives written notice thereof. Upon termination or expiration of this Agreement and/or an Order: (i) all rights granted to Customer in the Platform shall expire, and Customer shall discontinue any further use and access thereof including deinstalling any Wiz provided software; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; and (iii) Wiz shall make available any Customer Data in Wiz’s possession available for Customer to download via the Platform for up to 90 days and thereafter Wiz shall delete such Customer Data, provided that Wiz may retain Customer Data (a) stored in backups for a limited period of time in accordance with its industry standard customer deletion and backup policy or (b) as otherwise required by applicable law, and in either case, any Customer Data so retained shall remain subject to the confidentiality, privacy and security obligations in this Agreement.. Section 5 (Prohibited Uses), Section 6 (Customer Data), Section 7 (Additional Service Terms). Section 8 (Security), Section 10 (Intellectual Property), Section 11 (Confidentiality), Section 12 (Limited Warranties), Section 13 (Limitation of Liability), Section 16 (Termination), Section 20 (Contracting Entity) and Section 21 (Miscellaneous) shall survive termination or expiration of this Agreement for any reason.
- Customer Reference. Unless stated otherwise in an Order, Wiz shall not use Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites or public marketing materials without Customer’s prior written consent.
- Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
- Insurance. Wiz agrees to maintain no less than the following amounts of insurance during the term of this Agreement: (a) $2,000,000 USD in commercial general liability, per occurrence and in the aggregate; (b) $5,000,000 USD in technology errors and omissions/professional liability, per occurrence and in the aggregate, which may be combined with cyber liability; and (c) $5,000,000 USD in cyber-liability insurance, per occurrence and in the aggregate, which may be combined with technology errors and omissions/professional liability. All insurance policies will be issued by insurance companies with an AM Best Rating of no less than A-VII. Upon receipt of a written request, Wiz will provide Customer with a copy of its certificate of insurance evidencing the foregoing coverage.
- Contracting Entity. For the purposes of this Agreement “Wiz” means Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 or its Affiliates, as applicable. For clarity, unless a Direct Order specifies otherwise, the Wiz entity contracting with Customer hereunder will be (i) Wiz, Inc., if Customer is located outside of the UK or Europe or is purchasing via a cloud service provider marketplace; or (ii) Wiz Cloud Limited, a private limited company under the laws of England and Wales, if Customer is located in the UK or Europe and not purchasing via a cloud service provider.
- Miscellaneous. This Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof and may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This Agreement represents the entire agreement of the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings, agreements and statements by the Parties with respect to such subject matter, including prior non-disclosure agreements or evaluation agreements. Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the state of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective November 23rd 2023 to November 23rd 2023
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
BY ACCEPTING THIS AGREEMENT OR ACCESSING OR USING THE SERVICES, YOU ARE ACCEPTING THE TERMS AND CONDITIONS OF THIS AGREEMENT, UNLESS A SEPARATE WRITTEN AGREEMENT IS IN EFFECT THAT SPECIFICALLY GOVERNS THE SUBJECT MATTER HEREOF. IF YOU DO NOT AGREE TO THIS AGREEMENT, YOU MAY NOT USE THE SERVICE. YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT; IF YOU ARE USING THE SERVICE AS AN EMPLOYEE OR AGENT OF AN ORGANIZATION OR ENTITY, THEN YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO SIGN FOR AND BIND SUCH ORGANIZATION OR ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT. IF YOU DO NOT HAVE AUTHORITY TO BIND YOUR EMPLOYER OR OTHER LEGAL ENTITY, PLEASE DO NOT ACCEPT THIS AGREEMENT AND IMMEDIATELY REFRAIN FROM ACCESSING AND/OR USING THE SERVICES.
IF YOU ARE USING THE SERVICE AS A PROOF OF CONCEPT OR FOR EVALUATION PURPOSES, THE SERVICES ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND AND IN ACCORDANCE WITH THE TERMS OF SECTION (“EVALUATIONS”) BELOW.
This Master Subscription Agreement (the “Agreement”) is effective on the earlier of: the date of (i) the execution of an Order referencing this Agreement; or (ii) Customer’s use of the Services (the “Effective Date”), by and between Wiz (as defined in Section 21 below) and you or the entity you represent referenced in the Order or otherwise accessing the Services (the “Customer”) (each, a “Party” and collectively, the “Parties”). Customer may use the Services (as defined below) subject to the terms below.
- Ordering.
- Customer may place an order for Services directly with Wiz via an order form (a “Direct Order”). Direct Orders may be entered into by Wiz or Wiz Affiliates with Customer or Customer Affiliates. Each Direct Order is hereby incorporated into this Agreement by reference and shall be deemed to be a stand-alone agreement that incorporates by reference the terms of this Agreement (mutatis mutandis) whereby each signing entity to the Direct Order shall be considered to be either “Wiz” or “Customer” referenced herein. A Customer Affiliate will have the right to enter into an Order referencing this Agreement and thereby indicating its agreement to be bound by the terms of this Agreement as if it were an original party hereto. In such case, for purposes of such Order, such Customer Affiliate will be deemed to be the “Customer” hereunder. To the extent of any conflict or inconsistency between the terms and conditions of this Agreement and a Direct Order, this Agreement shall prevail (unless a Direct Order specifically states otherwise). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- If Customer has purchased a subscription pursuant to the terms hereof from a partner, reseller or distributor authorized by Wiz (“Partner”), to the extent there is any conflict between this Agreement and the agreement entered between Customer and the respective Partner, including any purchase order (“Partner Order”), then, as between Customer and Wiz, this Agreement shall prevail. Any rights granted to Customer in such Partner Order which are not contained in this Agreement, apply only in connection with such Partner. In that case, Customer must seek redress or realization or enforcement of such rights solely with such Partner and not Wiz. An “Order” means a Direct Order or a Partner Order, as applicable.
- Subscription. Subject to the terms and conditions of this Agreement (including payment obligations), Wiz hereby grants Customer, in connection with each Order, a limited, non-exclusive, non-sublicensable, non-transferable and revocable (as provided herein) right to use the Wiz cloud security platform (“Platform”) in object code form, during the corresponding Subscription Term (as defined in an Order), solely for Customer's internal business purposes and in accordance with the subscriptions specified in the applicable Order. Unless otherwise indicated, the term “Platform” also includes all software, revisions, fixes, improvements and/or updates to the subscription type specified in an Order and any user manuals and documentation available within the Platform (“Documentation”) provided to Customer in connection with the operation of the Platform. Customer may only use the Platform in accordance with the Documentation, subject to any use limitations indicated in an Order, and applicable laws and regulations. The Platform and any related services provided to Customer and detailed in an Order shall be referred to as the “Services”.
- Fees. The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least 15 days’ prior written notice to Customer, to suspend Customer’s access to the Services for non or late payment. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
- Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
- Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Wiz, Customer shall not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products); (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) disclose the results of any testing or benchmarking of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform for any use in competition with Wiz’s Services; (vi) use the Platform in a manner that violates or infringes any rights of any third party; (vii) remove or alter any trademarks or other proprietary notices related to the Platform; or (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations.
- Customer Data.
- As between the parties, Customer owns and retains all right, title and interest (including all intellectual property rights) in and to any data or information that originates, resides on, or is otherwise processed through Customer's systems and processed by Wiz in the provision of the Services (“Customer Data”). Customer has exclusive control and responsibility for determining what Customer Data it and its Permitted Users submit into the Services and for obtaining all necessary rights, consents and permissions for submission of Customer Data and processing instructions to Wiz. Customer hereby grants to Wiz a non-exclusive, worldwide, royalty-free right to use Customer Data to provide the Services and perform its obligations under this Agreement.
- If Customer Data contains personally identifiable information, to the extent applicable, the Parties shall comply with Wiz’s Data Processing Agreement (“DPA”), which is available at https://www.wiz.io/legal/data-processing-agreement and forms an integral part of this Agreement.
- Customer agrees not to process any Protected Health Information or other information that is subject to HIPAA (“HIPAA Data”) via the Services unless Customer has entered into a Business Associate Agreement (“BAA”) with Wiz. Wiz’s Business Associate Agreement shall be provided to Customer upon request. Unless a BAA is in place, Wiz will have no liability under this Agreement for HIPAA Data, notwithstanding anything to the contrary in this Agreement or in HIPAA. Upon mutual execution of the BAA, the BAA is incorporated by reference into this Agreement.
- Additional Service Terms.
- Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise. Notwithstanding Section 15 (Limitation of Liability) or any other provision of this Agreement, Wiz’s maximum aggregate liability under any Evaluation shall be capped at one thousand dollars US ($1,000 US).
- Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer including product usage metrics and findings generated by the Platform (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services and to fulfill legal obligations. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized and/or aggregated, provided that such data does not in any way identify and cannot be reasonably associated with Customer, its Affiliates, Permitted Users or any individuals connected to Customer or Customer Confidential Information (“Anonymized Data”).
- Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
- Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations built by either Wiz or the Third Party Service provider (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
- Security. The Parties shall comply with the Wiz Security Addendum which is available at https://www.wiz.io/legal/security-addendum (“Security Addendum”).
- Warranties. Each Party represents and warrants that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; and that the execution and performance of this Agreement will not conflict with other agreements to which it is bound or violate applicable law.
- Intellectual Property Rights. All right, title, and interest, including any intellectual property rights evidenced by or embodied in, attached, connected, and/or related to the Platform (and any and all improvements enhancements, corrections, modifications, alterations, revisions, extensions and updates and derivative works thereof) and any other products, deliverables or services provided by Wiz; are and shall remain owned solely by Wiz or its licensors. This Agreement does not convey to Customer any interest in or to the Platform other than a limited right to use the Platform in accordance with Section 2 (Subscription). Nothing herein constitutes a waiver of Wiz’s intellectual property rights under any law. Wiz reserves all rights not expressly granted herein to the Platform.
- Confidentiality. Each Party may have access to certain non-public information of the other Party, in any form or media, including without limitation trade secrets and other information related to the products, software, technology, data, know-how, or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. The receiving Party’s obligations under this Section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing Party’s Confidential Information. Neither Party shall use or disclose the Confidential Information of the other Party except for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party's Confidential Information to its and/or its Affiliates’ respective employees, consultants, affiliates, service providers, agents, partners, and subcontractors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence review (i.e., a potential investment in a Party or a going-public transaction) subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement. All right, title and interest in and to Confidential Information are and shall remain the sole and exclusive property of the disclosing Party.
- LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, (b) any incompatibility between the Customer's systems and the Platform and/or (c) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON- INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
- Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
- Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 18, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
- Termination. Either Party may terminate an Order and/or this Agreement for cause with immediate effect if (a) the other Party breaches any material term or condition of an Order and/or this Agreement, and (b) such breach remains uncured thirty (30) days after the breaching Party receives written notice thereof. Upon termination or expiration of this Agreement and/or an Order: (i) all rights granted to Customer in the Platform shall expire, and Customer shall discontinue any further use and access thereof including deinstalling any Wiz provided software; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; and (iii) Wiz shall make available any Customer Data in Wiz’s possession available for Customer to download via the Platform for up to 90 days and thereafter Wiz shall delete such Customer Data, provided that Wiz may retain Customer Data (a) stored in backups for a limited period of time in accordance with its industry standard customer deletion and backup policy or (b) as otherwise required by applicable law, and in either case, any Customer Data so retained shall remain subject to the confidentiality, privacy and security obligations in this Agreement.. Section 5 (Prohibited Uses), Section 6 (Customer Data), Section 7 (Additional Service Terms). Section 8 (Security), Section 10 (Intellectual Property), Section 11 (Confidentiality), Section 12 (Limited Warranties), Section 13 (Limitation of Liability), Section 16 (Termination), Section 19 (Contracting Entity) and Section 20 (Miscellaneous) shall survive termination or expiration of this Agreement for any reason.
- Customer Reference. Unless stated otherwise in an Order, Wiz shall not use Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites or public marketing materials without Customer’s prior written consent.
- Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
- Insurance. Wiz agrees to maintain no less than the following amounts of insurance during the term of this Agreement: (a) $2,000,000 USD in commercial general liability, per occurrence and in the aggregate; (b) $5,000,000 USD in technology errors and omissions/professional liability, per occurrence and in the aggregate, which may be combined with cyber liability; and (c) $5,000,000 USD in cyber-liability insurance, per occurrence and in the aggregate, which may be combined with technology errors and omissions/professional liability. All insurance policies will be issued by insurance companies with an AM Best Rating of no less than A-VII. Upon receipt of a written request, Wiz will provide Customer with a copy of its certificate of insurance evidencing the foregoing coverage.
- Contracting Entity. For the purposes of this Agreement “Wiz” means Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 or its Affiliates, as applicable. For clarity, unless a Direct Order specifies otherwise, the Wiz entity contracting with Customer hereunder will be (i) Wiz, Inc., if Customer is located outside of the UK or Europe or is purchasing via a cloud service provider marketplace; or (ii) Wiz Cloud Limited, a private limited company under the laws of England and Wales, if Customer is located in the UK or Europe and not purchasing via a cloud service provider.
- Miscellaneous. This Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof and may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This Agreement represents the entire agreement of the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings, agreements and statements by the Parties with respect to such subject matter, including prior non-disclosure agreements or evaluation agreements. Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the state of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective November 22nd 2023 to November 23rd 2023
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
BY ACCEPTING THIS AGREEMENT OR ACCESSING OR USING THE SERVICES, YOU ARE ACCEPTING THE TERMS AND CONDITIONS OF THIS AGREEMENT, UNLESS A SEPARATE WRITTEN AGREEMENT IS IN EFFECT THAT SPECIFICALLY GOVERNS THE SUBJECT MATTER HEREOF. IF YOU DO NOT AGREE TO THIS AGREEMENT, YOU MAY NOT USE THE SERVICE. YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT; IF YOU ARE USING THE SERVICE AS AN EMPLOYEE OR AGENT OF AN ORGANIZATION OR ENTITY, THEN YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO SIGN FOR AND BIND SUCH ORGANIZATION OR ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT. IF YOU DO NOT HAVE AUTHORITY TO BIND YOUR EMPLOYER OR OTHER LEGAL ENTITY, PLEASE DO NOT ACCEPT THIS AGREEMENT AND IMMEDIATELY REFRAIN FROM ACCESSING AND/OR USING THE SERVICES.
IF YOU ARE USING THE SERVICE AS A PROOF OF CONCEPT OR FOR EVALUATION PURPOSES, THE SERVICES ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND AND IN ACCORDANCE WITH THE TERMS OF SECTION (“EVALUATIONS”) BELOW.
This Master Subscription Agreement (the “Agreement”) is effective on the earlier of: the date of (i) the execution of an Order referencing this Agreement; or (ii) Customer’s use of the Services (the “Effective Date”), by and between Wiz (as defined in Section 21 below) and you or the entity you represent referenced in the Order or otherwise accessing the Services (the “Customer”) (each, a “Party” and collectively, the “Parties”). Customer may use the Services (as defined below) subject to the terms below.
- Ordering.
- Customer may place an order for Services directly with Wiz via an order form (a “Direct Order”). Direct Orders may be entered into by Wiz or Wiz Affiliates with Customer or Customer Affiliates. Each Direct Order is hereby incorporated into this Agreement by reference and shall be deemed to be a stand-alone agreement that incorporates by reference the terms of this Agreement (mutatis mutandis) whereby each signing entity to the Direct Order shall be considered to be either “Wiz” or “Customer” referenced herein. A Customer Affiliate will have the right to enter into an Order referencing this Agreement and thereby indicating its agreement to be bound by the terms of this Agreement as if it were an original party hereto. In such case, for purposes of such Order, such Customer Affiliate will be deemed to be the “Customer” hereunder. To the extent of any conflict or inconsistency between the terms and conditions of this Agreement and a Direct Order, this Agreement shall prevail (unless a Direct Order specifically states otherwise). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- If Customer has purchased a subscription pursuant to the terms hereof from a partner, reseller or distributor authorized by Wiz (“Partner”), to the extent there is any conflict between this Agreement and the agreement entered between Customer and the respective Partner, including any purchase order (“Partner Order”), then, as between Customer and Wiz, this Agreement shall prevail. Any rights granted to Customer in such Partner Order which are not contained in this Agreement, apply only in connection with such Partner. In that case, Customer must seek redress or realization or enforcement of such rights solely with such Partner and not Wiz. An “Order” means a Direct Order or a Partner Order, as applicable.
- Subscription. Subject to the terms and conditions of this Agreement (including payment obligations), Wiz hereby grants Customer, in connection with each Order, a limited, non-exclusive, non-sublicensable, non-transferable and revocable (as provided herein) right to use the Wiz cloud security platform (“Platform”) in object code form, during the corresponding Subscription Term (as defined in an Order), solely for Customer's internal business purposes and in accordance with the subscriptions specified in the applicable Order. Unless otherwise indicated, the term “Platform” also includes all software, revisions, fixes, improvements and/or updates to the subscription type specified in an Order and any user manuals and documentation available within the Platform (“Documentation”) provided to Customer in connection with the operation of the Platform. Customer may only use the Platform in accordance with the Documentation, subject to any use limitations indicated in an Order, and applicable laws and regulations. The Platform and any related services provided to Customer and detailed in an Order shall be referred to as the “Services”.
- Fees. The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least 15 days’ prior written notice to Customer, to suspend Customer’s access to the Services for non or late payment. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
- Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
- Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Wiz, Customer shall not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products); (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) disclose the results of any testing or benchmarking of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform for any use in competition with Wiz’s Services; (vi) use the Platform in a manner that violates or infringes any rights of any third party; (vii) remove or alter any trademarks or other proprietary notices related to the Platform; or (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations.
- Customer Data.
- As between the parties, Customer owns and retains all right, title and interest (including all intellectual property rights) in and to any data or information that originates, resides on, or is otherwise processed through Customer's systems and processed by Wiz in the provision of the Services (“Customer Data”). Customer has exclusive control and responsibility for determining what Customer Data it and its Permitted Users submit into the Services and for obtaining all necessary rights, consents and permissions for submission of Customer Data and processing instructions to Wiz. Customer hereby grants to Wiz a non-exclusive, worldwide, royalty-free right to use Customer Data to provide the Services and perform its obligations under this Agreement.
- If Customer Data contains personally identifiable information, to the extent applicable, the Parties shall comply with Wiz’s Data Processing Agreement (“DPA”), which is available at https://www.wiz.io/legal/data-processing-agreement and forms an integral part of this Agreement.
- Customer agrees not to process any Protected Health Information or other information that is subject to HIPAA (“HIPAA Data”) via the Services unless Customer has entered into a Business Associate Agreement (“BAA”) with Wiz. Wiz’s Business Associate Agreement shall be provided to Customer upon request. Unless a BAA is in place, Wiz will have no liability under this Agreement for HIPAA Data, notwithstanding anything to the contrary in this Agreement or in HIPAA. Upon mutual execution of the BAA, the BAA is incorporated by reference into this Agreement.
- Additional Service Terms.
- Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise. Notwithstanding Section 15 (Limitation of Liability) or any other provision of this Agreement, Wiz’s maximum aggregate liability under any Evaluation shall be capped at one thousand dollars US ($1,000 US).
- Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer including product usage metrics and findings generated by the Platform (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services and to fulfill legal obligations. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized and/or aggregated, provided that such data does not in any way identify and cannot be reasonably associated with Customer, its Affiliates, Permitted Users or any individuals connected to Customer or Customer Confidential Information (“Anonymized Data”).
- Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
- Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations built by either Wiz or the Third Party Service provider (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
- Security. The Parties shall comply with the Wiz Security Addendum which is available at https://www.wiz.io/legal/security-addendum (“Security Addendum”).
- Warranties. Each Party represents and warrants that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; and that the execution and performance of this Agreement will not conflict with other agreements to which it is bound or violate applicable law.
- Intellectual Property Rights. All right, title, and interest, including any intellectual property rights evidenced by or embodied in, attached, connected, and/or related to the Platform (and any and all improvements enhancements, corrections, modifications, alterations, revisions, extensions and updates and derivative works thereof) and any other products, deliverables or services provided by Wiz; are and shall remain owned solely by Wiz or its licensors. This Agreement does not convey to Customer any interest in or to the Platform other than a limited right to use the Platform in accordance with Section 2 (Subscription). Nothing herein constitutes a waiver of Wiz’s intellectual property rights under any law. Wiz reserves all rights not expressly granted herein to the Platform.
- Confidentiality. Each Party may have access to certain non-public information of the other Party, in any form or media, including without limitation trade secrets and other information related to the products, software, technology, data, know-how, or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. The receiving Party’s obligations under this Section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing Party’s Confidential Information. Neither Party shall use or disclose the Confidential Information of the other Party except for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party's Confidential Information to its and/or its Affiliates’ respective employees, consultants, affiliates, service providers, agents, partners, and subcontractors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence review (i.e., a potential investment in a Party or a going-public transaction) subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement. All right, title and interest in and to Confidential Information are and shall remain the sole and exclusive property of the disclosing Party.
- LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, (b) any incompatibility between the Customer's systems and the Platform and/or (c) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON- INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
- Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
- Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 18, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
- Termination. Either Party may terminate an Order and/or this Agreement for cause with immediate effect if (a) the other Party breaches any material term or condition of an Order and/or this Agreement, and (b) such breach remains uncured thirty (30) days after the breaching Party receives written notice thereof. Upon termination or expiration of this Agreement and/or an Order: (i) all rights granted to Customer in the Platform shall expire, and Customer shall discontinue any further use and access thereof including deinstalling any Wiz provided software; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; and (iii) Wiz shall make available any Customer Data in Wiz’s possession available for Customer to download via the Platform for up to 90 days and thereafter Wiz shall delete such Customer Data, provided that Wiz may retain Customer Data (a) stored in backups for a limited period of time in accordance with its industry standard customer deletion and backup policy or (b) as otherwise required by applicable law, and in either case, any Customer Data so retained shall remain subject to the confidentiality, privacy and security obligations in this Agreement.. Section 5 (Prohibited Uses), Section 6 (Customer Data), Section 7 (Additional Service Terms). Section 8 (Security), Section 10 (Intellectual Property), Section 11 (Confidentiality), Section 12 (Limited Warranties), Section 13 (Limitation of Liability), Section 16 (Termination), Section 19 (Contracting Entity) and Section 20 (Miscellaneous) shall survive termination or expiration of this Agreement for any reason.
- Customer Reference. Unless stated otherwise in an Order, Wiz shall not use Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites or public marketing materials without Customer’s prior written consent.
- Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
- Contracting Entity. For the purposes of this Agreement “Wiz” means Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 or its Affiliates, as applicable. For clarity, unless a Direct Order specifies otherwise, the Wiz entity contracting with Customer hereunder will be (i) Wiz, Inc., if Customer is located outside of the UK or Europe or is purchasing via a cloud service provider marketplace; or (ii) Wiz Cloud Limited, a private limited company under the laws of England and Wales, if Customer is located in the UK or Europe and not purchasing via a cloud service provider.
- Miscellaneous. This Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof and may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This Agreement represents the entire agreement of the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings, agreements and statements by the Parties with respect to such subject matter, including prior non-disclosure agreements or evaluation agreements. Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the state of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective November 20th 2023 to November 22nd 2023
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
BY ACCEPTING THIS AGREEMENT OR ACCESSING OR USING THE SERVICES, YOU ARE ACCEPTING THE TERMS AND CONDITIONS OF THIS AGREEMENT, UNLESS A SEPARATE WRITTEN AGREEMENT IS IN EFFECT THAT SPECIFICALLY GOVERNS THE SUBJECT MATTER HEREOF. IF YOU DO NOT AGREE TO THIS AGREEMENT, YOU MAY NOT USE THE SERVICE. YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT; IF YOU ARE USING THE SERVICE AS AN EMPLOYEE OR AGENT OF AN ORGANIZATION OR ENTITY, THEN YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO SIGN FOR AND BIND SUCH ORGANIZATION OR ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT. IF YOU DO NOT HAVE AUTHORITY TO BIND YOUR EMPLOYER OR OTHER LEGAL ENTITY, PLEASE DO NOT ACCEPT THIS AGREEMENT AND IMMEDIATELY REFRAIN FROM ACCESSING AND/OR USING THE SERVICES.
IF YOU ARE USING THE SERVICE AS A PROOF OF CONCEPT OR FOR EVALUATION PURPOSES, THE SERVICES ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND AND IN ACCORDANCE WITH THE TERMS OF SECTION (“EVALUATIONS”) BELOW.
This Master Subscription Agreement (the “Agreement”) is effective on the earlier of: the date of (i) the execution of an Order referencing this Agreement; or (ii) Customer’s use of the Services (the “Effective Date”), by and between Wiz (as defined in Section 21 below) and you or the entity you represent referenced in the Order or otherwise accessing the Services (the “Customer”) (each, a “Party” and collectively, the “Parties”). Customer may use the Services (as defined below) subject to the terms below.
- Ordering.
- Customer may place an order for Services directly with Wiz via an order form (a “Direct Order”). Direct Orders may be entered into by Wiz or Wiz Affiliates with Customer or Customer Affiliates. Each Direct Order is hereby incorporated into this Agreement by reference and shall be deemed to be a stand-alone agreement that incorporates by reference the terms of this Agreement (mutatis mutandis) whereby each signing entity to the Direct Order shall be considered to be either “Wiz” or “Customer” referenced herein. A Customer Affiliate will have the right to enter into an Order referencing this Agreement and thereby indicating its agreement to be bound by the terms of this Agreement as if it were an original party hereto. In such case, for purposes of such Order, such Customer Affiliate will be deemed to be the “Customer” hereunder. To the extent of any conflict or inconsistency between the terms and conditions of this Agreement and a Direct Order, this Agreement shall prevail (unless a Direct Order specifically states otherwise). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- If Customer has purchased a subscription pursuant to the terms hereof from a partner, reseller or distributor authorized by Wiz (“Partner”), to the extent there is any conflict between this Agreement and the agreement entered between Customer and the respective Partner, including any purchase order (“Partner Order”), then, as between Customer and Wiz, this Agreement shall prevail. Any rights granted to Customer in such Partner Order which are not contained in this Agreement, apply only in connection with such Partner. In that case, Customer must seek redress or realization or enforcement of such rights solely with such Partner and not Wiz. An “Order” means a Direct Order or a Partner Order, as applicable.
- Subscription. Subject to the terms and conditions of this Agreement (including payment obligations), Wiz hereby grants Customer, in connection with each Order, a limited, non-exclusive, non-sublicensable, non-transferable and revocable (as provided herein) right to use the Wiz cloud security platform (“Platform”) in object code form, during the corresponding Subscription Term (as defined in an Order), solely for Customer's internal business purposes and in accordance with the subscriptions specified in the applicable Order. Unless otherwise indicated, the term “Platform” also includes all software, revisions, fixes, improvements and/or updates to the subscription type specified in an Order and any user manuals and documentation available within the Platform (“Documentation”) provided to Customer in connection with the operation of the Platform. Customer may only use the Platform in accordance with the Documentation, subject to any use limitations indicated in an Order, and applicable laws and regulations. The Platform and any related services provided to Customer and detailed in an Order shall be referred to as the “Services”.
- Fees. The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least 15 days’ prior written notice to Customer, to suspend Customer’s access to the Services for non or late payment. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
- Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
- Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Wiz, Customer shall not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products); (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) disclose the results of any testing or benchmarking of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform for any use in competition with Wiz’s Services; (vi) use the Platform in a manner that violates or infringes any rights of any third party; (vii) remove or alter any trademarks or other proprietary notices related to the Platform; or (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations.
- Customer Data.
- As between the parties, Customer owns and retains all right, title and interest (including all intellectual property rights) in and to any data or information that originates, resides on, or is otherwise processed through Customer's systems and processed by Wiz in the provision of the Services (“Customer Data”). Customer has exclusive control and responsibility for determining what Customer Data it and its Permitted Users submit into the Services and for obtaining all necessary rights, consents and permissions for submission of Customer Data and processing instructions to Wiz. Customer hereby grants to Wiz a non-exclusive, worldwide, royalty-free right to use Customer Data to provide the Services and perform its obligations under this Agreement.
- If Customer Data contains personally identifiable information, to the extent applicable, the Parties shall comply with Wiz’s Data Processing Agreement (“DPA”), which is attached at Exhibit 1 and forms an integral part of this Agreement.
- Customer agrees not to process any Protected Health Information or other information that is subject to HIPAA (“HIPAA Data”) via the Services unless Customer has entered into a Business Associate Agreement (“BAA”) with Wiz. Wiz’s Business Associate Agreement shall be provided to Customer upon request. Unless a BAA is in place, Wiz will have no liability under this Agreement for HIPAA Data, notwithstanding anything to the contrary in this Agreement or in HIPAA. Upon mutual execution of the BAA, the BAA is incorporated by reference into this Agreement.
- Additional Service Terms.
- Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise. Notwithstanding Section 15 (Limitation of Liability) or any other provision of this Agreement, Wiz’s maximum aggregate liability under any Evaluation shall be capped at one thousand dollars US ($1,000 US).
- Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer including product usage metrics and findings generated by the Platform (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services and to fulfill legal obligations. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized and/or aggregated, provided that such data does not in any way identify and cannot be reasonably associated with Customer, its Affiliates, Permitted Users or any individuals connected to Customer or Customer Confidential Information (“Anonymized Data”).
- Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
- Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations built by either Wiz or the Third Party Service provider (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
- Security. The Parties shall comply with the Wiz Security Addendum which is attached at Exhibit 2 (“Security Addendum”).
- Warranties. Each Party represents and warrants that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; and that the execution and performance of this Agreement will not conflict with other agreements to which it is bound or violate applicable law.
- Intellectual Property Rights. All right, title, and interest, including any intellectual property rights evidenced by or embodied in, attached, connected, and/or related to the Platform (and any and all improvements enhancements, corrections, modifications, alterations, revisions, extensions and updates and derivative works thereof) and any other products, deliverables or services provided by Wiz; are and shall remain owned solely by Wiz or its licensors. This Agreement does not convey to Customer any interest in or to the Platform other than a limited right to use the Platform in accordance with Section 2 (Subscription). Nothing herein constitutes a waiver of Wiz’s intellectual property rights under any law. Wiz reserves all rights not expressly granted herein to the Platform.
- Confidentiality. Each Party may have access to certain non-public information of the other Party, in any form or media, including without limitation trade secrets and other information related to the products, software, technology, data, know-how, or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. The receiving Party’s obligations under this Section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing Party’s Confidential Information. Neither Party shall use or disclose the Confidential Information of the other Party except for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party's Confidential Information to its and/or its Affiliates’ respective employees, consultants, affiliates, service providers, agents, partners, and subcontractors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence review (i.e., a potential investment in a Party or a going-public transaction) subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement. All right, title and interest in and to Confidential Information are and shall remain the sole and exclusive property of the disclosing Party.
- LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, (b) any incompatibility between the Customer's systems and the Platform and/or (c) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON- INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
- Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
- Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 18, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
- Termination. Either Party may terminate an Order and/or this Agreement for cause with immediate effect if (a) the other Party breaches any material term or condition of an Order and/or this Agreement, and (b) such breach remains uncured thirty (30) days after the breaching Party receives written notice thereof. Upon termination or expiration of this Agreement and/or an Order: (i) all rights granted to Customer in the Platform shall expire, and Customer shall discontinue any further use and access thereof including deinstalling any Wiz provided software; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; and (iii) Wiz shall make available any Customer Data in Wiz’s possession available for Customer to download via the Platform for up to 90 days and thereafter Wiz shall delete such Customer Data, provided that Wiz may retain Customer Data (a) stored in backups for a limited period of time in accordance with its industry standard customer deletion and backup policy or (b) as otherwise required by applicable law, and in either case, any Customer Data so retained shall remain subject to the confidentiality, privacy and security obligations in this Agreement.. Section 5 (Prohibited Uses), Section 6 (Customer Data), Section 7 (Additional Service Terms). Section 8 (Security), Section 10 (Intellectual Property), Section 11 (Confidentiality), Section 12 (Limited Warranties), Section 13 (Limitation of Liability), Section 16 (Termination), Section 19 (Contracting Entity) and Section 20 (Miscellaneous) shall survive termination or expiration of this Agreement for any reason.
- Customer Reference. Unless stated otherwise in an Order, Wiz shall not use Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites or public marketing materials without Customer’s prior written consent.
- Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
- Contracting Entity. For the purposes of this Agreement “Wiz” means Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 or its Affiliates, as applicable. For clarity, unless a Direct Order specifies otherwise, the Wiz entity contracting with Customer hereunder will be (i) Wiz, Inc., if Customer is located outside of the UK or Europe or is purchasing via a cloud service provider marketplace; or (ii) Wiz Cloud Limited, a private limited company under the laws of England and Wales, if Customer is located in the UK or Europe and not purchasing via a cloud service provider.
- Miscellaneous. This Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof and may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This Agreement represents the entire agreement of the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings, agreements and statements by the Parties with respect to such subject matter, including prior non-disclosure agreements or evaluation agreements. Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the state of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective November 17th 2023 to November 20th 2023
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
BY ACCEPTING THIS AGREEMENT OR ACCESSING OR USING THE SERVICES, YOU ARE ACCEPTING THE TERMS AND CONDITIONS OF THIS AGREEMENT, UNLESS A SEPARATE WRITTEN AGREEMENT IS IN EFFECT THAT SPECIFICALLY GOVERNS THE SUBJECT MATTER HEREOF. IF YOU DO NOT AGREE TO THIS AGREEMENT, YOU MAY NOT USE THE SERVICE. YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT; IF YOU ARE USING THE SERVICE AS AN EMPLOYEE OR AGENT OF AN ORGANIZATION OR ENTITY, THEN YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO SIGN FOR AND BIND SUCH ORGANIZATION OR ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT. IF YOU DO NOT HAVE AUTHORITY TO BIND YOUR EMPLOYER OR OTHER LEGAL ENTITY, PLEASE DO NOT ACCEPT THIS AGREEMENT AND IMMEDIATELY REFRAIN FROM ACCESSING AND/OR USING THE SERVICES.
IF YOU ARE USING THE SERVICE AS A PROOF OF CONCEPT OR FOR EVALUATION PURPOSES, THE SERVICES ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND AND IN ACCORDANCE WITH THE TERMS OF SECTION 8(“EVALUATIONS”) BELOW.
This Master Subscription Agreement (the “Agreement”) is effective on the earlier of: the date of (i) the execution of an Order referencing this Agreement; or (ii) Customer’s use of the Services (the “Effective Date”), by and between Wiz (as defined in Section 21 below) and you or the entity you represent referenced in the Order or otherwise accessing the Services (the “Customer”) (each, a “Party” and collectively, the “Parties”). Customer may use the Services (as defined below) subject to the terms below.
1. Ordering.
1.1 Customer may place an order for Services directly with Wiz via an order form (a “Direct Order”). Direct Orders may be entered into by Wiz or Wiz Affiliates with Customer or Customer Affiliates. Each Direct Order is hereby incorporated into this Agreement by reference and shall be deemed to be a stand-alone agreement that incorporates by reference the terms of this Agreement (mutatis mutandis) whereby each signing entity to the Direct Order shall be considered to be either “Wiz” or “Customer” referenced herein. A Customer Affiliate will have the right to enter into an Order referencing this Agreement and thereby indicating its agreement to be bound by the terms of this Agreement as if it were an original party hereto. In such case, for purposes of such Order, such Customer Affiliate will be deemed to be the “Customer” hereunder. To the extent of any conflict or inconsistency between the terms and conditions of this Agreement and a Direct Order, this Agreement shall prevail (unless a Direct Order specifically states otherwise). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
1.2 If Customer has purchased a subscription pursuant to the terms hereof from a partner, reseller or distributor authorized by Wiz (“Partner”), to the extent there is any conflict between this Agreement and the agreement entered between Customer and the respective Partner, including any purchase order (“Partner Order”), then, as between Customer and Wiz, this Agreement shall prevail. Any rights granted to Customer in such Partner Order which are not contained in this Agreement, apply only in connection with such Partner. In that case, Customer must seek redress or realization or enforcement of such rights solely with such Partner and not Wiz. An “Order” means a Direct Order or a Partner Order, as applicable.
2.2 Unless otherwise indicated, the term “Platform” also includes all software, revisions, fixes, improvements and/or updates to the subscription type specified in an Order and any user manuals and documentation available within the Platform (“Documentation”) provided to Customer in connection with the operation of the Platform. Customer may only use the Platform in accordance with the Documentation, subject to any use limitations indicated in an Order, and applicable laws and regulations. The Platform and any related services provided to Customer and detailed in an Order shall be referred to as the “Services”.
The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least 15 days’ notice to Customer, to suspend Customer’s access to the Services for non or late payment. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
4. Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
5. Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Wiz, Customer shall not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products); (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) disclose the results of any testing or benchmarking of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform for any use in competition with Wiz’s Services; (vi) use the Platform in a manner that violates or infringes any rights of any third party; (vii) remove or alter any trademarks or other proprietary notices related to the Platform; or (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations.
6. Security. The Parties shall comply with the Wiz Security Addendum which is available at https://www.wiz.io/legal/security-addendum (“Security Addendum”).
If Customer chooses, in its sole discretion, to provide Feedback (defined below) to Wiz, nothing in this Agreement or in the parties’ dealings arising out of or related to this Agreement will restrict Wiz's right to use, profit from, disclose, publish, or otherwise exploit Feedback, without compensating or crediting Customer or the individual providing such Feedback. Customer’s Confidential Information shall not include Feedback, to the extent that such Feedback relates exclusively to Wiz’s products or services. “Feedback” means any feedback (e.g., questions, comments, suggestions or the like), whether orally or in writing, regarding any of the Services.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
(A) EXCEPT FOR ANY DAMAGES RESULTING FROM CUSTOMER'S VIOLATION OF WIZ'S INTELLECTUAL PROPERTY RIGHTS; NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
(B) EXCEPT FOR WIZ’S INDEMNIFICATION OBLIGATION UNDER SECTION 16, AND/OR DAMAGES RESULTING FROM CUSTOMER'S VIOLATION OF WIZ'S INTELLECTUAL PROPERTY RIGHTS; EITHER PARTY’S INCLUDING ITS AFFILIATES’ MAXIMUM LIABILITY FOR ANY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, INCLUDING ITS EXHIBITS, WHETHER IN CONTRACT OR TORT, OR OTHERWISE, SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS. FOR CLARITY LIMITATIONS IN THIS SECTION DO NOT APPLY TO FEES DUE TO WIZ UNDER THIS AGREEMENT.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
Effective November 13th 2023 to November 17th 2023
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
BY ACCEPTING THIS AGREEMENT OR ACCESSING OR USING THE SERVICES, YOU ARE ACCEPTING THE TERMS AND CONDITIONS OF THIS AGREEMENT, UNLESS A SEPARATE WRITTEN AGREEMENT IS IN EFFECT THAT SPECIFICALLY GOVERNS THE SUBJECT MATTER HEREOF. IF YOU DO NOT AGREE TO THIS AGREEMENT, YOU MAY NOT USE THE SERVICE. YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT; IF YOU ARE USING THE SERVICE AS AN EMPLOYEE OR AGENT OF AN ORGANIZATION OR ENTITY, THEN YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO SIGN FOR AND BIND SUCH ORGANIZATION OR ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT. IF YOU DO NOT HAVE AUTHORITY TO BIND YOUR EMPLOYER OR OTHER LEGAL ENTITY, PLEASE DO NOT ACCEPT THIS AGREEMENT AND IMMEDIATELY REFRAIN FROM ACCESSING AND/OR USING THE SERVICES.
IF YOU ARE USING THE SERVICE AS A PROOF OF CONCEPT OR FOR EVALUATION PURPOSES, THE SERVICES ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND AND IN ACCORDANCE WITH THE TERMS OF SECTION 8(“EVALUATIONS”) BELOW.
This Master Subscription Agreement (the “Agreement”) is effective on the earlier of: the date of (i) the execution of an Order referencing this Agreement; or (ii) Customer’s use of the Services (the “Effective Date”), by and between Wiz (as defined in Section 21 below) and you or the entity you represent referenced in the Order or otherwise accessing the Services (the “Customer”) (each, a “Party” and collectively, the “Parties”). Customer may use the Services (as defined below) subject to the terms below.
1. Ordering.
1.1 Customer may place an order for Services directly with Wiz via an order form (a “Direct Order”). Direct Orders may be entered into by Wiz or Wiz Affiliates with Customer or Customer Affiliates. Each Direct Order is hereby incorporated into this Agreement by reference and shall be deemed to be a stand-alone agreement that incorporates by reference the terms of this Agreement (mutatis mutandis) whereby each signing entity to the Direct Order shall be considered to be either “Wiz” or “Customer” referenced herein. A Customer Affiliate will have the right to enter into an Order referencing this Agreement and thereby indicating its agreement to be bound by the terms of this Agreement as if it were an original party hereto. In such case, for purposes of such Order, such Customer Affiliate will be deemed to be the “Customer” hereunder. To the extent of any conflict or inconsistency between the terms and conditions of this Agreement and a Direct Order, this Agreement shall prevail (unless a Direct Order specifically states otherwise). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
1.2 If Customer has purchased a subscription pursuant to the terms hereof from a partner, reseller or distributor authorized by Wiz (“Partner”), to the extent there is any conflict between this Agreement and the agreement entered between Customer and the respective Partner, including any purchase order (“Partner Order”), then, as between Customer and Wiz, this Agreement shall prevail. Any rights granted to Customer in such Partner Order which are not contained in this Agreement, apply only in connection with such Partner. In that case, Customer must seek redress or realization or enforcement of such rights solely with such Partner and not Wiz. An “Order” means a Direct Order or a Partner Order, as applicable.
2.2 Unless otherwise indicated, the term “Platform” also includes all software, revisions, fixes, improvements and/or updates to the subscription type specified in an Order and any user manuals and documentation available within the Platform (“Documentation”) provided to Customer in connection with the operation of the Platform. Customer may only use the Platform in accordance with the Documentation, subject to any use limitations indicated in an Order, and applicable laws and regulations. The Platform and any related services provided to Customer and detailed in an Order shall be referred to as the “Services”.
The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least 15 days’ notice to Customer, to suspend Customer’s access to the Services for non or late payment. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
4. Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
5. Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Wiz, Customer shall not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products); (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) disclose the results of any testing or benchmarking of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform for any use in competition with Wiz’s Services; (vi) use the Platform in a manner that violates or infringes any rights of any third party; (vii) remove or alter any trademarks or other proprietary notices related to the Platform; or (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations.
6. Security. The Parties shall comply with the Wiz Security Addendum which is available at https://www.wiz.io/legal/security-addendum (“Security Addendum”).
If Customer chooses, in its sole discretion, to provide Feedback (defined below) to Wiz, nothing in this Agreement or in the parties’ dealings arising out of or related to this Agreement will restrict Wiz's right to use, profit from, disclose, publish, or otherwise exploit Feedback, without compensating or crediting Customer or the individual providing such Feedback. Customer’s Confidential Information shall not include Feedback, to the extent that such Feedback relates exclusively to Wiz’s products or services. “Feedback” means any feedback (e.g., questions, comments, suggestions or the like), whether orally or in writing, regarding any of the Services.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
(A) EXCEPT FOR ANY DAMAGES RESULTING FROM CUSTOMER'S VIOLATION OF WIZ'S INTELLECTUAL PROPERTY RIGHTS; NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
(B) EXCEPT FOR WIZ’S INDEMNIFICATION OBLIGATION UNDER SECTION 16, AND/OR DAMAGES RESULTING FROM CUSTOMER'S VIOLATION OF WIZ'S INTELLECTUAL PROPERTY RIGHTS; EITHER PARTY’S INCLUDING ITS AFFILIATES’ MAXIMUM LIABILITY FOR ANY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, INCLUDING ITS EXHIBITS, WHETHER IN CONTRACT OR TORT, OR OTHERWISE, SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS. FOR CLARITY LIMITATIONS IN THIS SECTION DO NOT APPLY TO FEES DUE TO WIZ UNDER THIS AGREEMENT.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
Effective November 13th 2023 to November 13th 2023
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
BY ACCEPTING THIS AGREEMENT OR ACCESSING OR USING THE SERVICES, YOU ARE ACCEPTING THE TERMS AND CONDITIONS OF THIS AGREEMENT, UNLESS A SEPARATE WRITTEN AGREEMENT IS IN EFFECT THAT SPECIFICALLY GOVERNS THE SUBJECT MATTER HEREOF. IF YOU DO NOT AGREE TO THIS AGREEMENT, YOU MAY NOT USE THE SERVICE. YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT; IF YOU ARE USING THE SERVICE AS AN EMPLOYEE OR AGENT OF AN ORGANIZATION OR ENTITY, THEN YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO SIGN FOR AND BIND SUCH ORGANIZATION OR ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT. IF YOU DO NOT HAVE AUTHORITY TO BIND YOUR EMPLOYER OR OTHER LEGAL ENTITY, PLEASE DO NOT ACCEPT THIS AGREEMENT AND IMMEDIATELY REFRAIN FROM ACCESSING AND/OR USING THE SERVICES.
IF YOU ARE USING THE SERVICE AS A PROOF OF CONCEPT OR FOR EVALUATION PURPOSES, THE SERVICES ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND AND IN ACCORDANCE WITH THE TERMS OF SECTION 8(“EVALUATIONS”) BELOW.
This Master Subscription Agreement (the “Agreement”) is effective on the earlier of: the date of (i) the execution of an Order referencing this Agreement; or (ii) Customer’s use of the Services (the “Effective Date”), by and between Wiz (as defined in Section 21 below) and you or the entity you represent referenced in the Order or otherwise accessing the Services (the “Customer”) (each, a “Party” and collectively, the “Parties”). Customer may use the Services (as defined below) subject to the terms below.
1. Ordering.
1.1 Customer may place an order for Services directly with Wiz via an order form (a “Direct Order”). Direct Orders may be entered into by Wiz or Wiz Affiliates with Customer or Customer Affiliates. Each Direct Order is hereby incorporated into this Agreement by reference and shall be deemed to be a stand-alone agreement that incorporates by reference the terms of this Agreement (mutatis mutandis) whereby each signing entity to the Direct Order shall be considered to be either “Wiz” or “Customer” referenced herein. A Customer Affiliate will have the right to enter into an Order referencing this Agreement and thereby indicating its agreement to be bound by the terms of this Agreement as if it were an original party hereto. In such case, for purposes of such Order, such Customer Affiliate will be deemed to be the “Customer” hereunder. To the extent of any conflict or inconsistency between the terms and conditions of this Agreement and a Direct Order, this Agreement shall prevail (unless a Direct Order specifically states otherwise). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
1.2 If Customer has purchased a subscription pursuant to the terms hereof from a partner, reseller or distributor authorized by Wiz (“Partner”), to the extent there is any conflict between this Agreement and the agreement entered between Customer and the respective Partner, including any purchase order (“Partner Order”), then, as between Customer and Wiz, this Agreement shall prevail. Any rights granted to Customer in such Partner Order which are not contained in this Agreement, apply only in connection with such Partner. In that case, Customer must seek redress or realization or enforcement of such rights solely with such Partner and not Wiz. An “Order” means a Direct Order or a Partner Order, as applicable.
2.2 Unless otherwise indicated, the term “Platform” also includes all software, revisions, fixes, improvements and/or updates to the subscription type specified in an Order and any user manuals and documentation available within the Platform (“Documentation”) provided to Customer in connection with the operation of the Platform. Customer may only use the Platform in accordance with the Documentation, subject to any use limitations indicated in an Order, and applicable laws and regulations. The Platform and any related services provided to Customer and detailed in an Order shall be referred to as the “Services”.
The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least 15 days’ notice to Customer, to suspend Customer’s access to the Services for non or late payment. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
4. Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
5. Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Wiz, Customer shall not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products); (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) disclose the results of any testing or benchmarking of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform for any use in competition with Wiz’s Services; (vi) use the Platform in a manner that violates or infringes any rights of any third party; (vii) remove or alter any trademarks or other proprietary notices related to the Platform; or (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations.
6. Security.
If Customer chooses, in its sole discretion, to provide Feedback (defined below) to Wiz, nothing in this Agreement or in the parties’ dealings arising out of or related to this Agreement will restrict Wiz's right to use, profit from, disclose, publish, or otherwise exploit Feedback, without compensating or crediting Customer or the individual providing such Feedback. Customer’s Confidential Information shall not include Feedback, to the extent that such Feedback relates exclusively to Wiz’s products or services. “Feedback” means any feedback (e.g., questions, comments, suggestions or the like), whether orally or in writing, regarding any of the Services.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
(A) EXCEPT FOR ANY DAMAGES RESULTING FROM CUSTOMER'S VIOLATION OF WIZ'S INTELLECTUAL PROPERTY RIGHTS; NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
(B) EXCEPT FOR WIZ’S INDEMNIFICATION OBLIGATION UNDER SECTION 16, AND/OR DAMAGES RESULTING FROM CUSTOMER'S VIOLATION OF WIZ'S INTELLECTUAL PROPERTY RIGHTS; EITHER PARTY’S INCLUDING ITS AFFILIATES’ MAXIMUM LIABILITY FOR ANY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, INCLUDING ITS EXHIBITS, WHETHER IN CONTRACT OR TORT, OR OTHERWISE, SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS. FOR CLARITY LIMITATIONS IN THIS SECTION DO NOT APPLY TO FEES DUE TO WIZ UNDER THIS AGREEMENT.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
Effective October 29th 2023 to November 13th 2023
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
BY ACCEPTING THIS AGREEMENT OR ACCESSING OR USING THE SERVICES, YOU ARE ACCEPTING THE TERMS AND CONDITIONS OF THIS AGREEMENT, UNLESS A SEPARATE WRITTEN AGREEMENT IS IN EFFECT THAT SPECIFICALLY GOVERNS THE SUBJECT MATTER HEREOF. IF YOU DO NOT AGREE TO THIS AGREEMENT, YOU MAY NOT USE THE SERVICE. YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT; IF YOU ARE USING THE SERVICE AS AN EMPLOYEE OR AGENT OF AN ORGANIZATION OR ENTITY, THEN YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO SIGN FOR AND BIND SUCH ORGANIZATION OR ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT. IF YOU DO NOT HAVE AUTHORITY TO BIND YOUR EMPLOYER OR OTHER LEGAL ENTITY, PLEASE DO NOT ACCEPT THIS AGREEMENT AND IMMEDIATELY REFRAIN FROM ACCESSING AND/OR USING THE SERVICES.
IF YOU ARE USING THE SERVICE AS A PROOF OF CONCEPT OR FOR EVALUATION PURPOSES, THE SERVICES ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND AND IN ACCORDANCE WITH THE TERMS OF SECTION 8(“EVALUATIONS”) BELOW.
This Master Subscription Agreement (the “Agreement”) is effective on the earlier of: the date of (i) the execution of an Order referencing this Agreement; or (ii) Customer’s use of the Services (the “Effective Date”), by and between Wiz (as defined in Section 21 below) and you or the entity you represent referenced in the Order or otherwise accessing the Services (the “Customer”) (each, a “Party” and collectively, the “Parties”). Customer may use the Services (as defined below) subject to the terms below.
1. Ordering.
1.1 Customer may place an order for Services directly with Wiz via an order form (a “Direct Order”). Direct Orders may be entered into by Wiz or Wiz Affiliates with Customer or Customer Affiliates. Each Direct Order is hereby incorporated into this Agreement by reference and shall be deemed to be a stand-alone agreement that incorporates by reference the terms of this Agreement (mutatis mutandis) whereby each signing entity to the Direct Order shall be considered to be either “Wiz” or “Customer” referenced herein. A Customer Affiliate will have the right to enter into an Order referencing this Agreement and thereby indicating its agreement to be bound by the terms of this Agreement as if it were an original party hereto. In such case, for purposes of such Order, such Customer Affiliate will be deemed to be the “Customer” hereunder. To the extent of any conflict or inconsistency between the terms and conditions of this Agreement and a Direct Order, this Agreement shall prevail (unless a Direct Order specifically states otherwise). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
1.2 If Customer has purchased a subscription pursuant to the terms hereof from a partner, reseller or distributor authorized by Wiz (“Partner”), to the extent there is any conflict between this Agreement and the agreement entered between Customer and the respective Partner, including any purchase order (“Partner Order”), then, as between Customer and Wiz, this Agreement shall prevail. Any rights granted to Customer in such Partner Order which are not contained in this Agreement, apply only in connection with such Partner. In that case, Customer must seek redress or realization or enforcement of such rights solely with such Partner and not Wiz. An “Order” means a Direct Order or a Partner Order, as applicable.
2.2 Unless otherwise indicated, the term “Platform” also includes all software, revisions, fixes, improvements and/or updates to the subscription type specified in an Order and any user manuals and documentation available within the Platform (“Documentation”) provided to Customer in connection with the operation of the Platform. Customer may only use the Platform in accordance with the Documentation, subject to any use limitations indicated in an Order, and applicable laws and regulations. The Platform and any related services provided to Customer and detailed in an Order shall be referred to as the “Services”.
The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least 15 days’ notice to Customer, to suspend Customer’s access to the Services for non or late payment. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
4. Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
5. Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Wiz, Customer shall not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products); (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) disclose the results of any testing or benchmarking of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform for any use in competition with Wiz’s Services; (vi) use the Platform in a manner that violates or infringes any rights of any third party; (vii) remove or alter any trademarks or other proprietary notices related to the Platform; or (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations.
6. Security.
If Customer chooses, in its sole discretion, to provide Feedback (defined below) to Wiz, nothing in this Agreement or in the parties’ dealings arising out of or related to this Agreement will restrict Wiz's right to use, profit from, disclose, publish, or otherwise exploit Feedback, without compensating or crediting Customer or the individual providing such Feedback. Customer’s Confidential Information shall not include Feedback, to the extent that such Feedback relates exclusively to Wiz’s products or services. “Feedback” means any feedback (e.g., questions, comments, suggestions or the like), whether orally or in writing, regarding any of the Services.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
(A) EXCEPT FOR ANY DAMAGES RESULTING FROM CUSTOMER'S VIOLATION OF WIZ'S INTELLECTUAL PROPERTY RIGHTS; NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
(B) EXCEPT FOR WIZ’S INDEMNIFICATION OBLIGATION UNDER SECTION 16, AND/OR DAMAGES RESULTING FROM CUSTOMER'S VIOLATION OF WIZ'S INTELLECTUAL PROPERTY RIGHTS; EITHER PARTY’S INCLUDING ITS AFFILIATES’ MAXIMUM LIABILITY FOR ANY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, INCLUDING ITS EXHIBITS, WHETHER IN CONTRACT OR TORT, OR OTHERWISE, SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS. FOR CLARITY LIMITATIONS IN THIS SECTION DO NOT APPLY TO FEES DUE TO WIZ UNDER THIS AGREEMENT.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
Effective September 14th 2023 to October 29th 2023
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
BY ACCEPTING THIS AGREEMENT OR ACCESSING OR USING THE SERVICES, YOU ARE ACCEPTING THE TERMS AND CONDITIONS OF THIS AGREEMENT, UNLESS A SEPARATE WRITTEN AGREEMENT IS IN EFFECT THAT SPECIFICALLY GOVERNS THE SUBJECT MATTER HEREOF. IF YOU DO NOT AGREE TO THIS AGREEMENT, YOU MAY NOT USE THE SERVICE. YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT; IF YOU ARE USING THE SERVICE AS AN EMPLOYEE OR AGENT OF AN ORGANIZATION OR ENTITY, THEN YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO SIGN FOR AND BIND SUCH ORGANIZATION OR ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT. IF YOU DO NOT HAVE AUTHORITY TO BIND YOUR EMPLOYER OR OTHER LEGAL ENTITY, PLEASE DO NOT ACCEPT THIS AGREEMENT AND IMMEDIATELY REFRAIN FROM ACCESSING AND/OR USING THE SERVICES.
IF YOU ARE USING THE SERVICE AS A PROOF OF CONCEPT OR FOR EVALUATION PURPOSES, THE SERVICES ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND AND IN ACCORDANCE WITH THE TERMS OF SECTION 8 (“EVALUATIONS”) BELOW.
This Master Subscription Agreement (the “Agreement”) is effective on the earlier of: the date of (i) the execution of an Order referencing this Agreement; or (ii) Customer’s use of the Services (the “Effective Date”), by and between Wiz (as defined in Section 21 below) and you or the entity you represent referenced in the Order or otherwise accessing the Services (the “Customer”) (each, a “Party” and collectively, the “Parties”). Customer may use the Services (as defined below) subject to the terms below.
- Ordering.
1.1. Customer may place an order for Services directly with Wiz via an order form (a “Direct Order”). Direct Orders may be entered into by Wiz or Wiz Affiliates with Customer or Customer Affiliates. Each Direct Order is hereby incorporated into this Agreement by reference and shall be deemed to be a stand-alone agreement that incorporates by reference the terms of this Agreement (mutatis mutandis) whereby each signing entity to the Direct Order shall be considered to be either “Wiz” or “Customer” referenced herein. A Customer Affiliate will have the right to enter into an Order referencing this Agreement and thereby indicating its agreement to be bound by the terms of this Agreement as if it were an original party hereto. In such case, for purposes of such Order, such Customer Affiliate will be deemed to be the “Customer” hereunder. To the extent of any conflict or inconsistency between the terms and conditions of this Agreement and a Direct Order, this Agreement shall prevail (unless a Direct Order specifically states otherwise). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
1.2. If Customer has purchased a subscription pursuant to the terms hereof from a partner, reseller or distributor authorized by Wiz (“Partner”), to the extent there is any conflict between this Agreement and the agreement entered between Customer and the respective Partner, including any purchase order (“Partner Order”), then, as between Customer and Wiz, this Agreement shall prevail. Any rights granted to Customer in such Partner Order which are not contained in this Agreement, apply only in connection with such Partner. In that case, Customer must seek redress or realization or enforcement of such rights solely with such Partner and not Wiz. An “Order” means a Direct Order or a Partner Order, as applicable. - Subscription.
2.1. Subject to the terms and conditions of this Agreement (including payment obligations), Wiz hereby grants Customer, in connection with each Order, a limited, non-exclusive, non-sublicensable, non-transferable and revocable (as provided herein) right to use the Wiz cloud security platform (“Platform”) in object code form, during the corresponding Subscription Term (as defined in an Order), solely for Customer's internal business purposes and in accordance with the subscriptions specified in the applicable Order.
2.2. Unless otherwise indicated, the term “Platform” also includes all software, revisions, fixes, improvements and/or updates to the subscription type specified in an Order and any user manuals and documentation available within the Platform (“Documentation”) provided to Customer in connection with the operation of the Platform. Customer may only use the Platform in accordance with the Documentation, subject to any use limitations indicated in an Order, and applicable laws and regulations. The Platform and any related services provided to Customer and detailed in an Order shall be referred to as the “Services”. - Fees.
The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least 15 days’ notice to Customer, to suspend Customer’s access to the Services for non or late payment. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce. - Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
- Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Wiz, Customer shall not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products); (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) disclose the results of any testing or benchmarking of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform for any use in competition with Wiz’s Services; (vi) use the Platform in a manner that violates or infringes any rights of any third party; (vii) remove or alter any trademarks or other proprietary notices related to the Platform; or (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations.
- Security.
Customer acknowledges that it is responsible for implementing, running and managing its subscription to the Platform on a day to day basis. Wiz shall employ administrative, physical, and technical security measures in accordance with applicable industry standards, including AICPA SOC2 Type 2 criteria and ISO 27001, to protect (and prevent the accidental loss or unauthorized access, use or disclosure of) Customer Data, in each case, under its control. Customer shall be responsible for: (i) the security of cloud environments it owns, operates, and connects to Wiz, and for configuration of its instance(s) of the Wiz Platform; (ii) provisioning Permitted Users with access to Customer’s instance of the Wiz Platform, including: (a) managing instance-level administrators and other user privileges; (b) deauthorizing Permitted Users who no longer need access; (c) provisioning and configuring service account or API access; and (d) enabling integrations, in Customer’s sole discretion, with customer-owned or third-party technologies. Wiz provides customers with audit logs that record customer user account and application activity occurring within their respective Wiz Platform instance(s), however, Customer is responsible for monitoring its own instance’s audit logs. - Customer Data.
7.1. As between the parties, Customer owns and retains all right, title and interest (including all intellectual property rights) in and to any data or information that originates, resides on, or is otherwise processed through Customer's systems and processed by Wiz in the provision of the Services (“Customer Data”). Customer has exclusive control and responsibility for determining what Customer Data it and its Permitted Users submit into the Services and for obtaining all necessary rights, consents and permissions for submission of Customer Data and processing instructions to Wiz. Customer hereby grants to Wiz a non-exclusive, worldwide, royalty-free right to use Customer Data to provide the Services and perform its obligations under this Agreement.
7.2. If Customer Data contains personally identifiable information, to the extent applicable, the Parties shall comply with Wiz’s Data Processing Agreement (“DPA”), which is available at https://www.wiz.io/data-processing-agreement and forms an integral part of this Agreement.
7.3. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services and to fulfill legal obligations. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of data that has been anonymized and/or aggregated, provided that such data does not in any way identify and cannot be reasonably associated with Customer, its Affiliates, Permitted Users or any individuals connected to Customer or Customer Confidential Information (“Anonymized Data”). - Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise. Notwithstanding Section 15 (Limitation of Liability) or any other provision of this Agreement, Wiz’s maximum aggregate liability under any Evaluation shall be capped at one thousand dollars US ($1,000 US).
- Wiz Preview Features. From time to time, upon Customer or its Permitted Users' request, Wiz may make available to Customer one or more proprietary, non-commercially available, hosted software applications, application platform interfaces, services, products, features and/or functionalities on a beta testing basis (“Wiz Preview Feature(s)”) to try at no charge. Customer may choose to try such Wiz Preview Features in its sole discretion subject to the Wiz Preview Program Terms which are available at https://www.wiz.io/preview-terms.
- Customer Integrations. Customer acknowledges that the Services may link to third party websites, applications or services that can be integrated with or connected to the Services (“Third Party Integrations”). Customer’s use of such Third Party Integrations is optional. To use such features, Customer must either obtain access to the Third Party Integrations via the third party provider or authorize Wiz to obtain access on Customer’s behalf. If Customer uses such Third Party Integrations, it acknowledges and agrees that: (a) any link from the Service does not imply any Wiz endorsement of, or responsibility for, those Third Party Integrations and the use of such Third Party Integrations are subject to the terms and conditions of the Third Party Integration provider; (b) Customer may be required to grant Wiz access to its Third Party Integration account and/or to grant the Third Party Integration provider access to its Wiz account; (c) Customer Data may be transferred between Wiz and the Third Party Integration provider as required for the interoperation with the Services; and (d) Wiz does not guarantee the continued availability of such Third Party Integrations, and may cease supporting them without liability to Customer. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Integration providers.
- Warranties. Each Party represents and warrants that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; and that the execution and performance of this Agreement will not conflict with other agreements to which it is bound or violate applicable law.
- Intellectual Property Rights. All right, title, and interest, including any intellectual property rights evidenced by or embodied in, attached, connected, and/or related to the Platform (and any and all improvements enhancements, corrections, modifications, alterations, revisions, extensions and updates and derivative works thereof) and any other products, deliverables or services provided by Wiz; are and shall remain owned solely by Wiz or its licensors. This Agreement does not convey to Customer any interest in or to the Platform other than a limited right to use the Platform in accordance with Section 2 (Subscription). Nothing herein constitutes a waiver of Wiz’s intellectual property rights under any law. Wiz reserves all rights not expressly granted herein to the Platform.
If Customer chooses, in its sole discretion, to provide Feedback (defined below) to Wiz, nothing in this Agreement or in the parties’ dealings arising out of or related to this Agreement will restrict Wiz's right to use, profit from, disclose, publish, or otherwise exploit Feedback, without compensating or crediting Customer or the individual providing such Feedback. Customer’s Confidential Information shall not include Feedback, to the extent that such Feedback relates exclusively to Wiz’s products or services. “Feedback” means any feedback (e.g., questions, comments, suggestions or the like), whether orally or in writing, regarding any of the Services. - Confidentiality. Each Party may have access to certain non-public information of the other Party, in any form or media, including without limitation trade secrets and other information related to the products, software, technology, data, know-how, or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. The receiving Party’s obligations under this Section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing Party’s Confidential Information. Neither Party shall use or disclose the Confidential Information of the other Party except for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party's Confidential Information to its and/or its Affiliates’ respective employees, consultants, affiliates, service providers, agents, partners, and subcontractors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence review (i.e., a potential investment in a Party or a going-public transaction) subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement. All right, title and interest in and to Confidential Information are and shall remain the sole and exclusive property of the disclosing Party.
- LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, (b) any incompatibility between the Customer's systems and the Platform and/or (c) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON- INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER. - LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW:
(A) EXCEPT FOR ANY DAMAGES RESULTING FROM CUSTOMER'S VIOLATION OF WIZ'S INTELLECTUAL PROPERTY RIGHTS; NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
(B) EXCEPT FOR WIZ’S INDEMNIFICATION OBLIGATION UNDER SECTION 16, AND/OR DAMAGES RESULTING FROM CUSTOMER'S VIOLATION OF WIZ'S INTELLECTUAL PROPERTY RIGHTS; EITHER PARTY’S INCLUDING ITS AFFILIATES’ MAXIMUM LIABILITY FOR ANY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, INCLUDING ITS EXHIBITS, WHETHER IN CONTRACT OR TORT, OR OTHERWISE, SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS. FOR CLARITY LIMITATIONS IN THIS SECTION DO NOT APPLY TO FEES DUE TO WIZ UNDER THIS AGREEMENT. - Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement. - Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 18, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
- Termination. Either Party may terminate an Order and/or this Agreement for cause with immediate effect if (a) the other Party breaches any material term or condition of an Order and/or this Agreement, and (b) such breach remains uncured thirty (30) days after the breaching Party receives written notice thereof. Upon termination or expiration of this Agreement and/or an Order: (i) all rights granted to Customer in the Platform shall expire, and Customer shall discontinue any further use and access thereof including, to the extent applicable, by deinstalling any Wiz provided software; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; and (iii) Wiz may retain Customer Data in accordance with its customer data retention policy without affecting any of Wiz’s rights to the Account Data or Anonymized Data. Section 5 (Prohibited Uses), Section 6 (Security) Section 7 (Customer Data), Section 8 (Evaluations), Section 9 (Wiz Preview Features), Section 10 (Customer Integrations), Section 12 (Intellectual Property), Section 13 (Confidentiality), Section 14 (Limited Warranties), Section 15 (Limitation of Liability), Section 18 (Termination), Section 21 (Contracting) and Section 22 22 (Miscellaneous) shall survive termination or expiration of this Agreement for any reason. Customer shall be responsible for downloading its Customer Data prior to termination of this Agreement.
- Customer Reference. Unless stated otherwise in an Order, Wiz shall not use Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites or public marketing materials without Customer’s prior written consent.
- Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
- Contracting entity. For the purposes of this Agreement “Wiz” means Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 or its Affiliates, as applicable. For clarity, unless a Direct Order specifies otherwise, the Wiz entity contracting with Customer hereunder will be (i) Wiz, Inc., if Customer is located outside of the UK or Europe or is purchasing via a cloud service provider marketplace; or (ii) Wiz Cloud Limited, a private limited company under the laws of England and Wales, if Customer is located in the UK or Europe and not purchasing via a cloud service provider.
- Miscellaneous. This Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof and may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This Agreement represents the entire agreement of the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings, agreements and statements by the Parties with respect to such subject matter, including prior non-disclosure agreements or evaluation agreements. Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the state of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective September 11th 2023 to September 14th 2023
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
BY ACCEPTING THIS AGREEMENT OR ACCESSING OR USING THE SERVICES, YOU ARE ACCEPTING THE TERMS AND CONDITIONS OF THIS AGREEMENT, UNLESS A SEPARATE WRITTEN AGREEMENT IS IN EFFECT THAT SPECIFICALLY GOVERNS THE SUBJECT MATTER HEREOF. IF YOU DO NOT AGREE TO THIS AGREEMENT, YOU MAY NOT USE THE SERVICE. YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT; IF YOU ARE USING THE SERVICE AS AN EMPLOYEE OR AGENT OF AN ORGANIZATION OR ENTITY, THEN YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO SIGN FOR AND BIND SUCH ORGANIZATION OR ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT. IF YOU DO NOT HAVE AUTHORITY TO BIND YOUR EMPLOYER OR OTHER LEGAL ENTITY, PLEASE DO NOT ACCEPT THIS AGREEMENT AND IMMEDIATELY REFRAIN FROM ACCESSING AND/OR USING THE SERVICES.
IF YOU ARE USING THE SERVICE AS A PROOF OF CONCEPT OR FOR EVALUATION PURPOSES, THE SERVICES ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND AND IN ACCORDANCE WITH THE TERMS OF SECTION 6 (“EVALUATIONS”) BELOW.
This Master Subscription Agreement (the “Agreement”) is effective on the earlier of: the date of (i) the execution of an Order referencing this Agreement; or (ii) Customer’s use of the Services (the “Effective Date”), by and between Wiz (as defined in Section 20 below) and you or the entity you represent referenced in the Order or otherwise accessing the Services (the “Customer”) (each, a “Party” and collectively, the “Parties”). Customer may use the Services (as defined below) subject to the terms below.
The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least 15 days’ notice to Customer, to suspend Customer’s access to the Services for non or late payment. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
If Customer chooses, in its sole discretion, to provide Feedback (defined below) to Wiz, nothing in this Agreement or in the parties’ dealings arising out of or related to this Agreement will restrict Wiz's right to use, profit from, disclose, publish, or otherwise exploit Feedback, without compensating or crediting Customer or the individual providing such Feedback. Customer’s Confidential Information shall not include Feedback, to the extent that such Feedback relates exclusively to Wiz’s products or services. “Feedback” means any feedback (e.g., questions, comments, suggestions or the like), whether orally or in writing, regarding any of the Services.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
(A) EXCEPT FOR ANY DAMAGES RESULTING FROM CUSTOMER'S VIOLATION OF WIZ'S INTELLECTUAL PROPERTY RIGHTS; NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
(B) EXCEPT FOR WIZ’S INDEMNIFICATION OBLIGATION UNDER SECTION 15, AND/OR DAMAGES RESULTING FROM CUSTOMER'S VIOLATION OF WIZ'S INTELLECTUAL PROPERTY RIGHTS; EITHER PARTY’S INCLUDING ITS AFFILIATES’ MAXIMUM LIABILITY FOR ANY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, INCLUDING ITS EXHIBITS, WHETHER IN CONTRACT OR TORT, OR OTHERWISE, SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS. FOR CLARITY LIMITATIONS IN THIS SECTION DO NOT APPLY TO FEES DUE TO WIZ UNDER THIS AGREEMENT.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz or its designee; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
21. Miscellaneous. This Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof and may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This Agreement represents the entire agreement of the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings, agreements and statements by the Parties with respect to such subject matter, including prior non-disclosure agreements or evaluation agreements. Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the state of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective September 11th 2023 to September 11th 2023
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
BY ACCEPTING THIS AGREEMENT OR ACCESSING OR USING THE SERVICES, YOU ARE ACCEPTING THE TERMS AND CONDITIONS OF THIS AGREEMENT, UNLESS A SEPARATE WRITTEN AGREEMENT IS IN EFFECT THAT SPECIFICALLY GOVERNS THE SUBJECT MATTER HEREOF. IF YOU DO NOT AGREE TO THIS AGREEMENT, YOU MAY NOT USE THE SERVICE. YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT; IF YOU ARE USING THE SERVICE AS AN EMPLOYEE OR AGENT OF AN ORGANIZATION OR ENTITY, THEN YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO SIGN FOR AND BIND SUCH ORGANIZATION OR ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT. IF YOU DO NOT HAVE AUTHORITY TO BIND YOUR EMPLOYER OR OTHER LEGAL ENTITY, PLEASE DO NOT ACCEPT THIS AGREEMENT AND IMMEDIATELY REFRAIN FROM ACCESSING AND/OR USING THE SERVICES.
IF YOU ARE USING THE SERVICE AS A PROOF OF CONCEPT OR FOR EVALUATION PURPOSES, THE SERVICES ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND AND IN ACCORDANCE WITH THE TERMS OF SECTION 6 (“EVALUATIONS”) BELOW.
This Master Subscription Agreement (the “Agreement”) is effective on the earlier of: the date of (i) the execution of an Order referencing this Agreement; or (ii) Customer’s use of the Services (the “Effective Date”), by and between Wiz (as defined in Section 20 below) and you or the entity you represent referenced in the Order or otherwise accessing the Services (the “Customer”) (each, a “Party” and collectively, the “Parties”). Customer may use the Services (as defined below) subject to the terms below.
The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least 15 days’ notice to Customer, to suspend Customer’s access to the Services for non or late payment. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
If Customer chooses, in its sole discretion, to provide Feedback (defined below) to Wiz, nothing in this Agreement or in the parties’ dealings arising out of or related to this Agreement will restrict Wiz's right to use, profit from, disclose, publish, or otherwise exploit Feedback, without compensating or crediting Customer or the individual providing such Feedback. Customer’s Confidential Information shall not include Feedback, to the extent that such Feedback relates exclusively to Wiz’s products or services. “Feedback” means any feedback (e.g., questions, comments, suggestions or the like), whether orally or in writing, regarding any of the Services.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
(A) EXCEPT FOR ANY DAMAGES RESULTING FROM CUSTOMER'S VIOLATION OF WIZ'S INTELLECTUAL PROPERTY RIGHTS; NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
(B) EXCEPT FOR WIZ’S INDEMNIFICATION OBLIGATION UNDER SECTION 15, AND/OR DAMAGES RESULTING FROM CUSTOMER'S VIOLATION OF WIZ'S INTELLECTUAL PROPERTY RIGHTS; EITHER PARTY’S INCLUDING ITS AFFILIATES’ MAXIMUM LIABILITY FOR ANY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, INCLUDING ITS EXHIBITS, WHETHER IN CONTRACT OR TORT, OR OTHERWISE, SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS. FOR CLARITY LIMITATIONS IN THIS SECTION DO NOT APPLY TO FEES DUE TO WIZ UNDER THIS AGREEMENT.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz or its designee; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
Miscellaneous. This Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof and may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This Agreement represents the entire agreement of the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings, agreements and statements by the Parties with respect to such subject matter, including prior non-disclosure agreements or evaluation agreements. Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the state of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective August 14th 2023 to September 11th 2023
DownloadTable of Contents
WIZ MASTER SUBSCRIPTION AGREEMENT
BY ACCEPTING THIS AGREEMENT OR ACCESSING OR USING THE SERVICES, YOU ARE ACCEPTING THE TERMS AND CONDITIONS OF THIS AGREEMENT, UNLESS A SEPARATE WRITTEN AGREEMENT IS IN EFFECT THAT SPECIFICALLY GOVERNS THE SUBJECT MATTER HEREOF. IF YOU DO NOT AGREE TO THIS AGREEMENT, YOU MAY NOT USE THE SERVICE. YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT; IF YOU ARE USING THE SERVICE AS AN EMPLOYEE OR AGENT OF AN ORGANIZATION OR ENTITY, THEN YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO SIGN FOR AND BIND SUCH ORGANIZATION OR ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT. IF YOU DO NOT HAVE AUTHORITY TO BIND YOUR EMPLOYER OR OTHER LEGAL ENTITY, PLEASE DO NOT ACCEPT THIS AGREEMENT AND IMMEDIATELY REFRAIN FROM ACCESSING AND/OR USING THE SERVICES.
IF YOU ARE USING THE SERVICE AS A PROOF OF CONCEPT OR FOR EVALUATION PURPOSES, THE SERVICES ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND AND IN ACCORDANCE WITH THE TERMS OF SECTION 6 (“EVALUATIONS”) BELOW.
This Master Subscription Agreement (the “Agreement”) is effective on the earlier of: the date of (i) the execution of an Order referencing this Agreement; or (ii) Customer’s use of the Services (the “Effective Date”), by and between Wiz (as defined in Section 20 below) and you or the entity you represent referenced in the Order or otherwise accessing the Services (the “Customer”) (each, a “Party” and collectively, the “Parties”). Customer may use the Services (as defined below) subject to the terms below.
- Ordering.
- Customer may place an order for Services directly with Wiz via an order form (a “Direct Order”). Direct Orders may be entered into by Wiz or Wiz Affiliates with Customer or Customer Affiliates. Each Direct Order is hereby incorporated into this Agreement by reference and shall be deemed to be a stand-alone agreement that incorporates by reference the terms of this Agreement (mutatis mutandis) whereby each signing entity to the Direct Order shall be considered to be either “Wiz” or “Customer” referenced herein. A Customer Affiliate will have the right to enter into an Order referencing this Agreement and thereby indicating its agreement to be bound by the terms of this Agreement as if it were an original party hereto. In such case, for purposes of such Order, such Customer Affiliate will be deemed to be the “Customer” hereunder. To the extent of any conflict or inconsistency between the terms and conditions of this Agreement and a Direct Order, this Agreement shall prevail (unless a Direct Order specifically states otherwise). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- If Customer has purchased a subscription pursuant to the terms hereof from a partner, reseller or distributor authorized by Wiz (“Partner”), to the extent there is any conflict between this Agreement and the agreement entered between Customer and the respective Partner, including any purchase order (“Partner Order”), then, as between Customer and Wiz, this Agreement shall prevail. Any rights granted to Customer in such Partner Order which are not contained in this Agreement, apply only in connection with such Partner. In that case, Customer must seek redress or realization or enforcement of such rights solely with such Partner and not Wiz. A Direct Order together with a Partner Order are referred to herein as an “Order”.
- Subscription.
- Subject to the terms and conditions of this Agreement (including payment obligations), Wiz hereby grants Customer, in connection with each Order, a limited, non-exclusive, non-sublicensable, non-transferable and revocable (as provided herein) right to use the Wiz cloud security platform (“Platform”) in object code form, during the corresponding Subscription Term (as defined in an Order), solely for Customer's internal business purposes and in accordance with the subscriptions specified in the applicable Order.
- Unless otherwise indicated, the term “Platform” also includes all software, revisions, fixes, improvements and/or updates thereto and any appliance, user manuals and documentation available within the Platform (“Documentation”) provided to Customer in connection with the operation of the Platform. Customer may only use the Platform in accordance with the Documentation, subject to any use limitations indicated in an Order, and applicable laws and regulations. The Platform and any related services provided to Customer and detailed in an Order shall be referred to as the “Services”.
- Fees.
The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order (“Fees”) and Wiz reserves the right, following at least 15 days’ notice to Customer, to suspend Customer’s access to the Services for non or late payment. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%) per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
- Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
- Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Wiz, Customer shall not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products); (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) disclose the results of any testing or benchmarking of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform for any use in competition with Wiz’s Services; (vi) use the Platform in a manner that violates or infringes any rights of any third party; (vii) remove or alter any trademarks or other proprietary notices related to the Platform; or (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations.
- Customer Data.
- As between the parties, Customer owns and retains all right, title and interest (including all intellectual property rights) in and to any data or information that originates, resides on, or is otherwise processed through Customer's systems and processed by Wiz in the provision of the Services (“Customer Data”). Customer has exclusive control and responsibility for determining what Customer Data it and its Permitted Users submit into the Services and for obtaining all necessary rights, consents and permissions for submission of Customer Data and processing instructions to Wiz. Customer hereby grants to Wiz a non-exclusive, worldwide, royalty-free right to use Customer Data to provide the Services and perform its obligations under this Agreement.
- If Customer Data contains personally identifiable information, to the extent applicable, the Parties shall comply with Wiz’s Data Processing Agreement (“DPA”), which is available at https://www.wiz.io/data-processing-agreement and forms an integral part of this Agreement.
- Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services and to fulfill legal obligations. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of data that has been anonymized and/or aggregated, provided that such data does not in any way identify and cannot be reasonably associated with Customer, its Affiliates, Permitted Users or any individuals connected to Customer or Customer Confidential Information (“Anonymized Data”).
- Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise. Notwithstanding Section 14 (Limitation of Liability) or any other provision of this Agreement, Wiz’s maximum aggregate liability under any Evaluation shall be capped at one thousand dollars US ($1,000 US).
- Wiz Preview Features. From time to time, upon Customer or its Permitted Users' request, Wiz may make available to Customer one or more proprietary, non-commercially available, hosted software applications, application platform interfaces, services, products, features and/or functionalities on a beta testing basis (“Wiz Preview Feature(s)”) to try at no charge. Customer may choose to try such Wiz Preview Features in its sole discretion subject to the Wiz Preview Program Terms which are available at https://www.wiz.io/preview-terms.
- Customer Integrations. Customer acknowledges that the Services may link to third party websites, applications or services that can be integrated with or connected to the Services (“Third Party Integrations”). Customer’s use of such Third Party Integrations is optional. To use such features, Customer must either obtain access to the Third Party Integrations via the third party provider or authorize Wiz to obtain access on Customer’s behalf. If Customer uses such Third Party Integrations, it acknowledges and agrees that: (a) any link from the Service does not imply any Wiz endorsement of, or responsibility for, those Third Party Integrations and the use of such Third Party Integrations are subject to the terms and conditions of the Third Party Integration provider; (b) Customer may be required to grant Wiz access to its Third Party Integration account and/or to grant the Third Party Integration provider access to its Wiz account; (c) Customer Data may be transferred between Wiz and the Third Party Integration provider as required for the interoperation with the Services; and (d) Wiz does not guarantee the continued availability of such Third Party Integrations, and may cease supporting them without liability to Customer. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Integration providers.
- Warranties. Each Party represents and warrants that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; and that the execution and performance of this Agreement will not conflict with other agreements to which it is bound or violate applicable law.
- Intellectual Property Rights. All right, title, and interest, including any intellectual property rights evidenced by or embodied in, attached, connected, and/or related to the Platform (and any and all improvements enhancements, corrections, modifications, alterations, revisions, extensions and updates and derivative works thereof) and any other products, deliverables or services provided by Wiz; are and shall remain owned solely by Wiz or its licensors. This Agreement does not convey to Customer any interest in or to the Platform other than a limited right to use the Platform in accordance with Section 2 (Subscription). Nothing herein constitutes a waiver of Wiz’s intellectual property rights under any law. Wiz reserves all rights not expressly granted herein to the Platform.
If Customer chooses, in its sole discretion, to provide Feedback (defined below) to Wiz, nothing in this Agreement or in the parties’ dealings arising out of or related to this Agreement will restrict Wiz's right to use, profit from, disclose, publish, or otherwise exploit Feedback, without compensating or crediting Customer or the individual providing such Feedback. Customer’s Confidential Information shall not include Feedback, to the extent that such Feedback relates exclusively to Wiz’s products or services. “Feedback” means any feedback (e.g., questions, comments, suggestions or the like), whether orally or in writing, regarding any of the Services.
- Confidentiality. Each Party may have access to certain non-public information of the other Party, in any form or media, including without limitation trade secrets and other information related to the products, software, technology, data, know-how, or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. The receiving Party’s obligations under this Section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing Party’s Confidential Information. Neither Party shall use or disclose the Confidential Information of the other Party except for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party's Confidential Information to its and/or its Affiliates’ respective employees, consultants, affiliates, service providers, agents, partners, and subcontractors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence review (i.e., a potential investment in a Party or a going-public transaction) subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement. All right, title and interest in and to Confidential Information are and shall remain the sole and exclusive property of the disclosing Party.
- LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, (b) any incompatibility between the Customer's systems and the Platform appliance and/or (c) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON- INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
(A) EXCEPT FOR ANY DAMAGES RESULTING FROM CUSTOMER'S VIOLATION OF WIZ'S INTELLECTUAL PROPERTY RIGHTS; NEITHER PARTY OR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE.
(B) EXCEPT FOR WIZ’S INDEMNIFICATION OBLIGATION UNDER SECTION 15, AND/OR DAMAGES RESULTING FROM CUSTOMER'S VIOLATION OF WIZ'S INTELLECTUAL PROPERTY RIGHTS; EITHER PARTY’S INCLUDING ITS AFFILIATES’ MAXIMUM LIABILITY FOR ANY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, INCLUDING ITS EXHIBITS, WHETHER IN CONTRACT OR TORT, OR OTHERWISE, SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS. FOR CLARITY LIMITATIONS IN THIS SECTION DO NOT APPLY TO FEES DUE TO WIZ UNDER THIS AGREEMENT.
- Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz or its designee; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
- Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 17, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
- Termination. Either Party may terminate an Order and/or this Agreement for cause with immediate effect if (a) the other Party breaches any material term or condition of an Order and/or this Agreement, and (b) such breach remains uncured thirty (30) days after the breaching Party receives written notice thereof. Upon termination or expiration of this Agreement and/or an Order: (i) all rights granted to Customer in the Platform shall expire, and Customer shall discontinue any further use and access thereof including, to the extent applicable, by deinstalling any Wiz provided software; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; and (iii) Wiz may retain Customer Data in accordance with its customer data retention policy without affecting any of Wiz’s rights to the Account Data or Anonymized Data. Section 5 (Prohibited Uses), Section 6 (Customer Data), Section 7 (Evaluations), Section 8 (Wiz Preview Features), Section 9 (Customer Integrations), Section 11 (Intellectual Property), Section 12 (Confidentiality), Section 13 (Limited Warranties), Section 14 (Limitation of Liability), Section 17 (Termination), Section 20 (Contracting) and Section 21(Miscellaneous) shall survive termination or expiration of this Agreement for any reason. Customer shall be responsible for downloading its Customer Data prior to termination of this Agreement.
- Customer Reference. Unless stated otherwise in an Order or Customer emails Wiz at advocates@wiz.io confirming otherwise, Customer hereby grants Wiz a revocable right and license to use: (a) Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites, presentations, marketing materials or otherwise (collectively, “Marketing Materials”); and/or (b) Customer’s logo to identify Customer as customer of Wiz, in Wiz’s Marketing Materials. Without derogating from the foregoing, unless Customer confirms otherwise via email as set out in the previous sentence, following the deployment of the Services, Customer hereby agrees to participate in a case study about Wiz and its Services which may be published by Wiz in its Marketing Materials.
- Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
- Contracting entity. For the purposes of this Agreement “Wiz” means Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 or its Affiliates, as applicable. For clarity, unless a Direct Order specifies otherwise, the Wiz entity contracting with Customer hereunder will be (i) Wiz, Inc., if Customer is located outside of the UK or Europe or is purchasing via a cloud service provider marketplace; or (ii) Wiz Cloud Limited, a private limited company under the laws of England and Wales, if Customer is located in the UK or Europe and not purchasing via a cloud service provider.
Miscellaneous. This Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof and may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This Agreement represents the entire agreement of the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings, agreements and statements by the Parties with respect to such subject matter, including prior non-disclosure agreements or evaluation agreements. Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the state of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective July 5th 2023 to August 14th 2023
DownloadTable of Contents
- Ordering.
- Customer may place an order for Services directly with Wiz via an order form (a “Direct Order”). Direct Orders may be entered into by Wiz or Wiz Affiliates with Customer or Customer Affiliates. Each Direct Order is hereby incorporated into this Agreement by reference and shall be deemed to be a stand-alone agreement that incorporates by reference the terms of this Agreement (mutatis mutandis) whereby each signing entity to the Direct Order shall be considered to be either “Wiz” or “Customer” referenced herein. A Customer Affiliate will have the right to enter into an Order referencing this Agreement and thereby indicating its agreement to be bound by the terms of this Agreement as if it were an original party hereto. In such case, for purposes of such Order, such Customer Affiliate will be deemed to be the “Customer” hereunder. To the extent of any conflict or inconsistency between the terms and conditions of this Agreement and a Direct Order, this Agreement shall prevail (unless a Direct Order specifically states otherwise). “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity.
- If Customer has purchased a subscription pursuant to the terms hereof from a partner, reseller or distributor authorized by Wiz (“Partner”), to the extent there is any conflict between this Agreement and the agreement entered between Customer and the respective Partner, including any purchase order (“Partner Order”), then, as between Customer and Wiz, this Agreement shall prevail. Any rights granted to Customer in such Partner Order which are not contained in this Agreement, apply only in connection with such Partner. In that case, Customer must seek redress or realization or enforcement of such rights solely with such Partner and not Wiz. A Direct Order together with a Partner Order are referred to herein as an “Order”.
- Subscription.
- Subject to the terms and conditions of this Agreement (including payment obligations), Wiz hereby grants Customer, in connection with each Order, a limited, non-exclusive, non-sublicensable, non-transferable and revocable (as provided herein) right to use the Wiz cloud security platform (“Platform”) in object code form, during the corresponding Subscription Term (as defined in an Order), solely for Customer's internal business purposes and in accordance with the subscriptions specified in the applicable Order.
- Unless otherwise indicated, the term “Platform” also includes all software, revisions, fixes, improvements and/or updates thereto and any appliance, user manuals and documentation available within the Platform (“Documentation”) provided to Customer in connection with the operation of the Platform. Customer may only use the Platform in accordance with the Documentation, subject to any use limitations indicated in an Order, and applicable laws and regulations. The Platform and any related services provided to Customer and detailed in an Order shall be referred to as the “Services”.
- Fees.
- Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Wiz, Customer shall not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products); (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) disclose the results of any testing or benchmarking of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform for any use in competition with Wiz’s Services; (vi) use the Platform in a manner that violates or infringes any rights of any third party; (vii) remove or alter any trademarks or other proprietary notices related to the Platform; or (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations.
- Customer Data.
- As between the parties, Customer owns and retains all right, title and interest (including all intellectual property rights) in and to any data or information that originates, resides on, or is otherwise processed through Customer's systems and processed by Wiz in the provision of the Services (“Customer Data”). Customer has exclusive control and responsibility for determining what Customer Data it and its Permitted Users submit into the Services and for obtaining all necessary rights, consents and permissions for submission of Customer Data and processing instructions to Wiz. Customer hereby grants to Wiz a non-exclusive, worldwide, royalty-free right to use Customer Data to provide the Services and perform its obligations under this Agreement.
- If Customer Data contains personally identifiable information, to the extent applicable, the Parties shall comply with Wiz’s Data Processing Agreement (“DPA”), which is available at https://www.wiz.io/data-processing-agreement and forms an integral part of this Agreement.
- Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services and to fulfill legal obligations. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of data that has been anonymized and/or aggregated, provided that such data does not in any way identify and cannot be reasonably associated with Customer, its Affiliates, Permitted Users or any individuals connected to Customer or Customer Confidential Information (“ Anonymized Data”).
- Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise. Notwithstanding Section 14 (Limitation of Liability) or any other provision of this Agreement, Wiz’s maximum aggregate liability under any Evaluation shall be capped at one thousand dollars US ($1,000 US).
- Wiz Preview Features. From time to time, upon Customer or its Permitted Users' request, Wiz may make available to Customer one or more proprietary, non-commercially available, hosted software applications, application platform interfaces, services, products, features and/or functionalities on a beta testing basis (“Wiz Preview Feature(s)”) to try at no charge. Customer may choose to try such Wiz Preview Features in its sole discretion subject to the Wiz Preview Program Terms which are available at https://www.wiz.io/preview-terms.
- Customer Integrations. Customer acknowledges that the Services may link to third party websites, applications or services that can be integrated with or connected to the Services (“Third Party Integrations”). Customer’s use of such Third Party Integrations is optional. To use such features, Customer must either obtain access to the Third Party Integrations via the third party provider or authorize Wiz to obtain access on Customer’s behalf. If Customer uses such Third Party Integrations, it acknowledges and agrees that: (a) any link from the Service does not imply any Wiz endorsement of, or responsibility for, those Third Party Integrations and the use of such Third Party Integrations are subject to the terms and conditions of the Third Party Integration provider; (b) Customer may be required to grant Wiz access to its Third Party Integration account and/or to grant the Third Party Integration provider access to its Wiz account; (c) Customer Data may be transferred between Wiz and the Third Party Integration provider as required for the interoperation with the Services; and (d) Wiz does not guarantee the continued availability of such Third Party Integrations, and may cease supporting them without liability to Customer. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Integration providers.
- Warranties. Each Party represents and warrants that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; and that the execution and performance of this Agreement will not conflict with other agreements to which it is bound or violate applicable law.
- Intellectual Property Rights. All right, title, and interest, including any intellectual property rights evidenced by or embodied in, attached, connected, and/or related to the Platform (and any and all improvements enhancements, corrections, modifications, alterations, revisions, extensions and updates and derivative works thereof) and any other products, deliverables or services provided by Wiz; are and shall remain owned solely by Wiz or its licensors. This Agreement does not convey to Customer any interest in or to the Platform other than a limited right to use the Platform in accordance with Section 2 (Subscription). Nothing herein constitutes a waiver of Wiz’s intellectual property rights under any law. Wiz reserves all rights not expressly granted herein to the Platform.
- Confidentiality. Each Party may have access to certain non-public information of the other Party, in any form or media, including without limitation trade secrets and other information related to the products, software, technology, data, know-how, or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). The receiving Party will use the same standard of care to protect the disclosing Party’s Confidential Information as it uses to protect its own Confidential Information, but no less than reasonable care. The receiving Party’s obligations under this Section, with respect to any Confidential Information of the disclosing Party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving Party at the time of disclosure by the disclosing Party; (b) was disclosed to the receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving Party has become, generally available to the public; or (d) was independently developed by the receiving Party without access to, or use of, the disclosing Party’s Confidential Information. Neither Party shall use or disclose the Confidential Information of the other Party except for performance of its obligations under this Agreement. The receiving Party shall only permit access to the disclosing Party's Confidential Information to its and/or its Affiliates’ respective employees, consultants, affiliates, service providers, agents and subcontractors having a need to know such information, and who are bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement (such recipients being “Authorized Recipients”). The receiving Party is responsible for the compliance of its Authorized Recipients with the confidentiality and non-disclosure obligations of this Agreement. The receiving Party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that, to the extent permitted by applicable law, it notifies the disclosing Party of such required disclosure to enable disclosing party to seek a protective order or otherwise prevent or restrict such disclosure. Notwithstanding the foregoing, each Party can disclose the terms and existence of this Agreement to third parties in connection with a due diligence review (i.e., a potential investment in a Party or a going-public transaction) subject to such third parties being bound by at least equivalent obligations of confidentiality and non-disclosure as those under this Agreement. All right, title and interest in and to Confidential Information are and shall remain the sole and exclusive property of the disclosing Party.
- LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, (b) any incompatibility between the Customer's systems and the Platform appliance and/or (c) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON- INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
- Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
- Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 17, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
- Termination. Either Party may terminate an Order and/or this Agreement for cause with immediate effect if (a) the other Party breaches any material term or condition of an Order and/or this Agreement, and (b) such breach remains uncured thirty (30) days after the breaching Party receives written notice thereof. Upon termination or expiration of this Agreement and/or an Order: (i) all rights granted to Customer in the Platform shall expire, and Customer shall discontinue any further use and access thereof including, to the extent applicable, by deinstalling any Wiz provided software; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; and (iii) Wiz may retain Customer Data in accordance with its customer data retention policy without affecting any of Wiz’s rights to the Account Data or Anonymized Data. Section 5 (Prohibited Uses), Section 6 (Customer Data), Section 7 (Evaluations), Section 8 (Wiz Preview Features), Section 9 (Customer Integrations), Section 11 (Intellectual Property), Section 12 (Confidentiality), Section 13 (Limited Warranties), Section 14 (Limitation of Liability), Section 17 (Termination), Section 20 (Contracting) and Section 21(Miscellaneous) shall survive termination or expiration of this Agreement for any reason. Customer shall be responsible for downloading its Customer Data prior to termination of this Agreement. Each Partner Order Form may be terminated in accordance with any termination rights specified therein.
- Customer Reference. Unless stated otherwise in an Order or Customer emails Wiz at advocates@wiz.io confirming otherwise, Customer hereby grants Wiz a revocable right and license to use: (a) Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites, presentations, marketing materials or otherwise (collectively, “Marketing Materials”); and/or (b) Customer’s logo to identify Customer as customer of Wiz, in Wiz’s Marketing Materials. Without derogating from the foregoing, unless Customer confirms otherwise via email as set out in the previous sentence, following the deployment of the Services, Customer hereby agrees to participate in a case study about Wiz and its Services which may be published by Wiz in its Marketing Materials.
- Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
- Contracting entity. For the purposes of this Agreement “Wiz” means Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 57th Floor, New York, NY 10001 or its Affiliates, as applicable. For clarity, unless a Direct Order specifies otherwise, the Wiz entity contracting with Customer hereunder will be (i) Wiz, Inc., if Customer is located outside of the UK or Europe or is purchasing via a cloud service provider marketplace; or (ii) Wiz Cloud Limited, a private limited company under the laws of England and Wales, if Customer is located in the UK or Europe and not purchasing via a cloud service provider.
- Miscellaneous. This Agreement, including any Order(s) and any exhibits attached or referred hereto, represents the complete agreement concerning the subject matter hereof and may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This Agreement represents the entire agreement of the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings, agreements and statements by the Parties with respect to such subject matter, including prior non-disclosure agreements or evaluation agreements. Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the state of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Wiz Acceptable Use Policy
Effective September 27th 2024
DownloadTable of Contents
WIZ ACCEPTABLE USE & MONITORING POLICY
9.Monitoring of Wiz IT Systems
12. Password and Credential Management
15. Handling Customer Information
18. Document Ownership and Approval
1. Purpose and Scope
This purpose of this Policy is to describe how users can and cannot use Wiz Hardware and IT Systems, as well as how Wiz may monitor usage.
The scope of this Policy applies to all Wiz Personnel who have access to Wiz Hardware and/or IT Systems. This policy applies to the corporate controls environment.
2. Definitions
2.1 Wiz Hardware
Any physical technology provided to you by Wiz or used by you to access Wiz IT systems. This includes but is not limited to laptops, desktops, desk phones, and smartphones (including personal devices, if used to access Wiz IT Systems).
2.2 Wiz IT Systems
Technologies and networks which provide Wiz services or which store, contain or process Wiz information. This includes but is not limited to computer network, storage, Wiz Hardware, software, phones, internet, browsers, and other IT systems.
2.3 Wiz Personnel
All Wiz employees, officers, and contractors.
Policy
If you have any questions about this Policy or if you’re not sure how to act in a specific situation related to this Policy, please contact legal@wiz.io and security@wiz.io.
3. Responsibility
All Personnel are responsible for knowing and complying with all aspects of this Policy. Breach of this Policy may lead to disciplinary action and, in serious cases, may be cause for termination.
If you become aware or suspect any violation of this Policy, you must report it to your manager, Human Resources, or Legal.
4. Summary
- Your use of Wiz Hardware and IT Systems is not unlimited and is subject to conditions and restrictions. We strongly recommend that you do not use your Wiz IT Systems or Hardware for personal use.
- You’re responsible for using Wiz Hardware and IT Systems safely and protecting it appropriately.
- We perform routine and (in certain cases only) specific monitoring of your usage for security, troubleshooting and maintenance purposes in accordance with local laws and requirements in your jurisdiction. We don’t actively review your browsing history or personal files (unless we have legitimate reasons to in accordance with local laws) - everything we monitor is in order to keep Wiz information and systems safe.
- You are responsible for complying with this policy and ensuring that you keep a clean desk and clear screen.
- For information about what personal information we process about you, please read Wiz’s Privacy Notice for Employees, Contractors, and Workers which is available in Wiz’s internal information system.
5. Use of Wiz Hardware
Your Wiz Hardware contains important and confidential information, so we expect you to apply common sense and protect it appropriately.
Specifically, we expect you:
- To lock your workstation when unattended, including in a Wiz office or shared space.
- To use a privacy screen if working in public spaces (e.g., coffee shop, airplane, etc.)
- Not to leave your laptop or phone unattended.
- Not to upload confidential company data to unauthorized platforms.
- Not to share your Wiz password(s) or access codes with anyone else.
- Not to attempt to discover or use Wiz password(s) or access codes of any other Wiz Personnel.
Mobile Devices: For additional information specific to mobile devices, refer to the Wiz Mobile Device and Applications Management Policy.
6. Use of Wiz IT Systems
As a user of Wiz’s IT Systems, you have access to valuable resources and sensitive data. Consequently, you are expected to behave responsibly, ethically, lawfully and in accordance with the below instructions:
Personal use: Wiz IT Systems and Hardware are made available to you for work related purposes. Whilst it is possible for you to use your Wiz IT Systems or Hardware for reasonable personal use, we strongly recommend that you do not do so, we strongly recommend that you do not do so. Any personal use of Wiz resources must be compliant with this policy and must not harm or impair your work or Wiz’s business or business interests.
If you save personal files (such as personal photos, personal emails, documents, etc.) on Wiz IT Systems please note that:
- You generally do not have a right to privacy when using Wiz Hardware and IT Systems.
- Your personal files may be copied as part of routine back-up procedures. Even if you delete them from your laptop, a backup copy may still be stored on other Wiz IT Systems.
- Wiz staff may have incidental access to your personal files during maintenance and troubleshooting activities.
- We may, from time to time and WITHOUT any prior notification, permanently remove any personal files stored on Wiz IT Systems. We recommend that you always keep a back-up copy of your personal files on your personal hardware or IT system.
- We may access your personal files as part of specific or general monitoring (see further details in the “Monitoring of Wiz IT Systems” section below).
- If you leave Wiz, your personal files may reside on Wiz’s systems.
Wiz does not restrict your use of personal mobile devices in Wiz physical offices; however, any personal devices are restricted from accessing Wiz development and production systems. Please be mindful that any use of personal mobile devices on Wiz premises may be subject to this policy insofar as you utilize Wiz IT Systems (including the internet).
Access and permissions: Your access to Wiz IT Systems is not unlimited. Access to certain sensitive or confidential information is intended only for those who have a need to access it. You shouldn’t attempt to access any Wiz IT System or information which you are not authorized. Any attempt to do so or to circumvent, modify or disable Wiz IT security measures (such as access controls, firewalls, anti-virus software or intrusion protection systems), is a severe violation of this Policy.
Internet: Your use of the Internet, insofar as it is a Wiz IT System, may be restricted for security and business protection. Wiz blocks access to malicious websites; any attempt to circumvent this control is a violation of this policy. Non-business internet sites should be used judiciously and should not negatively impact your work for Wiz, nor should it be used to transmit or store Wiz information.
Software Tools: You may only use software (including web browser extensions) which has been approved by Wiz’s Procurement, Security and Legal teams and which are configured to be accessed through your Okta account. If you would like to request a new software or vendor, you should submit a request to Wiz’s procurement team using the process established in the Purchasing Policy.
Personal Email Tools: Personal email applications should not be used on Wiz machines as they are not Wiz-approved software. If you need to access personal emails on your Wiz laptop, please do so from your web browser.
Storing Wiz Information: You should save, store, and back up Wiz information only when necessary and only on approved IT Systems and not on any personal computer or device.
Posting Wiz information: all content must be reviewed for non-public, confidential, or proprietary data before the content is physically or electronically posted in a publicly accessible location.
Old devices: if you no longer use your Wiz laptop, phone, or other storage device, you must return it to the IT team.
Lost or stolen devices: A lost or stolen Wiz device represents a significant risk and should be addressed in a timely manner. However, your welfare and physical safety are most important. If you are separated from your device(s) in an incident involving a threat to your personal safety, don’t hesitate to contact physicalsecurity@wiz.io and/or your HR business partner at askhr@wiz.io for assistance.
In the event of a lost or stolen laptop or mobile device containing Wiz data (including email), you should notify your supervisor and the IT team (it@wiz.io) immediately. If you can’t report from your Wiz email address, use the personal email address that Wiz has on file from your onboarding process (IT will verify your identity).
If the device has been stolen, report the incident to your local law enforcement authorities and provide them with all the necessary details. IT or the Corporate Security team can provide laptop serial numbers, model information, etc. as needed. Policy report numbers, law enforcement contact information, etc. should be provided to IT and/or Corporate Security upon request.
Prohibited content: You should not access, download, copy, store or transmit any of the following via Wiz IT Systems:
- Copyright-infringing and other IP-infringing content (such as pirated music, software, movies, etc.).
- Sexually oriented content or websites.
- Computer viruses, Trojan horses, email bombs, malware, or adware.
- Unlawful content (e.g., violence, hate-speech).
- Content otherwise prohibited by Wiz corporate policies.
Alert the information security team immediately via phishing@wiz.io or the #phishing Slack channel if you suspect that you have been sent, or have accessed a phishing email or malicious software such as viruses, Trojan horses, or email bombs.
Network and email activities: Laptops that Wiz designates to you are configured to automatically execute virus-scanning software at frequent intervals. Do not circumvent or tamper with these virus scans. You may not (unless otherwise approved in writing in advance by the IT department):
- Establish a private network on or through Wiz IT Systems.
- Connect a wireless router/bridge to any Wiz IT System.
- Engage in, or attempt to engage in, any form of email spoofing, data snooping, port scanning or security scanning on Wiz IT Systems.
- Send unsolicited email messages, spam or “junk mail” through Wiz IT Systems.
Discovery/ disclosure in legal proceedings: From time to time, Wiz may be involved in legal proceedings which require us to search for and disclose electronic information to outside parties. In such cases, materials (including your personal information and personal files that you save on Wiz IT Systems) may be processed and reviewed by Wiz or third-party service providers as part of or in anticipation of electronic discovery, and, if relevant, may be disclosed to third parties or the court.
7. Use of Wiz Email Account
Your Wiz email account should be used for professional, work-related business purposes only. While you may use your personal email account (like your Gmail) on Wiz’s IT Systems in accordance with the instructions above, you should not use your Wiz email account for any private or personal communications. This is to reduce the exposure of your private and personal communications to monitoring measures applies to Wiz IT Systems.
Wiz may monitor and access email messages sent to or from any email account at Wiz. Therefore, messages communicated through your Wiz email account are not considered or treated as private or personal. If you have been using your Wiz email account for personal use, please transfer all of your communications to your personal email address and delete them from your Wiz email account. We also ask you to inform your friends, family members and other contacts not to send personal messages to your Wiz email account.
Wiz’s email account servers may be configured to automatically attach to outgoing emails a standard footer in the format determined by Wiz’s legal counsel. Please don’t remove this email footer.
Emailing and communicating sensitive data or files to external recipients doing business with Wiz: This is acceptable in the ordinary course and for purposes of legitimate Wiz business. Wiz provides its personnel with tools and procedures to securely share files with authorized recipients. You should not e-mail data or files that contain sensitive information to external recipients unless it is expressly permitted as part of an existing relationship with a customer, vendor, or partner, or otherwise if expressly permitted in writing by your immediate manager and only as specifically instructed by them. If you’re a manager and in doubt about whether to permit the transfer of sensitive information, please contact the legal team at legal@wiz.io. If you need assistance using Wiz tools to securely send information, please open a ticket with the IT team.
Emailing and communicating sensitive data or files within Wiz: You should only communicate data or files that contain sensitive information with those who have a business need to receive them.
8. Use of Instant Messaging
Slack is the authorized instant messaging service at Wiz. You should use Slack to communicate with other Wiz Personnel and customers for general business communications subject to the following restrictions:
- You should only use Slack to the extent necessary
- You should only share information with Wiz Personnel who have a need to know that information
- You should only communicate business sensitive information via direct message (1:1 chatting) or in closed groups, NOT in any general or public company channels
- Do not share any Wiz customer platform findings via Slack (including screenshots)
- Do NOT upload customer files, tenant screenshots, or other customer data to Slack
External Slack connections (i.e., with customers) may be established for business purposes. Connecting with external Slack users for personal conversations is prohibited.
Other instant messaging services (e.g. WhatsApp) for business communications or to share any confidential information relating to Wiz or its customers.
Wiz personnel may attend meetings hosted by customers or partners on third-party services such as Microsoft Teams or Google Meet. However, these services should not be used for instant messaging outside of the scope of meeting events. Exceptions to this policy may be approved on a case-by-case basis. To request an exception, email it@wiz.io. Approval from your manager and from Security will be required.
9. Monitoring of Wiz IT Systems
Wiz monitors Wiz IT Systems and sometimes accesses information stored on or communicated through those systems for the following reasons:
- To protect our IT security, including to monitor, detect or block the use of files, accessories or devices that should not be stored on or connected to Wiz IT Systems.
- To prevent unauthorized transmission of information through Wiz IT Systems.
- To ensure that user conduct is in compliant with Wiz’s policies and procedures and does not pose a risk to Wiz’s compliance, legal standing, or business interests.
Subject to local laws and requirements, information about the specific conduct may be monitored and logged including: the content of files or devices, the identity of the user and logs of the user’s behavior. If you are using a Wiz-managed web browser, URLs you visit may also be logged. This information is processed in accordance with local laws and regulations. As explained above, for this reason, we recommend that you do NOT store personal / private information on your Wiz computer, drives, or other Wiz IT Systems or Hardware.
Monitoring may be conducted in the following ways:
- General and continuous monitoring: In most cases, this type of monitoring will be automated (e.g., by using firewalls, which autonomously monitor data transmission by username and destination). We may also combine manual monitoring as needed.
- Specific monitoring: we may conduct specific monitoring if we suspect misconduct, violation of this Policy or any other Wiz policies or ethical codes, or when we believe that there is a justifiable need.
10. Access to your devices
Maintenance of Wiz’s IT Systems: The Wiz IT team may remotely log in to your workstation or laptop, with or without seeking your consent or notifying you in advance, in order to perform maintenance or troubleshooting activities.
Specific monitoring: If we have a justifiable reason to conduct specific monitoring of Wiz IT Systems or your Wiz email account and/or to access your Wiz Hardware, we will take steps to discuss with you beforehand where it is practical to do so. However, there may be circumstances in which we need to conduct specific monitoring without your approval. In such cases, applicable local laws will be followed, and Legal and HR will be notified and involved.
Recording of calls: Wiz or its third-party service providers (such as Gong) may record Zoom calls made by our customer support and/or marketing and/or sales teams to collect performance data or to monitor and improve user service and sales.
Monitoring of your Wiz email account and calendar: Wiz or its third-party service providers may implement automated monitoring and analysis capabilities for e-mail and calendar entries associated with sales activity for the purposes of monitoring and improving sales performance.
11. Clean Desk & Clear Screen
Wiz maintains a clean desk and clear screen policy. Clear desk and clean screen practices ensure that sensitive information, in both digital and physical formats, is not left unprotected nor unattended in personal or public workspaces. Clean desk and clear screen practices include:
- Removing confidential documents or paperwork from your desk/workspace when you leave the area (either take them with you or secure in a locked cabinet).
- Lock your computer screen every time you walk away from your desk.
- Using a laptop privacy screen when working in public areas.
- Erase sensitive information from any whiteboards or other publicly visible area.
- Removing papers from printers immediately.
- Shredding sensitive documents.
- Removing personal items from your desk/workspace at the end of each working day.
12. Password and Credential Management
Wiz utilizes Okta for Single Sign-On (SSO) access to all authorized SaaS applications and services, and 1Password Enterprise as its approved password manager for all other cases where standalone passwords, secrets, or other credentials must be stored and accessed. Wiz personnel must adhere to guidelines provided by the IT and Information Security teams when using these services. Wiz personnel must not use systems other than Okta or 1Password for storing user credentials.
13. External Services
All Wiz Personnel are required to ensure no Wiz confidential data is shared with external services unless they have been specifically authorized by Wiz’s Procurement team. External services include, but are not limited to, AI-based systems like ChatGPT, browser extensions like Grammarly, file storage and sharing services like iCloud and/or Dropbox, note-taking services like Evernote, and social media. Wiz Personnel that require the use of new external services to support their work should follow Wiz’s technology procurement process to ensure the vendor can be properly reviewed, approved, and onboarded.
14. Social Media
Wiz Personnel are responsible for content they publish on social media and can be held personally liable for content published. Many social media services (e.g., LinkedIn, X) blur the lines between business and personal. Keep this in mind and please consider both your professional reputation and Wiz’s reputation when crafting your posts. If you manage social media as a part of your Wiz job duties, ensure you are separating your Wiz accounts and your personal accounts.
Do not post any financial, confidential, sensitive, or proprietary information about Wiz, our partners, or our clients. Wiz Personnel can be subject to disciplinary action for publishing inappropriate or classified content.
This Policy cannot cover every scenario related to social media. Use your best judgment and ask your manager for guidance if needed.
15. Handling Customer Information
Customer information should be protected as rigorously as internal Wiz information. Specific activities, such as sharing customer platform findings via Slack or recording screenshares/video calls within customer environments, are specifically restricted.
Customer data must never be stored locally on laptops.
Wiz access to customer tenants: Customer consent is required to create user accounts for Wiz Personnel. Wiz Personnel accounts on customers must be:
- Limited to the SE or CSA team members directly supporting the customer.
- Granted minimal privileges needed for reporting or troubleshooting.
- Managed through Cognito.
- Configured with unique passwords, not re-used across tenants.
- Removed when no longer required.
If you have any questions on how to better protect customer information, email security@wiz.io or reach out to the #ask-security-privacy-compliance channel on Slack.
16. Policy Exceptions
We expect compliance with all Wiz policies. If your compliance is not feasible or technically possible, or if deviation from this policy is necessary to support a business function, Wiz Personnel must request an exception by emailing GRC@wiz.io and following the steps requested. Exceptions will be approved on a case-by-case basis and their approval is not automatic. Exceptions that are granted will be for a specific period of time, not to exceed one year. Upon expiration of the exception, an extension of the exception may be requested, if it is still required.
17. Related Documents
Purchasing Policy (WorkRamp)
Wiz Mobile Device and Applications Management Policy
18. Document Ownership and Approval
18.1 The Chief Information Security Officer (CISO) is the owner of this document.
18.2 This policy is designated as critical; the CISO is responsible for ensuring the policy is reviewed and approved annually.
18.3 The current version of this document is available to all staff on the internal policy management tool.
18.4 This policy was approved by Ryan Kazanciyan, CISO and is issued on a version-controlled basis.
Effective November 17th 2023 to September 27th 2024
DownloadTable of Contents
WIZ ACCEPTABLE USE & MONITORING POLICY
9.Monitoring of Wiz IT Systems
1. Purpose
This purpose of this Policy is to explain:
- what you can and can’t do with your Wiz Hardware (this means your Wiz laptop/desktop, desk phone/ smartphone and any other hardware provided to you by Wiz or used to access Wiz’s IT Systems (which could include your personal smartphone));
- how you should use Wiz’s IT systems (which include our computer network, storage, hardware, software, phones, Internet and other IT systems), both when working from the office and remotely;
- when Wiz may need to monitor or access your usage and how we will do it; and
- your obligations to keep a clear desk and clear screen.
We may make changes to this Policy from time to time. If there are any changes to this Policy we’ll let you know.
If you have any questions about this Policy or you’re not sure how you should act in a specific situation related to this Policy please contact legal@wiz.io and/or security@wiz.io.
2. Application
This Policy applies to all Wiz employees, officers and contractors or anyone else who has Wiz Hardware and/or access to Wiz IT Systems (together “Personnel”).
For more info about what personal information we process about you, please read Wiz’s Employee and Contractor Privacy Notice which is available in Wiz’s internal HR information system.
3. Responsibility
All Personnel are responsible for knowing and complying with all aspects of this Policy. Breach of this Policy may lead to disciplinary action and, in serious cases, may be treated as gross misconduct leading to dismissal.
If you become aware or suspect any violation of this Policy, you must report it to your manager, HR, or Wiz’s Legal team.
4. Policy
What's the bottom line?
- Your use of Wiz Hardware and IT Systems is not unlimited and is subject to conditions and restrictions. We strongly recommend that you do not use your Wiz IT Systems or Hardware for personal use.
- You’re responsible for using Wiz Hardware and IT Systems safely and protecting it appropriately.
- We perform routine and (in certain cases only) specific monitoring of your usage for security, troubleshooting and maintenance purposes in accordance with local laws and requirements in your jurisdiction. We don’t actively review your browsing history or personal files (unless we have legitimate reasons to in accordance with local laws) - everything we monitor is in order to keep Wiz information and systems safe.
- You are responsible for complying with this policy and ensuring that you keep a clean desk and clear screen.
5. Use of Wiz Hardware
Your Wiz Hardware contains important and confidential information, so we expect you to apply common sense and protect it appropriately.
Specifically, we expect you:
- Not to leave your laptop or phone unattended.
- To lock your workstation when unattended.
- Not to upload confidential company data to unauthorized platforms.
- To use a strong password (using a combination of uppercase and lowercase letters and numbers) and to change it regularly.
- Not to share your Wiz password(s) or access codes with anyone else.
- Not to attempt to discover or use Wiz password(s) or access codes of any other Wiz Personnel.
6. Use of Wiz IT Systems
As a user of Wiz’s IT Systems, you have access to valuable resources and sensitive data. Consequently, you are expected to behave responsibly, ethically, lawfully and in accordance with the below instructions:
- Personal use: Wiz IT Systems and Hardware are made available to you for work related purposes. Whilst it is possible for you to use your Wiz IT Systems or Hardware for reasonable personal use, we strongly recommend that you do not do so, and any such use must be in line with this Policy and must not harm your work or Wiz’s business. If you save personal files (such as personal photos, personal emails, documents, etc.) on Wiz IT Systems please note that:
- You generally do not have a right to privacy when using Wiz Hardware and IT Systems.
- Your personal files may be copied as part of routine back-up procedures so, even if you delete them from your laptop, a backup copy may still be stored on other Wiz IT Systems.
- Wiz staff may have incidental access to your personal files during maintenance and troubleshooting activities.
- We may, from time to time and WITHOUT any prior notification, permanently remove any personal files stored on Wiz IT Systems. So we recommend that you always keep a back-up copy of your personal files somewhere else.
- We may access your personal files as part of specific or general monitoring (see further details in the “Monitoring of Wiz IT Systems” section below.
- If you leave Wiz, your personal files may reside on Wiz’s systems.
- Access and permissions: Your access to Wiz IT Systems is not unlimited. Access to certain sensitive or confidential information is intended only for those who have a need to access it. You shouldn’t attempt to access any Wiz IT System or information which you are not authorized to and any attempt to do so or to circumvent, modify or disable Wiz IT security measures (such as access controls, firewalls, anti-virus software or intrusion protection systems), is a severe violation of this Policy.
- Emailing and communicating data or files outside of Wiz: This is acceptable in the ordinary course and for purposes of legitimate Wiz business, subject to your discretion and judgment. However, do not email or communicate data or files that contain sensitive company or customer information to anyone outside of Wiz, unless expressly permitted in writing by your immediate manager and only as specifically instructed by them. If you’re a manager and in doubt about whether to permit the transfer of sensitive information, please contact the legal team at legal@wiz.io.
- Emailing and communicating data or files within Wiz: You should only communicate data or files that contain sensitive information with those who have a business need to receive them.
- Storing Company information: You should only save, store and back-up Wiz information on Wiz IT Systems and not on any personal computer or device.
- Old devices: if you no longer use your Wiz laptop, phone, or other storage device, you must return it to the IT team as soon as possible.
- Lost or stolen devices: notify the IT team immediately via it@wiz.io if your Wiz device is lost or stolen.
- Prohibited content: You should not access, download, copy, store or transmit any of the following via Wiz IT Systems:
- Copyright-infringing and other IP-infringing content (such as pirated music, software, movies, etc.)
- Sexually oriented content or websites
- Computer viruses, Trojan horses, email bombs, malware, or adware
- Unlawful content (e.g., violence, hate-speech)
- Content otherwise prohibited by Wiz corporate policies
- Inform the IT team immediately via it@wiz.io if you suspect that you have been sent, or have accessed a phishing email or malicious software such as viruses, Trojan horses, or email bombs.
- Software Tools: You may only use tools which have been approved by Wiz’s procurement, security and legal and which are configured to be accessed through your Okta account. If you would like to request a new software or vendor, you should submit a request to Wiz’s procurement team using this online form: https://beyondnetworkscom.sharepoint.com/sites/Procurement. Wiz’s procurement process is also explained here.
- Network and email activities: Laptops that Wiz designates to you are configured to automatically execute virus-scanning software at frequent intervals. Do not circumvent or tamper with these virus scans. You may not (unless otherwise approved in writing in advance by the IT department):
- Establish a private network on or through Wiz IT Systems.
- Connect a wireless router/bridge to any Wiz IT System.
- Engage in, or attempt to engage in, any form of email spoofing, data snooping, port scanning or security scanning on Wiz IT Systems.
- Send unsolicited email messages, spam or “junk mail” through Wiz IT Systems.
- Discovery/ disclosure in legal proceedings: From time to time, Wiz may be involved in legal proceedings which require us to search for and disclose electronic information to outside parties. In such cases, materials, including your personal information and personal files that you save on Wiz IT Systems, may be processed and reviewed by Wiz or third-party service providers as part of or in anticipation of electronic discovery, and, if relevant, may be disclosed to third parties or the court.
7. Use of Wiz Email Account
- Your Wiz email account should be used for professional, work-related business purposes only.
- While you may use your personal email account (like your Gmail) on Wiz’s IT Systems in accordance with the instructions above, you should not use your Wiz email account for any private or personal communications. This is to reduce the exposure of your private and personal communications to monitoring measures applies to Wiz IT Systems (as further explained below).
- Wiz may monitor and access email messages sent to or from any email account at Wiz. Therefore, messages communicated through your Wiz email account are not considered or treated as private or personal.
- If you have been using your Wiz email account for private or personal use, please transfer all of your communications to your personal email address and delete them from your Wiz email account. We also ask you to inform your friends, family members and other contacts not to send personal messages to your Wiz email account.
- Wiz’s email account servers may be configured to automatically attach to outgoing emails a standard footer in the format determined by Wiz’s legal counsel. Please don’t remove this email footer.
8. Use of Instant Messaging
Slack
- Wiz authorizes you to use Slack as an instant messaging service to communicate with other Wiz Personnel and customers for general business communications subject to the following restrictions:
- You should only use Slack to the extent necessary, and only with those Wiz Personnel who have a need to know
- You should only communicate business sensitive information via 1:1 chats or in specific closed groups, NOT in any general/public company channels
- Do not share any Wiz customer platform findings via Slack
Other instant messaging services
- Other than Slack, you should not use any other instant messaging services (e.g. WhatsApp) for business communications or to share any confidential information relating to Wiz or its customers.
9. Monitoring of Wiz IT Systems
Why do we need to monitor?
We need to monitor and, sometimes, access information stored on or communicated through, Wiz’s IT Systems for the following reasons:
- To protect our IT security, including to monitor, detect or block the use of files, accessories or devices that should not be stored on or connected to Wiz IT Systems.
- To prevent unauthorized transmission of information through Wiz IT Systems.
- To ensure that user conduct is in line with Wiz’s policies and procedures, which can be accessed via the HR Information System.
As part of our monitoring measures, subject to local laws and requirements, information about the specific conduct may be monitored and logged including: the content of files or devices, the identity of the user and logs of the user’s behavior. This information is processed in accordance with local laws and regulations. As explained above, for this reason, we recommend that you don’t store personal / private information on your Wiz computer or drives.
How do we monitor?
We may conduct monitoring in the following ways:
- General and continuous monitoring: In most cases, this type of monitoring will be automated such as by using firewalls which autonomously monitor data transmission by username and destination. We may also combine manual monitoring as needed.
- Specific monitoring: we may conduct specific monitoring if we suspect misconduct, violation of this Policy or any other Wiz policies or ethical codes, or when we believe that there is a justifiable need.
10. Access to your devices
Maintenance of Wiz’s IT Systems
Our IT team may remotely log in to your workstation or laptop, with or without seeking your consent or notifying you in advance, in order to perform maintenance or troubleshooting activities.
Specific monitoring
If we have a justifiable reason to conduct specific monitoring and/or access your Wiz Hardware, use of the Wiz IT Systems or your Wiz Email Account (e.g. for security reasons) we will try to contact and speak with you first before taking any action where it is practical to do so. However, there may be circumstances in which we need to conduct specific monitoring without your approval. In such cases, applicable local laws will be followed and Legal and HR will be notified and involved.
Recording of calls
Wiz or its third party service providers (such as Gong) may record Zoom calls made by our customer support and/or marketing / sales teams and collect performance data or in order to monitor and improve user service and sales.
11. Clean Desk & Clear Screen
Wiz maintains a clean desk and clear screen policy. You must not leave any confidential documents or other paperwork on your desk or in your workspace and that you lock your screen whenever you are away from your desk. You are also required to remove any personal items from your desk or workspace at the end of each working day.
12. External Services
All Wiz employees are required to ensure no Wiz confidential data is shared with external services unless they have been specifically authorized by Wiz’s procurement team. Such services include, but are not limited to, AI-based systems like ChatGPT, browser extensions like Grammarly, file storage and sharing servies like iCloud and/or Dropbox, note-taking services like Evernote, and social media. Employees that require the use of new external services to support their work should follow Wiz’s technology procurement process to ensure the vendor can be properly reviewed, approved, and onboarded.
13. Social Media
Social media (sometimes referred to as social networking or Web 2.0 technologies) are online services and tools used for publishing, sharing and discussing information. They can include forums, blogs, wikis, social networking websites, and any other websites that allow individual users to upload and share content.
Employees are responsible for content they publish in social media and can be held personally liable for content published. Employees can also be subject to disciplinary action by the agency for publishing inappropriate or classified content. These guidelines only cover a sample of all possible content publishing scenarios, and are not a substitute for good judgment. It is important to note that these guidelines apply to all social media publishing whether personal or agency sponsored.
_________________________________________ 2023-03-21
Signature of Ryan Kazanciyan, CISO Date
Effective October 9th 2023 to November 17th 2023
DownloadTable of Contents
WIZ ACCEPTABLE USE & MONITORING POLICY
Content
WIZ ACCEPTABLE USE & MONITORING POLICY
9.Monitoring of Wiz IT Systems
1. Purpose
This purpose of this Policy is to explain:
- what you can and can’t do with your Wiz Hardware (this means your Wiz laptop/desktop, desk phone/ smartphone and any other hardware provided to you by Wiz or used to access Wiz’s IT Systems (which could include your personal smartphone));
- how you should use Wiz’s IT systems (which include our computer network, storage, hardware, software, phones, Internet and other IT systems), both when working from the office and remotely;
- when Wiz may need to monitor or access your usage and how we will do it; and
- your obligations to keep a clear desk and clear screen.
We may make changes to this Policy from time to time. If there are any changes to this Policy we’ll let you know.
If you have any questions about this Policy or you’re not sure how you should act in a specific situation related to this Policy please contact legal@wiz.io and/or security@wiz.io.
2. Application
This Policy applies to all Wiz employees, officers and contractors or anyone else who has Wiz Hardware and/or access to Wiz IT Systems (together “Personnel”).
For more info about what personal information we process about you, please read Wiz’s Employee and Contractor Privacy Notice which is available in Wiz’s internal HR information system.
3. Responsibility
All Personnel are responsible for knowing and complying with all aspects of this Policy. Breach of this Policy may lead to disciplinary action and, in serious cases, may be treated as gross misconduct leading to dismissal.
If you become aware or suspect any violation of this Policy, you must report it to your manager, HR, or Wiz’s Legal team.
4. Policy
What's the bottom line?
- Your use of Wiz Hardware and IT Systems is not unlimited and is subject to conditions and restrictions. We strongly recommend that you do not use your Wiz IT Systems or Hardware for personal use.
- You’re responsible for using Wiz Hardware and IT Systems safely and protecting it appropriately.
- We perform routine and (in certain cases only) specific monitoring of your usage for security, troubleshooting and maintenance purposes in accordance with local laws and requirements in your jurisdiction. We don’t actively review your browsing history or personal files (unless we have legitimate reasons to in accordance with local laws) - everything we monitor is in order to keep Wiz information and systems safe.
- You are responsible for complying with this policy and ensuring that you keep a clean desk and clear screen.
5. Use of Wiz Hardware
Your Wiz Hardware contains important and confidential information, so we expect you to apply common sense and protect it appropriately.
Specifically, we expect you:
- Not to leave your laptop or phone unattended.
- To lock your workstation when unattended.
- Not to upload confidential company data to unauthorized platforms.
- To use a strong password (using a combination of uppercase and lowercase letters and numbers) and to change it regularly.
- Not to share your Wiz password(s) or access codes with anyone else.
- Not to attempt to discover or use Wiz password(s) or access codes of any other Wiz Personnel.
6. Use of Wiz IT Systems
As a user of Wiz’s IT Systems, you have access to valuable resources and sensitive data. Consequently, you are expected to behave responsibly, ethically, lawfully and in accordance with the below instructions:
- Personal use: Wiz IT Systems and Hardware are made available to you for work related purposes. Whilst it is possible for you to use your Wiz IT Systems or Hardware for reasonable personal use, we strongly recommend that you do not do so, and any such use must be in line with this Policy and must not harm your work or Wiz’s business. If you save personal files (such as personal photos, personal emails, documents, etc.) on Wiz IT Systems please note that:
- You generally do not have a right to privacy when using Wiz Hardware and IT Systems.
- Your personal files may be copied as part of routine back-up procedures so, even if you delete them from your laptop, a backup copy may still be stored on other Wiz IT Systems.
- Wiz staff may have incidental access to your personal files during maintenance and troubleshooting activities.
- We may, from time to time and WITHOUT any prior notification, permanently remove any personal files stored on Wiz IT Systems. So we recommend that you always keep a back-up copy of your personal files somewhere else.
- We may access your personal files as part of specific or general monitoring (see further details in the “Monitoring of Wiz IT Systems” section below.
- If you leave Wiz, your personal files may reside on Wiz’s systems.
- Access and permissions: Your access to Wiz IT Systems is not unlimited. Access to certain sensitive or confidential information is intended only for those who have a need to access it. You shouldn’t attempt to access any Wiz IT System or information which you are not authorized to and any attempt to do so or to circumvent, modify or disable Wiz IT security measures (such as access controls, firewalls, anti-virus software or intrusion protection systems), is a severe violation of this Policy.
- Emailing and communicating data or files outside of Wiz: This is acceptable in the ordinary course and for purposes of legitimate Wiz business, subject to your discretion and judgment. However, do not email or communicate data or files that contain sensitive company or customer information to anyone outside of Wiz, unless expressly permitted in writing by your immediate manager and only as specifically instructed by them. If you’re a manager and in doubt about whether to permit the transfer of sensitive information, please contact the legal team at legal@wiz.io.
- Emailing and communicating data or files within Wiz: You should only communicate data or files that contain sensitive information with those who have a business need to receive them.
- Storing Company information: You should only save, store and back-up Wiz information on Wiz IT Systems and not on any personal computer or device.
- Old devices: if you no longer use your Wiz laptop, phone, or other storage device, you must return it to the IT team as soon as possible.
- Lost or stolen devices: notify the IT team immediately via it@wiz.io if your Wiz device is lost or stolen.
- Prohibited content: You should not access, download, copy, store or transmit any of the following via Wiz IT Systems:
- Copyright-infringing and other IP-infringing content (such as pirated music, software, movies, etc.)
- Sexually oriented content or websites
- Computer viruses, Trojan horses, email bombs, malware, or adware
- Unlawful content (e.g., violence, hate-speech)
- Content otherwise prohibited by Wiz corporate policies
- Inform the IT team immediately via it@wiz.io if you suspect that you have been sent, or have accessed a phishing email or malicious software such as viruses, Trojan horses, or email bombs.
- Software Tools: You may only use tools which have been approved by Wiz’s procurement, security and legal and which are configured to be accessed through your Okta account. If you would like to request a new software or vendor, you should submit a request to Wiz’s procurement team using this online form: https://beyondnetworkscom.sharepoint.com/sites/Procurement. Wiz’s procurement process is also explained here.
- Network and email activities: Laptops that Wiz designates to you are configured to automatically execute virus-scanning software at frequent intervals. Do not circumvent or tamper with these virus scans. You may not (unless otherwise approved in writing in advance by the IT department):
- Establish a private network on or through Wiz IT Systems.
- Connect a wireless router/bridge to any Wiz IT System.
- Engage in, or attempt to engage in, any form of email spoofing, data snooping, port scanning or security scanning on Wiz IT Systems.
- Send unsolicited email messages, spam or “junk mail” through Wiz IT Systems.
- Discovery/ disclosure in legal proceedings: From time to time, Wiz may be involved in legal proceedings which require us to search for and disclose electronic information to outside parties. In such cases, materials, including your personal information and personal files that you save on Wiz IT Systems, may be processed and reviewed by Wiz or third-party service providers as part of or in anticipation of electronic discovery, and, if relevant, may be disclosed to third parties or the court.
7. Use of Wiz Email Account
- Your Wiz email account should be used for professional, work-related business purposes only.
- While you may use your personal email account (like your Gmail) on Wiz’s IT Systems in accordance with the instructions above, you should not use your Wiz email account for any private or personal communications. This is to reduce the exposure of your private and personal communications to monitoring measures applies to Wiz IT Systems (as further explained below).
- Wiz may monitor and access email messages sent to or from any email account at Wiz. Therefore, messages communicated through your Wiz email account are not considered or treated as private or personal.
- If you have been using your Wiz email account for private or personal use, please transfer all of your communications to your personal email address and delete them from your Wiz email account. We also ask you to inform your friends, family members and other contacts not to send personal messages to your Wiz email account.
- Wiz’s email account servers may be configured to automatically attach to outgoing emails a standard footer in the format determined by Wiz’s legal counsel. Please don’t remove this email footer.
8. Use of Instant Messaging
Slack
- Wiz authorizes you to use Slack as an instant messaging service to communicate with other Wiz Personnel and customers for general business communications subject to the following restrictions:
- You should only use Slack to the extent necessary, and only with those Wiz Personnel who have a need to know
- You should only communicate business sensitive information via 1:1 chats or in specific closed groups, NOT in any general/public company channels
- Do not share any Wiz customer platform findings via Slack
Other instant messaging services
- Other than Slack, you should not use any other instant messaging services (e.g. WhatsApp) for business communications or to share any confidential information relating to Wiz or its customers.
9. Monitoring of Wiz IT Systems
Why do we need to monitor?
We need to monitor and, sometimes, access information stored on or communicated through, Wiz’s IT Systems for the following reasons:
- To protect our IT security, including to monitor, detect or block the use of files, accessories or devices that should not be stored on or connected to Wiz IT Systems.
- To prevent unauthorized transmission of information through Wiz IT Systems.
- To ensure that user conduct is in line with Wiz’s policies and procedures, which can be accessed via the HR Information System.
As part of our monitoring measures, subject to local laws and requirements, information about the specific conduct may be monitored and logged including: the content of files or devices, the identity of the user and logs of the user’s behavior. This information is processed in accordance with local laws and regulations. As explained above, for this reason, we recommend that you don’t store personal / private information on your Wiz computer or drives.
How do we monitor?
We may conduct monitoring in the following ways:
- General and continuous monitoring: In most cases, this type of monitoring will be automated such as by using firewalls which autonomously monitor data transmission by username and destination. We may also combine manual monitoring as needed.
- Specific monitoring: we may conduct specific monitoring if we suspect misconduct, violation of this Policy or any other Wiz policies or ethical codes, or when we believe that there is a justifiable need.
10. Access to your devices
Maintenance of Wiz’s IT Systems
Our IT team may remotely log in to your workstation or laptop, with or without seeking your consent or notifying you in advance, in order to perform maintenance or troubleshooting activities.
Specific monitoring
If we have a justifiable reason to conduct specific monitoring and/or access your Wiz Hardware, use of the Wiz IT Systems or your Wiz Email Account (e.g. for security reasons) we will try to contact and speak with you first before taking any action where it is practical to do so. However, there may be circumstances in which we need to conduct specific monitoring without your approval. In such cases, applicable local laws will be followed and Legal and HR will be notified and involved.
Recording of calls
Wiz or its third party service providers (such as Gong) may record Zoom calls made by our customer support and/or marketing / sales teams and collect performance data or in order to monitor and improve user service and sales.
11. Clean Desk & Clear Screen
Wiz maintains a clean desk and clear screen policy. You must not leave any confidential documents or other paperwork on your desk or in your workspace and that you lock your screen whenever you are away from your desk. You are also required to remove any personal items from your desk or workspace at the end of each working day.
12. External Services
All Wiz employees are required to ensure no Wiz confidential data is shared with external services unless they have been specifically authorized by Wiz’s procurement team. Such services include, but are not limited to, AI-based systems like ChatGPT, browser extensions like Grammarly, file storage and sharing servies like iCloud and/or Dropbox, note-taking services like Evernote, and social media. Employees that require the use of new external services to support their work should follow Wiz’s technology procurement process to ensure the vendor can be properly reviewed, approved, and onboarded.
13. Social Media
Social media (sometimes referred to as social networking or Web 2.0 technologies) are online services and tools used for publishing, sharing and discussing information. They can include forums, blogs, wikis, social networking websites, and any other websites that allow individual users to upload and share content.
Employees are responsible for content they publish in social media and can be held personally liable for content published. Employees can also be subject to disciplinary action by the agency for publishing inappropriate or classified content. These guidelines only cover a sample of all possible content publishing scenarios, and are not a substitute for good judgment. It is important to note that these guidelines apply to all social media publishing whether personal or agency sponsored.
_________________________________________ 2023-03-21
Signature of Ryan Kazanciyan, CISO Date
Wiz Communities Terms of Service
Effective November 17th 2023
DownloadTable of Contents
Wiz Communities Terms of Service
Last updated: Oct 25 2023
The Wiz Community Forum and WIN Partner Community (each a “Wiz Community”, and together “Wiz Communities”) are spaces for Wiz customers and Wiz partners, accordingly, to interact with each another and to share knowledge, information, best practices, and experiences from their use of Wiz. The following user terms apply to all who use either of the Wiz Communities. “We,” “our,” and “us” refer to the applicable Wiz entity providing services to your organization or contracting with you under an integration agreement. “You” and “your” refers to you, the individual user and participant in either of the Wiz Communities.
PLEASE NOTE THAT THE WIZ COMMUNITIES ARE NOT A SUPPORT CHANNEL AND ARE NOT SUBJECT TO WIZ’S OFFICIAL SLA. IF YOU HAVE A SUPPORT REQUEST, PLEASE SUBMIT THIS THROUGH THE OFFICIAL WIZ SUPPORT CHANNELS. THE WIZ COMMUNITIES ARE INTENDED FOR WIZ CUSTOMERS AND WIZ PARTNERS ONLY AND YOUR ACCESS WILL BE REVOKED WHEN YOU / YOUR ORGANIZATION IS NO LONGER A WIZ CUSTOMER OR WIZ PARTNER.
THE WIZ COMMUNITIES ARE INTENDED FOR GENERAL QUERIES AND KNOWLEDGE SHARING. DO NOT SHARE ANY CONFIDENTIAL INFORMATION INCLUDING PERSONAL DATA OF YOUR ORGANIZATION THROUGH THE WIZ COMMUNITIES.
Wiz Communities Rules of Engagement
All use of the Wiz Communities is subject to these Wiz Communities Terms of Service, Wiz’s Privacy Policy and all applicable Wiz policies (together “Terms”).
You must:
- Monitor and control all activity conducted through your Wiz Communities account.
- Keep all passwords and login information for your Wiz Communities account confidential.
- Use commercially reasonable efforts to prevent unauthorized access to or use of the Wiz Communities.
- Keep all information learned through the Wiz Communities confidential and only disclose such information to other users of Wiz within your organization on a need to know basis in order to enhance your experience of Wiz.
- Be respectful of other users.
- Promptly notify us if you become aware of or reasonably suspect any illegal or unauthorized activity or a security breach involving your account, including any loss, theft, or unauthorized disclosure or use of a username, password, or account by contacting communities@wiz.io with respect to Wiz Community Forum and win@wiz.io with respect to WIN Partner Community.
- You may also report offensive or unreasonable conduct to us via communities@wiz.io with respect to Wiz Community Forum and win@wiz.io with respect to WIN Partner Community.
You must never:
- Post any customer data or partner data including confidential information of your organization.
- Post other content that you do not have the required rights to under law and under contractual and fiduciary relationships (such as proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements).
- Post content that includes another person’s private or personal information, including but not limited to communities profile information, images, personal phone numbers, email addresses, addresses, and Social Security numbers.
- Post content that violates applicable laws and governmental regulations, including, but not limited to, all intellectual property, data, privacy, and export control laws, and regulations promulgated by any government agencies, including any rules of any national and other securities exchanges.
- Allow another person to use your account or share your account credentials with another person.
- Post content that is abusive, offensive, vulgar, obscene, hateful, racist or bigoted, threatening, libelous, defamatory, or fraudulent.
- Upload to, link to or transmit from, the Wiz Communities any data, file, software, or link that contains or redirects to a virus, Trojan horse, worm, or other harmful component or a technology that unlawfully accesses or downloads content or information stored within the Wiz Communities or on the hardware of Wiz or any third party.
- Post or send unsolicited communications, spam or advertisements.
- Use contact or other user information obtained from the Wiz Communities (including email addresses) to contact other users outside of the Wiz Communities without their express permission or authority or to create or distribute mailing lists or other collections of contact or user profile information for users for use outside of the Wiz Communities.
- Impersonate any person or entity, or falsely state or otherwise misrepresent an affiliation with a person, organization, or entity of Wiz.
- Interfere with or disrupt the operation or integrity of Wiz Communities or any information, data, content or other materials available on or through Wiz Communities.
- Share information learned through the Wiz Communities with anyone outside of the Wiz Communities or use such information for any competitive purposes or any purpose other than the intended purpose.
- Authorize, permit, enable, induce or encourage any third party to do any of the above.
- Do anything to violate the spirit of these Terms.
User Submissions, Member-Generated Content and Profile Information
As a user of Wiz Communities, you may have the ability to make information, data, graphics, sounds, videos, messages, profiles and other materials and content, each a “Submission,” available through Wiz Communities. Submissions include but are not limited to all comments, suggestions, advice, and ideas, including those made or given on an existing or potential Wiz product or feature. All Submissions are subject to the same licensing provisions contained herein.
Users are solely responsible for all Submissions to Wiz Communities. Wiz has no control over users’ Submissions, and we do not endorse any user Submissions. Additionally, Wiz does not make any promises about the reliability of any source or the accuracy, safety, or intellectual property rights of any Submissions. By posting a Submission, you represent and warrant to either own or have all the intellectual property rights necessary to upload or share all content contained within such Submission and that the Submission does not infringe on the intellectual property rights of others.
Licenses
When you submit content to Wiz Communities, you do not lose ownership of your Submission. Rather, with each Submission, you grant Wiz an unlimited, irrevocable, perpetual, and royalty-free license to access, use, reproduce, display, prepare derivative works of, sublicense, perform, and distribute any Submission content, feedback, suggestions, or ideas for any purpose without any obligation or compensation to you.
If you make available through Wiz Communities ideas and suggestions on Wiz products or services, you acknowledge and agree that posting such a Submission does not make you an inventor of any invention that may arise during any development of any Wiz product or service, including those that may incorporate or are related to user contributions to Wiz Communities. If, despite the foregoing, you retain any right, title, or interest in any invention, you agree to assign to Wiz all right, title, and interest in and to such invention, effective upon the invention’s conception, creation, or development. To the extent that you retain any right to or interest in any invention after all permissible assignment, you waive all claims with respect to such rights or interests against Wiz and its affiliates, and any user of any Wiz product or service. In addition, you grant Wiz an unlimited, irrevocable, perpetual, and royalty-free license to access, use, reproduce, display, prepare derivatives works of, sublicense, perform, distribute, modify, make, sell, offer to sell, import, analyze, and exploit all or any portion of such invention. You waive and quitclaim to Wiz any claim for infringement, misappropriation, or other violation of any invention or intellectual property rights assigned or licensed under these Terms.
Moderation & Removal of Access
Wiz Communities are intended to be a place for users of Wiz products and services and Wiz partners to connect, communicate, and share information, experiences, tips, and thoughts on Wiz products and services. To ensure and foster a positive environment, Wiz may designate Wiz employees to act as moderators / administrators for Wiz Communities“”. Wiz reserves the discretion to remove and alter any user Submission to Wiz Communities at any time, with or without notice, for violation of these Terms; otherwise being deemed inappropriate and/or unlawful; or for any other reason. Wiz has the discretion to block users who violate these Terms or the Communities guidelines from posting and/or to terminate the user’s Wiz Communitiesaccount. In addition, Wiz will revoke your access to the Wiz Communities if you are no longer working at an organization that is a Wiz customer or Wiz partner or if your organization ceases to be a Wiz customer or Wiz partner.
Disclaimer of Warranties
WIZ COMMUNITIES AND ALL RELATED COMPONENTS AND INFORMATION ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT ANY WARRANTIES OF ANY KIND AND WIZ EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. YOU ACKNOWLEDGE THAT WIZ DOES NOT WARRANT THAT THE WIZ COMMUNITIES WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE.
Limitation of Liability
NEITHER WIZ, NOR ANY OF ITS OFFICERS, DIRECTORS, EMPLOYEES, LICENSORS, OR AFFILIATES SHALL BE LIABLE TO YOU OR ANY THIRD-PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES ARISING FROM OR RELATING TO YOUR PARTICIPATION IN WIZ COMMUNITIES, INCLUDING, WITHOUT LIMITATION, LOST REVENUE, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, OR OTHER LOSSES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Modifications
As our business evolves, we may change these Terms and other policies relating to Wiz Communities. Any material revisions to these Terms will become effective on the date we publish the change. If you use the Wiz Communities after the effective date of any changes, that use will constitute your acceptance of the revised terms and conditions.
Severability
These Terms will be enforced to the fullest extent permitted under applicable law. If any provision of the Terms is held by a court of competent jurisdiction to be contrary to law, the provision will be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of these Terms will remain in effect.
Governing Law; Venue
These Terms constitute a binding agreement, and failure to comply with these Terms may result in legal action. This agreement, and any disputes arising out of or related hereto, shall be governed exclusively by the internal laws of the State of New York, without regard to its conflicts with the laws or rules of the United Nations Convention on the International Sale of Goods. The state and federal courts located in New York City, New York shall have exclusive jurisdiction to adjudicate any dispute arising out of or relating to this Agreement.
Please feel free to contact us if you have any questions about these Terms. You may contact us at communities@wiz.io with respect to Wiz Community Forum and win@wiz.io with respect to WIN Partner Community.
Effective October 25th 2023 to November 17th 2023
DownloadTable of Contents
Wiz Communities Terms of Service
Last updated: Oct 25 2023
The Wiz Community Forum and WIN Partner Community (each a “Wiz Community”, and together “Wiz Communities”) are spaces for Wiz customers and Wiz partners, accordingly, to interact with each another and to share knowledge, information, best practices, and experiences from their use of Wiz. The following user terms apply to all who use either of the Wiz Communities. “We,” “our,” and “us” refer to the applicable Wiz entity providing services to your organization or contracting with you under an integration agreement. “You” and “your” refers to you, the individual user and participant in either of the Wiz Communities.
PLEASE NOTE THAT THE WIZ COMMUNITIES ARE NOT A SUPPORT CHANNEL AND ARE NOT SUBJECT TO WIZ’S OFFICIAL SLA. IF YOU HAVE A SUPPORT REQUEST, PLEASE SUBMIT THIS THROUGH THE OFFICIAL WIZ SUPPORT CHANNELS. THE WIZ COMMUNITIES ARE INTENDED FOR WIZ CUSTOMERS AND WIZ PARTNERS ONLY AND YOUR ACCESS WILL BE REVOKED WHEN YOU / YOUR ORGANIZATION IS NO LONGER A WIZ CUSTOMER OR WIZ PARTNER.
THE WIZ COMMUNITIES ARE INTENDED FOR GENERAL QUERIES AND KNOWLEDGE SHARING. DO NOT SHARE ANY CONFIDENTIAL INFORMATION INCLUDING PERSONAL DATA OF YOUR ORGANIZATION THROUGH THE WIZ COMMUNITIES.
Wiz Communities Rules of Engagement
All use of the Wiz Communities is subject to these Wiz Communities Terms of Service, Wiz’s Privacy Policy and all applicable Wiz policies (together “Terms”).
You must:
- Monitor and control all activity conducted through your Wiz Communities account.
- Keep all passwords and login information for your Wiz Communities account confidential.
- Use commercially reasonable efforts to prevent unauthorized access to or use of the Wiz Communities.
- Keep all information learned through the Wiz Communities confidential and only disclose such information to other users of Wiz within your organization on a need to know basis in order to enhance your experience of Wiz.
- Be respectful of other users.
- Promptly notify us if you become aware of or reasonably suspect any illegal or unauthorized activity or a security breach involving your account, including any loss, theft, or unauthorized disclosure or use of a username, password, or account by contacting communities@wiz.io with respect to Wiz Community Forum and win@wiz.io with respect to WIN Partner Community.
- You may also report offensive or unreasonable conduct to us via communities@wiz.io with respect to Wiz Community Forum and win@wiz.io with respect to WIN Partner Community.
You must never:
- Post any customer data or partner data including confidential information of your organization.
- Post other content that you do not have the required rights to under law and under contractual and fiduciary relationships (such as proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements).
- Post content that includes another person’s private or personal information, including but not limited to communities profile information, images, personal phone numbers, email addresses, addresses, and Social Security numbers.
- Post content that violates applicable laws and governmental regulations, including, but not limited to, all intellectual property, data, privacy, and export control laws, and regulations promulgated by any government agencies, including any rules of any national and other securities exchanges.
- Allow another person to use your account or share your account credentials with another person.
- Post content that is abusive, offensive, vulgar, obscene, hateful, racist or bigoted, threatening, libelous, defamatory, or fraudulent.
- Upload to, link to or transmit from, the Wiz Communities any data, file, software, or link that contains or redirects to a virus, Trojan horse, worm, or other harmful component or a technology that unlawfully accesses or downloads content or information stored within the Wiz Communities or on the hardware of Wiz or any third party.
- Post or send unsolicited communications, spam or advertisements.
- Use contact or other user information obtained from the Wiz Communities (including email addresses) to contact other users outside of the Wiz Communities without their express permission or authority or to create or distribute mailing lists or other collections of contact or user profile information for users for use outside of the Wiz Communities.
- Impersonate any person or entity, or falsely state or otherwise misrepresent an affiliation with a person, organization, or entity of Wiz.
- Interfere with or disrupt the operation or integrity of Wiz Communities or any information, data, content or other materials available on or through Wiz Communities.
- Share information learned through the Wiz Communities with anyone outside of the Wiz Communities or use such information for any competitive purposes or any purpose other than the intended purpose.
- Authorize, permit, enable, induce or encourage any third party to do any of the above.
- Do anything to violate the spirit of these Terms.
User Submissions, Member-Generated Content and Profile Information
As a user of Wiz Communities, you may have the ability to make information, data, graphics, sounds, videos, messages, profiles and other materials and content, each a “Submission,” available through Wiz Communities. Submissions include but are not limited to all comments, suggestions, advice, and ideas, including those made or given on an existing or potential Wiz product or feature. All Submissions are subject to the same licensing provisions contained herein.
Users are solely responsible for all Submissions to Wiz Communities. Wiz has no control over users’ Submissions, and we do not endorse any user Submissions. Additionally, Wiz does not make any promises about the reliability of any source or the accuracy, safety, or intellectual property rights of any Submissions. By posting a Submission, you represent and warrant to either own or have all the intellectual property rights necessary to upload or share all content contained within such Submission and that the Submission does not infringe on the intellectual property rights of others.
Licenses
When you submit content to Wiz Communities, you do not lose ownership of your Submission. Rather, with each Submission, you grant Wiz an unlimited, irrevocable, perpetual, and royalty-free license to access, use, reproduce, display, prepare derivative works of, sublicense, perform, and distribute any Submission content, feedback, suggestions, or ideas for any purpose without any obligation or compensation to you.
If you make available through Wiz Communities ideas and suggestions on Wiz products or services, you acknowledge and agree that posting such a Submission does not make you an inventor of any invention that may arise during any development of any Wiz product or service, including those that may incorporate or are related to user contributions to Wiz Communities. If, despite the foregoing, you retain any right, title, or interest in any invention, you agree to assign to Wiz all right, title, and interest in and to such invention, effective upon the invention’s conception, creation, or development. To the extent that you retain any right to or interest in any invention after all permissible assignment, you waive all claims with respect to such rights or interests against Wiz and its affiliates, and any user of any Wiz product or service. In addition, you grant Wiz an unlimited, irrevocable, perpetual, and royalty-free license to access, use, reproduce, display, prepare derivatives works of, sublicense, perform, distribute, modify, make, sell, offer to sell, import, analyze, and exploit all or any portion of such invention. You waive and quitclaim to Wiz any claim for infringement, misappropriation, or other violation of any invention or intellectual property rights assigned or licensed under these Terms.
Moderation & Removal of Access
Wiz Communities are intended to be a place for users of Wiz products and services and Wiz partners to connect, communicate, and share information, experiences, tips, and thoughts on Wiz products and services. To ensure and foster a positive environment, Wiz may designate Wiz employees to act as moderators / administrators for Wiz Communities“”. Wiz reserves the discretion to remove and alter any user Submission to Wiz Communities at any time, with or without notice, for violation of these Terms; otherwise being deemed inappropriate and/or unlawful; or for any other reason. Wiz has the discretion to block users who violate these Terms or the Communities guidelines from posting and/or to terminate the user’s Wiz Communitiesaccount. In addition, Wiz will revoke your access to the Wiz Communities if you are no longer working at an organization that is a Wiz customer or Wiz partner or if your organization ceases to be a Wiz customer or Wiz partner.
Disclaimer of Warranties
WIZ COMMUNITIES AND ALL RELATED COMPONENTS AND INFORMATION ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT ANY WARRANTIES OF ANY KIND AND WIZ EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. YOU ACKNOWLEDGE THAT WIZ DOES NOT WARRANT THAT THE WIZ COMMUNITIES WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE.
Limitation of Liability
NEITHER WIZ, NOR ANY OF ITS OFFICERS, DIRECTORS, EMPLOYEES, LICENSORS, OR AFFILIATES SHALL BE LIABLE TO YOU OR ANY THIRD-PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES ARISING FROM OR RELATING TO YOUR PARTICIPATION IN WIZ COMMUNITIES, INCLUDING, WITHOUT LIMITATION, LOST REVENUE, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, OR OTHER LOSSES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Modifications
As our business evolves, we may change these Terms and other policies relating to Wiz Communities. Any material revisions to these Terms will become effective on the date we publish the change. If you use the Wiz Communities after the effective date of any changes, that use will constitute your acceptance of the revised terms and conditions.
Severability
These Terms will be enforced to the fullest extent permitted under applicable law. If any provision of the Terms is held by a court of competent jurisdiction to be contrary to law, the provision will be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of these Terms will remain in effect.
Governing Law; Venue
These Terms constitute a binding agreement, and failure to comply with these Terms may result in legal action. This agreement, and any disputes arising out of or related hereto, shall be governed exclusively by the internal laws of the State of New York, without regard to its conflicts with the laws or rules of the United Nations Convention on the International Sale of Goods. The state and federal courts located in New York City, New York shall have exclusive jurisdiction to adjudicate any dispute arising out of or relating to this Agreement.
Please feel free to contact us if you have any questions about these Terms. You may contact us at communities@wiz.io with respect to Wiz Community Forum and win@wiz.io with respect to WIN Partner Community.
Effective October 25th 2023 to October 25th 2023
DownloadTable of Contents
Wiz Communities Terms of Service
Last updated: Oct 25 2023
The Wiz Community Forum and WIN Partner Community (each a “Wiz Community”, and together “Wiz Communities”) are spaces for Wiz customers and Wiz partners, accordingly, to interact with each another and to share knowledge, information, best practices, and experiences from their use of Wiz. The following user terms apply to all who use either of the Wiz Communities. “We,” “our,” and “us” refer to the applicable Wiz entity providing services to your organization or contracting with you under an integration agreement. “You” and “your” refers to you, the individual user and participant in either of the Wiz Communities.
PLEASE NOTE THAT THE WIZ COMMUNITIES ARE NOT A SUPPORT CHANNEL AND ARE NOT SUBJECT TO WIZ’S OFFICIAL SLA. IF YOU HAVE A SUPPORT REQUEST, PLEASE SUBMIT THIS THROUGH THE OFFICIAL WIZ SUPPORT CHANNELS. THE WIZ COMMUNITIES ARE INTENDED FOR WIZ CUSTOMERS AND WIZ PARTNERS ONLY AND YOUR ACCESS WILL BE REVOKED WHEN YOU / YOUR ORGANIZATION IS NO LONGER A WIZ CUSTOMER OR WIZ PARTNER.
THE WIZ COMMUNITIES ARE INTENDED FOR GENERAL QUERIES AND KNOWLEDGE SHARING. DO NOT SHARE ANY CONFIDENTIAL INFORMATION INCLUDING PERSONAL DATA OF YOUR ORGANIZATION THROUGH THE WIZ COMMUNITIES.
Wiz Communities Rules of Engagement
All use of the Wiz Communities is subject to these Wiz Communities Terms of Service, Wiz’s Privacy Policy and all applicable Wiz policies (together “Terms”).
You must:
- Monitor and control all activity conducted through your Wiz Communities account.
- Keep all passwords and login information for your Wiz Communities account confidential.
- Use commercially reasonable efforts to prevent unauthorized access to or use of the Wiz Communities.
- Keep all information learned through the Wiz Communities confidential and only disclose such information to other users of Wiz within your organization on a need to know basis in order to enhance your experience of Wiz.
- Be respectful of other users.
- Promptly notify us if you become aware of or reasonably suspect any illegal or unauthorized activity or a security breach involving your account, including any loss, theft, or unauthorized disclosure or use of a username, password, or account by contacting communities@wiz.io with respect to Wiz Community Forum and win@wiz.io with respect to WIN Partner Community.
- You may also report offensive or unreasonable conduct to us via communities@wiz.io with respect to Wiz Community Forum and win@wiz.io with respect to WIN Partner Community.
You must never:
- Post any customer data or partner data including confidential information of your organization.
- Post other content that you do not have the required rights to under law and under contractual and fiduciary relationships (such as proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements).
- Post content that includes another person’s private or personal information, including but not limited to communities profile information, images, personal phone numbers, email addresses, addresses, and Social Security numbers.
- Post content that violates applicable laws and governmental regulations, including, but not limited to, all intellectual property, data, privacy, and export control laws, and regulations promulgated by any government agencies, including any rules of any national and other securities exchanges.
- Allow another person to use your account or share your account credentials with another person.
- Post content that is abusive, offensive, vulgar, obscene, hateful, racist or bigoted, threatening, libelous, defamatory, or fraudulent.
- Upload to, link to or transmit from, the Wiz Communities any data, file, software, or link that contains or redirects to a virus, Trojan horse, worm, or other harmful component or a technology that unlawfully accesses or downloads content or information stored within the Wiz Communities or on the hardware of Wiz or any third party.
- Post or send unsolicited communications, spam or advertisements.
- Use contact or other user information obtained from the Wiz Communities (including email addresses) to contact other users outside of the Wiz Communities without their express permission or authority or to create or distribute mailing lists or other collections of contact or user profile information for users for use outside of the Wiz Communities.
- Impersonate any person or entity, or falsely state or otherwise misrepresent an affiliation with a person, organization, or entity of Wiz.
- Interfere with or disrupt the operation or integrity of Wiz Communities or any information, data, content or other materials available on or through Wiz Communities.
- Share information learned through the Wiz Communities with anyone outside of the Wiz Communities or use such information for any competitive purposes or any purpose other than the intended purpose.
- Authorize, permit, enable, induce or encourage any third party to do any of the above.
- Do anything to violate the spirit of these Terms.
User Submissions, Member-Generated Content and Profile Information
As a user of Wiz Communities, you may have the ability to make information, data, graphics, sounds, videos, messages, profiles and other materials and content, each a “Submission,” available through Wiz Communities. Submissions include but are not limited to all comments, suggestions, advice, and ideas, including those made or given on an existing or potential Wiz product or feature. All Submissions are subject to the same licensing provisions contained herein.
Users are solely responsible for all Submissions to Wiz Communities. Wiz has no control over users’ Submissions, and we do not endorse any user Submissions. Additionally, Wiz does not make any promises about the reliability of any source or the accuracy, safety, or intellectual property rights of any Submissions. By posting a Submission, you represent and warrant to either own or have all the intellectual property rights necessary to upload or share all content contained within such Submission and that the Submission does not infringe on the intellectual property rights of others.
Licenses
When you submit content to Wiz Communities, you do not lose ownership of your Submission. Rather, with each Submission, you grant Wiz an unlimited, irrevocable, perpetual, and royalty-free license to access, use, reproduce, display, prepare derivative works of, sublicense, perform, and distribute any Submission content, feedback, suggestions, or ideas for any purpose without any obligation or compensation to you.
If you make available through Wiz Communities ideas and suggestions on Wiz products or services, you acknowledge and agree that posting such a Submission does not make you an inventor of any invention that may arise during any development of any Wiz product or service, including those that may incorporate or are related to user contributions to Wiz Communities. If, despite the foregoing, you retain any right, title, or interest in any invention, you agree to assign to Wiz all right, title, and interest in and to such invention, effective upon the invention’s conception, creation, or development. To the extent that you retain any right to or interest in any invention after all permissible assignment, you waive all claims with respect to such rights or interests against Wiz and its affiliates, and any user of any Wiz product or service. In addition, you grant Wiz an unlimited, irrevocable, perpetual, and royalty-free license to access, use, reproduce, display, prepare derivatives works of, sublicense, perform, distribute, modify, make, sell, offer to sell, import, analyze, and exploit all or any portion of such invention. You waive and quitclaim to Wiz any claim for infringement, misappropriation, or other violation of any invention or intellectual property rights assigned or licensed under these Terms.
Moderation & Removal of Access
Wiz Communities are intended to be a place for users of Wiz products and services and Wiz partners to connect, communicate, and share information, experiences, tips, and thoughts on Wiz products and services. To ensure and foster a positive environment, Wiz may designate Wiz employees to act as moderators / administrators for Wiz Communities“”. Wiz reserves the discretion to remove and alter any user Submission to Wiz Communities at any time, with or without notice, for violation of these Terms; otherwise being deemed inappropriate and/or unlawful; or for any other reason. Wiz has the discretion to block users who violate these Terms or the Communities guidelines from posting and/or to terminate the user’s Wiz Communitiesaccount. In addition, Wiz will revoke your access to the Wiz Communities if you are no longer working at an organization that is a Wiz customer or Wiz partner or if your organization ceases to be a Wiz customer or Wiz partner.
Disclaimer of Warranties
WIZ COMMUNITIES AND ALL RELATED COMPONENTS AND INFORMATION ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT ANY WARRANTIES OF ANY KIND AND WIZ EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. YOU ACKNOWLEDGE THAT WIZ DOES NOT WARRANT THAT THE WIZ COMMUNITIES WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE.
Limitation of Liability
NEITHER WIZ, NOR ANY OF ITS OFFICERS, DIRECTORS, EMPLOYEES, LICENSORS, OR AFFILIATES SHALL BE LIABLE TO YOU OR ANY THIRD-PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES ARISING FROM OR RELATING TO YOUR PARTICIPATION IN WIZ COMMUNITIES, INCLUDING, WITHOUT LIMITATION, LOST REVENUE, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, OR OTHER LOSSES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Modifications
As our business evolves, we may change these Terms and other policies relating to Wiz Communities. Any material revisions to these Terms will become effective on the date we publish the change. If you use the Wiz Communities after the effective date of any changes, that use will constitute your acceptance of the revised terms and conditions.
Severability
These Terms will be enforced to the fullest extent permitted under applicable law. If any provision of the Terms is held by a court of competent jurisdiction to be contrary to law, the provision will be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of these Terms will remain in effect.
Governing Law; Venue
These Terms constitute a binding agreement, and failure to comply with these Terms may result in legal action. This agreement, and any disputes arising out of or related hereto, shall be governed exclusively by the internal laws of the State of New York, without regard to its conflicts with the laws or rules of the United Nations Convention on the International Sale of Goods. The state and federal courts located in New York City, New York shall have exclusive jurisdiction to adjudicate any dispute arising out of or relating to this Agreement.
Please feel free to contact us if you have any questions about these Terms. You may contact us at communities@wiz.io with respect to Wiz Community Forum and win@wiz.io with respect to WIN Partner Community.
Effective October 9th 2023 to October 25th 2023
DownloadTable of Contents
Wiz Community Forum Terms of Service
Last updated: Nov, 22 2022
The Wiz Community Forum is a space for Wiz customers to interact with each another and to share knowledge, information, best practices, and experiences from their use of Wiz. The following user terms apply to all who use the Wiz Community Forum. “We,” “our,” and “us” refer to the applicable Wiz entity providing services to your organization. “You” and “your” refers to you, the individual user and participant in the Wiz Community Forum.
PLEASE NOTE THAT THE WIZ COMMUNITY FORUM IS NOT A SUPPORT CHANNEL AND IS NOT SUBJECT TO WIZ’S OFFICIAL SLA. IF YOU HAVE A SUPPORT REQUEST, PLEASE SUBMIT THIS THROUGH THE OFFICIAL WIZ SUPPORT CHANNELS. THE WIZ COMMUNITY FORUM IS INTENDED FOR WIZ CUSTOMERS ONLY AND YOUR ACCESS WILL BE REVOKED WHEN YOU / YOUR ORGANIZATION IS NO LONGER A WIZ CUSTOMER.
THE WIZ COMMUNITY FORUM IS INTENDED FOR GENERAL QUERIES AND KNOWLEDGE SHARING. DO NOT SHARE ANY CONFIDENTIAL INFORMATION INCLUDING PERSONAL DATA OF YOUR ORGANIZATION THROUGH THE WIZ COMMUNITY FORUM.
Wiz Community Forum Rules of Engagement
All use of the Wiz Community Forum is subject to these Wiz Community Forum Terms of Service, Wiz’s Privacy Policy and all applicable Wiz policies (together “Terms”). The Wiz Community Forum is intended for Wiz customers only and your access will be revoked when you / your organization is no longer a Wiz customer.
You must:
- Monitor and control all activity conducted through your Wiz Community Forum account.
- Keep all passwords and login information for your Wiz Community Forum account confidential.
- Use commercially reasonable efforts to prevent unauthorized access to or use of the Wiz Community Forum.
- Keep all information learned through the Wiz Community Forum confidential and only disclose such information to other users of Wiz within your organization on a need to know basis in order to enhance your experience of Wiz services.
- Be respectful of other users.
- Promptly notify us if you become aware of or reasonably suspect any illegal or unauthorized activity or a security breach involving your account, including any loss, theft, or unauthorized disclosure or use of a username, password, or account by contacting communities@wiz.io.
- You may also report offensive or unreasonable conduct to us via communities@wiz.io.
You must never:
- Post any Customer Data including confidential information of your organization.
- Post other content that you do not have the required rights to under law and under contractual and fiduciary relationships (such as proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements).
- Post content that includes another person’s private or personal information, including but not limited to community forum profile information, images, personal phone numbers, email addresses, addresses, and Social Security numbers.
- Post content that violates applicable laws and governmental regulations, including, but not limited to, all intellectual property, data, privacy, and export control laws, and regulations promulgated by any government agencies, including any rules of any national and other securities exchanges.
- Allow another person to use your account or share your account credentials with another person.
- Post content that is abusive, offensive, vulgar, obscene, hateful, racist or bigoted, threatening, libelous, defamatory, or fraudulent.
- Upload to, link to or transmit from, the Wiz Community Forum any data, file, software, or link that contains or redirects to a virus, Trojan horse, worm, or other harmful component or a technology that unlawfully accesses or downloads content or information stored within the Wiz Community Forum or on the hardware of Wiz or any third party.
- Post or send unsolicited communications, spam or advertisements.
- Use contact or other user information obtained from the Wiz Community Forum (including email addresses) to contact other users outside of the Wiz Community Forum without their express permission or authority or to create or distribute mailing lists or other collections of contact or user profile information for users for use outside of the Wiz Community Forum.
- Impersonate any person or entity, or falsely state or otherwise misrepresent an affiliation with a person, organization, or entity of Wiz.
- Interfere with or disrupt the operation or integrity of Wiz Community Forum or any information, data, content or other materials available on or through Wiz Community Forum.
- Share information learned through the Wiz Community Forum with anyone outside of the Wiz Community Forum or use such information for any competitive purposes or any purpose other than the intended purpose.
- Authorize, permit, enable, induce or encourage any third party to do any of the above.
- Do anything to violate the spirit of these Terms.
User Submissions, Member-Generated Content and Profile Information
As a user of Wiz Community Forum, you may have the ability to make information, data, graphics, sounds, videos, messages, profiles and other materials and content, each a “Submission,” available through Wiz Community Forum. Submissions include but are not limited to all comments, suggestions, advice, and ideas, including those made or given on an existing or potential Wiz product or feature. All Submissions are subject to the same licensing provisions contained herein.
Users are solely responsible for all Submissions to Wiz Community Forum. Wiz has no control over users’ Submissions, and we do not endorse any user Submissions. Additionally, Wiz does not make any promises about the reliability of any source or the accuracy, safety, or intellectual property rights of any Submissions. By posting a Submission, you represent and warrant to either own or have all the intellectual property rights necessary to upload or share all content contained within such Submission and that the Submission does not infringe on the intellectual property rights of others.
Licenses
When you submit content to Wiz Community Forum, you do not lose ownership of your Submission. Rather, with each Submission, you grant Wiz an unlimited, irrevocable, perpetual, and royalty-free license to access, use, reproduce, display, prepare derivative works of, sublicense, perform, and distribute any Submission content, feedback, suggestions, or ideas for any purpose without any obligation or compensation to you.
If you make available through Wiz Community Forum ideas and suggestions on Wiz products or services, you acknowledge and agree that posting such a Submission does not make you an inventor of any invention that may arise during any development of any Wiz product or service, including those that may incorporate or are related to user contributions to Wiz Community Forum. If, despite the foregoing, you retain any right, title, or interest in any invention, you agree to assign to Wiz all right, title, and interest in and to such invention, effective upon the invention’s conception, creation, or development. To the extent that you retain any right to or interest in any invention after all permissible assignment, you waive all claims with respect to such rights or interests against Wiz and its affiliates, and any user of any Wiz product or service. In addition, you grant Wiz an unlimited, irrevocable, perpetual, and royalty-free license to access, use, reproduce, display, prepare derivatives works of, sublicense, perform, distribute, modify, make, sell, offer to sell, import, analyze, and exploit all or any portion of such invention. You waive and quitclaim to Wiz any claim for infringement, misappropriation, or other violation of any invention or intellectual property rights assigned or licensed under these Terms.
Moderation & Removal of Access
Wiz Community Forum is intended to be a place for users of Wiz products and services to connect, communicate, and share information, experiences, tips, and thoughts on Wiz products and services. To ensure and foster a positive environment, Wiz may designate Wiz employees to act as moderators / administrators for Wiz Community Forum ("Community Moderators"). Wiz reserves the discretion to remove and alter any user Submission to Wiz Community Forum at any time, with or without notice, for violation of these Terms; otherwise being deemed inappropriate and/or unlawful; or for any other reason. Wiz has the discretion to block users who violate these Terms or the Community Forum Guidelines from posting and/or to terminate the user’s Wiz Community Forum account. In addition, Wiz will revoke your access to the Wiz Community Forum if you are no longer working at an organization that is a Wiz customer or if your organization ceases to be a Wiz customer.
Disclaimer of Warranties
WIZ COMMUNITY FORUM AND ALL RELATED COMPONENTS AND INFORMATION ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT ANY WARRANTIES OF ANY KIND AND WIZ EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. YOU ACKNOWLEDGE THAT WIZ DOES NOT WARRANT THAT THE WIZ COMMUNITY FORUM WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE.
Limitation of Liability
NEITHER WIZ, NOR ANY OF ITS OFFICERS, DIRECTORS, EMPLOYEES, LICENSORS, OR AFFILIATES SHALL BE LIABLE TO YOU OR ANY THIRD-PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES ARISING FROM OR RELATING TO YOUR PARTICIPATION IN WIZ COMMUNITY FORUM, INCLUDING, WITHOUT LIMITATION, LOST REVENUE, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Modifications
As our business evolves, we may change these Terms and other policies relating to Wiz Community Forum. Any material revisions to these Terms will become effective on the date we publish the change. If you use the Wiz Community Forum after the effective date of any changes, that use will constitute your acceptance of the revised terms and conditions.
Severability
These Terms will be enforced to the fullest extent permitted under applicable law. If any provision of the Terms is held by a court of competent jurisdiction to be contrary to law, the provision will be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of these Terms will remain in effect.
Governing Law; Venue
These Terms constitute a binding agreement, and failure to comply with these Terms may result in legal action. This agreement, and any disputes arising out of or related hereto, shall be governed exclusively by the internal laws of the State of New York, without regard to its conflicts with the laws or rules of the United Nations Convention on the International Sale of Goods. The state and federal courts located in New York City, New York shall have exclusive jurisdiction to adjudicate any dispute arising out of or relating to this Agreement.
Please feel free to contact us if you have any questions about these Terms. You may contact us at communities@wiz.io.
Wiz Privacy Addendum
Effective December 31st 2024
DownloadTable of Contents
WIZ PRIVACY ADDENDUM
This Privacy Addendum (“Addendum”) is entered into as of the date of the Agreement (the “Effective Date”) by and between the Wiz entity specified in the Agreement (“Wiz”) and the counterparty specified in the Agreement (“Counterparty”), (each, a “Party” and collectively, the “Parties”). This Addendum supplements and is part of the main agreement between the Parties which incorporates this Addendum by reference (the “Agreement”) and sets forth the Parties’ obligations with respect to the sharing and Processing of Personal Data in connection with the Agreement. In consideration of the mutual obligations set out herein, the Parties hereby agree that the terms and conditions set out below shall be added as an Addendum to the Agreement. Except as supplemented below, the terms of the Agreement shall remain in full force and effect. Capitalized terms not defined herein shall have the meanings assigned to such terms in the Agreement.
- Definitions.
- “Controller” or “Business” as relevant under applicable Data Protection Laws, means the entity which determines the purposes and means of the Processing of Personal Data or such equivalent term under Data Protection Laws.
- “Data Protection Laws” means all laws and regulations relating to data protection, security and privacy, including but not limited to the laws and regulations of the European Union, the EEA and their Member States, Switzerland, the United Kingdom, and the United States, each to the extent applicable to the Parties’ Processing of Personal Data under the Agreement.
- “Disclosing Party” the Party that discloses Personal Data to the other Party under the Agreement.
- “EEA” means the European Economic Area.
- “Extended EEA Country” means a country within the EEA, Switzerland or the United Kingdom, and Extended EEA Countries means the foregoing countries collectively.
- “Member State(s)” means a country that belongs to the European Union and/or the EEA.
- “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier or such equivalent term under Data Protection Laws. For the purposes of this Addendum, Personal Data refers to Personal Data that is disclosed between the Parties under the Agreement.
- “Standard Contractual Clauses” or “SCCs” means the “standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council adopted by the European Commission decision of 4 June 2021” and published under document number C (2021) 3972 available at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=en and as may be otherwise amended or updated from time to time.
- “Receiving Party” the Party that receives or discloses Personal Data from the other Party under the Agreement.
- Representations and Warranties. The Parties acknowledge and agree that each Party acts as a separate Controller or Business of the Personal Data disclosed between the Parties under the Agreement. The Disclosing Party hereby represents, warrants and covenants to that: (a) it has obtained any and all required consents, rights, legal bases and/or licenses to collect and disclose the Personal Data to the Receiving Party for the purposes permitted under the Agreement, including, where applicable, to communicate with the leads, to send marketing and sales communications, and for other direct and digital marketing purposes; (b) the Personal Data has been legally collected by the Disclosing Party; and (c) it has complied and shall comply with any and all applicable laws (including, but not limited to Data Protection Laws) in the performance of its obligations hereunder and Processing of the Personal Data.
- Data Privacy.
- Restrictions on Use. The Disclosing Party discloses Personal Data to the Receiving Party solely for the purposes permitted by the Agreement. The Receiving Party will comply with all applicable requirements of applicable Data Protection Law, including but not limited to by: (i) providing the same level of privacy protection to Personal Data as required the Disclosing Party under applicable Data Protection Law, and in no event less than a reasonable standard of care; (ii) providing any required disclosures, such as privacy policies, notices at collection, or opt out notices to consumers whose Personal Data the Receiving Party processes; and (iii) implementing appropriate technical and organizational measures to ensure a level of security for the Personal Data appropriate to the risk. The Disclosing Party shall have the right, upon reasonable notice to the Receiving Party, to take reasonable and appropriate steps to help ensure that the Receiving Party uses the Personal Data transferred in a manner consistent with Data Protection Laws and to stop and remediate unauthorized use of Personal Data. Each Party shall establish and maintain a procedure to enable individuals to exercise their rights under Data Protection Laws and shall provide reasonable assistance to the other Party in responding to any such requests; and will honor and notify the other Party of a request by any individual whose information is contained in the Personal Data to opt out of or withdraw consent to the Processing of their Personal Data. A Party shall notify the other Party if it makes a determination that it can no longer meet its obligations under this Addendum and in such case each Party shall be entitled to terminate the Agreement.
- Data Transfers. To the extent that the Personal Data is subject to Data Protection Laws of an Extended EEA Country and as a result of the provision of such Personal Data by the Disclosing Party to the Receiving Party, there is a transfer of Personal Data from the Extended EEA Countries to countries outside the Extended EEA Countries which are not subject to an adequacy decision published by the relevant data protection authorities of the Extended EEA Countries (“Third Countries”), the Parties agree that such transfers shall be undertaken on the basis of Module 1 (Controller to Controller) of the Standard Contractual Clauses which will be deemed to have been signed by each Party on the Effective Date of the Agreement, are incorporated herein by reference and construed in accordance with Schedule 1 below, unless another mechanism provided for in the Data Protection Laws of the applicable Extended EEA Country applies.
Schedule 1
- Incorporation and interpretation of the Standard Contractual Clauses
- In relation to transfers of Personal Data which is subject to Data Protection Laws of the EEA Extended Countries to Third Countries, the Parties agree that: Module One (Transfer Controller to Controller) of the Standard Contractual Clauses shall apply.
- Where the data exporter is an Affiliate of the Disclosing Party, the Standard Contractual Clauses shall constitute a separate agreement between such Affiliate acting as a data exporter and the Disclosing Party acting as data importer.
- The Parties acknowledge that the information required to be provided in the Standard Contractual Clauses, including the appendices, is set out in the Appendix below.
- If there is a conflict between the provisions of this Addendum, the Agreement and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail, provided that, except to the extent prohibited by applicable law, the Standard Contractual Clauses shall be interpreted in accordance with and subject this Addendum and the Agreement.
- If any provision or part-provision of this Addendum and/or the Agreement causes the Standard Contractual Clauses to become an invalid export mechanism in the relevant Extended EEA Country, it shall be deemed deleted but that shall not affect the validity and enforceability of the rest of this Addendum and/or the Agreement and the Parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
- Notwithstanding anything to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is the UK, template Addendum B.1.0 issued by the UK ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses, (the “UK Approved Addendum”) shall amend the Standard Contractual Clauses in respect of such transfers and Part 1 of the UK Approved Addendum shall be populated as set out below:
- Table 1. The “start date” will be the date this DPA enters into force. The “Parties” are set forth in the Appendix below.
- Table 2. The “Addendum EU SCCs” are the modules and clauses of the Standard Contractual Clauses selected in relation to a particular transfer in accordance with paragraphs 1.1 of this Schedule.
- Table 3. The “Appendix Information” is as set out in Appendix to this Schedule.
- Table 4. Neither party may end the UK Approved Addendum in accordance with its Section 19.
- Except where paragraph 1.6 above applies, but notwithstanding anything else to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is not a Member State of the European Union, references in the Standard Contractual Clauses to:
- “Member States of the European Union” shall refer to the applicable Extended EEA Country in which the data exporter is established or from where the transferred Personal Data originated (as applicable);
- “the GDPR” shall refer to the Data Protection Laws of the Extended EEA Country in which the data exporter is established or from where the Personal Data originated; and
- “supervisory authority” shall refer to the data protection authority in the Extended EEA Country as determined in Annex I(C) below.
Appendix
A. LIST OF THE PARTIES | |
Data Exporter: | Counterparty or Wiz or Counterparty or Wiz Affiliate, in each case to the extent applicable in respect of the specific transfer |
Data Importer: | Counterparty or Wiz, in each case to the extent applicable in respect of the specific transfer |
B. DETAILS OF PROCESSING/TRANSFER | |
CATEGORIES OF DATA SUBJECTS | Leads, event attendees, prospective customers, partners or candidates (where applicable) |
CATEGORIES OF PERSONAL DATA | Business contact information such as name, email address, phone number, role, company and/or where applicable candidate reference information including curriculum vitae and/or such other information provided by candidates within the recruitment process. |
SPECIAL CATEGORIES OF DATA (IF APPLICABLE) | N/A |
FREQUENCY OF THE TRANSFER | As regular as is required in connection with the Parties’ performance of the Agreement |
NATURE AND PURPOSE OF THE PROCESSING | The Personal Data will be processed in connection with the Parties’ performance of the Agreement. |
RETENTION | Personal Data will be retained in accordance with the data importer’s retention policies. |
C. COMPETENT SUPERVISORY AUTHORITY | |
Identify the competent supervisory authority/ies in accordance with Clause 13: (a)Where an EU Representative has not been appointed by data exporter, the competent supervisory authority shall be the supervisory authority of the Netherlands. (b)Where the data exporter is established outside of the EU, but within an Extended EEA Country, the competent supervisory authority shall be the supervisory authority of the Extended EEA Country in which the data exporter is established. (c)Where the data exporter is established outside an Extended EEA Country and the Personal Data originates from an Extended EEA Country which is not in the EU, the supervisory authority shall be the supervisory authority of the Extended EEA Country from which the Personal Data originated. | |
D. GOVERNING LAW AND CHOICE OF FORUM | |
GOVERNING LAW | For the purposes of Clause 17 of the Standard Contractual Clauses the Parties select OPTION 1: (a) where the data exporter is established in the EU or otherwise if the personal data originates from the EU, the Parties select the laws of the Netherlands (b) where the data exporter is established outside the EU but within an Extended EEA Country, the Parties select the laws of the Extended EEA Country where the data exporter is established (c) subject to (a) above, where the data exporter is established outside an Extended EEA Country, the parties select the laws of the Extended EEA Country where the personal data originates from |
CHOICE OF FORUM | For the purposes of Clause 18 of the SCCs:
outside an Extended EEA Country, the parties select the courts of the Extended EEA Country where the personal data originates from |
TECHNICAL AND ORGANISATIONAL MEASURES | Each Party shall have adequate security measures in order to protect the Personal Data in compliance with Data Protection Laws. |
E. OTHER | |
Where the Standard Contractual Clauses identify optional provisions (or provisions with multiple options) the following will apply: (a) For Clause 7 (Docking Clause), the optional provision will apply. (b) For Clause 11(a) (Redress) – the optional provision will not apply. | |
Effective November 17th 2023 to December 31st 2024
DownloadTable of Contents
WIZ PRIVACY ADDENDUM
This Privacy Addendum (“Addendum”) is entered into as of the date of the Agreement (the “Effective Date”) by and between the Wiz entity specified in the Agreement (“Wiz”) and the counterparty specified in the Agreement (“Counterparty”), (each, a “Party” and collectively, the “Parties”). This Addendum supplements and is part of the main agreement between the Parties which incorporates this Addendum by reference (the “Agreement”) and sets forth the Parties’ obligations with respect to the sharing and Processing of Personal Data in connection with the Agreement. In consideration of the mutual obligations set out herein, the Parties hereby agree that the terms and conditions set out below shall be added as an Addendum to the Agreement. Except as supplemented below, the terms of the Agreement shall remain in full force and effect. Capitalized terms not defined herein shall have the meanings assigned to such terms in the Agreement.
- Definitions.
- “Controller” or “Business” as relevant under applicable Data Protection Laws, means the entity which determines the purposes and means of the Processing of Personal Data or such equivalent term under Data Protection Laws.
- “Data Protection Laws” means all laws and regulations relating to data protection, security and privacy, including but not limited to the laws and regulations of the European Union, the EEA and their Member States, Switzerland, the United Kingdom, and the United States, each to the extent applicable to the Parties’ Processing of Personal Data under the Agreement.
- “Disclosing Party” the Party that discloses or shares Personal Data to the other Party under the Agreement.
- “EEA” means the European Economic Area.
- “Extended EEA Country” means a country within the EEA, Switzerland or the United Kingdom, and Extended EEA Countries means the foregoing countries collectively.
- “Member State(s)” means a country that belongs to the European Union and/or the EEA.
- “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier or such equivalent term under Data Protection Laws. For the purposes of this Addendum, Personal Data refers to Personal Data that is shared or disclosed between the Parties under the Agreement.
- “Standard Contractual Clauses” or “SCCs” means the “standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council adopted by the European Commission decision of 4 June 2021” and published under document number C (2021) 3972 available at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=en and as may be otherwise amended or updated from time to time.
- “Receiving Party” the Party that receives or shares Personal Data from the other Party under the Agreement.
- Representations and Warranties. The Parties acknowledge and agree that each Party acts as a separate Controller of the Personal Data shared between the Parties under the Agreement. The Disclosing Party hereby represents, warrants and covenants to that: (a) it has obtained any and all required consents, rights, legal bases and/or licenses to collect and share the Personal Data with the Receiving Party for the purposes permitted under the Agreement , including, where applicable, to communicate with the leads, to send marketing and sales communications; (b) the Personal Data has been legally collected by the Disclosing Party; and (c) it has complied and shall comply with any and all applicable laws (including, but not limited to Data Protection Laws) in the performance of its obligations hereunder and Processing of the Personal Data.
- Data Privacy.
- Restrictions on Use. The Disclosing Party discloses Personal Data to the Receiving Party solely for the purposes permitted by the Agreement. The Receiving Party will not “Sell” or “Share” (as both terms are defined in applicable Data Protection Laws) Personal Data provided by Counterparty pursuant to the Agreement, or otherwise retain, use, disclose, or process Personal Data, for any purpose other than for the specific purposes set forth herein or otherwise outside the direct business relationship between the parties. The Receiving Party will comply with all applicable requirements of applicable Data Protection Law, including but not limited to by: (i) providing the same level of privacy protection to Personal Data as required the Disclosing Party under applicable Data Protection Law, and in no event less than a reasonable standard of care; (ii) providing any required disclosures, such as privacy policies, notices at collection, or opt out notices to consumers whose Personal Data the Receiving Party processes; and (iii) implementing appropriate technical and organizational measures to ensure a level of security for the Personal Data appropriate to the risk. The Disclosing Party shall have the right, upon reasonable notice to the Receiving Party, to take reasonable and appropriate steps to help ensure that the Receiving Party uses the Personal Data transferred in a manner consistent with Data Protection Laws and to stop and remediate unauthorized use of Personal Data. Each Party shall establish and maintain a procedure to enable individuals to exercise their rights under Data Protection Laws and shall provide reasonable assistance to the other Party in responding to any such requests; and will honor and notify the other Party of a request by any individual whose information is contained in the Personal Data to opt out of or withdraw consent to the Processing of their Personal Data. A Party shall notify the other Party if it makes a determination that it can no longer meet its obligations under this Addendum and in such case each Party shall be entitled to terminate the Agreement.
- Data Transfers. To the extent that the Personal Data is subject to Data Protection Laws of an Extended EEA Country and as a result of the provision of such Personal Data by the Disclosing Party to the Receiving Party, there is a transfer of Personal Data from the Extended EEA Countries to countries outside the Extended EEA Countries which are not subject to an adequacy decision published by the relevant data protection authorities of the Extended EEA Countries (“Third Countries”), the Parties agree that such transfers shall be undertaken on the basis of Module 1 (Controller to Controller) of the Standard Contractual Clauses which will be deemed to have been signed by each Party on the Effective Date of the Agreement, are incorporated herein by reference and construed in accordance with Schedule 1 below, unless another mechanism provided for in the Data Protection Laws of the applicable Extended EEA Country applies.
Schedule 1
- Incorporation and interpretation of the Standard Contractual Clauses
- In relation to transfers of Personal Data which is subject to Data Protection Laws of the EEA Extended Countries to Third Countries, the Parties agree that: Module One (Transfer Controller to Controller) of the Standard Contractual Clauses shall apply.
- Where the data exporter is an Affiliate of the Disclosing Party, the Standard Contractual Clauses shall constitute a separate agreement between such Affiliate acting as a data exporter and the Disclosing Party acting as data importer.
- The Parties acknowledge that the information required to be provided in the Standard Contractual Clauses, including the appendices, is set out in the Appendix below.
- If there is a conflict between the provisions of this Addendum, the Agreement and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail, provided that, except to the extent prohibited by applicable law, the Standard Contractual Clauses shall be interpreted in accordance with and subject this Addendum and the Agreement.
- If any provision or part-provision of this Addendum and/or the Agreement causes the Standard Contractual Clauses to become an invalid export mechanism in the relevant Extended EEA Country, it shall be deemed deleted but that shall not affect the validity and enforceability of the rest of this Addendum and/or the Agreement and the Parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
- Notwithstanding anything to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is the UK, template Addendum B.1.0 issued by the UK ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses, (the “UK Approved Addendum”) shall amend the Standard Contractual Clauses in respect of such transfers and Part 1 of the UK Approved Addendum shall be populated as set out below:
- Table 1. The “start date” will be the date this DPA enters into force. The “Parties” are set forth in the Appendix below.
- Table 2. The “Addendum EU SCCs” are the modules and clauses of the Standard Contractual Clauses selected in relation to a particular transfer in accordance with paragraphs 1.1 of this Schedule.
- Table 3. The “Appendix Information” is as set out in Appendix to this Schedule.
- Table 4. Neither party may end the UK Approved Addendum in accordance with its Section 19.
- Except where paragraph 1.6 above applies, but notwithstanding anything else to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is not a Member State of the European Union, references in the Standard Contractual Clauses to:
- “Member States of the European Union” shall refer to the applicable Extended EEA Country in which the data exporter is established or from where the transferred Personal Data originated (as applicable);
- “the GDPR” shall refer to the Data Protection Laws of the Extended EEA Country in which the data exporter is established or from where the Personal Data originated; and
- “supervisory authority” shall refer to the data protection authority in the Extended EEA Country as determined in Annex I(C) below.
Appendix
A. LIST OF THE PARTIES | |
Data Exporter: | Counterparty or Wiz or Counterparty or Wiz Affiliate, in each case to the extent applicable in respect of the specific transfer |
Data Importer: | Counterparty or Wiz, in each case to the extent applicable in respect of the specific transfer |
B. DETAILS OF PROCESSING/TRANSFER | |
CATEGORIES OF DATA SUBJECTS | Leads, event attendees, prospective customers, partners or candidates (where applicable) |
CATEGORIES OF PERSONAL DATA | Business contact information such as name, email address, phone number, role, company and/or where applicable candidate reference information including curriculum vitae and/or such other information provided by candidates within the recruitment process. |
SPECIAL CATEGORIES OF DATA (IF APPLICABLE) | N/A |
FREQUENCY OF THE TRANSFER | As regular as is required in connection with the Parties’ performance of the Agreement |
NATURE AND PURPOSE OF THE PROCESSING | The Personal Data will be processed in connection with the Parties’ performance of the Agreement. |
RETENTION | Personal Data will be retained in accordance with the data importer’s retention policies. |
C. COMPETENT SUPERVISORY AUTHORITY | |
Identify the competent supervisory authority/ies in accordance with Clause 13: (a)Where an EU Representative has not been appointed by data exporter, the competent supervisory authority shall be the supervisory authority of the Netherlands. (b)Where the data exporter is established outside of the EU, but within an Extended EEA Country, the competent supervisory authority shall be the supervisory authority of the Extended EEA Country in which the data exporter is established. (c)Where the data exporter is established outside an Extended EEA Country and the Personal Data originates from an Extended EEA Country which is not in the EU, the supervisory authority shall be the supervisory authority of the Extended EEA Country from which the Personal Data originated. | |
D. GOVERNING LAW AND CHOICE OF FORUM | |
GOVERNING LAW | For the purposes of Clause 17 of the Standard Contractual Clauses the Parties select OPTION 1: (a) where the data exporter is established in the EU or otherwise if the personal data originates from the EU, the Parties select the laws of the Netherlands (b) where the data exporter is established outside the EU but within an Extended EEA Country, the Parties select the laws of the Extended EEA Country where the data exporter is established (c) subject to (a) above, where the data exporter is established outside an Extended EEA Country, the parties select the laws of the Extended EEA Country where the personal data originates from |
CHOICE OF FORUM | For the purposes of Clause 18 of the SCCs: (a) where the data exporter is established in the EU or otherwise if the personal data originates from the EU, the Parties select the courts of the Netherlands (b) where the data exporter is established outside the EU but within an Extended EEA Country, the Parties select the courts of the Extended EEA Country in which the data exporter is established (c) subject to (a) above, where the data exporter is established outside an Extended EEA Country, the parties select the courts of the Extended EEA Country where the personal data originates from |
TECHNICAL AND ORGANISATIONAL MEASURES | Each Party shall have adequate security measures in order to protect the Personal Data in compliance with Data Protection Laws. |
E. OTHER | |
Where the Standard Contractual Clauses identify optional provisions (or provisions with multiple options) the following will apply: (a) For Clause 7 (Docking Clause), the optional provision will apply. (b) For Clause 11(a) (Redress) – the optional provision will not apply. | |
Effective November 13th 2023 to November 17th 2023
DownloadTable of Contents
WIZ PRIVACY ADDENDUM
This Privacy Addendum (“Addendum”) is entered into as of the date of the Agreement (the “Effective Date”) by and between the Wiz entity specified in the Agreement (“Wiz”) and the counterparty specified in the Agreement (“Counterparty”), (each, a “Party” and collectively, the “Parties”). This Addendum supplements and is part of the main agreement between the Parties which incorporates this Addendum by reference (the “Agreement”) and sets forth the Parties’ obligations with respect to the sharing and Processing of Personal Data in connection with the Agreement. In consideration of the mutual obligations set out herein, the Parties hereby agree that the terms and conditions set out below shall be added as an Addendum to the Agreement. Except as supplemented below, the terms of the Agreement shall remain in full force and effect. Capitalized terms not defined herein shall have the meanings assigned to such terms in the Agreement.
- Definitions.
- “Controller” or “Business” as relevant under applicable Data Protection Laws, means the entity which determines the purposes and means of the Processing of Personal Data or such equivalent term under Data Protection Laws.
- “Data Protection Laws” means all laws and regulations relating to data protection, security and privacy, including but not limited to the laws and regulations of the European Union, the EEA and their Member States, Switzerland, the United Kingdom, and the United States, each to the extent applicable to the Parties’ Processing of Personal Data under the Agreement.
- “Disclosing Party” the Party that discloses or shares Personal Data to the other Party under the Agreement.
- “EEA” means the European Economic Area.
- “Extended EEA Country” means a country within the EEA, Switzerland or the United Kingdom, and Extended EEA Countries means the foregoing countries collectively.
- “Member State(s)” means a country that belongs to the European Union and/or the EEA.
- “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier or such equivalent term under Data Protection Laws. For the purposes of this Addendum, Personal Data refers to Personal Data that is shared or disclosed between the Parties under the Agreement.
- “Standard Contractual Clauses” or “SCCs” means the “standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council adopted by the European Commission decision of 4 June 2021” and published under document number C (2021) 3972 available at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=en and as may be otherwise amended or updated from time to time.
- “Receiving Party” the Party that receives or shares Personal Data from the other Party under the Agreement.
- Representations and Warranties. The Parties acknowledge and agree that each Party acts as a separate Controller of the Personal Data shared between the Parties under the Agreement. The Disclosing Party hereby represents, warrants and covenants to that: (a) it has obtained any and all required consents, rights, legal bases and/or licenses to collect and share the Personal Data with the Receiving Party for the purposes permitted under the Agreement , including, where applicable, to communicate with the leads, to send marketing and sales communications; (b) the Personal Data has been legally collected by the Disclosing Party; and (c) it has complied and shall comply with any and all applicable laws (including, but not limited to Data Protection Laws) in the performance of its obligations hereunder and Processing of the Personal Data.
- Data Privacy.
- Restrictions on Use. The Disclosing Party discloses Personal Data to the Receiving Party solely for the purposes permitted by the Agreement. The Receiving Party will not “Sell” or “Share” (as both terms are defined in applicable Data Protection Laws) Personal Data provided by Counterparty pursuant to the Agreement, or otherwise retain, use, disclose, or process Personal Data, for any purpose other than for the specific purposes set forth herein or otherwise outside the direct business relationship between the parties. The Receiving Party will comply with all applicable requirements of applicable Data Protection Law, including but not limited to by: (i) providing the same level of privacy protection to Personal Data as required the Disclosing Party under applicable Data Protection Law, and in no event less than a reasonable standard of care; (ii) providing any required disclosures, such as privacy policies, notices at collection, or opt out notices to consumers whose Personal Data the Receiving Party processes; and (iii) implementing appropriate technical and organizational measures to ensure a level of security for the Personal Data appropriate to the risk. The Disclosing Party shall have the right, upon reasonable notice to the Receiving Party, to take reasonable and appropriate steps to help ensure that the Receiving Party uses the Personal Data transferred in a manner consistent with Data Protection Laws and to stop and remediate unauthorized use of Personal Data. Each Party shall establish and maintain a procedure to enable individuals to exercise their rights under Data Protection Laws and shall provide reasonable assistance to the other Party in responding to any such requests; and will honor and notify the other Party of a request by any individual whose information is contained in the Personal Data to opt out of or withdraw consent to the Processing of their Personal Data. A Party shall notify the other Party if it makes a determination that it can no longer meet its obligations under this Addendum and in such case each Party shall be entitled to terminate the Agreement.
- Data Transfers. To the extent that the Personal Data is subject to Data Protection Laws of an Extended EEA Country and as a result of the provision of such Personal Data by the Disclosing Party to the Receiving Party, there is a transfer of Personal Data from the Extended EEA Countries to countries outside the Extended EEA Countries which are not subject to an adequacy decision published by the relevant data protection authorities of the Extended EEA Countries (“Third Countries”), the Parties agree that such transfers shall be undertaken on the basis of Module 1 (Controller to Controller) of the Standard Contractual Clauses which will be deemed to have been signed by each Party on the Effective Date of the Agreement, are incorporated herein by reference and construed in accordance with Schedule 1 below, unless another mechanism provided for in the Data Protection Laws of the applicable Extended EEA Country applies.
Schedule 1
- Incorporation and interpretation of the Standard Contractual Clauses
- In relation to transfers of Personal Data which is subject to Data Protection Laws of the EEA Extended Countries to Third Countries, the Parties agree that: Module One (Transfer Controller to Controller) of the Standard Contractual Clauses shall apply.
- Where the data exporter is an Affiliate of the Disclosing Party, the Standard Contractual Clauses shall constitute a separate agreement between such Affiliate acting as a data exporter and the Disclosing Party acting as data importer.
- The Parties acknowledge that the information required to be provided in the Standard Contractual Clauses, including the appendices, is set out in the Appendix below.
- If there is a conflict between the provisions of this Addendum, the Agreement and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail, provided that, except to the extent prohibited by applicable law, the Standard Contractual Clauses shall be interpreted in accordance with and subject this Addendum and the Agreement.
- If any provision or part-provision of this Addendum and/or the Agreement causes the Standard Contractual Clauses to become an invalid export mechanism in the relevant Extended EEA Country, it shall be deemed deleted but that shall not affect the validity and enforceability of the rest of this Addendum and/or the Agreement and the Parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
- Notwithstanding anything to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is the UK, template Addendum B.1.0 issued by the UK ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses, (the “UK Approved Addendum”) shall amend the Standard Contractual Clauses in respect of such transfers and Part 1 of the UK Approved Addendum shall be populated as set out below:
- Table 1. The “start date” will be the date this DPA enters into force. The “Parties” are set forth in the Appendix below.
- Table 2. The “Addendum EU SCCs” are the modules and clauses of the Standard Contractual Clauses selected in relation to a particular transfer in accordance with paragraphs 1.1 of this Schedule.
- Table 3. The “Appendix Information” is as set out in Appendix to this Schedule.
- Table 4. Neither party may end the UK Approved Addendum in accordance with its Section 19.
- Except where paragraph 1.6 above applies, but notwithstanding anything else to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is not a Member State of the European Union, references in the Standard Contractual Clauses to:
- “Member States of the European Union” shall refer to the applicable Extended EEA Country in which the data exporter is established or from where the transferred Personal Data originated (as applicable);
- “the GDPR” shall refer to the Data Protection Laws of the Extended EEA Country in which the data exporter is established or from where the Personal Data originated; and
- “supervisory authority” shall refer to the data protection authority in the Extended EEA Country as determined in Annex I(C) below.
Appendix
A. LIST OF THE PARTIES | |
Data Exporter: | Counterparty or Wiz or Counterparty or Wiz Affiliate, in each case to the extent applicable in respect of the specific transfer |
Data Importer: | Counterparty or Wiz, in each case to the extent applicable in respect of the specific transfer |
B. DETAILS OF PROCESSING/TRANSFER | |
CATEGORIES OF DATA SUBJECTS | Leads, event attendees, prospective customers, partners or candidates (where applicable) |
CATEGORIES OF PERSONAL DATA | Business contact information such as name, email address, phone number, role, company and/or where applicable candidate reference information including curriculum vitae and/or such other information provided by candidates within the recruitment process. |
SPECIAL CATEGORIES OF DATA (IF APPLICABLE) | N/A |
FREQUENCY OF THE TRANSFER | As regular as is required in connection with the Parties’ performance of the Agreement |
NATURE AND PURPOSE OF THE PROCESSING | The Personal Data will be processed in connection with the Parties’ performance of the Agreement. |
RETENTION | Personal Data will be retained in accordance with the data importer’s retention policies. |
C. COMPETENT SUPERVISORY AUTHORITY | |
Identify the competent supervisory authority/ies in accordance with Clause 13: (a)Where an EU Representative has not been appointed by data exporter, the competent supervisory authority shall be the supervisory authority of the Netherlands. (b)Where the data exporter is established outside of the EU, but within an Extended EEA Country, the competent supervisory authority shall be the supervisory authority of the Extended EEA Country in which the data exporter is established. (c)Where the data exporter is established outside an Extended EEA Country and the Personal Data originates from an Extended EEA Country which is not in the EU, the supervisory authority shall be the supervisory authority of the Extended EEA Country from which the Personal Data originated. | |
D. GOVERNING LAW AND CHOICE OF FORUM | |
GOVERNING LAW | For the purposes of Clause 17 of the Standard Contractual Clauses the Parties select OPTION 1: (a) where the data exporter is established in the EU or otherwise if the personal data originates from the EU, the Parties select the laws of the Netherlands (b) where the data exporter is established outside the EU but within an Extended EEA Country, the Parties select the laws of the Extended EEA Country where the data exporter is established (c) subject to (a) above, where the data exporter is established outside an Extended EEA Country, the parties select the laws of the Extended EEA Country where the personal data originates from |
CHOICE OF FORUM | For the purposes of Clause 18 of the SCCs: (a) where the data exporter is established in the EU or otherwise if the personal data originates from the EU, the Parties select the courts of the Netherlands (b) where the data exporter is established outside the EU but within an Extended EEA Country, the Parties select the courts of the Extended EEA Country in which the data exporter is established (c) subject to (a) above, where the data exporter is established outside an Extended EEA Country, the parties select the courts of the Extended EEA Country where the personal data originates from |
TECHNICAL AND ORGANISATIONAL MEASURES | Each Party shall have adequate security measures in order to protect the Personal Data in compliance with Data Protection Laws. |
E. OTHER | |
Where the Standard Contractual Clauses identify optional provisions (or provisions with multiple options) the following will apply: (a) For Clause 7 (Docking Clause), the optional provision will apply. (b) For Clause 11(a) (Redress) – the optional provision will not apply. | |
Effective October 9th 2023 to November 13th 2023
DownloadTable of Contents
- Definitions.
- “Controller” or “Business” as relevant under applicable Data Protection Laws, means the entity which determines the purposes and means of the Processing of Personal Data or such equivalent term under Data Protection Laws.
- “Data Protection Laws” means all laws and regulations relating to data protection, security and privacy, including but not limited to the laws and regulations of the European Union, the EEA and their Member States, Switzerland, the United Kingdom, and the United States, each to the extent applicable to the Parties’ Processing of Personal Data under the Agreement.
- “Disclosing Party” the Party that discloses or shares Personal Data to the other Party under the Agreement.
- “EEA” means the European Economic Area.
- “Extended EEA Country” means a country within the EEA, Switzerland or the United Kingdom, and Extended EEA Countries means the foregoing countries collectively.
- “Member State(s)” means a country that belongs to the European Union and/or the EEA.
- “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier or such equivalent term under Data Protection Laws. For the purposes of this Addendum, Personal Data refers to Personal Data that is shared or disclosed between the Parties under the Agreement.
- “Standard Contractual Clauses” or “SCCs” means the “standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council adopted by the European Commission decision of 4 June 2021” and published under document number C (2021) 3972 available at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=en and as may be otherwise amended or updated from time to time.
- “Receiving Party” the Party that receives or shares Personal Data from the other Party under the Agreement.
- Representations and Warranties. The Parties acknowledge and agree that each Party acts as a separate Controller of the Personal Data shared between the Parties under the Agreement. The Disclosing Party hereby represents, warrants and covenants to that: (a) it has obtained any and all required consents, rights, legal bases and/or licenses to collect and share the Personal Data with the Receiving Party for the purposes permitted under the Agreement , including, where applicable, to communicate with the leads, to send marketing and sales communications; (b) the Personal Data has been legally collected by the Disclosing Party; and (c) it has complied and shall comply with any and all applicable laws (including, but not limited to Data Protection Laws) in the performance of its obligations hereunder and Processing of the Personal Data.
- Data Privacy.
- Restrictions on Use. The Disclosing Party discloses Personal Data to the Receiving Party solely for the purposes permitted by the Agreement. The Receiving Party will not “Sell” or “Share” (as both terms are defined in applicable Data Protection Laws) Personal Data provided by Counterparty pursuant to the Agreement, or otherwise retain, use, disclose, or process Personal Data, for any purpose other than for the specific purposes set forth herein or otherwise outside the direct business relationship between the parties. The Receiving Party will comply with all applicable requirements of applicable Data Protection Law, including but not limited to by: (i) providing the same level of privacy protection to Personal Data as required the Disclosing Party under applicable Data Protection Law, and in no event less than a reasonable standard of care; (ii) providing any required disclosures, such as privacy policies, notices at collection, or opt out notices to consumers whose Personal Data the Receiving Party processes; and (iii) implementing appropriate technical and organizational measures to ensure a level of security for the Personal Data appropriate to the risk. The Disclosing Party shall have the right, upon reasonable notice to the Receiving Party, to take reasonable and appropriate steps to help ensure that the Receiving Party uses the Personal Data transferred in a manner consistent with Data Protection Laws and to stop and remediate unauthorized use of Personal Data. The Receiving Party shall notify the Disclosing Party if it makes a determination that it can no longer meet its obligations under this Addendum and in such case each Party shall be entitled to terminate the Agreement.
- Data Transfers. To the extent that the Personal Data is subject to Data Protection Laws of an Extended EEA Country and as a result of the provision of such Personal Data by the Disclosing Party to the Receiving Party, there is a transfer of Personal Data from the Extended EEA Countries to countries outside the Extended EEA Countries which are not subject to an adequacy decision published by the relevant data protection authorities of the Extended EEA Countries (“Third Countries”), the Parties agree that such transfers shall be undertaken on the basis of Module 1 (Controller to Controller) of the Standard Contractual Clauses which will be deemed to have been signed by each Party on the Effective Date of the Agreement, are incorporated herein by reference and construed in accordance with Schedule 1 below, unless another mechanism provided for in the Data Protection Laws of the applicable Extended EEA Country applies.
- Incorporation and interpretation of the Standard Contractual Clauses
1.1. In relation to transfers of Personal Data which is subject to Data Protection Laws of the EEA Extended Countries to Third Countries, the Parties agree that: Module One (Transfer Controller to Controller) of the Standard Contractual Clauses shall apply.
1.2. Where the data exporter is an Affiliate of the Disclosing Party, the Standard Contractual Clauses shall constitute a separate agreement between such Affiliate acting as a data exporter and the Disclosing Party acting as data importer.
1.3. The Parties acknowledge that the information required to be provided in the Standard Contractual Clauses, including the appendices, is set out in the Appendix below.
1.4. If there is a conflict between the provisions of this Addendum, the Agreement and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail, provided that, except to the extent prohibited by applicable law, the Standard Contractual Clauses shall be interpreted in accordance with and subject this Addendum and the Agreement.
1.5. If any provision or part-provision of this Addendum and/or the Agreement causes the Standard Contractual Clauses to become an invalid export mechanism in the relevant Extended EEA Country, it shall be deemed deleted but that shall not affect the validity and enforceability of the rest of this Addendum and/or the Agreement and the Parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
1.6. Notwithstanding anything to the contrary, where the applicable Extended EEA Country where the data exporter is established or from where the transferred personal data originated is the UK, template Addendum B.1.0 issued by the UK ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses, (the “UK Approved Addendum”) shall amend the Standard Contractual Clauses in respect of such transfers and Part 1 of the UK Approved Addendum shall be populated as set out below:- Table 1. The “start date” will be the date this DPA enters into force. The “Parties” are set forth in the Appendix below.
- Table 2. The “Addendum EU SCCs” are the modules and clauses of the Standard Contractual Clauses selected in relation to a particular transfer in accordance with paragraphs 1.1 of this Schedule.
- Table 3. The “Appendix Information” is as set out in Appendix to this Schedule.
- Table 4. Neither party may end the UK Approved Addendum in accordance with its Section 19.
- Member States of the European Union” shall refer to the applicable Extended EEA Country in which the data exporter is established or from where the transferred Personal Data originated (as applicable);
- “the GDPR” shall refer to the Data Protection Laws of the Extended EEA Country in which the data exporter is established or from where the Personal Data originated; and
- “supervisory authority” shall refer to the data protection authority in the Extended EEA Country as determined in Annex I(C) below.
A. LIST OF THE PARTIES | |
Data Exporter: | Counterparty or Wiz or Counterparty or Wiz Affiliate, in each case to the extent applicable in respect of the specific transfer |
Data Importer: | Counterparty or Wiz, in each case to the extent applicable in respect of the specific transfer |
B. DETAILS OF PROCESSING/TRANSFER | |
CATEGORIES OF DATA SUBJECTS | Leads, event attendees, prospective customers or partners |
CATEGORIES OF PERSONAL DATA | Business contact information such as name, email address, phone number, role, company |
SPECIAL CATEGORIES OF DATA (IF APPLICABLE) | N/A |
FREQUENCY OF THE TRANSFER | As regular as is required in connection with the Parties’ performance of the Agreement |
NATURE AND PURPOSE OF THE PROCESSING | The Personal Data will be processed in connection with the Parties’ performance of the Agreement. |
RETENTION | Personal Data will be retained in accordance with the data importer’s retention policies. |
C. COMPETENT SUPERVISORY AUTHORITY | |
Identify the competent supervisory authority/ies in accordance with Clause 13: (a)Where an EU Representative has not been appointed by data exporter, the competent supervisory authority shall be the supervisory authority of the Netherlands. (b)Where the data exporter is established outside of the EU, but within an Extended EEA Country, the competent supervisory authority shall be the supervisory authority of the Extended EEA Country in which the data exporter is established. (c)Where the data exporter is established outside an Extended EEA Country and the Personal Data originates from an Extended EEA Country which is not in the EU, the supervisory authority shall be the supervisory authority of the Extended EEA Country from which the Personal Data originated. | |
D. GOVERNING LAW AND CHOICE OF FORUM | |
GOVERNING LAW | For the purposes of Clause 17 of the Standard Contractual Clauses the Parties select OPTION 1: (a) where the data exporter is established in the EU or otherwise if the personal data originates from the EU, the Parties select the laws of the Netherlands (b) where the data exporter is established outside the EU but within an Extended EEA Country, the Parties select the laws of the Extended EEA Country where the data exporter is established (c) subject to (a) above, where the data exporter is established outside an Extended EEA Country, the parties select the laws of the Extended EEA Country where the personal data originates from |
CHOICE OF FORUM | For the purposes of Clause 18 of the SCCs:
outside an Extended EEA Country, the parties select the courts of the Extended EEA Country where the personal data originates from |
TECHNICAL AND ORGANISATIONAL MEASURES | Each Party shall have adequate security measures in order to protect the Personal Data in compliance with Data Protection Laws. |
E. OTHER | |
Where the Standard Contractual Clauses identify optional provisions (or provisions with multiple options) the following will apply: (a) For Clause 7 (Docking Clause), the optional provision will apply. (b) For Clause 11(a) (Redress) – the optional provision will not apply. | |
Wiz Security Addendum
Effective April 14th 2025
DownloadTable of Contents
Wiz Security Addendum
This Wiz Security Addendum is incorporated into and made a part of the Wiz Subscription Agreement or other written agreement between Wiz and Customer that references this document (the “Agreement”) and any capitalized terms used but not defined herein shall have the meaning set forth in the Agreement.
Wiz has implemented a comprehensive security, compliance and privacy management program under which Wiz maintains industry standard physical, administrative, organizational and technical safeguards designed to protect the confidentiality, integrity, availability, and security of the Services and Customer Data, including the measures set forth herein (the “Security Program”). Wiz regularly tests and evaluates its Security Program and may review and update its Security Program as well as this Wiz Security Addendum from time to time including to take in account technological developments, provided, however, that such updates shall be designed to enhance and not materially diminish the Security Program.
- IaaS and hosting.
- IaaS Provider. Wiz’s Platform is hosted on AWS.
- Hosting location. Wiz offers hosting in several locations including in the US, the EU and the UK. Customer may select the region in which their Wiz tenant will be hosted prior to the tenant being created.
- Wiz’s Audits & Certifications.
- Certifications. Wiz shall be assessed by independent third-party auditors on at least an annual basis under the following audits and certifications (“Third Party Certifications”): SOC2 Type 2, SOC3, ISO 27001, ISO 27701, ISO 27017 and/or ISO 27018. Wiz shall make available to Customer such Third-Party Certifications upon Customer’s written request. To the extent Wiz decides to discontinue a Third-Party Certification, Wiz will adopt or maintain an equivalent, industry-recognized framework or standard.
- PCI-DSS. To the extent Wiz processes cardholder data in the provision of Services, Wiz shall perform a Payment Card Industry Data Security Standard Attestation of Compliance (“AOC”) for Service Providers on an annual basis and shall provide such AOC to Customer upon Customer’s written request.
- Encryption.
- Encryption of Customer Data. Customer Data shall be encrypted by Wiz in transit (TLS 1.2. or above) and at rest (AES 256).
- Key Management. Wiz utilizes AWS’ Key Management System (KMS) to encrypt Customer Data. Keys are rotated periodically and are stored only in the KMS in the region of the Customer’s Wiz tenant.
- Authentication, Authorization, and Credential Management.
- User Authentication (Wiz Employees). Wiz enforces user authentication and authorization on Wiz systems via Single Sign-on (“SSO”) and multifactor authentication (“MFA”).
- User Authentication (Customer using Wiz). Wiz supports SAML 2.0 compliant SSO applications, allowing customers to manage authentication for their own Wiz tenant.
- Secure Storage of Credentials. Wiz uses managed authentication services (Okta for Wiz’s employee environment; Amazon Cognito for Wiz’s software platform) to handle authentication and associated credential management, including encryption in-motion and at-rest for passwords and other forms of credentials. Cloud-native Key Management Systems, such as AWS KMS, are used to store other forms of access tokens and secrets.
- Role-based Access Control (RBAC) for Wiz Employees. Access to Wiz information assets is restricted, and is granted to Wiz employees and contractors in order to fulfill their duties on a need-to-use basis and following the least privilege principle. Wiz employees and contractors are not granted access to any information asset that is not required by their work at Wiz. Wiz has defined various user roles, according to the positions and activities in the company. Each Wiz employee and contractor is assigned one of these roles and receives access control privileges relevant to that role. Quarterly reviews for user access will be conducted and access will be immediately revoked for unrequired access.
- Role-based Access Control for Customers using Wiz. Wiz provides customers with the ability to define roles for their own Wiz users that control the information they see and the actions they perform.
- Access to Customer Data. Wiz personnel will not access Customer Data except (i) as reasonably necessary to provide the Wiz Services under the Agreement; (ii) with Customer’s permission; or (ii) to comply with the law or a binding order of a governmental body.
- Minimum password requirements. Wiz shall follow the guidance provided by NIST 800-63B Digital Identity Guidelines to enforce password security controls, including length, complexity, re-use, lock-out, and use of multi-factor authentication. Passwords must never be stored in plain-text nor transmitted over unencrypted channels.
- Session lifespan. Single-sign on sessions expire after 8 hours of inactivity with a maximum duration of 12 hours.
- Workstation and Device Security
- Session Lock out. End-user devices are set to screen lock and require a password after 15 minutes of inactivity.
- Workstation Security Controls. For access to Wiz systems, Wiz personnel must use Wiz-issued laptops which utilize security controls that include, but are not limited to, (i) disk encryption, (ii) endpoint firewall, (iii) anti-malware and endpoint detection and response (EDR) tools, and (iv) vulnerability management tools in accordance with Section 9.1 (Vulnerability & Detection Management).
- Anti-malware. Wiz maintains anti-malware controls to automatically detect and prevent malicious files, user activity, and network activity on Wiz workstations, within Wiz’s e-mail, and within Wiz’s corporate cloud storage solutions.
- Workstation Management and Hardening. Wiz utilizes system management technologies to ensure that all endpoints are appropriately configured, hardened, and patched following Wiz’s technical procedures and applicable industry standards such as CIS Benchmarks.
- Data Loss Prevention. Wiz utilizes Data Loss Prevention (DLP) technologies to monitor and control sensitive information that is stored or accessed on systems. Wiz workstations are restricted from using removable storage devices and media.
- Cloud Infrastructure Security
- Separation of Environments. Wiz’s cloud network is divided into three segregated network environments: The development network, the staging network, and the production network. Each of these environments is segregated from the others and has its own privilege allocation and access control. There is no shared network, communication, or co-operation between the networks. Customer Data is never stored or accessed in development environments.
- Infrastructure as Code. Wiz’s cloud production environments are configured, provisioned, and managed through Infrastructure as Code (IaC), and subject to the controls defined in Wiz’s Software Development Lifecycle (SDLC).
- Remote Access. Wiz enforces device, network, authentication, and resource-specific authorization controls to limit access to development and production environments. Wiz does not automatically confer privileged access to any workstations or devices based on location.
- Network Security. Wiz utilizes cloud-native network security technologies, including network security groups, Web Application Firewalls, access gateways, application load balancers, and VPC configurations, to restrict ingress and egress traffic in cloud environments to the minimum sets of services and addresses required for business functionality.
- Cloud Infrastructure Hardening. Wiz utilizes its own instance of the Platform (“Wiz for Wiz”) in conjunction with cloud-native security services to ensure that cloud resources are configured and secured in accordance with Wiz’s internal technical procedures and industry standards such as the CIS AWS benchmarks.
- Anti-malware. Wiz utilizes Wiz for Wiz in conjunction with cloud-native security services to detect and respond to potentially malicious activity on its cloud-hosted workloads or networks.
- Monitoring & Logging.
- Logging. Wiz maintains security auditing and logging capabilities for the infrastructure, SaaS applications, and cloud services that support its corporate, development, and production environments in accordance with Wiz’s Information Security Policies. The use and activity of Wiz information assets is logged and audited for suspicious activity. Wiz preserves security-related logs for a minimum of 12 months unless otherwise specified in its security policies and procedures.
- Detection and Response Operations. Wiz uses Security Information Event Management (SIEM), Detection, and Alert Notification technologies to centralize and analyze logs, apply detection criteria, and escalate and route events to the appropriate security teams.
- Customer Access to Logs. Customers have access to system and user activity logs for their respective Wiz tenant via the Platform, and can export these logs to their own log storage or SIEM platforms as described in the Documentation.
- Security in the development process.
- SDLC. Software development in Wiz is performed according to Wiz’s Change Management & Software Development Life Cycle (SDLC) procedures.
- Security Reviews. Wiz conducts security reviews for significant changes, such as major new product features or changes that impact Wiz’s security posture, during the design and development process.
- Peer Reviews. Code changes must undergo secondary review and approval before being promoted to production.
- Security Testing within the SDLC. Wiz uses security technologies to automatically scan for vulnerabilities, exposed secrets, and code security risks as part of the CI/CD pipeline.
- Vulnerability Detection & Management.
- Vulnerability Detection & Management. Wiz shall maintain a continuous vulnerability management process across its corporate and production environments to ensure that vulnerabilities and other threats are quickly identified, prioritized, and remediated. This includes carrying out internal vulnerability tests daily and external vulnerability tests regularly (at least quarterly). Vulnerabilities shall be remediated according to Wiz’s Vulnerability Management Policy which shall meet or exceed industry standards. Wiz uses the Common Vulnerability Scoring System (CVSS) v3.1 and National Vulnerability Database (NVD) ratings as guidelines for patch prioritization and scheduling.
- Penetration Testing. Wiz shall engage one or more independent third parties to conduct penetration tests of the Service at least annually and upon major changes to the Services. Wiz will provide summary results of penetration tests to Customer upon written request.
- Administrative & Organizational Controls.
- Personnel Security. All prospective Wiz employees go through pre-employment reference and/or background checks, according to the local HR policies and applicable laws.
- Personnel Agreements. All Wiz employees and contractors are required to sign a contract which includes a confidentiality obligation and are provided with Wiz’s security policies, including Wiz’s Acceptable Use Policy, when their work commences. Any change in an employee's position in Wiz or change in his or her access privileges immediately affects the employee's access via the centralized access control system.
- Personnel Training. All Wiz employees are required to complete security and privacy awareness training during onboarding and on at least an annual basis.
- Vendor Risk Management. Wiz maintains a third-party vendor risk management program, which includes a compliance, security, and privacy review for every third-party used in the provision of the Services and/or with access to Customer Data. The results of the risk assessment are reviewed by the security, legal and privacy team to ensure the third party maintains security measures consistent with the measures hereunder.
- Physical & Environmental Controls.
- Cloud Environment Data Centers. Wiz only utilizes leading cloud providers who shall be required to have a SOC 2 Type II annual audit and ISO 27001 certification, or industry recognized equivalent frameworks.
- Wiz Corporate Offices. Wiz's employees and subcontractors in each of Wiz’s offices are subject to Wiz's physical minimum-security requirements which include use of CCTV with a defined retention period in accordance with applicable laws, badge only access with regular access reviews and requirements for visitors to be logged and accompanied by Wiz authorized personnel.
- Security Incident Notification and Response.
- Wiz shall maintain a formal documented Information Security Incident Management Program designed to provide an effective and consistent process for managing security incidents.
- Security Incident notification. In any event of a reasonably suspected or successful unauthorized access, use, disclosure, modification, or destruction of Customer Data (“Security Incident”), Wiz will notify Customer within 48 hours of becoming aware of the Security Incident and shall promptly take reasonable steps to contain, investigate, and mitigate such Security Incident. Wiz shall provide Customer with assistance and information as reasonably required by Customer in order to fulfil its legal obligations.
- Security Incident Reporting and Response. Security Incidents are reported to Wiz’s Chief Information Security Officer (CISO). The CISO acts according to Wiz's Incident Response Plan in classifying, handling, documenting, and reporting any incident. Customer may request a copy of Wiz’s Incident Response Plan.
- Backup, Business Continuity & Disaster Recovery
- Business Continuity and Disaster Recovery Plan. Wiz maintains industry standard business continuity and disaster recovery procedures, as further described in Wiz’s Enterprise Resilience Policy (“BCDRP”), and will implement these procedures to minimize the impact of events, whether related to technology or operational failures, that may affect Wiz’s ability to provide the Services. Wiz shall provide Customer with its BCDRP policy and procedures upon Customer’s written request. Wiz’s RTO shall not exceed 24 hours.
- Testing of BCDRP. Wiz shall conduct testing of its BCDRP at least annually and shall make the results of such testing available to Customer upon written request.
- Backups and Disaster Recovery. Wiz leverages multiple Amazon services to backup Customer Data on both daily and monthly schedules. Each Customer tenant is allocated a disaster recovery tenant in a geographically distinct area. Where possible, Wiz will use a disaster recovery region in the same jurisdiction as the main data center. Wiz also keeps full and incremental backups of critical corporate data and logs in geographically distinct datacenters.
- Customer Audit Rights. Upon Customer’s written request at reasonable intervals, and subject to the confidentiality obligations set forth in the Agreement, Wiz shall make available to Customer (or Customer’s independent, third-party auditor that is not reasonably objected to by Wiz and that is bound by confidentiality obligations, (“Permitted Auditor”)) a copy of Wiz’s Third Party Certifications. Any Third Party Certifications and/or documentation made available by Wiz to Customer in accordance with this Section shall be Wiz’s Confidential Information and shall only be used by Customer to assess compliance with this Security Addendum, and shall not be used for any other purpose or disclosed to any third party without Wiz’s prior written approval and upon Wiz’s request, Customer shall return all such documentation in Customer’s possession or control. To the greatest extent possible, Customer shall utilize Wiz’s Third Party Certifications and other security documentation and policies made available to Customer on Wiz’s Trust Center to assess Wiz’s compliance with its obligations under this Security Addendum. Only to the extent that Customer is not able to do so, and in any event, no more than once per year (except if otherwise required by applicable law) and following at least 45 days’ notice in writing from Customer, at Customer’s cost and expense, Wiz shall allow for and contribute to remote audits conducted by Customer or a Permitted Auditor. The Parties shall agree on the scope, methodology, timing and conditions of such audits in advance. Customer shall use reasonable endeavors to ensure that the conduct of each audit does not disrupt Wiz’s business. In no event shall Customer be permitted to access any information, including without limitation, data that belongs to Wiz’s other customers or such other information that is not relevant to Wiz’s compliance with this the DPA. Unless otherwise agreed by the Parties, Customer shall use reasonable efforts to carry out the audit of Wiz’s compliance with this Security Addendum together with the audit of Wiz’s compliance with the DPA.
- Shared Responsibility. Without derogating from Wiz’s obligations hereunder, Customer acknowledges that it is responsible for implementing, running and managing the Platform on a day-to-day basis. In addition, Customer acknowledges and agrees that it has obligations with respect to the security of the Customer Data and the Services. Customer’s responsibility includes but is not limited to: (i) the security of cloud environments it owns, operates, and connects to Wiz, and for configuration of its instance(s) of the Wiz Platform; (ii) provisioning Permitted Users with access to Customer’s instance of the Wiz Platform, including: (a) managing instance-level administrators and other user privileges; (b) deauthorizing Permitted Users who no longer need access; (c) provisioning and configuring service account or API access; (d) enabling integrations with customer-owned or third-party technologies; and (e) ensuring that all Permitted User’s keep all Wiz credential’s confidential; and (iii) updating any Wiz provided software upon Wiz’s announcement of such updates. A detailed overview of the parties' respective obligations as they relate to Customer’s use of the Services is set forth in Wiz’s Shared Responsibility Model described at https://docs.wiz.io/wiz-docs/docs/shared-responsibility-model. Wiz may update the Shared Responsibility from time to time, provided that any such update will not materially degrade the Parties’ rights and obligations thereunder. Wiz provides customers with audit logs that record customer user account and application activity occurring within their respective Wiz Platform instance(s), however, Customer is responsible for monitoring its own instance’s audit logs for security or other purposes. Customer agrees to notify Wiz upon becoming aware of any reasonably suspected unauthorized access to the Platform.
Effective August 27th 2024 to April 14th 2025
DownloadTable of Contents
Wiz Security Addendum
This Wiz Security Addendum is incorporated into and made a part of the Wiz Subscription Agreement or other written agreement between Wiz and Customer that references this document (the “Agreement”) and any capitalized terms used but not defined herein shall have the meaning set forth in the Agreement.
Wiz has implemented a comprehensive security, compliance and privacy management program under which Wiz maintains industry standard physical, administrative, organizational and technical safeguards designed to protect the confidentiality, integrity, availability, and security of the Services and Customer Data, including the measures set forth herein (the “Security Program”). Wiz regularly tests and evaluates its Security Program and may review and update its Security Program as well as this Wiz Security Addendum from time to time including to take in account technological developments, provided, however, that such updates shall be designed to enhance and not materially diminish the Security Program.
- IaaS and hosting.
- IaaS Provider. Wiz’s Platform is hosted on AWS.
- Hosting location. Wiz offers hosting in several locations including in the US, the EU and the UK. Customer may select the region in which their Wiz tenant will be hosted prior to the tenant being created.
- Wiz’s Audits & Certifications.
- Certifications. Wiz shall be assessed by independent third-party auditors on at least an annual basis under the following audits and certifications (“Third Party Certifications”): SOC2 Type 2, SOC3, ISO 27001, ISO 27701, ISO 27017 and/or ISO 27018. Wiz shall make available to Customer such Third-Party Certifications upon Customer’s written request. To the extent Wiz decides to discontinue a Third-Party Certification, Wiz will adopt or maintain an equivalent, industry-recognized framework or standard.
- PCI-DSS. To the extent Wiz processes cardholder data in the provision of Services, Wiz shall perform a Payment Card Industry Data Security Standard Attestation of Compliance (“AOC”) for Service Providers on an annual basis and shall provide such AOC to Customer upon Customer’s written request.
- Encryption.
- Encryption of Customer Data. Customer Data shall be encrypted by Wiz in transit (TLS 1.2. or above) and at rest (AES 256).
- Key Management. Wiz utilizes AWS’ Key Management System (KMS) to encrypt Customer Data. Keys are rotated periodically and are stored only in the KMS in the region of the Customer’s Wiz tenant.
- Authentication, Authorization, and Credential Management.
- User Authentication (Wiz Employees). Wiz enforces user authentication and authorization on Wiz systems via Single Sign-on (“SSO”) and multifactor authentication (“MFA”).
- User Authentication (Customer using Wiz). Wiz supports SAML 2.0 compliant SSO applications, allowing customers to manage authentication for their own Wiz tenant.
- Secure Storage of Credentials. Wiz uses managed authentication services (Okta for Wiz’s employee environment; Amazon Cognito for Wiz’s software platform) to handle authentication and associated credential management, including encryption in-motion and at-rest for passwords and other forms of credentials. Cloud-native Key Management Systems, such as AWS KMS, are used to store other forms of access tokens and secrets.
- Role-based Access Control (RBAC) for Wiz Employees. Access to Wiz information assets is restricted, and is granted to Wiz employees and contractors in order to fulfill their duties on a need-to-use basis and following the least privilege principle. Wiz employees and contractors are not granted access to any information asset that is not required by their work at Wiz. Wiz has defined various user roles, according to the positions and activities in the company. Each Wiz employee and contractor is assigned one of these roles and receives access control privileges relevant to that role. Quarterly reviews for user access will be conducted and access will be immediately revoked for unrequired access.
- Role-based Access Control for Customers using Wiz. Wiz provides customers with the ability to define roles for their own Wiz users that control the information they see and the actions they perform.
- Access to Customer Data. Wiz personnel will not access Customer Data except (i) as reasonably necessary to provide the Wiz Services under the Agreement; (ii) with Customer’s permission; or (ii) to comply with the law or a binding order of a governmental body.
- Minimum password requirements. Wiz shall follow the guidance provided by NIST 800-63B Digital Identity Guidelines to enforce password security controls, including length, complexity, re-use, lock-out, and use of multi-factor authentication. Passwords must never be stored in plain-text nor transmitted over unencrypted channels.
- Session lifespan. Single-sign on sessions expire after 8 hours of inactivity with a maximum duration of 12 hours.
- Workstation and Device Security
- Session Lock out. End-user devices are set to screen lock and require a password after 15 minutes of inactivity.
- Workstation Security Controls. For access to Wiz systems, Wiz personnel must use Wiz-issued laptops which utilize security controls that include, but are not limited to, (i) disk encryption, (ii) endpoint firewall, (iii) anti-malware and endpoint detection and response (EDR) tools, and (iv) vulnerability management tools in accordance with Section 9.1 (Vulnerability & Detection Management).
- Anti-malware. Wiz maintains anti-malware controls to automatically detect and prevent malicious files, user activity, and network activity on Wiz workstations, within Wiz’s e-mail, and within Wiz’s corporate cloud storage solutions.
- Workstation Management and Hardening. Wiz utilizes system management technologies to ensure that all endpoints are appropriately configured, hardened, and patched following Wiz’s technical procedures and applicable industry standards such as CIS Benchmarks.
- Data Loss Prevention. Wiz utilizes Data Loss Prevention (DLP) technologies to monitor and control sensitive information that is stored or accessed on systems. Wiz workstations are restricted from using removable storage devices and media.
- Cloud Infrastructure Security
- Separation of Environments. Wiz’s cloud network is divided into three segregated network environments: The development network, the staging network, and the production network. Each of these environments is segregated from the others and has its own privilege allocation and access control. There is no shared network, communication, or co-operation between the networks. Customer Data is never stored or accessed in development environments.
- Infrastructure as Code. Wiz’s cloud production environments are configured, provisioned, and managed through Infrastructure as Code (IaC), and subject to the controls defined in Wiz’s Software Development Lifecycle (SDLC).
- Remote Access. Wiz enforces device, network, authentication, and resource-specific authorization controls to limit access to development and production environments. Wiz does not automatically confer privileged access to any workstations or devices based on location.
- Network Security. Wiz utilizes cloud-native network security technologies, including network security groups, Web Application Firewalls, access gateways, application load balancers, and VPC configurations, to restrict ingress and egress traffic in cloud environments to the minimum sets of services and addresses required for business functionality.
- Cloud Infrastructure Hardening. Wiz utilizes its own instance of the Platform (“Wiz for Wiz”) in conjunction with cloud-native security services to ensure that cloud resources are configured and secured in accordance with Wiz’s internal technical procedures and industry standards such as the CIS AWS benchmarks.
- Anti-malware. Wiz utilizes Wiz for Wiz in conjunction with cloud-native security services to detect and respond to potentially malicious activity on its cloud-hosted workloads or networks.
- Monitoring & Logging.
- Logging. Wiz maintains security auditing and logging capabilities for the infrastructure, SaaS applications, and cloud services that support its corporate, development, and production environments in accordance with Wiz’s Information Security Policies. The use and activity of Wiz information assets is logged and audited for suspicious activity. Wiz preserves security-related logs for a minimum of 12 months unless otherwise specified in its security policies and procedures.
- Detection and Response Operations. Wiz uses Security Information Event Management (SIEM), Detection, and Alert Notification technologies to centralize and analyze logs, apply detection criteria, and escalate and route events to the appropriate security teams.
- Customer Access to Logs. Customers have access to system and user activity logs for their respective Wiz tenant via the Platform, and can export these logs to their own log storage or SIEM platforms as described in the Documentation.
- Security in the development process.
- SDLC. Software development in Wiz is performed according to Wiz’s Change Management & Software Development Life Cycle (SDLC) procedures.
- Security Reviews. Wiz conducts security reviews for significant changes, such as major new product features or changes that impact Wiz’s security posture, during the design and development process.
- Peer Reviews. Code changes must undergo secondary review and approval before being promoted to production.
- Security Testing within the SDLC. Wiz uses security technologies to automatically scan for vulnerabilities, exposed secrets, and code security risks as part of the CI/CD pipeline.
- Vulnerability Detection & Management.
- Vulnerability Detection & Management. Wiz shall maintain a continuous vulnerability management process across its corporate and production environments to ensure that vulnerabilities and other threats are quickly identified, prioritized, and remediated. This includes carrying out internal vulnerability tests daily and external vulnerability tests regularly (at least quarterly). Vulnerabilities shall be remediated according to Wiz’s Vulnerability Management Policy which shall meet or exceed industry standards. Wiz uses the Common Vulnerability Scoring System (CVSS) v3.1 and National Vulnerability Database (NVD) ratings as guidelines for patch prioritization and scheduling.
- Penetration Testing. Wiz shall engage one or more independent third parties to conduct penetration tests of the Service at least annually and upon major changes to the Services. Wiz will provide summary results of penetration tests to Customer upon written request.
- Administrative & Organizational Controls.
- Personnel Security. All prospective Wiz employees go through pre-employment reference and/or background checks, according to the local HR policies and applicable laws.
- Personnel Agreements. All Wiz employees and contractors are required to sign a contract which includes a confidentiality obligation and are provided with Wiz’s security policies, including Wiz’s Acceptable Use Policy, when their work commences. Any change in an employee's position in Wiz or change in his or her access privileges immediately affects the employee's access via the centralized access control system.
- Personnel Training. All Wiz employees are required to complete security and privacy awareness training during onboarding and on at least an annual basis.
- Vendor Risk Management. Wiz maintains a third-party vendor risk management program, which includes a compliance, security, and privacy review for every third-party used in the provision of the Services and/or with access to Customer Data. The results of the risk assessment are reviewed by the security, legal and privacy team to ensure the third party maintains security measures consistent with the measures hereunder.
- Physical & Environmental Controls.
- Cloud Environment Data Centers. Wiz only utilizes leading cloud providers who shall be required to have a SOC 2 Type II annual audit and ISO 27001 certification, or industry recognized equivalent frameworks.
- Wiz Corporate Offices. Wiz's employees and subcontractors in each of Wiz’s offices are subject to Wiz's physical minimum-security requirements which include use of CCTV with a defined retention period in accordance with applicable laws, badge only access with regular access reviews and requirements for visitors to be logged and accompanied by Wiz authorized personnel.
- Security Incident Notification and Response.
- Wiz shall maintain a formal documented Information Security Incident Management Program designed to provide an effective and consistent process for managing security incidents.
- Security Incident notification. In any event of a reasonably suspected or successful unauthorized access, use, disclosure, modification, or destruction of Customer Data (“Security Incident”), Wiz will notify Customer within 48 hours of becoming aware of the Security Incident and shall promptly take reasonable steps to contain, investigate, and mitigate such Security Incident. Wiz shall provide Customer with assistance and information as reasonably required by Customer in order to fulfil its legal obligations.
- Security Incident Reporting and Response. Security Incidents are reported to Wiz’s Chief Information Security Officer (CISO). The CISO acts according to Wiz's Incident Response Plan in classifying, handling, documenting, and reporting any incident. Customer may request a copy of Wiz’s Incident Response Plan.
- Backup, Business Continuity & Disaster Recovery
- Business Continuity and Disaster Recovery Plan. Wiz maintains industry standard business continuity and disaster recovery procedures, as further described in Wiz’s Enterprise Resilience Policy (“BCDRP”), and will implement these procedures to minimize the impact of events, whether related to technology or operational failures, that may affect Wiz’s ability to provide the Services. Wiz shall provide Customer with its BCDRP policy and procedures upon Customer’s written request. Wiz’s RTO shall not exceed 24 hours.
- Testing of BCDRP. Wiz shall conduct testing of its BCDRP at least annually and shall make the results of such testing available to Customer upon written request.
- Backups and Disaster Recovery. Wiz leverages multiple Amazon services to backup Customer Data on both daily and monthly schedules. Each Customer tenant is allocated a disaster recovery tenant in a geographically distinct area. Where possible, Wiz will use a disaster recovery region in the same jurisdiction as the main data center. Wiz also keeps full and incremental backups of critical corporate data and logs in geographically distinct datacenters.
- Customer Audit Rights. To the greatest extent possible, Customer shall utilize Wiz’s Third-Party Certifications and other security documentation and policies to assess Wiz’s compliance with its obligations hereunder. Only to the extent that Customer is not able to do so, and in any event, no more than once per year except if required by applicable law, and following at least 45 days’ notice in writing from Customer, Wiz shall provide Customer (and/or Customer’s third party advisors who are not reasonably objected to by Wiz and who are subject to appropriate confidentiality obligations) with access to documents, systems, Wiz employees and electronic data as reasonably necessary in order to audit Wiz’s compliance with its obligations under this Addendum. Wiz shall provide assistance, co-operation, and access reasonably required by Customer in relation to the conduct of such audits. Customer shall use reasonable endeavors to ensure that the conduct of each audit does not disrupt the Wiz’s business. In no event shall Customer be permitted to access to any information, including without limitation, personal data that belongs to Wiz’s other customers or such other information that is not relevant to Wiz’s compliance with this Addendum. Except as required by law, the Parties shall agree on the scope, methodology, timing and conditions of such audits in advance.
- Shared Responsibility. Without derogating from Wiz’s obligations hereunder, Customer acknowledges that it is responsible for implementing, running and managing the Platform on a day-to-day basis. In addition, Customer acknowledges and agrees that it has obligations with respect to the security of the Customer Data and the Services. Customer’s responsibility includes but is not limited to: (i) the security of cloud environments it owns, operates, and connects to Wiz, and for configuration of its instance(s) of the Wiz Platform; (ii) provisioning Permitted Users with access to Customer’s instance of the Wiz Platform, including: (a) managing instance-level administrators and other user privileges; (b) deauthorizing Permitted Users who no longer need access; (c) provisioning and configuring service account or API access; (d) enabling integrations with customer-owned or third-party technologies; and (e) ensuring that all Permitted User’s keep all Wiz credential’s confidential; and (iii) updating any Wiz provided software upon Wiz’s announcement of such updates. A detailed overview of the parties' respective obligations as they relate to Customer’s use of the Services is set forth in Wiz’s Shared Responsibility Model described at https://docs.wiz.io/wiz-docs/docs/shared-responsibility-model. Wiz may update the Shared Responsibility from time to time, provided that any such update will not materially degrade the Parties’ rights and obligations thereunder. Wiz provides customers with audit logs that record customer user account and application activity occurring within their respective Wiz Platform instance(s), however, Customer is responsible for monitoring its own instance’s audit logs for security or other purposes. Customer agrees to notify Wiz upon becoming aware of any reasonably suspected unauthorized access to the Platform.
Effective May 28th 2024 to August 27th 2024
DownloadTable of Contents
Wiz Security Addendum
This Wiz Security Addendum is incorporated into and made a part of the Wiz Master Subscription Agreement or other written agreement between Wiz and Customer that references this document (the “Agreement”) and any capitalized terms used but not defined herein shall have the meaning set forth in the Agreement.
Wiz has implemented a comprehensive security, compliance and privacy management program under which Wiz maintains industry standard physical, administrative, organizational and technical safeguards designed to protect the confidentiality, integrity, availability, and security of the Services and Customer Data, including the measures set forth herein (the “Security Program”). Wiz regularly tests and evaluates its Security Program and may review and update its Security Program as well as this Wiz Security Addendum from time to time including to take in account technological developments, provided, however, that such updates shall be designed to enhance and not materially diminish the Security Program.
- IaaS and hosting.
- IaaS Provider. Wiz’s Platform is hosted on AWS.
- Hosting location. Wiz offers hosting in several locations including in the US, the EU and the UK. Customer may select the region in which their Wiz tenant will be hosted prior to the tenant being created.
- Wiz’s Audits & Certifications.
- Certifications. Wiz shall be assessed by independent third-party auditors on at least an annual basis under the following audits and certifications (“Third Party Certifications”): SOC2 Type 2, SOC3, ISO 27001, ISO 27701, ISO 27017 and/or ISO 27018. Wiz shall make available to Customer such Third-Party Certifications upon Customer’s written request. To the extent Wiz decides to discontinue a Third-Party Certification, Wiz will adopt or maintain an equivalent, industry-recognized framework or standard.
- PCI-DSS. To the extent Wiz processes cardholder data in the provision of Services, Wiz shall perform a Payment Card Industry Data Security Standard Attestation of Compliance (“AOC”) for Service Providers on an annual basis and shall provide such AOC to Customer upon Customer’s written request.
- Encryption.
- Encryption of Customer Data. Customer Data shall be encrypted by Wiz in transit (TLS 1.2. or above) and at rest (AES 256).
- Key Management. Wiz utilizes AWS’ Key Management System (KMS) to encrypt Customer Data. Keys are rotated periodically and are stored only in the KMS in the region of the Customer’s Wiz tenant.
- Authentication, Authorization, and Credential Management.
- User Authentication (Wiz Employees). Wiz enforces user authentication and authorization on Wiz systems via Single Sign-on (“SSO”) and multifactor authentication (“MFA”).
- User Authentication (Customer using Wiz). Wiz supports SAML 2.0 compliant SSO applications, allowing customers to manage authentication for their own Wiz tenant.
- Secure Storage of Credentials. Wiz uses managed authentication services (Okta for Wiz’s employee environment; Amazon Cognito for Wiz’s software platform) to handle authentication and associated credential management, including encryption in-motion and at-rest for passwords and other forms of credentials. Cloud-native Key Management Systems, such as AWS KMS, are used to store other forms of access tokens and secrets.
- Role-based Access Control (RBAC) for Wiz Employees. Access to Wiz information assets is restricted, and is granted to Wiz employees and contractors in order to fulfill their duties on a need-to-use basis and following the least privilege principle. Wiz employees and contractors are not granted access to any information asset that is not required by their work at Wiz. Wiz has defined various user roles, according to the positions and activities in the company. Each Wiz employee and contractor is assigned one of these roles and receives access control privileges relevant to that role. Quarterly reviews for user access will be conducted and access will be immediately revoked for unrequired access.
- Role-based Access Control for Customers using Wiz. Wiz provides customers with the ability to define roles for their own Wiz users that control the information they see and the actions they perform.
- Access to Customer Data. Wiz personnel will not access Customer Data except (i) as reasonably necessary to provide the Wiz Services under the Agreement; (ii) with Customer’s permission; or (ii) to comply with the law or a binding order of a governmental body.
- Minimum password requirements. Wiz shall follow the guidance provided by NIST 800-63B Digital Identity Guidelines to enforce password security controls, including length, complexity, re-use, lock-out, and use of multi-factor authentication. Passwords must never be stored in plain-text nor transmitted over unencrypted channels.
- Session lifespan. Single-sign on sessions expire after 8 hours of inactivity with a maximum duration of 12 hours.
- Workstation and Device Security
- Session Lock out. End-user devices are set to screen lock and require a password after 15 minutes of inactivity.
- Workstation Security Controls. For access to Wiz systems, Wiz personnel must use Wiz-issued laptops which utilize security controls that include, but are not limited to, (i) disk encryption, (ii) endpoint firewall, (iii) anti-malware and endpoint detection and response (EDR) tools, and (iv) vulnerability management tools in accordance with Section 9.1 (Vulnerability & Detection Management).
- Anti-malware. Wiz maintains anti-malware controls to automatically detect and prevent malicious files, user activity, and network activity on Wiz workstations, within Wiz’s e-mail, and within Wiz’s corporate cloud storage solutions.
- Workstation Management and Hardening. Wiz utilizes system management technologies to ensure that all endpoints are appropriately configured, hardened, and patched following Wiz’s technical procedures and applicable industry standards such as CIS Benchmarks.
- Data Loss Prevention. Wiz utilizes Data Loss Prevention (DLP) technologies to monitor and control sensitive information that is stored or accessed on systems. Wiz workstations are restricted from using removable storage devices and media.
- Cloud Infrastructure Security
- Separation of Environments. Wiz’s cloud network is divided into three segregated network environments: The development network, the staging network, and the production network. Each of these environments is segregated from the others and has its own privilege allocation and access control. There is no shared network, communication, or co-operation between the networks. Customer Data is never stored or accessed in development environments.
- Infrastructure as Code. Wiz’s cloud production environments are configured, provisioned, and managed through Infrastructure as Code (IaC), and subject to the controls defined in Wiz’s Software Development Lifecycle (SDLC).
- Remote Access. Wiz enforces device, network, authentication, and resource-specific authorization controls to limit access to development and production environments. Wiz does not automatically confer privileged access to any workstations or devices based on location.
- Network Security. Wiz utilizes cloud-native network security technologies, including network security groups, Web Application Firewalls, access gateways, application load balancers, and VPC configurations, to restrict ingress and egress traffic in cloud environments to the minimum sets of services and addresses required for business functionality.
- Cloud Infrastructure Hardening. Wiz utilizes its own instance of the Platform (“Wiz for Wiz”) in conjunction with cloud-native security services to ensure that cloud resources are configured and secured in accordance with Wiz’s internal technical procedures and industry standards such as the CIS AWS benchmarks.
- Anti-malware. Wiz utilizes Wiz for Wiz in conjunction with cloud-native security services to detect and respond to potentially malicious activity on its cloud-hosted workloads or networks.
- Monitoring & Logging.
- Logging. Wiz maintains security auditing and logging capabilities for the infrastructure, SaaS applications, and cloud services that support its corporate, development, and production environments in accordance with Wiz’s Information Security Policies. The use and activity of Wiz information assets is logged and audited for suspicious activity. Wiz preserves security-related logs for a minimum of 12 months unless otherwise specified in its security policies and procedures.
- Detection and Response Operations. Wiz uses Security Information Event Management (SIEM), Detection, and Alert Notification technologies to centralize and analyze logs, apply detection criteria, and escalate and route events to the appropriate security teams.
- Customer Access to Logs. Customers have access to system and user activity logs for their respective Wiz tenant via the Platform, and can export these logs to their own log storage or SIEM platforms as described in the Documentation.
- Security in the development process.
- SDLC. Software development in Wiz is performed according to Wiz’s Change Management & Software Development Life Cycle (SDLC) procedures.
- Security Reviews. Wiz conducts security reviews for significant changes, such as major new product features or changes that impact Wiz’s security posture, during the design and development process.
- Peer Reviews. Code changes must undergo secondary review and approval before being promoted to production.
- Security Testing within the SDLC. Wiz uses security technologies to automatically scan for vulnerabilities, exposed secrets, and code security risks as part of the CI/CD pipeline.
- Vulnerability Detection & Management.
- Vulnerability Detection & Management. Wiz shall maintain a continuous vulnerability management process across its corporate and production environments to ensure that vulnerabilities and other threats are quickly identified, prioritized, and remediated. This includes carrying out internal vulnerability tests daily and external vulnerability tests regularly (at least quarterly). Vulnerabilities shall be remediated according to Wiz’s Vulnerability Management Policy which shall meet or exceed industry standards. Wiz uses the Common Vulnerability Scoring System (CVSS) v3.1 and National Vulnerability Database (NVD) ratings as guidelines for patch prioritization and scheduling.
- Penetration Testing. Wiz shall engage one or more independent third parties to conduct penetration tests of the Service at least annually and upon major changes to the Services. Wiz will provide summary results of penetration tests to Customer upon written request.
- Administrative & Organizational Controls.
- Personnel Security. All prospective Wiz employees go through pre-employment reference and/or background checks, according to the local HR policies and applicable laws.
- Personnel Agreements. All Wiz employees and contractors are required to sign a contract which includes a confidentiality obligation and are provided with Wiz’s security policies, including Wiz’s Acceptable Use Policy, when their work commences. Any change in an employee's position in Wiz or change in his or her access privileges immediately affects the employee's access via the centralized access control system.
- Personnel Training. All Wiz employees are required to complete security and privacy awareness training during onboarding and on at least an annual basis.
- Vendor Risk Management. Wiz maintains a third-party vendor risk management program, which includes a compliance, security, and privacy review for every third-party used in the provision of the Services and/or with access to Customer Data. The results of the risk assessment are reviewed by the security, legal and privacy team to ensure the third party maintains security measures consistent with the measures hereunder.
- Physical & Environmental Controls.
- Cloud Environment Data Centers. Wiz only utilizes leading cloud providers who shall be required to have a SOC 2 Type II annual audit and ISO 27001 certification, or industry recognized equivalent frameworks.
- Wiz Corporate Offices. Wiz's employees and subcontractors in each of Wiz’s offices are subject to Wiz's physical minimum-security requirements which include use of CCTV with a defined retention period in accordance with applicable laws, badge only access with regular access reviews and requirements for visitors to be logged and accompanied by Wiz authorized personnel.
- Security Incident Notification and Response.
- Wiz shall maintain a formal documented Information Security Incident Management Program designed to provide an effective and consistent process for managing security incidents.
- Security Incident notification. In any event of a reasonably suspected or successful unauthorized access, use, disclosure, modification, or destruction of Customer Data (“Security Incident”), Wiz will notify Customer within 48 hours of becoming aware of the Security Incident and shall promptly take reasonable steps to contain, investigate, and mitigate such Security Incident. Wiz shall provide Customer with assistance and information as reasonably required by Customer in order to fulfil its legal obligations.
- Security Incident Reporting and Response. Security Incidents are reported to Wiz’s Chief Information Security Officer (CISO). The CISO acts according to Wiz's Incident Response Plan in classifying, handling, documenting, and reporting any incident. Customer may request a copy of Wiz’s Incident Response Plan.
- Backup, Business Continuity & Disaster Recovery
- Business Continuity and Disaster Recovery Plan. Wiz maintains industry standard business continuity and disaster recovery procedures, as further described in Wiz’s Enterprise Resilience Policy (“BCDRP”), and will implement these procedures to minimize the impact of events, whether related to technology or operational failures, that may affect Wiz’s ability to provide the Services. Wiz shall provide Customer with its BCDRP policy and procedures upon Customer’s written request. Wiz’s RTO shall not exceed 24 hours.
- Testing of BCDRP. Wiz shall conduct testing of its BCDRP at least annually and shall make the results of such testing available to Customer upon written request.
- Backups and Disaster Recovery. Wiz leverages multiple Amazon services to backup Customer Data on both daily and monthly schedules. Each Customer tenant is allocated a disaster recovery tenant in a geographically distinct area. Where possible, Wiz will use a disaster recovery region in the same jurisdiction as the main data center. Wiz also keeps full and incremental backups of critical corporate data and logs in geographically distinct datacenters.
- Customer Audit Rights. To the greatest extent possible, Customer shall utilize Wiz’s Third-Party Certifications and other security documentation and policies to assess Wiz’s compliance with its obligations hereunder. Only to the extent that Customer is not able to do so, and in any event, no more than once per year except if required by applicable law, and following at least 45 days’ notice in writing from Customer, Wiz shall provide Customer (and/or Customer’s third party advisors who are not reasonably objected to by Wiz and who are subject to appropriate confidentiality obligations) with access to documents, systems, Wiz employees and electronic data as reasonably necessary in order to audit Wiz’s compliance with its obligations under this Addendum. Wiz shall provide assistance, co-operation, and access reasonably required by Customer in relation to the conduct of such audits. Customer shall use reasonable endeavors to ensure that the conduct of each audit does not disrupt the Wiz’s business. In no event shall Customer be permitted to access to any information, including without limitation, personal data that belongs to Wiz’s other customers or such other information that is not relevant to Wiz’s compliance with this Addendum. Except as required by law, the Parties shall agree on the scope, methodology, timing and conditions of such audits in advance.
- Shared Responsibility. Without derogating from Wiz’s obligations hereunder, Customer acknowledges that it is responsible for implementing, running and managing the Platform on a day-to-day basis. In addition, Customer acknowledges and agrees that it has obligations with respect to the security of the Customer Data and the Services. Customer’s responsibility includes but is not limited to: (i) the security of cloud environments it owns, operates, and connects to Wiz, and for configuration of its instance(s) of the Wiz Platform; (ii) provisioning Permitted Users with access to Customer’s instance of the Wiz Platform, including: (a) managing instance-level administrators and other user privileges; (b) deauthorizing Permitted Users who no longer need access; (c) provisioning and configuring service account or API access; (d) enabling integrations with customer-owned or third-party technologies; and (e) ensuring that all Permitted User’s keep all Wiz credential’s confidential; and (iii) updating any Wiz provided software upon Wiz’s announcement of such updates. A detailed overview of the parties' respective obligations as they relate to Customer’s use of the Services is set forth in Wiz’s Shared Responsibility Model described at https://docs.wiz.io/wiz-docs/docs/shared-responsibility-model. Wiz may update the Shared Responsibility from time to time, provided that any such update will not materially degrade the Parties’ rights and obligations thereunder. Wiz provides customers with audit logs that record customer user account and application activity occurring within their respective Wiz Platform instance(s), however, Customer is responsible for monitoring its own instance’s audit logs for security or other purposes. Customer agrees to notify Wiz upon becoming aware of any reasonably suspected unauthorized access to the Platform.
Effective April 18th 2024 to May 28th 2024
DownloadTable of Contents
Wiz Security Addendum
This Wiz Security Addendum is incorporated into and made a part of the Wiz Master Subscription Agreement or other written agreement between Wiz and Customer that references this document (the “Agreement”) and any capitalized terms used but not defined herein shall have the meaning set forth in the Agreement.
Wiz has implemented a comprehensive security, compliance and privacy management program under which Wiz maintains industry standard physical, administrative, organizational and technical safeguards designed to protect the confidentiality, integrity, availability, and security of the Services and Customer Data, including the measures set forth herein (the “Security Program”). Wiz regularly tests and evaluates its Security Program and may review and update its Security Program as well as this Wiz Security Addendum from time to time including to take in account technological developments, provided, however, that such updates shall be designed to enhance and not materially diminish the Security Program.
- IaaS and hosting.
- IaaS Provider. Wiz’s Platform is hosted on AWS.
- Hosting location. Wiz offers hosting in several locations including in the US, the EU and the UK. Customer may select the region in which their Wiz tenant will be hosted prior to the tenant being created.
- Wiz’s Audits & Certifications.
- Certifications. Wiz shall be assessed by independent third-party auditors on at least an annual basis under the following audits and certifications (“Third Party Certifications”): SOC2 Type 2, SOC3, ISO 27001, ISO 27701, ISO 27017 and/or ISO 27018. Wiz shall make available to Customer such Third-Party Certifications upon Customer’s written request. To the extent Wiz decides to discontinue a Third-Party Certification, Wiz will adopt or maintain an equivalent, industry-recognized framework or standard.
- PCI-DSS. To the extent Wiz processes cardholder data in the provision of Services, Wiz shall perform a Payment Card Industry Data Security Standard Attestation of Compliance (“AOC”) for Service Providers on an annual basis and shall provide such AOC to Customer upon Customer’s written request.
- Encryption.
- Encryption of Customer Data. Customer Data shall be encrypted by Wiz in transit (TLS 1.2. or above) and at rest (AES 256).
- Key Management. Wiz utilizes AWS’ Key Management System (KMS) to encrypt Customer Data. Keys are rotated periodically and are stored only in the KMS in the region of the Customer’s Wiz tenant.
- Authentication, Authorization, and Credential Management.
- User Authentication (Wiz Employees). Wiz enforces user authentication and authorization on Wiz systems via Single Sign-on (“SSO”) and multifactor authentication (“MFA”).
- User Authentication (Customer using Wiz). Wiz supports SAML 2.0 compliant SSO applications, allowing customers to manage authentication for their own Wiz tenant.
- Secure Storage of Credentials. Wiz uses managed authentication services (Okta for Wiz’s employee environment; Amazon Cognito for Wiz’s software platform) to handle authentication and associated credential management, including encryption in-motion and at-rest for passwords and other forms of credentials. Cloud-native Key Management Systems, such as AWS KMS, are used to store other forms of access tokens and secrets.
- Role-based Access Control (RBAC) for Wiz Employees. Access to Wiz information assets is restricted, and is granted to Wiz employees and contractors in order to fulfill their duties on a need-to-use basis and following the least privilege principle. Wiz employees and contractors are not granted access to any information asset that is not required by their work at Wiz. Wiz has defined various user roles, according to the positions and activities in the company. Each Wiz employee and contractor is assigned one of these roles and receives access control privileges relevant to that role. Quarterly reviews for user access will be conducted and access will be immediately revoked for unrequired access.
- Role-based Access Control for Customers using Wiz. Wiz provides customers with the ability to define roles for their own Wiz users that control the information they see and the actions they perform.
- Access to Customer Data. Wiz personnel will not access Customer Data except (i) as reasonably necessary to provide the Wiz Services under the Agreement; (ii) with Customer’s permission; or (ii) to comply with the law or a binding order of a governmental body.
- Minimum password requirements. Wiz shall follow the guidance provided by NIST 800-63B Digital Identity Guidelines to enforce password security controls, including length, complexity, re-use, lock-out, and use of multi-factor authentication. Passwords must never be stored in plain-text nor transmitted over unencrypted channels.
- Session lifespan. Single-sign on sessions expire after 8 hours of inactivity with a maximum duration of 12 hours.
- Workstation and Device Security
- Session Lock out. End-user devices are set to screen lock and require a password after 15 minutes of inactivity.
- Workstation Security Controls. For access to Wiz systems, Wiz personnel must use Wiz-issued laptops which utilize security controls that include, but are not limited to, (i) disk encryption, (ii) endpoint firewall, (iii) anti-malware and endpoint detection and response (EDR) tools, and (iv) vulnerability management tools in accordance with Section 9.1 (Vulnerability & Detection Management).
- Anti-malware. Wiz maintains anti-malware controls to automatically detect and prevent malicious files, user activity, and network activity on Wiz workstations, within Wiz’s e-mail, and within Wiz’s corporate cloud storage solutions.
- Workstation Management and Hardening. Wiz utilizes system management technologies to ensure that all endpoints are appropriately configured, hardened, and patched following Wiz’s technical procedures and applicable industry standards such as CIS Benchmarks.
- Data Loss Prevention. Wiz utilizes Data Loss Prevention (DLP) technologies to monitor and control sensitive information that is stored or accessed on systems. Wiz workstations are restricted from using removable storage devices and media.
- Cloud Infrastructure Security
- Separation of Environments. Wiz’s cloud network is divided into three segregated network environments: The development network, the staging network, and the production network. Each of these environments is segregated from the others and has its own privilege allocation and access control. There is no shared network, communication, or co-operation between the networks. Customer Data is never stored or accessed in development environments.
- Infrastructure as Code. Wiz’s cloud production environments are configured, provisioned, and managed through Infrastructure as Code (IaC), and subject to the controls defined in Wiz’s Software Development Lifecycle (SDLC).
- Remote Access. Wiz enforces device, network, authentication, and resource-specific authorization controls to limit access to development and production environments. Wiz does not automatically confer privileged access to any workstations or devices based on location.
- Network Security. Wiz utilizes cloud-native network security technologies, including network security groups, Web Application Firewalls, access gateways, application load balancers, and VPC configurations, to restrict ingress and egress traffic in cloud environments to the minimum sets of services and addresses required for business functionality.
- Cloud Infrastructure Hardening. Wiz utilizes its own instance of the Platform (“Wiz for Wiz”) in conjunction with cloud-native security services to ensure that cloud resources are configured and secured in accordance with Wiz’s internal technical procedures and industry standards such as the CIS AWS benchmarks.
- Anti-malware. Wiz utilizes Wiz for Wiz in conjunction with cloud-native security services to detect and respond to potentially malicious activity on its cloud-hosted workloads or networks.
- Monitoring & Logging.
- Logging. Wiz maintains security auditing and logging capabilities for the infrastructure, SaaS applications, and cloud services that support its corporate, development, and production environments in accordance with Wiz’s Information Security Policies. The use and activity of Wiz information assets is logged and audited for suspicious activity. Wiz preserves security-related logs for a minimum of 12 months unless otherwise specified in its security policies and procedures.
- Detection and Response Operations. Wiz uses Security Information Event Management (SIEM), Detection, and Alert Notification technologies to centralize and analyze logs, apply detection criteria, and escalate and route events to the appropriate security teams.
- Customer Access to Logs. Customers have access to system and user activity logs for their respective Wiz tenant via the Platform, and can export these logs to their own log storage or SIEM platforms as described in the Documentation.
- Security in the development process.
- SDLC. Software development in Wiz is performed according to Wiz’s Change Management & Software Development Life Cycle (SDLC) procedures.
- Security Reviews. Wiz conducts security reviews for significant changes, such as major new product features or changes that impact Wiz’s security posture, during the design and development process.
- Peer Reviews. Code changes must undergo secondary review and approval before being promoted to production.
- Security Testing within the SDLC. Wiz uses security technologies to automatically scan for vulnerabilities, exposed secrets, and code security risks as part of the CI/CD pipeline.
- Vulnerability Detection & Management.
- Vulnerability Detection & Management. Wiz shall maintain a continuous vulnerability management process across its corporate and production environments to ensure that vulnerabilities and other threats are quickly identified, prioritized, and remediated. This includes carrying out internal vulnerability tests daily and external vulnerability tests regularly (at least quarterly). Vulnerabilities shall be remediated according to Wiz’s Vulnerability Management Policy which shall meet or exceed industry standards. Wiz uses the Common Vulnerability Scoring System (CVSS) v3.1 and National Vulnerability Database (NVD) ratings as guidelines for patch prioritization and scheduling.
- Penetration Testing. Wiz shall engage one or more independent third parties to conduct penetration tests of the Service at least annually and upon major changes to the Services. Wiz will provide summary results of penetration tests to Customer upon written request.
- Administrative & Organizational Controls.
- Personnel Security. All prospective Wiz employees go through pre-employment reference and/or background checks, according to the local HR policies and applicable laws.
- Personnel Agreements. All Wiz employees and contractors are required to sign a contract which includes a confidentiality obligation and are provided with Wiz’s security policies, including Wiz’s Acceptable Use Policy, when their work commences. Any change in an employee's position in Wiz or change in his or her access privileges immediately affects the employee's access via the centralized access control system.
- Personnel Training. All Wiz employees are required to complete security and privacy awareness training during onboarding and on at least an annual basis.
- Vendor Risk Management. Wiz maintains a third-party vendor risk management program, which includes a compliance, security, and privacy review for every third-party used in the provision of the Services and/or with access to Customer Data. The results of the risk assessment are reviewed by the security, legal and privacy team to ensure the third party maintains security measures consistent with the measures hereunder.
- Physical & Environmental Controls.
- Cloud Environment Data Centers. Wiz only utilizes leading cloud providers who shall be required to have a SOC 2 Type II annual audit and ISO 27001 certification, or industry recognized equivalent frameworks.
- Wiz Corporate Offices. Wiz's employees and subcontractors in each of Wiz’s offices are subject to Wiz's physical minimum-security requirements which include use of CCTV with a defined retention period in accordance with applicable laws, badge only access with regular access reviews and requirements for visitors to be logged and accompanied by Wiz authorized personnel.
- Security Incident Notification and Response.
- Wiz shall maintain a formal documented Information Security Incident Management Program designed to provide an effective and consistent process for managing security incidents.
- Security Incident notification. In any event of a reasonably suspected or successful unauthorized access, use, disclosure, modification, or destruction of Customer Data (“Security Incident”), Wiz will notify Customer within 48 hours of becoming aware of the Security Incident and shall promptly take reasonable steps to contain, investigate, and mitigate such Security Incident. Wiz shall provide Customer with assistance and information as reasonably required by Customer in order to fulfil its legal obligations.
- Security Incident Reporting and Response. Security Incidents are reported to Wiz’s Chief Information Security Officer (CISO). The CISO acts according to Wiz's Incident Response Plan in classifying, handling, documenting, and reporting any incident. Customer may request a copy of Wiz’s Incident Response Plan.
- Backup, Business Continuity & Disaster Recovery
- Business Continuity and Disaster Recovery Plan. Wiz maintains industry standard business continuity and disaster recovery procedures, as further described in Wiz’s Business Continuity and Disaster Recovery Plan (“BCDRP”), and will implement these procedures to minimize the impact of events, whether related to technology or operational failures, that may affect Wiz’s ability to provide the Services. Wiz shall provide Customer with its BCDRP upon Customer’s written request. Wiz’s RTO shall not exceed 48 hours.
- Testing of BCDRP. Wiz shall conduct testing of its BCDRP at least annually and shall make the results of such testing available to Customer upon written request.
- Backups and Disaster Recovery. Wiz leverages multiple Amazon services to backup Customer Data on both daily and monthly schedules. Each Customer tenant is allocated a disaster recovery tenant in a geographically distinct area. Where possible, Wiz will use a disaster recovery region in the same jurisdiction as the main data center. Wiz also keeps full and incremental backups of critical corporate data and logs in geographically distinct datacenters.
- Customer Audit Rights. To the greatest extent possible, Customer shall utilize Wiz’s Third-Party Certifications and other security documentation and policies to assess Wiz’s compliance with its obligations hereunder. Only to the extent that Customer is not able to do so, and in any event, no more than once per year except if required by applicable law, and following at least 45 days’ notice in writing from Customer, Wiz shall provide Customer (and/or Customer’s third party advisors who are not reasonably objected to by Wiz and who are subject to appropriate confidentiality obligations) with access to documents, systems, Wiz employees and electronic data as reasonably necessary in order to audit Wiz’s compliance with its obligations under this Addendum. Wiz shall provide assistance, co-operation, and access reasonably required by Customer in relation to the conduct of such audits. Customer shall use reasonable endeavors to ensure that the conduct of each audit does not disrupt the Wiz’s business. In no event shall Customer be permitted to access to any information, including without limitation, personal data that belongs to Wiz’s other customers or such other information that is not relevant to Wiz’s compliance with this Addendum. Except as required by law, the Parties shall agree on the scope, methodology, timing and conditions of such audits in advance.
- Shared Responsibility. Without derogating from Wiz’s obligations hereunder, Customer acknowledges that it is responsible for implementing, running and managing the Platform on a day-to-day basis. In addition, Customer acknowledges and agrees that it has obligations with respect to the security of the Customer Data and the Services. Customer’s responsibility includes but is not limited to: (i) the security of cloud environments it owns, operates, and connects to Wiz, and for configuration of its instance(s) of the Wiz Platform; (ii) provisioning Permitted Users with access to Customer’s instance of the Wiz Platform, including: (a) managing instance-level administrators and other user privileges; (b) deauthorizing Permitted Users who no longer need access; (c) provisioning and configuring service account or API access; (d) enabling integrations with customer-owned or third-party technologies; and (e) ensuring that all Permitted User’s keep all Wiz credential’s confidential; and (iii) updating any Wiz provided software upon Wiz’s announcement of such updates. A detailed overview of the parties' respective obligations as they relate to Customer’s use of the Services is set forth in Wiz’s Shared Responsibility Model described at https://docs.wiz.io/wiz-docs/docs/shared-responsibility-model. Wiz may update the Shared Responsibility from time to time, provided that any such update will not materially degrade the Parties’ rights and obligations thereunder. Wiz provides customers with audit logs that record customer user account and application activity occurring within their respective Wiz Platform instance(s), however, Customer is responsible for monitoring its own instance’s audit logs for security or other purposes. Customer agrees to notify Wiz upon becoming aware of any reasonably suspected unauthorized access to the Platform.
Effective November 20th 2023 to April 18th 2024
DownloadTable of Contents
Wiz Security Addendum
This Wiz Security Addendum is incorporated into and made a part of the Wiz Master Subscription Agreement or other written agreement between Wiz and Customer that references this document (the “Agreement”) and any capitalized terms used but not defined herein shall have the meaning set forth in the Agreement.
Wiz has implemented a comprehensive security, compliance and privacy management program under which Wiz maintains industry standard physical, administrative, organizational and technical safeguards designed to protect the confidentiality, integrity, availability, and security of the Services and Customer Data, including the measures set forth herein (the “Security Program”). Wiz regularly tests and evaluates its Security Program and may review and update its Security Program as well as this Wiz Security Addendum from time to time including to take in account technological developments, provided, however, that such updates shall be designed to enhance and not materially diminish the Security Program.
- IaaS and hosting.
- IaaS Provider. Wiz’s Platform is hosted on AWS.
- Hosting location. Wiz offers hosting in several locations including in the US, the EU and the UK. Customer may select the region in which their Wiz tenant will be hosted prior to the tenant being created.
- Wiz’s Audits & Certifications.
- Certifications. Wiz shall be assessed by independent third-party auditors on at least an annual basis under the following audits and certifications (“Third Party Certifications”): SOC2 Type 2, SOC3, ISO 27001, ISO 27701, ISO 27017 and/or ISO 27018. Wiz shall make available to Customer such Third-Party Certifications upon Customer’s written request. To the extent Wiz decides to discontinue a Third-Party Certification, Wiz will adopt or maintain an equivalent, industry-recognized framework or standard.
- PCI-DSS. To the extent Wiz processes cardholder data in the provision of Services, Wiz shall perform a Payment Card Industry Data Security Standard Attestation of Compliance (“AOC”) for Service Providers on an annual basis and shall provide such AOC to Customer upon Customer’s written request.
- Encryption.
- Encryption of Customer Data. Customer Data shall be encrypted by Wiz in transit (TLS 1.2. or above) and at rest (AES 256).
- Key Management. Wiz utilizes AWS’ Key Management System (KMS) to encrypt Customer Data. Keys are rotated periodically and are stored only in the KMS in the region of the Customer’s Wiz tenant.
- Authentication, Authorization, and Credential Management.
- User Authentication (Wiz Employees). Wiz enforces user authentication and authorization on Wiz systems via Single Sign-on (“SSO”) and multifactor authentication (“MFA”).
- User Authentication (Customer using Wiz). Wiz supports SAML 2.0 compliant SSO applications, allowing customers to manage authentication for their own Wiz tenant.
- Secure Storage of Credentials. Wiz uses managed authentication services (Okta for Wiz’s employee environment; Amazon Cognito for Wiz’s software platform) to handle authentication and associated credential management, including encryption in-motion and at-rest for passwords and other forms of credentials. Cloud-native Key Management Systems, such as AWS KMS, are used to store other forms of access tokens and secrets.
- Role-based Access Control (RBAC) for Wiz Employees. Access to Wiz information assets is restricted, and is granted to Wiz employees and contractors in order to fulfill their duties on a need-to-use basis and following the least privilege principle. Wiz employees and contractors are not granted access to any information asset that is not required by their work at Wiz. Wiz has defined various user roles, according to the positions and activities in the company. Each Wiz employee and contractor is assigned one of these roles and receives access control privileges relevant to that role. Quarterly reviews for user access will be conducted and access will be immediately revoked for unrequired access.
- Role-based Access Control for Customers using Wiz. Wiz provides customers with the ability to define roles for their own Wiz users that control the information they see and the actions they perform.
- Access to Customer Data. Wiz personnel will not access Customer Data except (i) as reasonably necessary to provide the Wiz Services under the Agreement; (ii) with Customer’s permission; or (ii) to comply with the law or a binding order of a governmental body.
- Minimum password requirements. Wiz shall follow the guidance provided by NIST 800-63B Digital Identity Guidelines to enforce password security controls, including length, complexity, re-use, lock-out, and use of multi-factor authentication. Passwords must never be stored in plain-text nor transmitted over unencrypted channels.
- Session lifespan. Single-sign on sessions expire after 8 hours of inactivity with a maximum duration of 12 hours.
- Workstation and Device Security
- Session Lock out. End-user devices are set to screen lock and require a password after 15 minutes of inactivity.
- Workstation Security Controls. For access to Wiz systems, Wiz personnel must use Wiz-issued laptops which utilize security controls that include, but are not limited to, (i) disk encryption, (ii) endpoint firewall, (iii) anti-malware and endpoint detection and response (EDR) tools, and (iv) vulnerability management tools in accordance with Section 9.1 (Vulnerability & Detection Management).
- Anti-malware. Wiz maintains anti-malware controls to automatically detect and prevent malicious files, user activity, and network activity on Wiz workstations, within Wiz’s e-mail, and within Wiz’s corporate cloud storage solutions.
- Workstation Management and Hardening. Wiz utilizes system management technologies to ensure that all endpoints are appropriately configured, hardened, and patched following Wiz’s technical procedures and applicable industry standards such as CIS Benchmarks.
- Data Loss Prevention. Wiz utilizes Data Loss Prevention (DLP) technologies to monitor and control sensitive information that is stored or accessed on systems. Wiz workstations are restricted from using removable storage devices and media.
- Cloud Infrastructure Security
- Separation of Environments. Wiz’s cloud network is divided into three segregated network environments: The development network, the staging network, and the production network. Each of these environments is segregated from the others and has its own privilege allocation and access control. There is no shared network, communication, or co-operation between the networks. Customer Data is never stored or accessed in development environments.
- Infrastructure as Code. Wiz’s cloud production environments are configured, provisioned, and managed through Infrastructure as Code (IaC), and subject to the controls defined in Wiz’s Software Development Lifecycle (SDLC).
- Remote Access. Wiz enforces device, network, authentication, and resource-specific authorization controls to limit access to development and production environments. Wiz does not automatically confer privileged access to any workstations or devices based on location.
- Network Security. Wiz utilizes cloud-native network security technologies, including network security groups, Web Application Firewalls, access gateways, application load balancers, and VPC configurations, to restrict ingress and egress traffic in cloud environments to the minimum sets of services and addresses required for business functionality.
- Cloud Infrastructure Hardening. Wiz utilizes its own instance of the Platform (“Wiz for Wiz”) in conjunction with cloud-native security services to ensure that cloud resources are configured and secured in accordance with Wiz’s internal technical procedures and industry standards such as the CIS AWS benchmarks.
- Anti-malware. Wiz utilizes Wiz for Wiz in conjunction with cloud-native security services to detect and respond to potentially malicious activity on its cloud-hosted workloads or networks.
- Monitoring & Logging.
- Logging. Wiz maintains security auditing and logging capabilities for the infrastructure, SaaS applications, and cloud services that support its corporate, development, and production environments in accordance with Wiz’s Information Security Policies. The use and activity of Wiz information assets is logged and audited for suspicious activity. Wiz preserves security-related logs for a minimum of 12 months unless otherwise specified in its security policies and procedures.
- Detection and Response Operations. Wiz uses Security Information Event Management (SIEM), Detection, and Alert Notification technologies to centralize and analyze logs, apply detection criteria, and escalate and route events to the appropriate security teams.
- Customer Access to Logs. Customers have access to system and user activity logs for their respective Wiz tenant via the Platform, and can export these logs to their own log storage or SIEM platforms as described in the Documentation.
- Security in the development process.
- SDLC. Software development in Wiz is performed according to Wiz’s Change Management & Software Development Life Cycle (SDLC) procedures.
- Security Reviews. Wiz conducts security reviews for significant changes, such as major new product features or changes that impact Wiz’s security posture, during the design and development process.
- Peer Reviews. Code changes must undergo secondary review and approval before being promoted to production.
- Security Testing within the SDLC. Wiz uses security technologies to automatically scan for vulnerabilities, exposed secrets, and code security risks as part of the CI/CD pipeline.
- Vulnerability Detection & Management.
- Vulnerability Detection & Management. Wiz shall maintain a continuous vulnerability management process across its corporate and production environments to ensure that vulnerabilities and other threats are quickly identified, prioritized, and remediated. This includes carrying out internal vulnerability tests daily and external vulnerability tests regularly (at least quarterly). Vulnerabilities shall be remediated according to Wiz’s Vulnerability Management Policy which shall meet or exceed industry standards. Wiz uses the Common Vulnerability Scoring System (CVSS) v3.1 and National Vulnerability Database (NVD) ratings as guidelines for patch prioritization and scheduling.
- Penetration Testing. Wiz shall engage one or more independent third parties to conduct penetration tests of the Service at least annually and upon major changes to the Services. Wiz will provide summary results of penetration tests to Customer upon written request.
- Administrative & Organizational Controls.
- Personnel Security. All prospective Wiz employees go through pre-employment reference and/or background checks, according to the local HR policies and applicable laws.
- Personnel Agreements. All Wiz employees and contractors are required to sign a contract which includes a confidentiality obligation and are provided with Wiz’s security policies, including Wiz’s Acceptable Use Policy, when their work commences. Any change in an employee's position in Wiz or change in his or her access privileges immediately affects the employee's access via the centralized access control system.
- Personnel Training. All Wiz employees are required to complete security and privacy awareness training during onboarding and on at least an annual basis.
- Vendor Risk Management. Wiz maintains a third-party vendor risk management program, which includes a compliance, security, and privacy review for every third-party used in the provision of the Services and/or with access to Customer Data. The results of the risk assessment are reviewed by the security, legal and privacy team to ensure the third party maintains security measures consistent with the measures hereunder.
- Physical & Environmental Controls.
- Cloud Environment Data Centers. Wiz only utilizes leading cloud providers who shall be required to have a SOC 2 Type II annual audit and ISO 27001 certification, or industry recognized equivalent frameworks.
- Wiz Corporate Offices. Wiz's employees and subcontractors in each of Wiz’s offices are subject to Wiz's physical minimum-security requirements which include use of CCTV with a defined retention period in accordance with applicable laws, badge only access with regular access reviews and requirements for visitors to be logged and accompanied by Wiz authorized personnel.
- Security Incident Notification and Response.
- Wiz shall maintain a formal documented Information Security Incident Management Program designed to provide an effective and consistent process for managing security incidents.
- Security Incident notification. In any event of a reasonably suspected or successful unauthorized access, use, disclosure, modification, or destruction of Customer Data (“Security Incident”), Wiz will notify Customer within 48 hours of becoming aware of the Security Incident and shall promptly take reasonable steps to contain, investigate, and mitigate such Security Incident. Wiz shall provide Customer with assistance and information as reasonably required by Customer in order to fulfil its legal obligations.
- Security Incident Reporting and Response. Security Incidents are reported to Wiz’s Chief Information Security Officer (CISO). The CISO acts according to Wiz's Incident Response Plan in classifying, handling, documenting, and reporting any incident. Customer may request a copy of Wiz’s Incident Response Plan.
- Backup, Business Continuity & Disaster Recovery
- Business Continuity and Disaster Recovery Plan. Wiz maintains industry standard business continuity and disaster recovery procedures, as further described in Wiz’s Business Continuity and Disaster Recovery Plan (“BCDRP”), and will implement these procedures to minimize the impact of events, whether related to technology or operational failures, that may affect Wiz’s ability to provide the Services. Wiz shall provide Customer with its BCDRP upon Customer’s written request. Wiz’s RTO shall not exceed 48 hours.
- Testing of BCDRP. Wiz shall conduct testing of its BCDRP at least annually and shall make the results of such testing available to Customer upon written request.
- Backups and Disaster Recovery. Wiz leverages multiple Amazon services to backup Customer Data on both daily and monthly schedules. Each Customer tenant is allocated a disaster recovery tenant in a geographically distinct area. Where possible, Wiz will use a disaster recovery region in the same jurisdiction as the main data center. Wiz also keeps full and incremental backups of critical corporate data and logs in geographically distinct datacenters.
- Customer Audit Rights. To the greatest extent possible, Customer shall utilize Wiz’s Third-Party Certifications and other security documentation and policies to assess Wiz’s compliance with its obligations hereunder. Only to the extent that Customer is not able to do so, and in any event, no more than once per year except if required by applicable law, and following at least 45 days’ notice in writing from Customer, Wiz shall provide Customer (and/or Customer’s third party advisors who are not reasonably objected to by Wiz and who are subject to appropriate confidentiality obligations) with access to documents, systems, Wiz employees and electronic data as reasonably necessary in order to audit Wiz’s compliance with its obligations under this Addendum. Wiz shall provide assistance, co-operation, and access reasonably required by Customer in relation to the conduct of such audits. Customer shall use reasonable endeavors to ensure that the conduct of each audit does not disrupt the Wiz’s business. In no event shall Customer be permitted to access to any information, including without limitation, personal data that belongs to Wiz’s other customers or such other information that is not relevant to Wiz’s compliance with this Addendum. Except as required by law, the Parties shall agree on the scope, methodology, timing and conditions of such audits in advance.
- Shared Responsibility. Without derogating from Wiz’s obligations hereunder, Customer acknowledges that it is responsible for implementing, running and managing the Platform on a day-to-day basis. In addition, Customer acknowledges and agrees that it has obligations with respect to the security of the Customer Data and the Services. Customer’s responsibility includes but is not limited to: (i) the security of cloud environments it owns, operates, and connects to Wiz, and for configuration of its instance(s) of the Wiz Platform; (ii) provisioning Permitted Users with access to Customer’s instance of the Wiz Platform, including: (a) managing instance-level administrators and other user privileges; (b) deauthorizing Permitted Users who no longer need access; (c) provisioning and configuring service account or API access; (d) enabling integrations with customer-owned or third-party technologies; and (e) ensuring that all Permitted User’s keep all Wiz credential’s confidential; and (iii) updating any Wiz provided software upon Wiz’s announcement of such updates. Wiz provides customers with audit logs that record customer user account and application activity occurring within their respective Wiz Platform instance(s), however, Customer is responsible for monitoring its own instance’s audit logs for security or other purposes. Customer agrees to notify Wiz upon becoming aware of any reasonably suspected unauthorized access to the Platform.
Effective October 26th 2023 to November 20th 2023
DownloadTable of Contents
Wiz Security Addendum
This Wiz Security Addendum is incorporated into and made a part of the Wiz Master Subscription Agreement or other written agreement between Wiz and Customer that references this document (the “Agreement”) and any capitalized terms used but not defined herein shall have the meaning set forth in the Agreement.
Wiz has implemented a comprehensive security, compliance and privacy management program under which Wiz maintains industry standard physical, administrative, organizational and technical safeguards designed to protect the confidentiality, integrity, availability, and security of the Services and Customer Data, including the measures set forth herein (the “Security Program”). Wiz regularly tests and evaluates its Security Program and may review and update its Security Program as well as this Wiz Security Addendum from time to time including to take in account technological developments, provided, however, that such updates shall be designed to enhance and not materially diminish the Security Program.
- IaaS and hosting.
- IaaS Provider. Wiz’s Platform is hosted on AWS.
- Hosting location. Wiz offers hosting in several locations including in the US, the EU and the UK. Customer may select the region in which their Wiz tenant will be hosted prior to the tenant being created.
- Wiz’s Audits & Certifications.
- Certifications. Wiz shall be assessed by independent third-party auditors on at least an annual basis under the following audits and certifications (“Third Party Certifications”): SOC2 Type 2, SOC3, ISO 27001, ISO 27701, ISO 27017 and/or ISO 27018. Wiz shall make available to Customer such Third-Party Certifications upon Customer’s written request. To the extent Wiz decides to discontinue a Third-Party Certification, Wiz will adopt or maintain an equivalent, industry-recognized framework or standard.
- PCI-DSS. To the extent Wiz processes cardholder data in the provision of Services, Wiz shall perform a Payment Card Industry Data Security Standard Attestation of Compliance (“AOC”) for Service Providers on an annual basis and shall provide such AOC to Customer upon Customer’s written request.
- Encryption.
- Encryption of Customer Data. Customer Data shall be encrypted by Wiz in transit (TLS 1.2. or above) and at rest (AES 256).
- Key Management. Wiz utilizes AWS’ Key Management System (KMS) to encrypt Customer Data. Keys are rotated periodically and are stored only in the KMS in the region of the Customer’s Wiz tenant.
- Authentication, Authorization, and Credential Management.
- User Authentication (Wiz Employees). Wiz enforces user authentication and authorization on Wiz systems via Single Sign-on (“SSO”) and multifactor authentication (“MFA”).
- User Authentication (Customer using Wiz). Wiz supports SAML 2.0 compliant SSO applications, allowing customers to manage authentication for their own Wiz tenant.
- Secure Storage of Credentials. Wiz uses managed authentication services (Okta for Wiz’s employee environment; Amazon Cognito for Wiz’s software platform) to handle authentication and associated credential management, including encryption in-motion and at-rest for passwords and other forms of credentials. Cloud-native Key Management Systems, such as AWS KMS, are used to store other forms of access tokens and secrets.
- Role-based Access Control (RBAC) for Wiz Employees. Access to Wiz information assets is restricted, and is granted to Wiz employees and contractors in order to fulfill their duties on a need-to-use basis and following the least privilege principle. Wiz employees and contractors are not granted access to any information asset that is not required by their work at Wiz. Wiz has defined various user roles, according to the positions and activities in the company. Each Wiz employee and contractor is assigned one of these roles and receives access control privileges relevant to that role. Quarterly reviews for user access will be conducted and access will be immediately revoked for unrequired access.
- Role-based Access Control for Customers using Wiz. Wiz provides customers with the ability to define roles for their own Wiz users that control the information they see and the actions they perform.
- Access to Customer Data. Wiz personnel will not access Customer Data except (i) as reasonably necessary to provide the Wiz Services under the Agreement; (ii) with Customer’s permission; or (ii) to comply with the law or a binding order of a governmental body.
- Minimum password requirements. Wiz shall follow the guidance provided by NIST 800-63B Digital Identity Guidelines to enforce password security controls, including length, complexity, re-use, lock-out, and use of multi-factor authentication. Passwords must never be stored in plain-text nor transmitted over unencrypted channels.
- Session lifespan. Single-sign on sessions expire after 8 hours of inactivity with a maximum duration of 12 hours.
- Workstation and Device Security
- Session Lock out. End-user devices are set to screen lock and require a password after 15 minutes of inactivity.
- Workstation Security Controls. For access to Wiz systems, Wiz personnel must use Wiz-issued laptops which utilize security controls that include, but are not limited to, (i) disk encryption, (ii) endpoint firewall, (iii) anti-malware and endpoint detection and response (EDR) tools, and (iv) vulnerability management tools in accordance with Section 9.1 (Vulnerability & Detection Management).
- Anti-malware. Wiz maintains anti-malware controls to automatically detect and prevent malicious files, user activity, and network activity on Wiz workstations, within Wiz’s e-mail, and within Wiz’s corporate cloud storage solutions.
- Workstation Management and Hardening. Wiz utilizes system management technologies to ensure that all endpoints are appropriately configured, hardened, and patched following Wiz’s technical procedures and applicable industry standards such as CIS Benchmarks.
- Data Loss Prevention. Wiz utilizes Data Loss Prevention (DLP) technologies to monitor and control sensitive information that is stored or accessed on systems. Wiz workstations are restricted from using removable storage devices and media.
- Cloud Infrastructure Security
- Separation of Environments. Wiz’s cloud network is divided into three segregated network environments: The development network, the staging network, and the production network. Each of these environments is segregated from the others and has its own privilege allocation and access control. There is no shared network, communication, or co-operation between the networks. Customer Data is never stored or accessed in development environments.
- Infrastructure as Code. Wiz’s cloud production environments are configured, provisioned, and managed through Infrastructure as Code (IaC), and subject to the controls defined in Wiz’s Software Development Lifecycle (SDLC).
- Remote Access. Wiz enforces device, network, authentication, and resource-specific authorization controls to limit access to development and production environments. Wiz does not automatically confer privileged access to any workstations or devices based on location.
- Network Security. Wiz utilizes cloud-native network security technologies, including network security groups, Web Application Firewalls, access gateways, application load balancers, and VPC configurations, to restrict ingress and egress traffic in cloud environments to the minimum sets of services and addresses required for business functionality.
- Cloud Infrastructure Hardening. Wiz utilizes its own instance of the Platform (“Wiz for Wiz”) in conjunction with cloud-native security services to ensure that cloud resources are configured and secured in accordance with Wiz’s internal technical procedures and industry standards such as the CIS AWS benchmarks.
- Anti-malware. Wiz utilizes Wiz for Wiz in conjunction with cloud-native security services to detect and respond to potentially malicious activity on its cloud-hosted workloads or networks.
- Monitoring & Logging.
- Logging. Wiz maintains security auditing and logging capabilities for the infrastructure, SaaS applications, and cloud services that support its corporate, development, and production environments in accordance with Wiz’s Information Security Policies. The use and activity of Wiz information assets is logged and audited for suspicious activity. Wiz preserves security-related logs for a minimum of 12 months unless otherwise specified in its security policies and procedures.
- Detection and Response Operations. Wiz uses Security Information Event Management (SIEM), Detection, and Alert Notification technologies to centralize and analyze logs, apply detection criteria, and escalate and route events to the appropriate security teams.
- Customer Access to Logs. Customers have access to system and user activity logs for their respective Wiz tenant via the Platform, and can export these logs to their own log storage or SIEM platforms as described in the Documentation.
- Security in the development process.
- SDLC. Software development in Wiz is performed according to Wiz’s Change Management & Software Development Life Cycle (SDLC) procedures.
- Security Reviews. Wiz conducts security reviews for significant changes, such as major new product features or changes that impact Wiz’s security posture, during the design and development process.
- Peer Reviews. Code changes must undergo secondary review and approval before being promoted to production.
- Security Testing within the SDLC. Wiz uses security technologies to automatically scan for vulnerabilities, exposed secrets, and code security risks as part of the CI/CD pipeline.
- Vulnerability Detection & Management.
- Vulnerability Detection & Management. Wiz shall maintain a continuous vulnerability management process across its corporate and production environments to ensure that vulnerabilities and other threats are quickly identified, prioritized, and remediated. This includes carrying out internal vulnerability tests daily and external vulnerability tests regularly (at least quarterly). Vulnerabilities shall be remediated according to Wiz’s Vulnerability Management Policy which shall meet or exceed industry standards. Wiz uses the Common Vulnerability Scoring System (CVSS) v3.1 and National Vulnerability Database (NVD) ratings as guidelines for patch prioritization and scheduling.
- Penetration Testing. Wiz shall engage one or more independent third parties to conduct penetration tests of the Service at least annually and upon major changes to the Services. Wiz will provide summary results of penetration tests to Customer upon written request.
- Administrative & Organizational Controls.
- Personnel Security. All prospective Wiz employees go through pre-employment reference and/or background checks, according to the local HR policies and applicable laws.
- Personnel Agreements. All Wiz employees and contractors are required to sign a contract which includes a confidentiality obligation and are provided with Wiz’s security policies, including Wiz’s Acceptable Use Policy, when their work commences. Any change in an employee's position in Wiz or change in his or her access privileges immediately affects the employee's access via the centralized access control system.
- Personnel Training. All Wiz employees are required to complete security and privacy awareness training during onboarding and on at least an annual basis.
- Vendor Risk Management. Wiz maintains a third-party vendor risk management program, which includes a compliance, security, and privacy review for every third-party used in the provision of the Services and/or with access to Customer Data. The results of the risk assessment are reviewed by the security, legal and privacy team to ensure the third party maintains security measures consistent with the measures hereunder.
- Physical & Environmental Controls.
- Cloud Environment Data Centers. Wiz only utilizes leading cloud providers who shall be required to have a SOC 2 Type II annual audit and ISO 27001 certification, or industry recognized equivalent frameworks.
- Wiz Corporate Offices. Wiz's employees and subcontractors in each of Wiz’s offices are subject to Wiz's physical minimum-security requirements which include use of CCTV with a defined retention period in accordance with applicable laws, badge only access with regular access reviews and requirements for visitors to be logged and accompanied by Wiz authorized personnel.
- Security Incident Notification and Response.
- Wiz shall maintain a formal documented Information Security Incident Management Program designed to provide an effective and consistent process for managing security incidents.
- Security Incident notification. In any event of a reasonably suspected or successful unauthorized access, use, disclosure, modification, or destruction of Customer Data (“Security Incident”), Wiz will notify Customer within 48 hours of becoming aware of the Security Incident and shall promptly take reasonable steps to contain, investigate, and mitigate such Security Incident. Wiz shall provide Customer with assistance and information as reasonably required by Customer in order to fulfil its legal obligations.
- Security Incident Reporting and Response. Security Incidents are reported to Wiz’s Chief Information Security Officer (CISO). The CISO acts according to Wiz's Incident Response Plan in classifying, handling, documenting, and reporting any incident. Customer may request a copy of Wiz’s Incident Response Plan.
- Backup, Business Continuity & Disaster Recovery
- Business Continuity and Disaster Recovery Plan. Wiz maintains industry standard business continuity and disaster recovery procedures, as further described in Wiz’s Business Continuity and Disaster Recovery Plan (“BCDRP”), and will implement these procedures to minimize the impact of events, whether related to technology or operational failures, that may affect Wiz’s ability to provide the Services. Wiz shall provide Customer with its BCDRP upon Customer’s written request.
- Testing of BCDRP. Wiz shall conduct testing of its BCDRP at least annually and shall make the results of such testing available to Customer upon written request.
- Backups and Disaster Recovery. Wiz leverages multiple Amazon services to backup Customer Data on both daily and monthly schedules. Each Customer tenant is allocated a disaster recovery tenant in a geographically distinct area. Where possible, Wiz will use a disaster recovery region in the same jurisdiction as the main data center. Wiz also keeps full and incremental backups of critical corporate data and logs in geographically distinct datacenters.
- Customer Audit Rights. To the greatest extent possible, Customer shall utilize Wiz’s Third-Party Certifications and other security documentation and policies to assess Wiz’s compliance with its obligations hereunder. Only to the extent that Customer is not able to do so, and in any event, no more than once per year, and following at least 45 days’ notice in writing from Customer, Wiz shall provide Customer (and/or Customer’s third party advisors who are not reasonably objected to by Wiz and who are subject to appropriate confidentiality obligations) with access to documents, systems, Wiz employees and electronic data as reasonably necessary in order to audit Wiz’s compliance with its obligations under this Addendum. Wiz shall provide assistance, co-operation, and access reasonably required by Customer in relation to the conduct of such audits. Customer shall use reasonable endeavors to ensure that the conduct of each audit does not disrupt the Wiz’s business. In no event shall Customer be permitted to access to any information, including without limitation, personal data that belongs to Wiz’s other customers or such other information that is not relevant to Wiz’s compliance with this Addendum. The Parties shall agree on the scope, methodology, timing and conditions of such audits in advance.
- Shared Responsibility. Without derogating from Wiz’s obligations hereunder, Customer acknowledges that it is responsible for implementing, running and managing the Platform on a day-to-day basis. In addition, Customer acknowledges and agrees that it has obligations with respect to the security of the Customer Data and the Services. Customer’s responsibility includes but is not limited to: (i) the security of cloud environments it owns, operates, and connects to Wiz, and for configuration of its instance(s) of the Wiz Platform; (ii) provisioning Permitted Users with access to Customer’s instance of the Wiz Platform, including: (a) managing instance-level administrators and other user privileges; (b) deauthorizing Permitted Users who no longer need access; (c) provisioning and configuring service account or API access; (d) enabling integrations with customer-owned or third-party technologies; and (e) ensuring that all Permitted User’s keep all Wiz credential’s confidential; and (iii) updating any Wiz provided software upon Wiz’s announcement of such updates. Wiz provides customers with audit logs that record customer user account and application activity occurring within their respective Wiz Platform instance(s), however, Customer is responsible for monitoring its own instance’s audit logs for security or other purposes. Customer agrees to notify Wiz upon becoming aware of any reasonably suspected unauthorized access to the Platform.
Modern Slavery Act Transparency Statement
Effective August 15th 2024
DownloadTable of Contents
WIZ MODERN SLAVERY & HUMAN TRAFFICKING TRANSPARENCY STATEMENT
For the fiscal year ending in January 31, 2025
It continues to be a priority for Wiz to ensure that we trade ethically, source responsibly and work to prevent modern slavery and human trafficking throughout our organization and in our supply chain. These disclosures are intended to provide consumers the ability to make better, more informed choices about the products and services they buy and companies they support.
Wiz Cloud Ltd, Wiz Cloud Limited and Wiz Cloud Australia Pty Ltd are wholly owned subsidiaries of Wiz, Inc., a Delaware corporation, which is headquartered in New York, New York. Wiz has offices in both the United States and Israel, and over 900 employees worldwide operating from over a dozen countries.
Wiz is a low-risk global service provider in the cloud software security systems sector. Wiz provides a Cloud Native Application Protection Platform (CNAPP) that enables security and development teams to rapidly identify and remove critical risks and helps organizations secure the cloud computing environments that accelerate their businesses.
Our global procurement team is based in our headquarters in the United States, and the majority of our vendors, suppliers, partners and resellers are based or have a significant business presence in the United States.
Given the nature of our business, which is providing cloud-based software-as-a-service to our customers, who are businesses, government entities and other organizations, our supply chain consists mostly of the hiring of independent consultants and other services providers and the procurement of other software-related goods and services. As such, we consider ourselves to be low-risk with respect to slavery and human trafficking issues in our supply chain. We source goods and services only from reputable third parties, and the nature of the goods and services we procure typically does not involve the types of labor at risk for slavery and human trafficking. We also engage in additional care when vetting suppliers and sub-contractors to ensure that they are committed to ethical labour practices. Wiz does not support a supply chain where we are aware of, or have reasonable cause to believe, slavery and human trafficking are taking place. In addition, we take special care to ensure that our employees are engaged on fair and ethical employment terms and conditions in the relevant jurisdiction, and we only employ agency workers through reputable employment agencies that adhere to good standards of ethical trading.
Wiz Policies
Wiz’s Code of Conduct sets out certain standards of conduct to aid our directors, officers, employees and contractors in making proper ethical and legal decisions when conducting business on behalf of Wiz and performing their day-to-day duties in alignment with our values and policies. All Wiz employees complete training when they join us and at least annually thereafter to ensure they remain aware of and agree to comply with our Code of Conduct, as well as our other relevant policies and procedures and applicable law.
This year we have undertaken the steps above to ensure that slavery and human trafficking is not taking place in any of our supply chains, nor in any part of our own business.
Furthermore, following a review of the effectiveness of the steps we have taken this year, we intend to take the following further steps to combat slavery and human trafficking:
- Develop additional policies that reflect Wiz’s commitment to acting ethically and with integrity in all our business relationships and our commitment to ensure that there is no modern slavery or human trafficking in our supply chains or in any part of our business;
- Conduct due diligence on all new suppliers and regularly review existing suppliers to ensure that they are complying with our values on modern slavery and human trafficking; and
- Provide training to our procurement team to ensure they can identity risk areas associated with modern slavery and human trafficking.
Approval
This statement is made pursuant to section 54(1) of the Modern Slavery Act 2015 and constitutes our slavery and human trafficking statement for the current financial year. It was approved by Wiz’s board of directors on March 26, 2024.
Effective April 26th 2024 to August 15th 2024
DownloadTable of Contents
WIZ MODERN SLAVERY & HUMAN TRAFFICKING TRANSPARENCY STATEMENT
For the fiscal year ending in January 31, 2025
It continues to be a priority for Wiz to ensure that we trade ethically, source responsibly and work to prevent modern slavery and human trafficking throughout our organization and in our supply chain. These disclosures are intended to provide consumers the ability to make better, more informed choices about the products and services they buy and companies they support.
Wiz Cloud Ltd, Wiz Cloud Limited and Wiz Cloud Australia Pty Ltd are wholly owned subsidiaries of Wiz, Inc., a Delaware corporation, which is headquartered in New York, New York. Wiz has offices in both the United States and Israel, and over 900 employees worldwide operating from over a dozen countries.
Wiz is a low-risk global service provider in the cloud software security systems sector. Wiz provides a Cloud Native Application Protection Platform (CNAPP) that enables security and development teams to rapidly identify and remove critical risks and helps organizations secure the cloud computing environments that accelerate their businesses.
Our global procurement team is based in our headquarters in the United States, and the majority of our vendors, suppliers, partners and resellers are based or have a significant business presence in the United States.
Given the nature of our business, which is providing cloud-based software-as-a-service to our customers, who are businesses, government entities and other organizations, our supply chain consists mostly of the hiring of independent consultants and other services providers and the procurement of other software-related goods and services. As such, we consider ourselves to be low-risk with respect to slavery and human trafficking issues in our supply chain. We source goods and services only from reputable third parties, and the nature of the goods and services we procure typically does not involve the types of labor at risk for slavery and human trafficking. We also engage in additional care when vetting suppliers and sub-contractors to ensure that they are committed to ethical labour practices. Wiz does not support a supply chain where we are aware of, or have reasonable cause to believe, slavery and human trafficking are taking place. In addition, we take special care to ensure that our employees are engaged on fair and ethical employment terms and conditions in the relevant jurisdiction, and we only employ agency workers through reputable employment agencies that adhere to good standards of ethical trading.
Wiz Policies
Wiz’s Code of Conduct sets out certain standards of conduct to aid our directors, officers, employees and contractors in making proper ethical and legal decisions when conducting business on behalf of Wiz and performing their day-to-day duties in alignment with our values and policies. All Wiz employees complete training when they join us and at least annually thereafter to ensure they remain aware of and agree to comply with our Code of Conduct, as well as our other relevant policies and procedures and applicable law.
This year we have undertaken the steps above to ensure that slavery and human trafficking is not taking place in any of our supply chains, nor in any part of our own business.
Furthermore, following a review of the effectiveness of the steps we have taken this year, we intend to take the following further steps to combat slavery and human trafficking:
- Develop additional policies that reflect Wiz’s commitment to acting ethically and with integrity in all our business relationships and our commitment to ensure that there is no modern slavery or human trafficking in our supply chains or in any part of our business;
- Conduct due diligence on all new suppliers and regularly review existing suppliers to ensure that they are complying with our values on modern slavery and human trafficking; and
- Provide training to our procurement team to ensure they can identity risk areas associated with modern slavery and human trafficking.
Approval
This statement is made pursuant to section 54(1) of the Modern Slavery Act 2015 and constitutes our slavery and human trafficking statement for the current financial year. It was approved by Wiz’s board of directors on March 26, 2024.
Sub Processor List
Wiz Subscription Agreement
Effective April 14th 2025
DownloadTable of Contents
WIZ SUBSCRIPTION AGREEMENT
7. Additional Service Terms.
7.1 Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise.
7.2 Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process Account Data for its internal business purposes including to develop, improve, support, secure and operate the Services, in each case without derogating from Wiz’s confidentiality, data and security obligations hereunder and without identifying Customer or Customer Data to other customers or third parties which are not deemed Authorized Recipients under this Agreement. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized (“Anonymized Data”). “Account Data” means information related to the configuration, performance, security, access to and use of the Services including product usage and support metrics and logs and findings, metadata attributes, session data, telemetry data, threat intelligence or threat actor data and potentially malicious artifacts scanned or generated by the Services. Customer Data does not include Account Data.
7.3 Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
7.4 Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with Wiz approved applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
7.5 AI Features. To the extent Wiz utilizes artificial intelligence (“AI”) to provide features to Customer via the Platform (the “AI Features”), Wiz shall not and shall not allow any third party to use Customer Data to train any AI without Customer’s prior written consent. Notwithstanding the foregoing, Customer Data may be used to train Customer tenant-specific AI models to provide customized findings and recommendations to Customer solely for Customer’s benefit. Customer acknowledges that other customers providing similar AI Input to the Al Features may receive the same or similar AI Output. For the avoidance of doubt, Customer retains all right, title and interest in Customer Data contained in AI Inputs and AI Outputs. Customer acknowledges and agrees that Customer is responsible for reviewing and validating AI Output for its needs and technical environment before electing to use AI Output. Customer agrees to comply with any applicable AI Feature restrictions described in the Documentation. “AI Input” means any input provided to an AI Feature. “AI Output” means any output generated and returned to by an AI Feature. NOTWITHSTANDING ANY CONTRARY PROVISION HEREIN, WIZ DOES NOT REPRESENT OR WARRANT THAT THE AI OUTPUT WILL BE ACCURATE, COMPLETE, ERROR-FREE, NON-INFRINGING OR FIT FOR A PARTICULAR PURPOSE.
7.6 Wiz for U.S. Government. If Customer purchases any services or products hosted in a Wiz Moderate for U.S. Government environment (or any other Wiz U.S. Government or Department of Defense environments), the same will be subject to the terms and conditions of the Wiz for U.S. Government Subscription Addendum available at https://legal.wiz.io/legal#gov-subscription-addendum.
7.7 U.S. Government Customers. The Parties agree that the U.S. Government Customer Addendum which is available at https://legal.wiz.io/legal#us-gov, and incorporated herein by this reference, shall apply if Customer is an entity of the United States Federal Government, or a state, local, or public education entity created by the laws of a state of the United States.
8. Security. The Parties shall comply with the Wiz Security Addendum which is available at https://legal.wiz.io/legal#sec-addendum (“Security Addendum”)
All written or oral comments, ideas, suggestions made by Customer to Wiz regarding the Services (including user experience, functionality, and performance of the Services; collectively, “Feedback”) may be freely utilized by Wiz without attribution or compensation of any kind to Customer. Feedback shall not include any Customer Confidential Information, and Wiz shall not disclose the source of any Feedback.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
13. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT:
(A) EXCEPT AS TO EXCLUDED CLAIMS (DEFINED BELOW) AND SUBJECT TO SUBSECTION (C) BELOW, NEITHER PARTY NOR ITS AFFILIATES SHALL BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OFREVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.
(B) EXCEPT AS TO EXCLUDED CLAIMS AND EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE), SHALL NOT EXCEED THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“GENERAL LIABILITY CAP”).
(C) IN THE CASE OF PROTECTED INFORMATION CLAIMS (DEFINED BELOW), EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) SHALL NOT EXCEED TWO TIMES (2X) THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“EXPANDED LIABILITY CAP”).
(D) THE PARTIES AGREE THAT SECTION 13 WILL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
(E) “EXCLUDED CLAIMS” MEANS (I) WIZ’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER SECTION 14 FOR IP INFRINGEMENT CLAIMS; AND/OR (II) ANY DAMAGES ARISING FROM EITHER PARTY’S GROSS NEGLIGENCE AND/OR WILFUL MISCONDUCT; AND/OR (III) ANY OTHER LIABILITY WHICH CANNOT BE LIMITED BY LAW. “PROTECTED INFORMATION CLAIMS” MEANS ANY DAMAGES ARISING FROM A PARTY’S BREACH OF SECTION 6 (CUSTOMER DATA), SECTION 8 (SECURITY), AND/OR SECTION 11 (CONFIDENTIALITY)
14. Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation or (iv) AI Output .
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
15. Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 16, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
17. Customer Reference. Unless stated otherwise in an Order, Wiz shall not use Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites or public marketing materials without Customer’s prior written consent.
18. Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
19. Insurance. Wiz agrees to maintain no less than the following amounts of insurance during the Term of this Agreement: (a) $2,000,000 USD in commercial general liability (or equivalent), per occurrence and in the aggregate; (b) $5,000,000 USD in technology errors and omissions/professional liability combined with cyber liability insurance, per occurrence and in the aggregate. All insurance policies will be issued by insurance companies with an AM Best Rating of no less than A-VII. Upon receipt of a written request, Wiz will provide Customer with a copy of its certificate of insurance evidencing the foregoing coverage.
Effective March 6th 2025 to April 14th 2025
DownloadTable of Contents
WIZ SUBSCRIPTION AGREEMENT
7. Additional Service Terms.
7.1 Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise.
7.2 Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer including product usage and support metrics, logs and findings, threat intelligence or threat actor data and potentially malicious artifacts scanned or generated by the Services (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services, in each case without derogating from Wiz's confidentiality, data and security obligations hereunder and without identifying Customer or Customer Data to other customers or third parties which are not deemed Authorized Recipients under this Agreement. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized in accordance with applicable laws (“Anonymized Data”).
7.3 Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
7.4 Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
7.5 AI Features. From time to time, Wiz may make available “AskAI” features (or successor name) as described in the Documentation (the “AI Features”). The AI Features provide AI Output in response to AI Input. Customer’s use of such AI Features is optional. If Customer elects to use AI Features, Customer Data will not be used to train or improve third-party foundation models without Customer’s prior written consent. Other customers providing similar AI Input to the Al Features may receive the same or similar AI Output. Customer acknowledges and agrees that Customer is responsible for reviewing and validating AI Output for its needs and technical environment before electing to use AI Output. Customer agrees to comply with any applicable AI Feature restrictions described in the Documentation. “AI Input” means any input provided by Customer or a Permitted User to an AI Feature. “AI Output” means any output generated and returned to Customer or a Permitted User by an AI Feature. NOTWITHSTANDING ANY CONTRARY PROVISION HEREIN, WIZ DOES NOT REPRESENT OR WARRANT THAT THE AI OUTPUT WILL BE ACCURATE, COMPLETE, ERROR-FREE, OR FIT FOR A PARTICULAR PURPOSE.
7.6 Wiz for U.S. Government. If Customer purchases any services or products hosted in a Wiz Moderate for U.S. Government environment (or any other Wiz U.S. Government or Department of Defense environments), the same will be subject to the terms and conditions of the Wiz for U.S. Government Subscription Addendum available at https://legal.wiz.io/legal#gov-subscription-addendum.
7.7 U.S. Government Customers. The Parties agree that the U.S. Government Customer Addendum which is available at https://legal.wiz.io/legal#us-gov, and incorporated herein by this reference, shall apply if Customer is an entity of the United States Federal Government, or a state, local, or public education entity created by the laws of a state of the United States.
8. Security. The Parties shall comply with the Wiz Security Addendum which is available at https://legal.wiz.io/legal#sec-addendum (“Security Addendum”)
All written or oral comments, ideas, suggestions made by Customer to Wiz regarding the Services (including user experience, functionality, and performance of the Services; collectively, “Feedback”) may be freely utilized by Wiz without attribution or compensation of any kind to Customer. Feedback shall not include any Customer Confidential Information, and Wiz shall not disclose the source of any Feedback.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
13. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT:
(A) EXCEPT AS TO EXCLUDED CLAIMS (DEFINED BELOW) AND SUBJECT TO SUBSECTION (C) BELOW, NEITHER PARTY NOR ITS AFFILIATES SHALL BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OFREVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.
(B) EXCEPT AS TO EXCLUDED CLAIMS AND EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE), SHALL NOT EXCEED THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“GENERAL LIABILITY CAP”).
(C) IN THE CASE OF PROTECTED INFORMATION CLAIMS (DEFINED BELOW), EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) SHALL NOT EXCEED TWO TIMES (2X) THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“EXPANDED LIABILITY CAP”).
(D) THE PARTIES AGREE THAT SECTION 13 WILL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
(E) “EXCLUDED CLAIMS” MEANS (I) WIZ’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER SECTION 14 FOR IP INFRINGEMENT CLAIMS; AND/OR (II) ANY DAMAGES ARISING FROM EITHER PARTY’S GROSS NEGLIGENCE AND/OR WILFUL MISCONDUCT; AND/OR (III) ANY OTHER LIABILITY WHICH CANNOT BE LIMITED BY LAW. “PROTECTED INFORMATION CLAIMS” MEANS ANY DAMAGES ARISING FROM A PARTY’S BREACH OF SECTION 6 (CUSTOMER DATA), SECTION 8 (SECURITY), AND/OR SECTION 11 (CONFIDENTIALITY)
14. Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
15. Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 16, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
17. Customer Reference. Unless stated otherwise in an Order, Wiz shall not use Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites or public marketing materials without Customer’s prior written consent.
18. Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
19. Insurance. Wiz agrees to maintain no less than the following amounts of insurance during the Term of this Agreement: (a) $2,000,000 USD in commercial general liability (or equivalent), per occurrence and in the aggregate; (b) $5,000,000 USD in technology errors and omissions/professional liability combined with cyber liability insurance, per occurrence and in the aggregate. All insurance policies will be issued by insurance companies with an AM Best Rating of no less than A-VII. Upon receipt of a written request, Wiz will provide Customer with a copy of its certificate of insurance evidencing the foregoing coverage.
Effective February 23rd 2025 to March 6th 2025
DownloadTable of Contents
WIZ SUBSCRIPTION AGREEMENT
7. Additional Service Terms.
7.1 Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise.
7.2 Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer including product usage and support metrics, logs and findings, threat intelligence or threat actor data and potentially malicious artifacts scanned or generated by the Services (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services, in each case without derogating from Wiz's confidentiality, data and security obligations hereunder and without identifying Customer or Customer Data to other customers or third parties which are not deemed Authorized Recipients under this Agreement. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized in accordance with applicable laws (“Anonymized Data”).
7.3 Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
7.4 Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
7.5 AI Features. From time to time, Wiz may make available “AskAI” features (or successor name) as described in the Documentation (the “AI Features”). The AI Features provide AI Output in response to AI Input. Customer’s use of such AI Features is optional. If Customer elects to use AI Features, Customer Data will not be used to train or improve third-party foundation models without Customer’s prior written consent. Other customers providing similar AI Input to the Al Features may receive the same or similar AI Output. Customer acknowledges and agrees that Customer is responsible for reviewing and validating AI Output for its needs and technical environment before electing to use AI Output. Customer agrees to comply with any applicable AI Feature restrictions described in the Documentation. “AI Input” means any input provided by Customer or a Permitted User to an AI Feature. “AI Output” means any output generated and returned to Customer or a Permitted User by an AI Feature. NOTWITHSTANDING ANY CONTRARY PROVISION HEREIN, WIZ DOES NOT REPRESENT OR WARRANT THAT THE AI OUTPUT WILL BE ACCURATE, COMPLETE, ERROR-FREE, OR FIT FOR A PARTICULAR PURPOSE.
7.6 Wiz for U.S. Government. If Customer purchases any services or products hosted in a Wiz Moderate for U.S. Government environment (or any other Wiz U.S. Government or Department of Defense environments), the same will be subject to the terms and conditions of the Wiz for U.S. Government Subscription Addendum available at https://legal.wiz.io/legal#gov-subscription-addendum.
7.7 U.S. Government Customers. The Parties agree that the U.S. Government Customer Addendum which is available at https://legal.wiz.io/legal#us-gov, and incorporated herein by this reference, shall apply if Customer is an entity of the United States Federal Government, or a state, local, or public education entity created by the laws of a state of the United States.
8. Security. The Parties shall comply with the Wiz Security Addendum which is available at https://legal.wiz.io/legal#sec-addendum (“Security Addendum”)
All written or oral comments, ideas, suggestions made by Customer to Wiz regarding the Services (including user experience, functionality, and performance of the Services; collectively, “Feedback”) may be freely utilized by Wiz without attribution or compensation of any kind to Customer. Feedback shall not include any Customer Confidential Information, and Wiz shall not disclose the source of any Feedback.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
13. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT:
(A) EXCEPT AS TO EXCLUDED CLAIMS (DEFINED BELOW) AND SUBJECT TO SUBSECTION (C) BELOW, NEITHER PARTY NOR ITS AFFILIATES SHALL BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OFREVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.
(B) EXCEPT AS TO EXCLUDED CLAIMS AND EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE), SHALL NOT EXCEED THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“GENERAL LIABILITY CAP”).
(C) IN THE CASE OF PROTECTED INFORMATION CLAIMS (DEFINED BELOW), EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) SHALL NOT EXCEED TWO TIMES (2X) THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“EXPANDED LIABILITY CAP”).
(D) THE PARTIES AGREE THAT SECTION 13 WILL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
(E) “EXCLUDED CLAIMS” MEANS (I) WIZ’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER SECTION 14 FOR IP INFRINGEMENT CLAIMS; AND/OR (II) ANY DAMAGES ARISING FROM EITHER PARTY’S GROSS NEGLIGENCE AND/OR WILFUL MISCONDUCT; AND/OR (III) ANY OTHER LIABILITY WHICH CANNOT BE LIMITED BY LAW. “PROTECTED INFORMATION CLAIMS” MEANS ANY DAMAGES ARISING FROM A PARTY’S BREACH OF SECTION 6 (CUSTOMER DATA), SECTION 8 (SECURITY), AND/OR SECTION 11 (CONFIDENTIALITY)
14. Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
15. Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 16, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
17. Customer Reference. Unless stated otherwise in an Order, Wiz shall not use Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites or public marketing materials without Customer’s prior written consent.
18. Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
19. Insurance. Wiz agrees to maintain no less than the following amounts of insurance during the Term of this Agreement: (a) $2,000,000 USD in commercial general liability (or equivalent), per occurrence and in the aggregate; (b) $5,000,000 USD in technology errors and omissions/professional liability combined with cyber liability insurance, per occurrence and in the aggregate. All insurance policies will be issued by insurance companies with an AM Best Rating of no less than A-VII. Upon receipt of a written request, Wiz will provide Customer with a copy of its certificate of insurance evidencing the foregoing coverage.
Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably with held or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the State of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities' actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective October 22nd 2024 to February 23rd 2025
DownloadTable of Contents
WIZ SUBSCRIPTION AGREEMENT
7. Additional Service Terms.
7.1 Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise.
7.2 Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer including product usage and support metrics, logs and findings, threat intelligence or threat actor data and potentially malicious artifacts scanned or generated by the Services (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services, in each case without derogating from Wiz's confidentiality, data and security obligations hereunder and without identifying Customer or Customer Data to other customers or third parties which are not deemed Authorized Recipients under this Agreement. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized in accordance with applicable laws (“Anonymized Data”).
7.3 Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
7.4 Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
7.5 AI Features. From time to time, Wiz may make available certain functionalities that allow Customer to utilize artificial intelligence, machine learning, or similar technologies through the Platform in connection with the Services’ processing of Customer Data (the “AI Features”). Customer’s use of such AI Features is optional. If Customer elects to use AI Features, Customer Data will not be used to train or improve third-party foundation models without Customer’s prior written consent. Customer or its Permitted Users may provide input, including Customer Data, for use with the AI Features (“AI Input”) and receive output generated and returned by the AI Features based on the AI Input (“AI Output”). Other customers providing similar AI Input to the Al Features may receive the same or similar AI Output. Customer acknowledges and agrees that Customer is responsible for reviewing and validating AI Output for its needs and technical environment before electing to use AI Output. Customer agrees to comply with any applicable AI Feature restrictions described in the Documentation. NOTWITHSTANDING ANY CONTRARY PROVISION HEREIN, WIZ DOES NOT REPRESENT OR WARRANT THAT THE AI OUTPUT WILL BE ACCURATE, COMPLETE, ERROR-FREE, OR FIT FOR A PARTICULAR PURPOSE.
7.6 Wiz for U.S. Government. If Customer purchases any services or products hosted in a Wiz Moderate for U.S. Government environment (or any other Wiz U.S. Government or Department of Defense environments), the same will be subject to the terms and conditions of the Wiz for U.S. Government Subscription Addendum available at https://legal.wiz.io/legal#gov-subscription-addendum.
7.7 U.S. Government Customers. The Parties agree that the U.S. Government Customer Addendum which is available at https://legal.wiz.io/legal#us-gov, and incorporated herein by this reference, shall apply if Customer is an entity of the United States Federal Government, or a state, local, or public education entity created by the laws of a state of the United States.
8. Security. The Parties shall comply with the Wiz Security Addendum which is available at https://legal.wiz.io/legal#sec-addendum (“Security Addendum”)
All written or oral comments, ideas, suggestions made by Customer to Wiz regarding the Services (including user experience, functionality, and performance of the Services; collectively, “Feedback”) may be freely utilized by Wiz without attribution or compensation of any kind to Customer. Feedback shall not include any Customer Confidential Information, and Wiz shall not disclose the source of any Feedback.
12. LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, and/or (b) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON-INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
13. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT:
(A) EXCEPT AS TO EXCLUDED CLAIMS (DEFINED BELOW) AND SUBJECT TO SUBSECTION (C) BELOW, NEITHER PARTY NOR ITS AFFILIATES SHALL BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OFREVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.
(B) EXCEPT AS TO EXCLUDED CLAIMS AND EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE), SHALL NOT EXCEED THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“GENERAL LIABILITY CAP”).
(C) IN THE CASE OF PROTECTED INFORMATION CLAIMS (DEFINED BELOW), EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) SHALL NOT EXCEED TWO TIMES (2X) THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“EXPANDED LIABILITY CAP”).
(D) THE PARTIES AGREE THAT SECTION 13 WILL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
(E) “EXCLUDED CLAIMS” MEANS (I) WIZ’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER SECTION 14 FOR IP INFRINGEMENT CLAIMS; AND/OR (II) ANY DAMAGES ARISING FROM EITHER PARTY’S GROSS NEGLIGENCE AND/OR WILFUL MISCONDUCT; AND/OR (III) ANY OTHER LIABILITY WHICH CANNOT BE LIMITED BY LAW. “PROTECTED INFORMATION CLAIMS” MEANS ANY DAMAGES ARISING FROM A PARTY’S BREACH OF SECTION 6 (CUSTOMER DATA), SECTION 8 (SECURITY), AND/OR SECTION 11 (CONFIDENTIALITY)
14. Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
15. Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 16, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
18. Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
19. Insurance. Wiz agrees to maintain no less than the following amounts of insurance during the Term of this Agreement: (a) $2,000,000 USD in commercial general liability (or equivalent), per occurrence and in the aggregate; (b) $5,000,000 USD in technology errors and omissions/professional liability combined with cyber liability insurance, per occurrence and in the aggregate. All insurance policies will be issued by insurance companies with an AM Best Rating of no less than A-VII. Upon receipt of a written request, Wiz will provide Customer with a copy of its certificate of insurance evidencing the foregoing coverage.
Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably with held or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the State of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities' actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective October 22nd 2024 to October 22nd 2024
DownloadTable of Contents
WIZ SUBSCRIPTION AGREEMENT
7. Additional Service Terms.
7.1 Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise.
7.2 Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer including product usage and support metrics, logs and findings, threat intelligence or threat actor data and potentially malicious artifacts scanned or generated by the Services (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services, in each case without derogating from Wiz's confidentiality, data and security obligations hereunder and without identifying Customer or Customer Data to other customers or third parties which are not deemed Authorized Recipients under this Agreement. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized in accordance with applicable laws (“Anonymized Data”).
7.3 Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
7.4 Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
7.5 AI Features. From time to time, Wiz may make available certain functionalities that allow Customer to utilize artificial intelligence, machine learning, or similar technologies through the Platform in connection with the Services’ processing of Customer Data (the “AI Features”). Customer’s use of such AI Features is optional. If Customer elects to use AI Features, Customer Data will not be used to train or improve third-party foundation models without Customer’s prior written consent. Customer or its Permitted Users may provide input, including Customer Data, for use with the AI Features (“AI Input”) and receive output generated and returned by the AI Features based on the AI Input (“AI Output”). Other customers providing similar AI Input to the Al Features may receive the same or similar AI Output. Customer acknowledges and agrees that Customer is responsible for reviewing and validating AI Output for its needs and technical environment before electing to use AI Output. Customer agrees to comply with any applicable AI Feature restrictions described in the Documentation. NOTWITHSTANDING ANY CONTRARY PROVISION HEREIN, WIZ DOES NOT REPRESENT OR WARRANT THAT THE AI OUTPUT WILL BE ACCURATE, COMPLETE, ERROR-FREE, OR FIT FOR A PARTICULAR PURPOSE.
7.6 Wiz for U.S. Government. If Customer purchases any services or products hosted in a Wiz Moderate for U.S. Government environment (or any other Wiz U.S. Government or Department of Defense environments), the same will be subject to the terms and conditions of the Wiz for U.S. Government Subscription Addendum available at https://legal.wiz.io/legal#gov-subscription-addendum.
7.7 U.S. Government Customers. The Parties agree that the U.S. Government Addendum which is available at https://legal.wiz.io/legal#us-gov, and incorporated herein by this reference, shall apply if Customer is an entity of the United States Federal Government, or a state, local, or public education entity created by the laws of a state of the United States.
8. Security. The Parties shall comply with the Wiz Security Addendum which is available at https://legal.wiz.io/legal#sec-addendum (“Security Addendum”)
All written or oral comments, ideas, suggestions made by Customer to Wiz regarding the Services (including user experience, functionality, and performance of the Services; collectively, “Feedback”) may be freely utilized by Wiz without attribution or compensation of any kind to Customer. Feedback shall not include any Customer Confidential Information, and Wiz shall not disclose the source of any Feedback.
12. LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, and/or (b) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON-INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
13. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT:
(A) EXCEPT AS TO EXCLUDED CLAIMS (DEFINED BELOW) AND SUBJECT TO SUBSECTION (C) BELOW, NEITHER PARTY NOR ITS AFFILIATES SHALL BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OFREVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.
(B) EXCEPT AS TO EXCLUDED CLAIMS AND EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE), SHALL NOT EXCEED THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“GENERAL LIABILITY CAP”).
(C) IN THE CASE OF PROTECTED INFORMATION CLAIMS (DEFINED BELOW), EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) SHALL NOT EXCEED TWO TIMES (2X) THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“EXPANDED LIABILITY CAP”).
(D) THE PARTIES AGREE THAT SECTION 13 WILL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
(E) “EXCLUDED CLAIMS” MEANS (I) WIZ’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER SECTION 14 FOR IP INFRINGEMENT CLAIMS; AND/OR (II) ANY DAMAGES ARISING FROM EITHER PARTY’S GROSS NEGLIGENCE AND/OR WILFUL MISCONDUCT; AND/OR (III) ANY OTHER LIABILITY WHICH CANNOT BE LIMITED BY LAW. “PROTECTED INFORMATION CLAIMS” MEANS ANY DAMAGES ARISING FROM A PARTY’S BREACH OF SECTION 6 (CUSTOMER DATA), SECTION 8 (SECURITY), AND/OR SECTION 11 (CONFIDENTIALITY)
14. Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
15. Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 16, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
18. Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
19. Insurance. Wiz agrees to maintain no less than the following amounts of insurance during the Term of this Agreement: (a) $2,000,000 USD in commercial general liability (or equivalent), per occurrence and in the aggregate; (b) $5,000,000 USD in technology errors and omissions/professional liability combined with cyber liability insurance, per occurrence and in the aggregate. All insurance policies will be issued by insurance companies with an AM Best Rating of no less than A-VII. Upon receipt of a written request, Wiz will provide Customer with a copy of its certificate of insurance evidencing the foregoing coverage.
Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably with held or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the State of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities' actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective October 21st 2024 to October 22nd 2024
DownloadTable of Contents
WIZ SUBSCRIPTION AGREEMENT
7. Additional Service Terms.
7.1 Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise.
7.2 Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer including product usage and support metrics, logs and findings, threat intelligence or threat actor data and potentially malicious artifacts scanned or generated by the Services (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services, in each case without derogating from Wiz's confidentiality, data and security obligations hereunder and without identifying Customer or Customer Data to other customers or third parties which are not deemed Authorized Recipients under this Agreement. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized in accordance with applicable laws (“Anonymized Data”).
7.3 Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
7.4 Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
7.5 AI Features. From time to time, Wiz may make available certain functionalities that allow Customer to utilize artificial intelligence, machine learning, or similar technologies through the Platform in connection with the Services’ processing of Customer Data (the “AI Features”). Customer’s use of such AI Features is optional. If Customer elects to use AI Features, Customer Data will not be used to train or improve third-party foundation models without Customer’s prior written consent. Customer or its Permitted Users may provide input, including Customer Data, for use with the AI Features (“AI Input”) and receive output generated and returned by the AI Features based on the AI Input (“AI Output”). Other customers providing similar AI Input to the Al Features may receive the same or similar AI Output. Customer acknowledges and agrees that Customer is responsible for reviewing and validating AI Output for its needs and technical environment before electing to use AI Output. Customer agrees to comply with any applicable AI Feature restrictions described in the Documentation. NOTWITHSTANDING ANY CONTRARY PROVISION HEREIN, WIZ DOES NOT REPRESENT OR WARRANT THAT THE AI OUTPUT WILL BE ACCURATE, COMPLETE, ERROR-FREE, OR FIT FOR A PARTICULAR PURPOSE.
7.6 Wiz for U.S. Government. If Customer purchases any services or products hosted in a Wiz Moderate for U.S. Government environment (or any other Wiz U.S. Government or Department of Defense environments), the same will be subject to the terms and conditions of the Wiz for U.S. Government Subscription Addendum available at https://legal.wiz.io/legal#gov-product-addendum.
8. Security. The Parties shall comply with the Wiz Security Addendum which is available at https://legal.wiz.io/legal#sec-addendum (“Security Addendum”)
All written or oral comments, ideas, suggestions made by Customer to Wiz regarding the Services (including user experience, functionality, and performance of the Services; collectively, “Feedback”) may be freely utilized by Wiz without attribution or compensation of any kind to Customer. Feedback shall not include any Customer Confidential Information, and Wiz shall not disclose the source of any Feedback.
12. LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, and/or (b) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON-INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
13. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT:
(A) EXCEPT AS TO EXCLUDED CLAIMS (DEFINED BELOW) AND SUBJECT TO SUBSECTION (C) BELOW, NEITHER PARTY NOR ITS AFFILIATES SHALL BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OFREVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.
(B) EXCEPT AS TO EXCLUDED CLAIMS AND EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE), SHALL NOT EXCEED THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“GENERAL LIABILITY CAP”).
(C) IN THE CASE OF PROTECTED INFORMATION CLAIMS (DEFINED BELOW), EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) SHALL NOT EXCEED TWO TIMES (2X) THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“EXPANDED LIABILITY CAP”).
(D) THE PARTIES AGREE THAT SECTION 13 WILL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
(E) “EXCLUDED CLAIMS” MEANS (I) WIZ’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER SECTION 14 FOR IP INFRINGEMENT CLAIMS; AND/OR (II) ANY DAMAGES ARISING FROM EITHER PARTY’S GROSS NEGLIGENCE AND/OR WILFUL MISCONDUCT; AND/OR (III) ANY OTHER LIABILITY WHICH CANNOT BE LIMITED BY LAW. “PROTECTED INFORMATION CLAIMS” MEANS ANY DAMAGES ARISING FROM A PARTY’S BREACH OF SECTION 6 (CUSTOMER DATA), SECTION 8 (SECURITY), AND/OR SECTION 11 (CONFIDENTIALITY)
14. Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
15. Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 16, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
18. Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
19. Insurance. Wiz agrees to maintain no less than the following amounts of insurance during the Term of this Agreement: (a) $2,000,000 USD in commercial general liability (or equivalent), per occurrence and in the aggregate; (b) $5,000,000 USD in technology errors and omissions/professional liability combined with cyber liability insurance, per occurrence and in the aggregate. All insurance policies will be issued by insurance companies with an AM Best Rating of no less than A-VII. Upon receipt of a written request, Wiz will provide Customer with a copy of its certificate of insurance evidencing the foregoing coverage.
Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably with held or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the State of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities' actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective August 27th 2024 to October 21st 2024
DownloadTable of Contents
WIZ SUBSCRIPTION AGREEMENT
3. Fees. The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order(“Fees”)and Wiz reserves the right, following at least thirty (30) days’ prior written notice to Customer, to suspend Customer’s access to the Services for non or late payment of any amounts not subject to a good faith dispute. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%)per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Direct Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties (“Taxes”). If Customer has purchased a subscription pursuant to the terms hereof from a Partner, all Taxes to be applied to the Fees shall be as agreed between Customer and the Partner. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
4. Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
6. Customer Data.
7.1 Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise.
7.2 Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer including product usage and support metrics, logs and findings, threat intelligence or threat actor data and potentially malicious artifacts scanned or generated by the Services (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services, in each case without derogating from Wiz's confidentiality, data and security obligations hereunder and without identifying Customer or Customer Data to other customers or third parties which are not deemed Authorized Recipients under this Agreement. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized in accordance with applicable laws (“Anonymized Data”).
7.3 Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
7.4 Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
7.5 AI Features. From time to time, Wiz may make available certain functionalities that allow Customer to utilize artificial intelligence, machine learning, or similar technologies through the Platform in connection with the Services’ processing of Customer Data (the “AI Features”). Customer’s use of such AI Features is optional. If Customer elects to use AI Features, Customer Data will not be used to train or improve third-party foundation models without Customer’s prior written consent. Customer or its Permitted Users may provide input, including Customer Data, for use with the AI Features (“AI Input”) and receive output generated and returned by the AI Features based on the AI Input (“AI Output”). Other customers providing similar AI Input to the Al Features may receive the same or similar AI Output. Customer acknowledges and agrees that Customer is responsible for reviewing and validating AI Output for its needs and technical environment before electing to use AI Output. Customer agrees to comply with any applicable AI Feature restrictions described in the Documentation. NOTWITHSTANDING ANY CONTRARY PROVISION HEREIN, WIZ DOES NOT REPRESENT OR WARRANT THAT THE AI OUTPUT WILL BE ACCURATE, COMPLETE, ERROR-FREE, OR FIT FOR A PARTICULAR PURPOSE.
All written or oral comments, ideas, suggestions made by Customer to Wiz regarding the Services (including user experience, functionality, and performance of the Services; collectively, “Feedback”) may be freely utilized by Wiz without attribution or compensation of any kind to Customer. Feedback shall not include any Customer Confidential Information, and Wiz shall not disclose the source of any Feedback.
12. LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, and/or (b) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON-INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
13. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT:
(A) EXCEPT AS TO EXCLUDED CLAIMS (DEFINED BELOW) AND SUBJECT TO SUBSECTION (C) BELOW, NEITHER PARTY NOR ITS AFFILIATES SHALL BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OFREVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.
(B) EXCEPT AS TO EXCLUDED CLAIMS AND EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE), SHALL NOT EXCEED THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“GENERAL LIABILITY CAP”).
(C) IN THE CASE OF PROTECTED INFORMATION CLAIMS (DEFINED BELOW), EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) SHALL NOT EXCEED TWO TIMES (2X) THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“EXPANDED LIABILITY CAP”).
(D) THE PARTIES AGREE THAT SECTION 13 WILL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
(E) “EXCLUDED CLAIMS” MEANS (I) WIZ’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER SECTION 14 FOR IP INFRINGEMENT CLAIMS; AND/OR (II) ANY DAMAGES ARISING FROM EITHER PARTY’S GROSS NEGLIGENCE AND/OR WILFUL MISCONDUCT; AND/OR (III) ANY OTHER LIABILITY WHICH CANNOT BE LIMITED BY LAW. “PROTECTED INFORMATION CLAIMS” MEANS ANY DAMAGES ARISING FROM A PARTY’S BREACH OF SECTION 6 (CUSTOMER DATA), SECTION 8 (SECURITY), AND/OR SECTION 11 (CONFIDENTIALITY).
14. Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
15. Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 16, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
16. Termination. Either Party may terminate an Order and/or this Agreement for cause with immediate effect if (a) the other Party breaches any material term or condition of an Order and/or this Agreement, and (b) such breach remains uncured thirty (30) days after the breaching Party receives written notice thereof. Upon termination or expiration of this Agreement and/or an Order: (i) all rights granted to Customer in the Platform shall expire, and Customer shall discontinue any further use and access thereof including deinstalling any Wiz provided software; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; (iii) Wiz shall make available any Customer Data in Wiz’s possession available for Customer to download via the Platform for up to 90 days; and (iv)in the event of termination by Customer for cause, Customer shall receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. Thereafter, Wiz shall delete such Customer Data, provided that Wiz may retain Customer Data (a) stored in backups for a limited period of time in accordance with its industry standard customer deletion and backup policy or (b) as otherwise required by applicable law, and in either case, any Customer Data so retained shall remain subject to the confidentiality, privacy and security obligations in this Agreement. Section 5 (Prohibited Uses), Section 6 (Customer Data), Section 7 (Additional Service Terms). Section 8 (Security), Section 10 (Intellectual Property), Section 11 (Confidentiality), Section 12 (Limited Warranties), Section 13 (Limitation of Liability), Section 16 (Termination), Section 20 (Contracting Entity) and Section 21 (Miscellaneous) shall survive termination or expiration of this Agreement for any reason.
17. Customer Reference. Unless stated otherwise in an Order, Wiz shall not use Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites or public marketing materials without Customer’s prior written consent.
18. Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
19. Insurance. Wiz agrees to maintain no less than the following amounts of insurance during the Term of this Agreement: (a) $2,000,000 USD in commercial general liability (or equivalent), per occurrence and in the aggregate; (b) $5,000,000 USD in technology errors and omissions/professional liability combined with cyber liability insurance, per occurrence and in the aggregate. All insurance policies will be issued by insurance companies with an AM Best Rating of no less than A-VII. Upon receipt of a written request, Wiz will provide Customer with a copy of its certificate of insurance evidencing the foregoing coverage.
20. Contracting Entity. For the purposes of this Agreement “Wiz” means Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 52nd Floor, New York, NY 10001 or its Affiliates, as applicable. For clarity, unless a Direct Order specifies otherwise, the Wiz entity contracting with Customer hereunder will be (i) Wiz, Inc., if Customer is located outside of the UK or Europe or is purchasing via a cloud service provider marketplace; or (ii) Wiz Cloud Limited, a private limited company under the laws of England and Wales, if Customer is located in the UK or Europe and not purchasing via a cloud service provider.
`Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably with held or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the State of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities' actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Effective August 27th 2024 to August 27th 2024
DownloadTable of Contents
WIZ SUBSCRIPTION AGREEMENT
3. Fees. The Services are conditioned on Customer’s payment of the applicable fees as set forth in each Order(“Fees”)and Wiz reserves the right, following at least thirty (30) days’ prior written notice to Customer, to suspend Customer’s access to the Services for non or late payment of any amounts not subject to a good faith dispute. Except as set forth in this Agreement or a Direct Order, all Fees and other amounts paid pursuant to this Agreement and an Order are non-refundable and without right of set off. Unless otherwise specified in an Order: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency, (ii) Fees for the entire Subscription Term set out in the applicable Order are due at the commencement of such Subscription Term and payable as described in the Order; (iii) all Fees are due and payable within thirty (30) days of the date of Wiz’s invoice; (iv) any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (a) the rate of one and a half percent (1.5%)per month; or (b) the highest amount permitted by applicable law; and (v) all amounts payable under each Direct Order are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties (“Taxes”). If Customer has purchased a subscription pursuant to the terms hereof from a Partner, all Taxes to be applied to the Fees shall be as agreed between Customer and the Partner. Customer shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services; provided that Wiz will be responsible for any taxes imposed on Wiz’s income, assets and/or workforce.
4. Permitted Users. The Platform may be accessed solely by Customer or its Affiliates' employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will (i) ensure that Permitted Users comply with the terms of this Agreement at all times, (ii) maintain the confidentiality and security of their Wiz account credentials, and (iii) be fully responsible for any acts or omissions by a Permitted User. Customer must promptly notify Wiz upon becoming aware of any unauthorized access to or use of the Platform.
6. Customer Data.
7.1 Evaluations. If Customer is using the Services for a free trial, proof of concept, evaluation, one-time assessment, or other similar purpose (“Evaluation”), such Evaluation is granted for a limited period of twenty-one (21) days, (or in the case of Wiz’s One-time free assessment for up to seven (7) days), unless Wiz agrees to an extension and in each case solely for the purpose of evaluating and testing the Services to determine whether to purchase a subscription for Customer’s internal use. Wiz may terminate Customer’s access to and use of any Evaluation at any time. Evaluations are provided “as is” without guaranteed support levels, indemnification, or warranty of any kind, whether express, implied, statutory, or otherwise.
7.2 Account Data and Anonymized Data. Customer acknowledges and agrees that Wiz may collect and process information regarding the configuration, performance, security, access to and use of the Services by Customer including product usage and support metrics, logs and findings, threat intelligence or threat actor data and potentially malicious artifacts scanned or generated by the Services (“Account Data”) for its internal business purposes including to develop, improve, support, secure and operate the Services, in each case without derogating from Wiz's confidentiality, data and security obligations hereunder and without identifying Customer or Customer Data to other customers or third parties which are not deemed Authorized Recipients under this Agreement. Notwithstanding the foregoing, nothing in this Agreement shall restrict Wiz’s use of Account Data that has been anonymized in accordance with applicable laws (“Anonymized Data”).
7.3 Wiz Preview Features. From time to time, Wiz may make beta, pilot, or early access features, services or functionality available to Customer on a beta-testing basis (“Wiz Preview Feature(s)”) to try at no charge. Wiz makes no representations or warranties of any kind, whether express, implied, statutory, or otherwise regarding Wiz Preview Features, and Wiz shall have no liability of any kind arising out of or in connection with Wiz Preview Features. The SLA does not apply to Wiz Preview Features. Customer may choose to try Wiz Preview Features in its sole discretion, and Wiz, in its sole discretion, may (a) discontinue Wiz Preview Features at any time, and/or (b) elect not to make Wiz Preview Features generally available.
7.4 Customer Integrations. The Services may provide Customer with the ability to integrate certain functionalities of the Platform with applications or services separately provided to Customer by third parties (“Third Party Services”) via API integrations (“Third Party Integrations”); examples include ticketing and messaging applications, SIEM or SOAR tools, and security data management tools). Customer’s use of such Third Party Integrations is optional and Customer shall be required to take the steps set forth in the Documentation to enable a Third Party Integration. Customer acknowledges and agrees that: (a) the use of Third Party Services are subject to the terms and conditions agreed between Customer and each such Third Party Service provider; (b) Customer may be required to grant Wiz access to its Third Party Service account and/or to grant the Third Party Service provider access to its Wiz account; and (c) Customer Data may be transferred between Wiz and the Third Party Service provider as required and authorized by Customer for the interoperation with the Services. Since Wiz does not provide such third party applications or services, Wiz cannot guarantee the continued availability of such Third Party Integration and may cease supporting them at any time, including if the relevant third party ceases to make its application or service available for integration with the Services or changes the way it does so in a way that is not reasonably acceptable to Wiz. To the maximum extent permitted by law but without derogating from Wiz’s obligations under this Agreement, Wiz shall not bear and expressly disclaims all responsibility or liability of any kind relating to such Third Party Integrations, including, without limitation, for any disclosure of, access to or other processing of Customer Data by Third Party Service providers.
7.5 AI Features. From time to time, Wiz may make available certain functionalities that allow Customer to utilize artificial intelligence, machine learning, or similar technologies through the Platform in connection with the Services’ processing of Customer Data (the “AI Features”). Customer’s use of such AI Features is optional. If Customer elects to use AI Features, Customer Data will not be used to train or improve third-party foundation models without Customer’s prior written consent. Customer or its Permitted Users may provide input, including Customer Data, for use with the AI Features (“AI Input”) and receive output generated and returned by the AI Features based on the AI Input (“AI Output”). Other customers providing similar AI Input to the Al Features may receive the same or similar AI Output. Customer acknowledges and agrees that Customer is responsible for reviewing and validating AI Output for its needs and technical environment before electing to use AI Output. Customer agrees to comply with any applicable AI Feature restrictions described in the Documentation. NOTWITHSTANDING ANY CONTRARY PROVISION HEREIN, WIZ DOES NOT REPRESENT OR WARRANT THAT THE AI OUTPUT WILL BE ACCURATE, COMPLETE, ERROR-FREE, OR FIT FOR A PARTICULAR PURPOSE.
All written or oral comments, ideas, suggestions made by Customer to Wiz regarding the Services (including user experience, functionality, and performance of the Services; collectively, “Feedback”) may be freely utilized by Wiz without attribution or compensation of any kind to Customer. Feedback shall not include any Customer Confidential Information, and Wiz shall not disclose the source of any Feedback.
12. LIMITED WARRANTIES. Wiz represents and warrants that the Platform shall substantially perform in conformance with its Documentation. As the Customer's sole and exclusive remedy and Wiz's sole liability for breach of this warranty, Wiz shall use commercially reasonable efforts to repair the Platform and, if Wiz cannot do so within a reasonable time, not to exceed 30 days, Customer may terminate this Agreement and receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to Customer or its Permitted User’s acts or omissions in violation of this Agreement. Wiz shall not be liable for any inaccuracy in the Service's output and/or delay and/or unavailability of the Services, caused due to (a) failure of Customer's Internet access or any public telecommunications network, or shortage of adequate power, and/or (b) maintenance within the Customer's systems affecting the operation of the Platform. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND ANY OUTPUT RESULTED FROM THE USE OF THE PLATFORM ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WIZ DOES NOT WARRANT THAT: (i) THE SERVICES WILL MEET CUSTOMER'S REQUIREMENTS, OR (ii) THE SERVICES WILL OPERATE ERROR-FREE. EXCEPT AS SET FORTH IN THIS AGREEMENT, WIZ EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON-INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.
WIZ SHALL NOT BE RESPONSIBLE FOR ANY WARRANTIES AND REPRESENTATIONS MADE BY ANY PARTNER TO CUSTOMER, AND SUCH WARRANTIES AND REPRESENTATIONS ARE THE SOLE RESPONSIBILITY OF SUCH PARTNER.
13. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT:
(A) EXCEPT AS TO EXCLUDED CLAIMS (DEFINED BELOW) AND SUBJECT TO SUBSECTION (C) BELOW, NEITHER PARTY NOR ITS AFFILIATES SHALL BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OFREVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.
(B) EXCEPT AS TO EXCLUDED CLAIMS AND EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE), SHALL NOT EXCEED THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“GENERAL LIABILITY CAP”).
(C) IN THE CASE OF PROTECTED INFORMATION CLAIMS (DEFINED BELOW), EACH PARTY’S AND ITS AFFILIATES’ MAXIMUM LIABILITY TO THE OTHER PARTY AND ITS AFFILIATES FOR ALL CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) SHALL NOT EXCEED TWO TIMES (2X) THE TOTAL FEES ATTRIBUTABLE UNDER THE APPLICABLE ORDER TO THE TWELVE MONTH PERIOD OF THE CURRENT SUBSCRIPTION YEAR IN WHICH THE EVENT GIVING RISE TO SUCH CLAIM OCCURS (“EXPANDED LIABILITY CAP”).
(D) THE PARTIES AGREE THAT SECTION 13 WILL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
(E) “EXCLUDED CLAIMS” MEANS (I) WIZ’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER SECTION 14 FOR IP INFRINGEMENT CLAIMS; AND/OR (II) ANY DAMAGES ARISING FROM EITHER PARTY’S GROSS NEGLIGENCE AND/OR WILFUL MISCONDUCT; AND/OR (III) ANY OTHER LIABILITY WHICH CANNOT BE LIMITED BY LAW. “PROTECTED INFORMATION CLAIMS” MEANS ANY DAMAGES ARISING FROM A PARTY’S BREACH OF SECTION 6 (CUSTOMER DATA), SECTION 8 (SECURITY), AND/OR SECTION 11 (CONFIDENTIALITY).
14. Indemnification. Wiz agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement and each respective Order or Partner Order (as the case may be), infringes intellectual property rights of a third party (“IP Infringement Claim”); and Wiz will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, or that are otherwise agreed in a settlement with the prior written consent of Wiz, provided that (i) the Customer promptly notifies Wiz in writing of such claim; (ii) the Customer grants Wiz the sole authority to handle the defense or settlement of any such claim and provides Wiz with all reasonable information and assistance, at Wiz’s expense; and (iii) the Customer refrains from admitting any liability or otherwise compromising the defense in whole or in part, without the express prior written consent of Wiz. Wiz will not enter into any settlement that imposes any legal liability or financial obligation on Customer without Customer’s prior written consent.
If the Platform becomes, or in Wiz’s opinion is likely to become, the subject of an IP Infringement Claim, then Wiz may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Wiz’s reasonable efforts, then Wiz or Customer may terminate all affected Orders and Wiz shall provide a pro-rata refund for any amount pre-paid by Customer for the remaining unused period of the Term.
Notwithstanding the foregoing, Wiz shall have no responsibility for IP Infringement Claims to the extent resulting from or based on: (i) modifications to the Platform made by a party other than Wiz; (ii) the Customer’s failure to implement software updates provided by Wiz specifically to avoid infringement; or (iii) combination or use of the Platform with software not supplied by Wiz or not in accordance with the Documentation.
This Section states Wiz’s entire liability, and Customer’s exclusive remedy, for claims or alleged or actual infringement.
15. Term. This Agreement shall enter into force and effect on the Effective Date and, unless earlier terminated in accordance with Section 16, shall remain in full force and effect until all Orders expire or are terminated (the “Term”).
16. Termination. Either Party may terminate an Order and/or this Agreement for cause with immediate effect if (a) the other Party breaches any material term or condition of an Order and/or this Agreement, and (b) such breach remains uncured thirty (30) days after the breaching Party receives written notice thereof. Upon termination or expiration of this Agreement and/or an Order: (i) all rights granted to Customer in the Platform shall expire, and Customer shall discontinue any further use and access thereof including deinstalling any Wiz provided software; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; (iii) Wiz shall make available any Customer Data in Wiz’s possession available for Customer to download via the Platform for up to 90 days; and (iv)in the event of termination by Customer for cause, Customer shall receive a pro-rata refund of any amounts pre-paid by Customer for the remaining unused period of the Term. Thereafter, Wiz shall delete such Customer Data, provided that Wiz may retain Customer Data (a) stored in backups for a limited period of time in accordance with its industry standard customer deletion and backup policy or (b) as otherwise required by applicable law, and in either case, any Customer Data so retained shall remain subject to the confidentiality, privacy and security obligations in this Agreement. Section 5 (Prohibited Uses), Section 6 (Customer Data), Section 7 (Additional Service Terms). Section 8 (Security), Section 10 (Intellectual Property), Section 11 (Confidentiality), Section 12 (Limited Warranties), Section 13 (Limitation of Liability), Section 16 (Termination), Section 20 (Contracting Entity) and Section 21 (Miscellaneous) shall survive termination or expiration of this Agreement for any reason.
17. Customer Reference. Unless stated otherwise in an Order, Wiz shall not use Customer’s name to identify Customer as a customer of Wiz on Wiz’s websites or public marketing materials without Customer’s prior written consent.
18. Export Compliance. The Services may be subject to export laws and regulations of the United States and other jurisdictions. Wiz and Customer each represents that it is not on any U.S. government denied-party list. Customer will not permit any Permitted User to access or use any Service in a U.S. embargoed country or region (currently the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, Sudan or Syria) or as may be updated from time to time, or in violation of any U.S. export law or regulation.
19. Insurance. Wiz agrees to maintain no less than the following amounts of insurance during the Term of this Agreement: (a) $2,000,000 USD in commercial general liability (or equivalent), per occurrence and in the aggregate; (b) $5,000,000 USD in technology errors and omissions/professional liability combined with cyber liability insurance, per occurrence and in the aggregate. All insurance policies will be issued by insurance companies with an AM Best Rating of no less than A-VII. Upon receipt of a written request, Wiz will provide Customer with a copy of its certificate of insurance evidencing the foregoing coverage.
20. Contracting Entity. For the purposes of this Agreement “Wiz” means Wiz Inc., a company incorporated under the laws of the State of Delaware, having its principal place of business at One Manhattan West, 52nd Floor, New York, NY 10001 or its Affiliates, as applicable. For clarity, unless a Direct Order specifies otherwise, the Wiz entity contracting with Customer hereunder will be (i) Wiz, Inc., if Customer is located outside of the UK or Europe or is purchasing via a cloud service provider marketplace; or (ii) Wiz Cloud Limited, a private limited company under the laws of England and Wales, if Customer is located in the UK or Europe and not purchasing via a cloud service provider.
`Without limiting the generality of the foregoing, this Agreement supersedes any terms or conditions (whether printed, hyperlinked, or otherwise) in any Customer's purchase order or other standardized business forms, which purport to supersede, modify or supplement this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably with held or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party to its Affiliate or in connection with a merger, consolidation, sale of all of the equity interests of the Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns. This Agreement shall be governed by and construed under the laws of the State of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York City, New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party will be liable for any delay or failure to perform its obligations hereunder resulting from circumstances or causes beyond its reasonable control including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities' actions, acts of terrorism, earthquakes, or power outages. From time to time, Wiz may modify this Agreement. Unless otherwise specified by Wiz, changes become effective for Customer upon renewal of the then-current Subscription Term or upon the effective date of a new Order after the updated version of this Agreement goes into effect. Wiz will use reasonable efforts to notify Customer of the changes through communications via Customer’s Account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or upon the effective date of a new Order, and in any event continued use of any Wiz Services after the updated version of this Agreement goes into effect will constitute Customer’s acceptance of such updated version.
Preview Terms
Effective August 27th 2024
DownloadTable of Contents
Wiz Preview Terms
These Wiz Preview Terms (the “Preview Terms”) apply to and govern the use of any Wiz Preview Features made available by Wiz and shall apply automatically from the first use of a Wiz Preview Feature (the “Effective Date”).
The Wiz Subscription Agreement or other similar agreement relating to Wiz services (“WSA”) entered into between Wiz Inc. (“Wiz”) and the counterparty identified in the WSA (“Customer”) is incorporated by reference and will control for any provisions not specifically addressed in these Preview Terms. The WSA shall remain in full force and effect, however, in the event of any conflict between these Preview Terms and the WSA, these Preview Terms will prevail in relation to Wiz Preview Features.
- License. From time to time, upon Customer or its Permitted Users’ request, Wiz may, in its sole discretion, make available to Customer or its Permitted Users, one or more proprietary, non-commercially available, hosted software applications, application platform interfaces, services, products, features and/or functionalities on a beta testing basis (“Wiz Preview Feature(s)”) to try at no charge. To the extent Wiz does so, Wiz grants Customer a limited, non-exclusive, non-sublicensable, non-transferable and revocable right to access and use the Wiz Preview Feature(s) solely to test their functionality and provide Feedback to Wiz in accordance with these Preview Terms. For the avoidance of doubt, Wiz’s SLA shall not apply to any Wiz Preview Feature(s).
- Fees. Wiz reserves the right to start charging fees for Wiz Preview Feature(s) at any time, including if the Wiz Preview Feature(s) are made widely available. Wiz shall provide Customer with advance notice of any commencement of fees.
- Scope. Wiz has the right, in its sole discretion, to determine what, if any, Wiz Preview Feature(s) will be made available to Customer and to suspend or revoke access to any one or more of the Wiz Preview Feature(s) for any reason or no reason at any time. Wiz has no obligation to make any Wiz Preview Feature widely available.
- Prohibited Use. All Customer restrictions, obligations and/or prohibited uses in the WSA shall apply equally to Customer’s use of Wiz Preview Features. Customer may not modify, distribute, prepare derivative works of, reverse engineer, reverse assemble, disassemble, decompile or otherwise attempt to decipher any code in connection with the Wiz Preview Feature(s), except as expressly permitted in writing by Wiz.
- Feedback and Customer Reference. Customer agrees to provide feedback, suggestions, enhancement requests, and recommendations to Wiz (“Feedback”) regarding the Wiz Preview Feature(s) and a public customer quote, which, subject to Customer’s prior review and written approval, Wiz will have the right to publish on its website/blog and marketing materials. All Feedback and intellectual property rights therein shall be solely owned by Wiz, and Wiz will have the right, without restriction or fee, to use, modify and incorporate such Feedback into the Wiz Preview Feature(s) and other Wiz products or services.
- Intellectual Property. All right, title, and interest, including any intellectual property rights evidenced by or embodied in, attached, connected, and/or related to the Wiz Preview Features (and any and all improvements enhancements, corrections, modifications, alterations, revisions, extensions and updates and derivative works thereof) and any other products, deliverables or services provided by Wiz; are and shall remain owned solely by Wiz. These Preview Terms do not convey any interest in or to the Wiz Preview Features to Customer other than a limited right of use in accordance with these Preview Terms. Nothing herein constitutes a waiver of Wiz’s intellectual property rights under any law and Wiz reserves all rights not expressly granted herein to the Wiz Preview Features.
- Term and Termination. These Preview Terms shall commence on the Effective Date and shall remain in effect for as long as Customer uses the Wiz Preview Feature(s) (the “Term”). Either party may terminate these Preview Terms at any time by providing written notice to the other party. Upon termination or expiration of these Preview Terms, Customer’s limited rights to use the Wiz Preview Features will automatically expire and Customer shall discontinue any further use and access thereof. Sections 2 - 12 shall survive termination or expiry of these Preview Terms.
- Confidential Information. Customer acknowledges and agrees that the Wiz Preview Features (including their existence and functionality) and any other know how, trade secrets, computer programs, source code, flowcharts, diagrams, manuals, schematics, development tools, specifications, design documents, marketing information, financial information, business plans or reports learnt or made available to Customer as part of the Wiz Preview Program is Wiz’s Confidential Information and shall be subject to the confidentiality obligations agreed between the parties in the WSA.
- Third Party Integrations. If applicable, one or more Wiz Preview Features may integrate with third party services. You hereby consent to the sharing of the information in the Wiz Preview Features with these third party services and certify that it has any and all required consents for doing so. You acknowledge and agree that Wiz has no and expressly disclaims all liability for any such third party services.
- Disclaimer of Warranties. Limitation of Liability. THE WIZ PREVIEW FEATURE(S) ARE PROVIDED “AS IS” AND “AS AVAILABLE”. WIZ MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING THE WIZ PREVIEW FEATURE(S), INCLUDING ANY REPRESENTATION THAT THE SERVICES THEREUNDER WILL BE UNINTERRUPTED OR ERROR-FREE. TO THE FULLEST EXTENT PERMITTED UNDER APPLICABLE LAW, WIZ DISCLAIMS ANY IMPLIED OR STATUTORY WARRANTY, INCLUDING ANY IMPLIED WARRANTY OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE IN RESPECT OF THE WIZ PREVIEW FEATURE(S). FOR THE AVOIDANCE OF DOUBT, ALL WIZ PREVIEW FEATURE(S) ARE PRE-RELEASE, ARE EXPECTED TO CONTAIN DEFECTS WHICH MAY BE MATERIAL, AND ARE NOT EXPECTED TO OPERATE AT THE LEVEL OF PERFORMANCE OR COMPATIBILITY OF A FINAL, GENERALLY AVAILABLE PRODUCT OFFERING. WIZ PREVIEW FEATURE(S) MAY NOT OPERATE ACCURATELY AND MAY BE SUBSTANTIALLY MODIFIED PRIOR TO PUBLIC AVAILABILITY OR WITHDRAWN AT ANY TIME. ACCORDINGLY, ACCESS TO AND USE OF THE WIZ PREVIEW FEATURE(S) IS ENTIRELY AT CUSTOMER’S OWN RISK. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN NO EVENT SHALL WIZ BE LIABLE FOR ANY DAMAGE WHATSOEVER, INCLUDING DIRECT, INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE, ARISING OUT OF THE USE OF OR INABILITY TO USE THE WIZ PREVIEW FEATURE(S), EVEN IF WIZ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CUSTOMER IS HEREBY ADVISED TO SAFEGUARD IMPORTANT DATA, TO USE CAUTION AND NOT TO RELY IN ANY WAY ON THE CORRECT FUNCTIONING OR PERFORMANCE OF ANY WIZ PREVIEW FEATURE(S).
- Governing Law and Jurisdiction. These Preview Terms shall be subject to the governing law and jurisdiction specific in the WSA.
- Miscellaneous. If any provision of these Preview Terms is unenforceable, that provision will be modified to render it enforceable to the extent possible to affect the parties’ intention and the remaining provisions will not be affected. Any failure by a Party to enforce a right under these Preview Terms shall not act as a waiver of that right or the ability to later assert that right relative to the particular situation involved. Wiz reserves the right to modify these Preview Terms from time to time.
Effective October 9th 2023 to August 27th 2024
DownloadTable of Contents
Wiz Preview Terms
These Wiz Preview Terms (the “Preview Terms”) apply to and govern the use of any Wiz Preview Features made available by Wiz and shall apply automatically from the first use of a Wiz Preview Feature (the “Effective Date”).
The Wiz Master Subscription Agreement or other similar agreement relating to Wiz services (“MSA”) entered into between Wiz Inc. (“Wiz”) and the counterparty identified in the MSA (“Customer”) is incorporated by reference and will control for any provisions not specifically addressed in these Preview Terms. The MSA shall remain in full force and effect, however, in the event of any conflict between these Preview Terms and the MSA, these Preview Terms will prevail in relation to Wiz Preview Features.
- License. From time to time, upon Customer or its Permitted Users’ request, Wiz may, in its sole discretion, make available to Customer or its Permitted Users, one or more proprietary, non-commercially available, hosted software applications, application platform interfaces, services, products, features and/or functionalities on a beta testing basis (“Wiz Preview Feature(s)”) to try at no charge. To the extent Wiz does so, Wiz grants Customer a limited, non-exclusive, non-sublicensable, non-transferable and revocable right to access and use the Wiz Preview Feature(s) solely to test their functionality and provide Feedback to Wiz in accordance with these Preview Terms. For the avoidance of doubt, Wiz’s SLA shall not apply to any Wiz Preview Feature(s).
- Fees. Wiz reserves the right to start charging fees for Wiz Preview Feature(s) at any time, including if the Wiz Preview Feature(s) are made widely available. Wiz shall provide Customer with advance notice of any commencement of fees.
- Scope. Wiz has the right, in its sole discretion, to determine what, if any, Wiz Preview Feature(s) will be made available to Customer and to suspend or revoke access to any one or more of the Wiz Preview Feature(s) for any reason or no reason at any time. Wiz has no obligation to make any Wiz Preview Feature widely available.
- Prohibited Use. All Customer restrictions, obligations and/or prohibited uses in the MSA shall apply equally to Customer’s use of Wiz Preview Features. Customer may not modify, distribute, prepare derivative works of, reverse engineer, reverse assemble, disassemble, decompile or otherwise attempt to decipher any code in connection with the Wiz Preview Feature(s), except as expressly permitted in writing by Wiz.
- Feedback and Customer Reference. Customer agrees to provide feedback, suggestions, enhancement requests, and recommendations to Wiz (“Feedback”) regarding the Wiz Preview Feature(s) and a public customer quote, which, subject to Customer’s prior review and written approval, Wiz will have the right to publish on its website/blog and marketing materials. All Feedback and intellectual property rights therein shall be solely owned by Wiz, and Wiz will have the right, without restriction or fee, to use, modify and incorporate such Feedback into the Wiz Preview Feature(s) and other Wiz products or services.
- Intellectual Property. All right, title, and interest, including any intellectual property rights evidenced by or embodied in, attached, connected, and/or related to the Wiz Preview Features (and any and all improvements enhancements, corrections, modifications, alterations, revisions, extensions and updates and derivative works thereof) and any other products, deliverables or services provided by Wiz; are and shall remain owned solely by Wiz. These Preview Terms do not convey any interest in or to the Wiz Preview Features to Customer other than a limited right of use in accordance with these Preview Terms. Nothing herein constitutes a waiver of Wiz’s intellectual property rights under any law and Wiz reserves all rights not expressly granted herein to the Wiz Preview Features.
- Term and Termination. These Preview Terms shall commence on the Effective Date and shall remain in effect for as long as Customer uses the Wiz Preview Feature(s) (the “Term”). Either party may terminate these Preview Terms at any time by providing written notice to the other party. Upon termination or expiration of these Preview Terms, Customer’s limited rights to use the Wiz Preview Features will automatically expire and Customer shall discontinue any further use and access thereof. Sections 2 - 12 shall survive termination or expiry of these Preview Terms.
- Confidential Information. Customer acknowledges and agrees that the Wiz Preview Features (including their existence and functionality) and any other know how, trade secrets, computer programs, source code, flowcharts, diagrams, manuals, schematics, development tools, specifications, design documents, marketing information, financial information, business plans or reports learnt or made available to Customer as part of the Wiz Preview Program is Wiz’s Confidential Information and shall be subject to the confidentiality obligations agreed between the parties in the MSA.
- Third Party Integrations. If applicable, one or more Wiz Preview Features may integrate with third party services. You hereby consent to the sharing of the information in the Wiz Preview Features with these third party services and certify that it has any and all required consents for doing so. You acknowledge and agree that Wiz has no and expressly disclaims all liability for any such third party services.
- Disclaimer of Warranties. Limitation of Liability. THE WIZ PREVIEW FEATURE(S) ARE PROVIDED “AS IS” AND “AS AVAILABLE”. WIZ MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING THE WIZ PREVIEW FEATURE(S), INCLUDING ANY REPRESENTATION THAT THE SERVICES THEREUNDER WILL BE UNINTERRUPTED OR ERROR-FREE. TO THE FULLEST EXTENT PERMITTED UNDER APPLICABLE LAW, WIZ DISCLAIMS ANY IMPLIED OR STATUTORY WARRANTY, INCLUDING ANY IMPLIED WARRANTY OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE IN RESPECT OF THE WIZ PREVIEW FEATURE(S). FOR THE AVOIDANCE OF DOUBT, ALL WIZ PREVIEW FEATURE(S) ARE PRE-RELEASE, ARE EXPECTED TO CONTAIN DEFECTS WHICH MAY BE MATERIAL, AND ARE NOT EXPECTED TO OPERATE AT THE LEVEL OF PERFORMANCE OR COMPATIBILITY OF A FINAL, GENERALLY AVAILABLE PRODUCT OFFERING. WIZ PREVIEW FEATURE(S) MAY NOT OPERATE ACCURATELY AND MAY BE SUBSTANTIALLY MODIFIED PRIOR TO PUBLIC AVAILABILITY OR WITHDRAWN AT ANY TIME. ACCORDINGLY, ACCESS TO AND USE OF THE WIZ PREVIEW FEATURE(S) IS ENTIRELY AT CUSTOMER’S OWN RISK. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN NO EVENT SHALL WIZ BE LIABLE FOR ANY DAMAGE WHATSOEVER, INCLUDING DIRECT, INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE, ARISING OUT OF THE USE OF OR INABILITY TO USE THE WIZ PREVIEW FEATURE(S), EVEN IF WIZ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CUSTOMER IS HEREBY ADVISED TO SAFEGUARD IMPORTANT DATA, TO USE CAUTION AND NOT TO RELY IN ANY WAY ON THE CORRECT FUNCTIONING OR PERFORMANCE OF ANY WIZ PREVIEW FEATURE(S).
- Governing Law and Jurisdiction. These Preview Terms shall be subject to the governing law and jurisdiction specific in the MSA.
- Miscellaneous. If any provision of these Preview Terms is unenforceable, that provision will be modified to render it enforceable to the extent possible to affect the parties’ intention and the remaining provisions will not be affected. Any failure by a Party to enforce a right under these Preview Terms shall not act as a waiver of that right or the ability to later assert that right relative to the particular situation involved. Wiz reserves the right to modify these Preview Terms from time to time.
Privacy Policy
Effective March 25th 2025
DownloadTable of Contents
Wiz Privacy Policy
Last updated: 24 March 2025
Table of Contents:
- INTRODUCTION
- TERMS OF USE
- WHAT PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
- HOW WE DISCLOSE YOUR PERSONAL INFORMATION
- HOW WE PROTECT AND STORE YOUR PERSONAL INFORMATION
- ADDITIONAL INFORMATION REGARDING TRANSFERS OF GDPR PROTECTED PERSONAL DATA
- YOUR PRIVACY RIGHTS
- USE BY CHILDREN
- LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS
- DO NOT TRACK NOTICE
- PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS
- PRIVACY INFORMATION FOR JAPAN RESIDENTS
- CONTACT US
1. INTRODUCTION
This privacy policy ("Privacy Policy") describes how we, Wiz, Inc. and our affiliates ("we", "our" or "us") process, use, collect and store Personal Information (defined below) that we receive from or about you ("you") in connection with your use of the Wiz website, any websites owned or operated by Wiz, and our service offerings (collectively referred to herein as the "Services"). Please read this Privacy Policy carefully, so you can fully understand our practices in relation to your Personal Information. Important note: Nothing in this Privacy Policy is intended to limit in any way your statutory right, including your rights to a remedy or means of enforcement.
In situations where Wiz is providing Services to our customer where the customer entity has entered into an agreement for use of the Services with Wiz, Wiz is the processor/service provider (a provider that processes Personal Data on behalf of or at the direction of a controller, or other similar designation under the law) and the customer entity is the controller/business (the entity that decides how and why information is processed) of the information provided to Wiz via use of the Services. In such situations, our processing of your Personal Information may also be subject to an applicable data processing agreement with our customer. In the event of a conflict between the data processing agreement and this Privacy Policy, the data processing agreement governs.
"Personal Information" and/or "Personal Data" mean any information that can be used, alone or together with other data, to uniquely identify any living human being and any information deemed as Personally Identifiable Information by applicable privacy laws.
Please note that this is a master privacy policy and some of its provisions only apply to individuals in certain jurisdictions. For example, some jurisdictions require that we provide you with the "legal basis" for processing your Personal Information, and we have included this information below.
We may update this Privacy Policy from time to time and therefore we ask you to check back periodically for the latest version. If we implement any significant changes to the use of your Personal Information in a manner different from that stated at the time of collection, we will notify you by posting a notice on our website or by other means in accordance with applicable legal requirements.
2. TERMS OF USE
This Privacy Policy forms part of our Website Terms of Use ("Terms"). Any capitalized but undefined term in this Privacy Policy shall have the meaning given to it in the Terms.
3. WHAT PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
a. When you browse or use our Services
- Personal Data we collect: We may use analytics tools, cookies, pixels, other similar technologies and log files in our Services which may collect information such as IP address, pages clicked, events, search and browser information, and device information. For more information about our use of cookies, please read our Cookies Policy.
- For what purposes: We use this information to analyze trends and behavior, maintain and improve the Services and marketing and promotional efforts. We may disclose this information to third party platforms
- Legal basis:
- Consent (e.g., non-essential cookies, to the extent required under applicable law)
- Legitimate interest (e.g., essential cookies for the Services to work, marketing)
- Consequences of not providing the Personal Data: Certain Services features may not be available and we may not be able to analyze usage of our Services or use the Personal Data for the purposes explained
b. When you request a demo
- Personal Data we collect: Full name, business email address, job title, company, business address, telephone number, country, any other Personal Data that you decide to provide us with. We may also record the demo and/or follow up sessions (which could include note-taking, transcriptions and analyzes thereof, as applicable) for the purposes of business intelligence and improving our Services
- For what purposes:
- To provide you with a demo
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering a contract i.e. subscription agreement
- Legitimate interest (to provide you with a demo or trial, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot provide you a demo or send you marketing communications.
- Personal Data we collect: Full name, business email address, any other Personal Data that you decide to provide us with
- For what purposes: To send you communications for which you have subscribed to and other marketing communications
- Legal basis:
- Legitimate interest (to provide you with access to our blog or newsletters or updates which you have subscribed to, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot send you such communications
d. When you contact us
- Personal Data we collect: Full name, business email address, company, job title, work telephone number, country, message (to the extent it includes Personal Data) and any other Personal Data that you decide to provide us with
- For what purposes:
- To answer your questions
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering a contract i.e. subscription agreement
- Legitimate interest (e.g., to answer your questions, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot answer your questions or send you marketing communications
e. When you apply for a job with us
- Personal Data we collect: Full name, email address, any Personal Data contained in your resume (CV), your responses to any assessment, background check results (in accordance with applicable law), any other Personal Data that you decide or agree to provide us with such as if you agree for your interview or assessment to be recorded. Please note that, in most cases, we receive the information directly from you, but we may also receive information from recruitment companies, references or background check companies.
- For what purposes: To assess you as a candidate, review and examine your job application and communicate with you regarding your application.
- Legal basis
- Performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract i.e. employment contract
- Legitimate interest (to assess you as a candidate, recruitment)
- Consequences of not providing the Personal Data: We cannot process your application or communicate with you
f. When you provide us with your Personal Data for marketing reasons (e.g. when you attend a physical or virtual marketing event or webinar, and/or provide us with your business card)
- Personal Data we collect: Full name, business email address, job title, company, address, telephone number, country, webinar engagement metrics (such as Q&A interactions), and any other Personal Data that you decide to provide us with
- For what purposes: To establish a business relationship with you, contact you about the Services and send you marketing communications. Where Wiz is the host of the event, your information may also be shared with event sponsors, as applicable.
- Legal basis:
- Legitimate interest (marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We and/or our event sponsors cannot establish a business connection or send you marketing communications
g. When we acquire your Personal Data from third-party sources for marketing (e.g. lead-generation companies or as part of marketing campaigns)
- Personal Data we collect: Full name, business email address, job title, company, address, telephone number, country
- For what purposes: To contact you regarding the Services and send you marketing communications
- Legal basis:
- Legitimate interest (marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot contact you regarding the Services and send you marketing communications.
h. When we use the Personal Data of our customers/end-users and prospects (e.g. when we communicate with customers or prospects, when you log-in to and use our online products and services)
- Personal Data we collect directly from you or from your employer who provides us with your contact details: Full name, business email address, Wiz password (if you have a Wiz account), job title, role, company, address, telephone number, country and any other Personal Data that you decide to provide us with, e.g., any feedback you provide to the extent it includes Personal Data. This may include meeting recordings (which could include note-taking, transcriptions and analyzes thereof), where applicable. If you are a member of any of the Wiz Communities, it includes any identifiers, engagement metrics and any Personal Data that you choose to provide in your interactions with any of the communities.
- Personal Data we collect automatically when you use our Services: When you access or use the Services we automatically collect information about you, including data relating to your use of our Services e.g. pages visited, IP address and browser information, access times.
- For what purposes:
- To allow you to register for and log-in to our Services
- To provide our Services and perform our agreements with our customers
- For billing and account management
- To provide support (e.g. ticketing and chat function)
- To monitor our Services
- To collect analytics information on use of the Services
- For security purposes, including for user authentication, logging and debugging and to prevent system abuse
- To maintain and improve our Services
- To communicate with you and allow you to provide feedback on our Services
- To enable you to participate in and contribute to the Wiz Communities
- To send you marketing communications
- To perform sanctions checks and other legally required checks
- Legal basis:
- Performance of a contract to which the customer is a party
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, sanctions laws etc.)
- Legitimate interest (to provide and improve our Services, send contract-related communications, marketing or updates about features or services)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot perform our obligations, provide the Services, or communicate with you.
- Personal Data we collect: In connection with your use of the Services we may collect data that we believe may be potentially related to unauthorized third parties, such as malware, and other suspicious files or potentially harmful artifacts. In some cases, this may contain limited Personal Data, such as IP addresses.
- For what purposes: We use this information to analyze and identify potentially suspicious patterns of malicious behavior to prevent, investigate, or notify of threats, and to improve the Services. We may disclose this information to third parties.
- Legal basis:
- Legitimate interest (to provide and improve the Services and for threat intelligence)
- Consequences of not providing the Personal Data: Certain Services features may not be available or may not be improved.
j. When you apply to be a Wiz partner / integrate with Wiz
- Personal Data we collect: Full name, job title/function, business email address, business telephone number, country of residence, company name, any other Personal Data that you decide to provide us with.
- For what purposes:
- To enable your company to become a Wiz partner / integrate with Wiz
- To communicate with you
- To comply with our legal obligations and record keeping
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the partner is a party (partner / integration agreement) or to take steps at the request of the partner prior to entering a contract (partner / integration agreement)
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.)
- Legitimate interest (to send you contract-related communications, to perform our agreement with your employer, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: You cannot become a Wiz partner / integrate with Wiz
k. When we use the Personal Data of our service providers
- Personal Data we collect: Full name, business email address, job title, company, business address, telephone number, country, payment information, any other Personal Data that you decide to provide us with
- For what purposes:
- To perform our agreement with you
- To communicate with you
- To comply with our legal obligations and record keeping
- Legal basis:
- Performance of a contract to which the service provider is a party
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.)
- Legitimate interest (to send you contract-related communications, to perform our agreement with your employer, marketing)
- Consequences of not providing the Personal Data: We cannot perform the agreement with you or communicate with you
l. When you interact with us on our social media profiles (e.g., Facebook, Instagram, Twitter, LinkedIn)
- Personal Data we collect: Full name, business email address, job title, company, telephone number, any other Personal Data you provide us
- For what purposes: To respond to your requests, establish a business relationship and send you marketing communications
- Legal basis:
- Legitimate interest (responding to your request, marketing, and business development)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We can’t respond to your requests, establish a business relationship and send you marketing communications
m. When we undertake social media marketing, including via use of audiences or list-based advertising
- Personal Data we collect or receive for these purposes: Full name, business email address, job title, company, telephone number, IP address, pages clicked, search and browser history, device information and any other Personal Data you or third parties provide us
- For what purposes: We may use your Personal Information to contact you via social media platforms in order to establish a business relationship with you and contact you about the Services. We may also use your Personal Information in order to create lists of individuals that we would like to target advertising about our Services via social media channels, including via direct messaging marketing solutions. You may be included in such a list (in which case you will see advertising related to Wiz when you visit those social media platforms) or we may use your Personal Information to ask social media platforms to identify a list of other individuals who we think will be interested in our Services, so that those individuals can be presented with advertising about Wiz.
- Legal basis:
- Legitimate interest (marketing, advertising and business development)
- Consent (if required by applicable law)
- Consequences of not providing the Personal Data: We can’t establish a business relationship with you via social media platforms; you will be excluded from advertising and marketing campaigns on social medial platforms.
N.B. Please note that social media platforms may set cookies and other tracking technologies on your device when you visit their pages and when you navigate from their pages. The output of such information may be provided to us (usually for statistical purposes to see how users interact with our content on social media platforms). The social media platforms are responsible for how they handle your Personal Information and information about how these social media platforms collect and use your Personal Information (and how they use cookies and other technologies, including instructions on how you can disable these) can usually be found in their respective privacy policies and cookies policies on their websites.
n. When you participate in our community research, contest, and education websites (e.g., capture the flag competitions, challenges, etc.) or promotions
- Personal Data we collect or receive for these purposes: Full name, business email address, job title, company, business address, telephone number, country, username, link to the social media profile of your choice, and password. If you participate in any promotions and giveaways, also your home address or an address of your choice.
- For what purposes: We will use this information to register you in these efforts, provide you with the ability to save your progress, and reward eligible participants where applicable. Some of this Personal Data can also be publicly disclosed on a leaderboard as part of the competition. If you do not want us to disclose your Personal Data publicly, you will need to include a username and a social media link that do not identify you. Wiz will not use the information you enter to register and login for any other purpose. If you express an interest in being contacted by Wiz (for example, if you fill out a separate form so that Wiz contact you on that website), Wiz will use your information for the purposes identified to you and other marketing purposes (see section f above). Only strictly necessary cookies will be used on these websites, as applicable (otherwise, a cookie banner will be presented to you depending on your jurisdiction). If you participate in any promotions or giveaways, we will use your information to deliver the promotional materials (for example, Wiz-branded merchandise) to you.
- Legal basis:
- Legitimate interest (to provide an experience that any interested parties in the security community can benefit from)
- Consent (if required by applicable law)
- Consequences of not providing the Personal Data:
- You will not be able to compete in the challenge or obtain the full experience of the initiative.
- Personal Data we collect or receive for these purposes: Visual images collected via closed circuit cameras.
- For what purposes: For the purpose of protecting the physical security of the offices, to safeguard our offices, people and data, and to comply with our contractual obligations (e.g., with customers and insurers).
- Legal basis: Legitimate interest (to protect and secure our offices)
- Consequences of not providing the Personal Data: We cannot protect and secure our offices and comply with our contractual obligations.
Finally, please note that some of the abovementioned Personal Information may be used for detecting, taking steps to prevent, and prosecution of fraud or other illegal activity, to identify and repair errors, to conduct audits, and for security purposes. Personal Information may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims.
In certain cases, we may or will anonymize or de-identify your Personal Information and further use it for internal and external purposes, including, without limitation, to improve our Services and for research and development purposes. "Anonymous Information" means information which does not enable identification of an individual user, such as aggregated information about the use of our Services. We may use Anonymous Information and/or disclose it to third parties without restrictions (for example, in order to improve our Services and enhance your experience with them).
- Personal Data we collect or receive for these purposes*: Full name, business email address, personal email address (if you choose to become certified through your personal email address), your training and test results, and any relevant medical or health information you choose to disclose to us if you request any accommodations.
- *Please note that our testing platform will also process credit or debit card numbers, government issued photo ID, a current photo of you, audio and video recordings of you taking the exam, and keystroke data. This data is used during the exam process only and is not retained after the exam results have been issued.
- For what purposes: We will use your Personal Data to provide you with training, register you and verify your identity, provide the exam, issue the exam results, and grant any badges or certificates associated with the program.
- Legal basis:
- Consent (if required by applicable law)
- Legitimate interests (to provide you with training, issuing your certificate badges or credentials and responding to your inquiries)
- Consequences of not providing the Personal Data: You cannot participate in Wiz’s certification or training programs.
4. HOW WE DISCLOSE YOUR PERSONAL INFORMATION
Depending on the context described above, we may disclose your Personal Data to the following categories of third parties:
- Hosting/ storage
- Email system provider
- Authentication
- Support and ticketing
- Logging and monitoring
- Marketing
- Event sponsors
- CRM
- Data enrichment
- E-mail verification
- Sales engagement
- Sales automation
- Analytics and business intelligence
- Chat and support tools. We use third party vendors to provide chat and support tools via our Website and in-app such as customer service chats, enquiries and to collect information on those interactions
- Sanctions checks and other legally required checks
- Document management / automation
- Conducting background checks (if you are applying for a job with us)
- Automation / management of HR and job application process
- Our partners that offer products and services either in connection with our Services or separately that we think would be of interest to you
- Online testing and issuing a digital badge
- Other service providers to the extent required to fulfill the purposes listed above
We may also disclose your Personal Data as follows:
- to the extent necessary in our good faith determination, with regulators, courts or competent authorities, to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order;
- with our affiliated companies to the extent necessary to fulfill the purposes listed above;
- if, in the future, we sell or transfer some or all of our business, shares, or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business, shares or assets. In the event that we are acquired by or merged with a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer or assign Personal Information in connection with the foregoing events;
- with social media platforms for the purposes mentioned above;
- where you have provided your consent to us disclosing or transferring the Personal Information.
5. HOW WE PROTECT AND STORE YOUR INFORMATION
a. Security: We have implemented appropriate technical, organizational and security measures designed to protect your Personal Information. However, please note that we cannot guarantee that the information will not be compromised including as a result of unauthorized penetration to our servers. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.
b. Retention of your Personal Information. We may store your Personal Information for as long as necessary to fulfil the purpose for which we collected it, and as long as necessary to fulfill your requests or inquiries or provide Services or until we proactively delete it or you send a valid deletion request. In addition, in some circumstances we may store your Personal Information for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Information or dealings. We have an internal data retention policy to ensure that we do not retain your Personal Data perpetually. Regarding retention of cookies, you can read more in our Cookies Policy.
6. ADDITIONAL INFORMATION REGARDING TRANSFERS OF GDPR PROTECTED PERSONAL DATA
a. Internal transfers: Transfers within the Wiz group will be covered by an internal data processing agreement between entities of the Wiz group which contractually obliges each member to ensure that Personal Data receives an adequate and consistent level of protection wherever it is transferred to.
b. External transfers: When Wiz engages in transfers of GDPR and/or UK GDPR and where applicable, the Act on the Protection of Personal Information ("APPI") protected Personal Data outside of the EEA, UK or Japan (for example to third party service providers for the purposes listed above), we generally rely on either: (i) Adequacy Decisions adopted by the European Commission under Article 45 of the GDPR (for example, when our team accesses Personal Data from Israel); (ii) the Standard Contractual Clauses issued by the European Commission or the United Kingdom (as updated from time to time); or (iii) another lawful transfer mechanism provided for under the GDPR or the APPI e.g. Binding Corporate Rules. Wiz also monitors the circumstances surrounding such transfers to ensure that Personal Data continues to be afforded a level of protection that is essentially equivalent to the one guaranteed by the GDPR, UK GDPR and APPI.
7. YOUR PRIVACY RIGHTS
a. Rights: The following rights (which may be subject to certain exemptions or derogations) may apply to certain individuals depending on their jurisdiction of residence. The rights that may be applicable to you are as follows:
- You have a right to access Personal Data held about you. Your right of access may normally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
- You have the right to request that we rectify any Personal Data we hold that is inaccurate or misleading;
- You have the right to request the erasure/deletion of your Personal Data (e.g. from our records). Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the establishment, exercise or defense of legal claims;
- You have the right to object, to or to request restriction, of the processing;
- You have the right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
- You have the right to object to profiling, if applicable;
- You have the right to withdraw your consent at any time. Please note that there may be circumstances in which we are entitled to continue processing your data, in particular if the processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
- You also have a right to request certain details of the basis on which your Personal Data is transferred outside the European Economic Area, the United Kingdom or Japan, as applicable, but data transfer agreements and/or other details may need to be partially redacted for reasons of commercial confidentiality;
- You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place or work or place of alleged infringement) at any time or before the relevant institutions in your place of residence. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.
b. To the extent privacy laws applicable to you afford you with the rights referenced above, we will respect your rights and comply with such laws. You can exercise your rights by contacting us through our Privacy Center. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we require further information in order to fulfill your request.
c. Notice of Right to Opt Out of Sales of Personal Information and Sharing/Processing of Personal Information for Targeted Advertising Purposes. Certain U.S. states provide residents with the ability to opt out of the "sale" of their Personal Information or the "sharing/processing" of their Personal Information for cross-context behavioral and advertising purposes. As discussed above in Section 3(l), we may engage in certain online advertising activities through social media and by re-targeting advertising for our Services on other websites. We may use third-party ad networks to assist in these activities, which involves their collection of cookie and device identifier information to perform these activities. Under certain U.S. state laws you have the right to opt out of these activities. If you would like to opt out of our online disclosure such as through cookie and pixel technology of your Personal Information for purposes that could be considered "sales" or "sharing" for purposes of cross-contextual behavioral advertising, please click the ‘Do Not Sell or Share My Personal Information’ link in the footer of the Wiz.io website here. You can also submit a request to opt out of our offline disclosures of Personal Information that are subject to applicable opt out rights by clicking here. Please note that if you have a legally-required browser-based opt out preference signal turned on via your device browser (e.g., the Global Privacy Control), we recognize such preference in accordance with applicable law.
d. To help protect the security of your Personal Data, Wiz will verify your identity in connection with any requests. We also take steps to ensure that only you or your authorized representative can exercise rights with respect to your information. If you are an authorized agent making a request, we may require and request additional information to protect the Personal Data entrusted to Wiz, including information to verify that you are authorized to make that request. There may be situations where we cannot grant your request, for example, in the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent possible, all in accordance with applicable law.
e. We will not discriminate against you (e.g., by restricting or denying you access to our Services) because of choices and requests you make in connection with your Personal Data. Please note, certain choices may affect our ability to deliver the Services. For example, if you sign up to receive marketing communications by email, then ask Wiz to delete all of your information, we will be unable to send you marketing communications. You may exercise any of your rights in relation to your Personal Information by contacting us using the details provided under the "CONTACT US" section below.
8. USE BY CHILDREN
We do not offer our Services for use by children and, therefore, we do not knowingly collect Personal Information from, and/or about children under the age of eighteen (18). If you are under 18, you may not use the Website or Services, or provide any information to the Website without involvement of a parent or a guardian. In the event that we become aware that you provide Personal Information in violation of applicable laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at privacy@wiz.io.
9. LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS
Our Website or Services may enable you to interact with or contain links to your third party accounts and other third party websites, mobile software applications and products or services that are not owned or controlled by us (each a "Third Party Service"). We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services may collect Personal Information from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third Party Service that you choose to use or interact with.
10. DO NOT TRACK NOTICE
Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. Please note that we do not currently respond to or honor DNT signals. As explained above in Section 7, however, we do honor legally-required browser-based opt out preference signals such as the Global Privacy Control.
Please refer to our Cookies Policy for information about cookies and other tracking tools Wiz uses on our Website.
11. PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS
If you are a California resident, the California Consumer Privacy Act ("CCPA") requires us to provide you with the following additional information about: (1) the purpose for which we use each category of "personal information" (as defined in the CCPA) we collect; and (2) the categories of third parties to which we (a) disclose such personal information for a business purpose, (b) "share" personal information for "cross-context behavioral advertising," and/or (c) "sell" such personal information. Under the CCPA, "sharing" is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites, and "selling" is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration. Please see the "What Personal Information we collect and how we use it" and the "How we disclose your Personal Information" sections above in our Privacy Policy for detailed information about our data collection and use practices, as well as for more information about our advertising practices. The following chart details the categories of Personal Information that we sell/share with third parties:
Category of Personal Information | Categories of Third Parties to Which We Sell/Share this Category of Personal Information |
Device identifiers and Service usage information | Ad networks and advertising analytics partners |
Email address | Ad networks and advertising analytics partners |
Your Choices Regarding "Sharing" and "Selling": You have the right to opt out of our sale/sharing of your personal information for purposes of online advertising by clicking the ‘Do Not Sell or Share My Personal Information’ link in the footer of the Wiz.io website here. To opt out of the offline disclosure of your personal information to third parties for these purposes, please click here. Please note that there may be circumstances in which we are entitled by law to continue to sell or share your Personal Data. Also note that your withdrawal of consent shall not affect our right to request your consent to such sell or share again after twelve (12) months.
Other CCPA Rights. If we ever offer any financial incentives in exchange for your personal information, we will provide you with appropriate information about such incentives. The CCPA also allows you to limit the use or disclosure of your "sensitive personal information" (as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for business purposes for which you cannot opt out under the CCPA. Please see Section 7 of the Privacy Policy, "Your Privacy Rights," for information about the additional rights you have with respect to your personal information under California law and how to exercise them.
California "Shine the Light" disclosure. The California "Shine the Light" law gives residents of California the right under certain circumstances to opt out of the disclosure of certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes, or in the alternative, that we provide a cost-free means for consumers to opt out of any such disclosure. For more information about our compliance under the Shine the Light law please contact us via privacy@wiz.io.
12. PRIVACY INFORMATION FOR JAPAN RESIDENTS
- Right to Access: You have the right to access your personal data and, if applicable, any record of data transfer. You also have the right to request disclosure of purpose of use of your personal data.
- Right to Rectify: If the personal data held by us is incorrect or incomplete, you are entitled to request correction, addition, or deletion of the inaccurate or incomplete information.
- Right to Erasure and Restriction of Processing: You may request the deletion or restriction of processing of your personal data in cases where the data has been used beyond the necessary scope for achieving the original purpose of collection, was collected or processed unlawfully, or if the utilization of data could lead to unlawful acts. You may also request the restriction of processing of your personal data or the cessation of transfers of your personal data to third parties if we no longer need to use your personal data, your personal data was compromised, or your rights and legitimate interests may be harmed due to our handling of your personal data.
- Right to Restrict Third-Party Transfers: You can request cessation of transfers of your personal data to third parties if such transfers violate relevant laws.
13. CONTACT US
If you have any questions regarding this notice we encourage you to contact us at privacy@wiz.io. If you wish to exercise your rights, you can visit our Privacy Center.
In addition, VeraSafe has been appointed as Wiz's representative in the EEA for data protection matters, pursuant to Article 27 of the GDPR. If you are in the EEA, VeraSafe can be contacted in addition to Wiz, only on matters related to the processing of Personal Data. To make such an inquiry, you may contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.
Alternatively, VeraSafe can be contacted at: VeraSafe Netherlands BV, Keizersgracht 555, 1017 DR Amsterdam, Netherlands.
If you live in the EEA, the UK or Switzerland, Wiz Cloud Limited, located at Suite 4, 7th Floor, 50 Broadway London, SW1H 0DB, is the data controller for your Personal Information.
Effective January 16th 2025 to March 25th 2025
DownloadTable of Contents
Wiz Privacy Policy
Last updated: 27 December 2024
Table of Contents:
- INTRODUCTION
- TERMS OF USE
- WHAT PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
- HOW WE DISCLOSE YOUR PERSONAL INFORMATION
- HOW WE PROTECT AND STORE YOUR PERSONAL INFORMATION
- ADDITIONAL INFORMATION REGARDING TRANSFERS OF GDPR PROTECTED PERSONAL DATA
- YOUR PRIVACY RIGHTS
- USE BY CHILDREN
- LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS
- DO NOT TRACK NOTICE
- PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS
- PRIVACY INFORMATION FOR JAPAN RESIDENTS
- CONTACT US
1. INTRODUCTION
This privacy policy ("Privacy Policy") describes how we, Wiz, Inc. and our affiliates ("we", "our" or "us") process, use, collect and store Personal Information (defined below) that we receive from or about you ("you") in connection with your use of the Wiz website, any websites owned or operated by Wiz, and our service offerings (collectively referred to herein as the "Services"). Please read this Privacy Policy carefully, so you can fully understand our practices in relation to your Personal Information. Important note: Nothing in this Privacy Policy is intended to limit in any way your statutory right, including your rights to a remedy or means of enforcement.
In situations where Wiz is providing Services to our customer where the customer entity has entered into an agreement for use of the services with Wiz, Wiz is the processor/service provider (a provider that processes Personal Data on behalf of or at the direction of a controller, or other similar designation under the law) and the customer entity is the controller/business (the entity that decides how and why information is processed) of the information provided to Wiz via use of the Services. In such situations, our processing of your Personal Information may also be subject to an applicable data processing agreement with our customer. In the event of a conflict between the data processing agreement and this Privacy Policy, the data processing agreement governs.
"Personal Information" and/or "Personal Data" mean any information that can be used, alone or together with other data, to uniquely identify any living human being and any information deemed as Personally Identifiable Information by applicable privacy laws.
Please note that this is a master privacy policy and some of its provisions only apply to individuals in certain jurisdictions. For example, some jurisdictions require that we provide you with the "legal basis" for processing your Personal Information, and we have included this information below.
We may update this Privacy Policy from time to time and therefore we ask you to check back periodically for the latest version. If we implement any significant changes to the use of your Personal Information in a manner different from that stated at the time of collection, we will notify you by posting a notice on our website or by other means in accordance with applicable legal requirements.
2. TERMS OF USE
This Privacy Policy forms part of our Website Terms of Use ("Terms"). Any capitalized but undefined term in this Privacy Policy shall have the meaning given to it in the Terms.
3. WHAT PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
a. When you browse or use our Services
- Personal Data we collect: We may use analytics tools, cookies, pixels, other similar technologies and log files in our Services which may collect information such as IP address, pages clicked, events, search and browser information, and device information. For more information about our use of cookies, please read our Cookies Policy. Wiz Community participants may find the list of cookies used here.
- For what purposes: We use this information to analyze trends and behavior, maintain and improve the Services and marketing and promotional efforts. We may disclose this information to third party platforms
- Legal basis:
- Consent (e.g., non-essential cookies, to the extent required under applicable law)
- Legitimate interest (e.g., essential cookies for the Services to work, marketing)
- Consequences of not providing the Personal Data: Certain Services features may not be available and we may not be able to analyze usage of our Services or use the Personal Data for the purposes explained
b. When you request a demo
- Personal Data we collect: Full name, business email address, job title, company, business address, telephone number, country, any other Personal Data that you decide to provide us with. We may also record the demo and/or follow up sessions (which could include note-taking, transcriptions and analyzes thereof, as applicable) for the purposes of business intelligence and improving our Services
- For what purposes:
- To provide you with a demo
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering a contract i.e. subscription agreement
- Legitimate interest (to provide you with a demo or trial, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot provide you a demo or send you marketing communications
- Personal Data we collect: Full name, business email address, any other Personal Data that you decide to provide us with
- For what purposes: To send you communications for which you have subscribed to and other marketing communications
- Legal basis:
- Legitimate interest (to provide you with access to our blog or newsletters or updates which you have subscribed to, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot send you such communications
d. When you contact us
- Personal Data we collect: Full name, business email address, company, job title, work telephone number, country, message (to the extent it includes Personal Data) and any other Personal Data that you decide to provide us with
- For what purposes:
- To answer your questions
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering a contract i.e. subscription agreement
- Legitimate interest (e.g., to answer your questions, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot answer your questions or send you marketing communications
e. When you apply for a job with us
- Personal Data we collect: Full name, email address, any Personal Data contained in your resume (CV), your responses to any assessment, background check results (in accordance with applicable law), any other Personal Data that you decide or agree to provide us with such as if you agree for your interview or assessment to be recorded. Please note that, in most cases, we receive the information directly from you, but we may also receive information from recruitment companies, references or background check companies.
- For what purposes: To assess you as a candidate, review and examine your job application and communicate with you regarding your application.
- Legal basis
- Performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract i.e. employment contract
- Legitimate interest (to assess you as a candidate, recruitment)
- Consequences of not providing the Personal Data: We cannot process your application or communicate with you
f. When you provide us with your Personal Data for marketing reasons (e.g. when you attend a physical or virtual marketing event or webinar, and/or provide us with your business card)
- Personal Data we collect: Full name, business email address, job title, company, address, telephone number, country, any other Personal Data that you decide to provide us with
- For what purposes: To establish a business relationship with you, contact you about the Services and send you marketing communications. Where Wiz is the host of the event, your information may also be shared with event sponsors, as applicable.
- Legal basis:
- Legitimate interest (marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We and/or our event sponsors cannot establish a business connection or send you marketing communications
g. When we acquire your Personal Data from third-party sources for marketing (e.g. lead-generation companies or as part of marketing campaigns)
- Personal Data we collect: Full name, business email address, job title, company, address, telephone number, country
- For what purposes: To contact you regarding the Services and send you marketing communications
- Legal basis:
- Legitimate interest (marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot contact you regarding the Services and send you marketing communications
h. When we use the Personal Data of our customers/end-users and prospects (e.g. when we communicate with customers or prospects, when you log-in to and use our online products and services)
- Personal Data we collect directly from you or from your employer who provides us with your contact details: Full name, business email address, Wiz password (if you have a Wiz account), job title, role, company, address, telephone number, country and any other Personal Data that you decide to provide us with e.g. any feedback you provide to the extent it includes Personal Data. This may include meeting recordings (which could include note-taking, transcriptions and analyzes thereof), where applicable. If you are a member of any of the Wiz Communities, any information including Personal Data that you choose to provide in any of the communities (including a username of your choice) may be publicly available to other Wiz Communities members.
- Personal Data we collect automatically when you use our Services: When you access or use the Services we automatically collect information about you, including data relating to your use of our Services e.g. pages visited, IP address and browser information, access times.
- For what purposes:
- To allow you to register for and log-in to our Services
- To provide our Services and perform our agreements with our customers
- For billing and account management
- To provide support (e.g. ticketing and chat function)
- To monitor our Services
- To collect analytics information on use of the Services
- For security purposes, including for user authentication, logging and debugging and to prevent system abuse
- To maintain and improve our Services
- To communicate with you and allow you to provide feedback on our Services
- To enable you to participate in and contribute to the Wiz Communities
- To send you marketing communications
- To perform sanctions checks and other legally required checks
- Legal basis:
- Performance of a contract to which the customer is a party
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, sanctions laws etc.)
- Legitimate interest (to provide and improve our Services, send contract-related communications, marketing or updates about features or services)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot perform our obligations, provide the Services, or communicate with you.
- Personal Data we collect: In connection with your use of the Services we may collect data that we believe may be potentially related to unauthorized third parties, such as malware, and other suspicious files or potentially harmful artifacts. In some cases, this may contain limited Personal Data, such as IP addresses.
- For what purposes: We use this information to analyze and identify potentially suspicious patterns of malicious behavior to prevent, investigate, or notify of threats, and to improve the Services. We may disclose this information to third parties.
- Legal basis:
- Legitimate interest (to provide and improve the Services and for threat intelligence)
- Consequences of not providing the Personal Data: Certain Services features may not be available or may not be improved.
j. When you apply to be a Wiz partner / integrate with Wiz
- Personal Data we collect: Full name, job title/function, business email address, business telephone number, country of residence, company name, any other Personal Data that you decide to provide us with.
- For what purposes:
- To enable your company to become a Wiz partner / integrate with Wiz
- To communicate with you
- To comply with our legal obligations and record keeping
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the partner is a party (partner / integration agreement) or to take steps at the request of the partner prior to entering a contract (partner / integration agreement)
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.)
- Legitimate interest (to send you contract-related communications, to perform our agreement with your employer, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: You cannot become a Wiz partner / integrate with Wiz
k. When we use the Personal Data of our service providers
- Personal Data we collect: Full name, business email address, job title, company, business address, telephone number, country, payment information, any other Personal Data that you decide to provide us with
- For what purposes:
- To perform our agreement with you
- To communicate with you
- To comply with our legal obligations and record keeping
- Legal basis:
- Performance of a contract to which the service provider is a party
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.)
- Legitimate interest (to send you contract-related communications, to perform our agreement with your employer, marketing)
- Consequences of not providing the Personal Data: We cannot perform the agreement with you or communicate with you
l. When you interact with us on our social media profiles (e.g., Facebook, Instagram, Twitter, LinkedIn)
- Personal Data we collect: Full name, business email address, job title, company, telephone number, any other Personal Data you provide us
- For what purposes: To respond to your requests, establish a business relationship and send you marketing communications
- Legal basis:
- Legitimate interest (responding to your request, marketing, and business development)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We can’t respond to your requests, establish a business relationship and send you marketing communications
m. When we undertake social media marketing, including via use of audiences or list-based advertising
- Personal Data we collect or receive for these purposes: Full name, business email address, job title, company, telephone number, IP address, pages clicked, search and browser history, device information and any other Personal Data you or third parties provide us
- For what purposes: We may use your Personal Information to contact you via social media platforms in order to establish a business relationship with you and contact you about the Services. We may also use your Personal Information in order to create lists of individuals that we would like to target advertising about our Services via social media channels, including via direct messaging marketing solutions. You may be included in such a list (in which case you will see advertising related to Wiz when you visit those social media platforms) or we may use your Personal Information to ask social media platforms to identify a list of other individuals who we think will be interested in our Services, so that those individuals can be presented with advertising about Wiz.
- Legal basis:
- Legitimate interest (marketing, advertising and business development)
- Consent (if required by applicable law)
- Consequences of not providing the Personal Data: We can’t establish a business relationship with you via social media platforms; you will be excluded from advertising and marketing campaigns on social medial platforms.
N.B. Please note that social media platforms may set cookies and other tracking technologies on your device when you visit their pages and when you navigate from their pages. The output of such information may be provided to us (usually for statistical purposes to see how users interact with our content on social media platforms). The social media platforms are responsible for how they handle your Personal Information and information about how these social media platforms collect and use your Personal Information (and how they use cookies and other technologies, including instructions on how you can disable these) can usually be found in their respective privacy policies and cookies policies on their websites.
n. When you participate in our community research, contest, and education websites (e.g., capture the flag competitions, challenges, etc.)
- Personal Data we collect or receive for these purposes: Full name, business email address, job title, company, business address, telephone number, country, username, link to the social media profile of your choice, and password.
- For what purposes: We will use this information to register you in these efforts, provide you with the ability to save your progress, and reward eligible participants where applicable. Some of this Personal Data can also be publicly disclosed on a leaderboard as part of the competition. If you do not want us to disclose your Personal Data publicly, you will need to include a username and a social media link that do not identify you. Wiz will not use the information you enter to register and login for any other purpose. If you express an interest in being contacted by Wiz (for example, if you fill out a separate form so that Wiz contact you on that website), Wiz will use your information for the purposes identified to you and other marketing purposes (see section f above). Only strictly necessary cookies will be used on these websites, as applicable (otherwise, a cookie banner will be presented to you depending on your jurisdiction).
- Legal basis:
- Legitimate interest (to provide an experience that any interested parties in the security community can benefit from)
- Consent (if required by applicable law)
- Consequences of not providing the Personal Data:
- You will not be able to compete in the challenge or obtain the full experience of the initiative.
- Personal Data we collect or receive for these purposes: Visual images collected via closed circuit cameras.
- For what purposes: For the purpose of protecting the physical security of the offices, to safeguard our offices, people and data, and to comply with our contractual obligations (e.g., with customers and insurers).
- Legal basis: Legitimate interest (to protect and secure our offices)
- Consequences of not providing the Personal Data: We cannot protect and secure our offices and comply with our contractual obligations.
Finally, please note that some of the abovementioned Personal Information may be used for detecting, taking steps to prevent, and prosecution of fraud or other illegal activity, to identify and repair errors, to conduct audits, and for security purposes. Personal Information may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims.
In certain cases, we may or will anonymize or de-identify your Personal Information and further use it for internal and external purposes, including, without limitation, to improve our Services and for research and development purposes. "Anonymous Information" means information which does not enable identification of an individual user, such as aggregated information about the use of our Services. We may use Anonymous Information and/or disclose it to third parties without restrictions (for example, in order to improve our Services and enhance your experience with them).
- Personal Data we collect or receive for these purposes*: Full name, business email address, personal email address (if you choose to become certified through your personal email address), your training and test results, and any relevant medical or health information you choose to disclose to us if you request any accommodations.
- *Please note that our testing platform will also process credit or debit card numbers, government issued photo ID, a current photo of you, audio and video recordings of you taking the exam, and keystroke data. This data is used during the exam process only and is not retained after the exam results have been issued.
- For what purposes: We will use your Personal Data to provide you with training, register you and verify your identity, provide the exam, issue the exam results, and grant any badges or certificates associated with the program.
- Legal basis:
- Consent (if required by applicable law)
- Legitimate interests (to provide you with training, issuing your certificate badges or credentials and responding to your inquiries)
- Consequences of not providing the Personal Data: You cannot participate in Wiz’s certification or training programs.
4. HOW WE DISCLOSE YOUR PERSONAL INFORMATION
Depending on the context described above, we may disclose your Personal Data to the following categories of third parties:
- Hosting/ storage
- Email system provider
- Authentication
- Support and ticketing
- Logging and monitoring
- Marketing
- Event sponsors
- CRM
- Data enrichment
- E-mail verification
- Sales engagement
- Sales automation
- Analytics and business intelligence
- Chat and support tools. We use third party vendors to provide chat and support tools via our Website and in-app such as customer service chats, enquiries and to collect information on those interactions
- Sanctions checks and other legally required checks
- Document management / automation
- Conducting background checks (if you are applying for a job with us)
- Automation / management of HR and job application process
- Our partners that offer products and services either in connection with our Services or separately that we think would be of interest to you
- Online testing and issuing a digital badge
- Other service providers to the extent required to fulfill the purposes listed above
We may also disclose your Personal Data as follows:
- to the extent necessary in our good faith determination, with regulators, courts or competent authorities, to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order;
- with our affiliated companies to the extent necessary to fulfill the purposes listed above;
- if, in the future, we sell or transfer some or all of our business, shares, or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business, shares or assets. In the event that we are acquired by or merged with a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer or assign Personal Information in connection with the foregoing events;
- with social media platforms for the purposes mentioned above;
- where you have provided your consent to us disclosing or transferring the Personal Information.
5. HOW WE PROTECT AND STORE YOUR INFORMATION
a. Security: We have implemented appropriate technical, organizational and security measures designed to protect your Personal Information. However, please note that we cannot guarantee that the information will not be compromised including as a result of unauthorized penetration to our servers. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.
b. Retention of your Personal Information. We may store your Personal Information for as long as necessary to fulfil the purpose for which we collected it, and as long as necessary to fulfill your requests or inquiries or provide Services or until we proactively delete it or you send a valid deletion request. In addition, in some circumstances we may store your Personal Information for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Information or dealings. We have an internal data retention policy to ensure that we do not retain your Personal Data perpetually. Regarding retention of cookies, you can read more in our Cookies Policy.
6. ADDITIONAL INFORMATION REGARDING TRANSFERS OF GDPR PROTECTED PERSONAL DATA
a. Internal transfers: Transfers within the Wiz group will be covered by an internal data processing agreement between entities of the Wiz group which contractually obliges each member to ensure that Personal Data receives an adequate and consistent level of protection wherever it is transferred to.
b. External transfers: When Wiz engages in transfers of GDPR and/or UK GDPR and where applicable, the Act on the Protection of Personal Information ("APPI") protected Personal Data outside of the EEA, UK or Japan (for example to third party service providers for the purposes listed above), we generally rely on either: (i) Adequacy Decisions adopted by the European Commission under Article 45 of the GDPR (for example, when our team accesses Personal Data from Israel); (ii) the Standard Contractual Clauses issued by the European Commission or the United Kingdom (as updated from time to time); or (iii) another lawful transfer mechanism provided for under the GDPR or the APPI e.g. Binding Corporate Rules. Wiz also monitors the circumstances surrounding such transfers to ensure that Personal Data continues to be afforded a level of protection that is essentially equivalent to the one guaranteed by the GDPR, UK GDPR and APPI.
7. YOUR PRIVACY RIGHTS
a. Rights: The following rights (which may be subject to certain exemptions or derogations) may apply to certain individuals depending on their jurisdiction of residence. The rights that may be applicable to you are as follows:
- You have a right to access Personal Data held about you. Your right of access may normally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
- You have the right to request that we rectify any Personal Data we hold that is inaccurate or misleading;
- You have the right to request the erasure/deletion of your Personal Data (e.g. from our records). Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the establishment, exercise or defense of legal claims;
- You have the right to object, to or to request restriction, of the processing;
- You have the right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
- You have the right to object to profiling, if applicable;
- You have the right to withdraw your consent at any time. Please note that there may be circumstances in which we are entitled to continue processing your data, in particular if the processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
- You also have a right to request certain details of the basis on which your Personal Data is transferred outside the European Economic Area, the United Kingdom or Japan, as applicable, but data transfer agreements and/or other details may need to be partially redacted for reasons of commercial confidentiality;
- You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place or work or place of alleged infringement) at any time or before the relevant institutions in your place of residence. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.
b. To the extent privacy laws applicable to you afford you with the rights referenced above, we will respect your rights and comply with such laws. You can exercise your rights by contacting us through our Privacy Center. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we require further information in order to fulfill your request.
c. Notice of Right to Opt Out of Sales of Personal Information and Sharing/Processing of Personal Information for Targeted Advertising Purposes. Certain U.S. states provide residents with the ability to opt out of the "sale" of their Personal Information or the "sharing/processing" of their Personal Information for cross-context behavioral and advertising purposes. As discussed above in Section 3(l), we may engage in certain online advertising activities through social media and by re-targeting advertising for our Services on other websites. We may use third-party ad networks to assist in these activities, which involves their collection of cookie and device identifier information to perform these activities. Under certain U.S. state laws you have the right to opt out of these activities. If you would like to opt out of our online disclosure such as through cookie and pixel technology of your Personal Information for purposes that could be considered "sales" or "sharing" for purposes of cross-contextual behavioral advertising, please click the ‘Do Not Sell or Share My Personal Information’ link in the footer of the Wiz.io website here. You can also submit a request to opt out of our offline disclosures of Personal Information that are subject to applicable opt out rights by clicking here. Please note that if you have a legally-required browser-based opt out preference signal turned on via your device browser (e.g., the Global Privacy Control), we recognize such preference in accordance with applicable law.
d. To help protect the security of your Personal Data, Wiz will verify your identity in connection with any requests. We also take steps to ensure that only you or your authorized representative can exercise rights with respect to your information. If you are an authorized agent making a request, we may require and request additional information to protect the Personal Data entrusted to Wiz, including information to verify that you are authorized to make that request. There may be situations where we cannot grant your request, for example, in the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent possible, all in accordance with applicable law.
e. We will not discriminate against you (e.g., by restricting or denying you access to our Services) because of choices and requests you make in connection with your Personal Data. Please note, certain choices may affect our ability to deliver the Services. For example, if you sign up to receive marketing communications by email, then ask Wiz to delete all of your information, we will be unable to send you marketing communications. You may exercise any of your rights in relation to your Personal Information by contacting us using the details provided under the "CONTACT US" section below.
8. USE BY CHILDREN
We do not offer our Services for use by children and, therefore, we do not knowingly collect Personal Information from, and/or about children under the age of eighteen (18). If you are under 18, you may not use the Website or Services, or provide any information to the Website without involvement of a parent or a guardian. In the event that we become aware that you provide Personal Information in violation of applicable laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at privacy@wiz.io.
9. LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS
Our Website or Services may enable you to interact with or contain links to your third party accounts and other third party websites, mobile software applications and products or services that are not owned or controlled by us (each a "Third Party Service"). We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services may collect Personal Information from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third Party Service that you choose to use or interact with.
10. DO NOT TRACK NOTICE
Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. Please note that we do not currently respond to or honor DNT signals. As explained above in Section 7, however, we do honor legally-required browser-based opt out preference signals such as the Global Privacy Control.
Please refer to our Cookies Policy for information about cookies and other tracking tools Wiz uses on our Website.
11. PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS
If you are a California resident, the California Consumer Privacy Act ("CCPA") requires us to provide you with the following additional information about: (1) the purpose for which we use each category of "personal information" (as defined in the CCPA) we collect; and (2) the categories of third parties to which we (a) disclose such personal information for a business purpose, (b) "share" personal information for "cross-context behavioral advertising," and/or (c) "sell" such personal information. Under the CCPA, "sharing" is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites, and "selling" is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration. Please see the "What Personal Information we collect and how we use it" and the "How we disclose your Personal Information" sections above in our Privacy Policy for detailed information about our data collection and use practices, as well as for more information about our advertising practices. The following chart details the categories of Personal Information that we sell/share with third parties:
Category of Personal Information | Categories of Third Parties to Which We Sell/Share this Category of Personal Information |
Device identifiers and Service usage information | Ad networks and advertising analytics partners |
Email address | Ad networks and advertising analytics partners |
Your Choices Regarding "Sharing" and "Selling": You have the right to opt out of our sale/sharing of your personal information for purposes of online advertising by clicking the ‘Do Not Sell or Share My Personal Information’ link in the footer of the Wiz.io website here. To opt out of the offline disclosure of your personal information to third parties for these purposes, please click here. Please note that there may be circumstances in which we are entitled by law to continue to sell or share your Personal Data. Also note that your withdrawal of consent shall not affect our right to request your consent to such sell or share again after twelve (12) months.
Other CCPA Rights. If we ever offer any financial incentives in exchange for your personal information, we will provide you with appropriate information about such incentives. The CCPA also allows you to limit the use or disclosure of your "sensitive personal information" (as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for business purposes for which you cannot opt out under the CCPA. Please see Section 7 of the Privacy Policy, "Your Privacy Rights," for information about the additional rights you have with respect to your personal information under California law and how to exercise them.
California "Shine the Light" disclosure. The California "Shine the Light" law gives residents of California the right under certain circumstances to opt out of the disclosure of certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes, or in the alternative, that we provide a cost-free means for consumers to opt out of any such disclosure. For more information about our compliance under the Shine the Light law please contact us via privacy@wiz.io.
12. PRIVACY INFORMATION FOR JAPAN RESIDENTS
- Right to Access: You have the right to access your personal data and, if applicable, any record of data transfer. You also have the right to request disclosure of purpose of use of your personal data.
- Right to Rectify: If the personal data held by us is incorrect or incomplete, you are entitled to request correction, addition, or deletion of the inaccurate or incomplete information.
- Right to Erasure and Restriction of Processing: You may request the deletion or restriction of processing of your personal data in cases where the data has been used beyond the necessary scope for achieving the original purpose of collection, was collected or processed unlawfully, or if the utilization of data could lead to unlawful acts. You may also request the restriction of processing of your personal data or the cessation of transfers of your personal data to third parties if we no longer need to use your personal data, your personal data was compromised, or your rights and legitimate interests may be harmed due to our handling of your personal data.
- Right to Restrict Third-Party Transfers: You can request cessation of transfers of your personal data to third parties if such transfers violate relevant laws.
13. CONTACT US
If you have any questions regarding this notice we encourage you to contact us at privacy@wiz.io. If you wish to exercise your rights, you can visit our Privacy Center.
In addition, VeraSafe has been appointed as Wiz's representative in the EEA for data protection matters, pursuant to Article 27 of the GDPR. If you are in the EEA, VeraSafe can be contacted in addition to Wiz, only on matters related to the processing of Personal Data. To make such an inquiry, you may contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.
Alternatively, VeraSafe can be contacted at: VeraSafe Netherlands BV, Keizersgracht 555, 1017 DR Amsterdam, Netherlands.
If you live in the EEA, the UK or Switzerland, Wiz Cloud Limited, located at Suite 4, 7th Floor, 50 Broadway London, SW1H 0DB, is the data controller for your Personal Information.
Effective January 15th 2025 to January 16th 2025
DownloadTable of Contents
Wiz Privacy Policy
Last updated: 27 December 2024
Table of Contents:
- INTRODUCTION
- TERMS OF USE
- WHAT PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
- HOW WE DISCLOSE YOUR PERSONAL INFORMATION
- HOW WE PROTECT AND STORE YOUR PERSONAL INFORMATION
- ADDITIONAL INFORMATION REGARDING TRANSFERS OF GDPR PROTECTED PERSONAL DATA
- YOUR PRIVACY RIGHTS
- USE BY CHILDREN
- LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS
- DO NOT TRACK NOTICE
- PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS
- PRIVACY INFORMATION FOR JAPAN RESIDENTS
- CONTACT US
1. INTRODUCTION
This privacy policy ("Privacy Policy") describes how we, Wiz, Inc. and our affiliates ("we", "our" or "us") process, use, collect and store Personal Information (defined below) that we receive from or about you ("you") in connection with your use of the Wiz website, any websites owned or operated by Wiz, and our service offerings (collectively referred to herein as the "Services"). Please read this Privacy Policy carefully, so you can fully understand our practices in relation to your Personal Information. Important note: Nothing in this Privacy Policy is intended to limit in any way your statutory right, including your rights to a remedy or means of enforcement.
In situations where Wiz is providing Services to our customer where the customer entity has entered into an agreement for use of the services with Wiz, Wiz is the processor/service provider (a provider that processes Personal Data on behalf of or at the direction of a controller, or other similar designation under the law) and the customer entity is the controller/business (the entity that decides how and why information is processed) of the information provided to Wiz via use of the Services. In such situations, our processing of your Personal Information may also be subject to an applicable data processing agreement with our customer. In the event of a conflict between the data processing agreement and this Privacy Policy, the data processing agreement governs.
"Personal Information" and/or "Personal Data" mean any information that can be used, alone or together with other data, to uniquely identify any living human being and any information deemed as Personally Identifiable Information by applicable privacy laws.
Please note that this is a master privacy policy and some of its provisions only apply to individuals in certain jurisdictions. For example, some jurisdictions require that we provide you with the "legal basis" for processing your Personal Information, and we have included this information below.
We may update this Privacy Policy from time to time and therefore we ask you to check back periodically for the latest version. If we implement any significant changes to the use of your Personal Information in a manner different from that stated at the time of collection, we will notify you by posting a notice on our website or by other means in accordance with applicable legal requirements.
2. TERMS OF USE
This Privacy Policy forms part of our Website Terms of Use ("Terms"). Any capitalized but undefined term in this Privacy Policy shall have the meaning given to it in the Terms.
3. WHAT PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
a. When you browse or use our Services
- Personal Data we collect: We may use analytics tools, cookies, pixels, other similar technologies and log files in our Services which may collect information such as IP address, pages clicked, events, search and browser information, and device information. For more information about our use of cookies, please read our Cookies Policy. Wiz Community participants may find the list of cookies used here.
- For what purposes: We use this information to analyze trends and behavior, maintain and improve the Services and marketing and promotional efforts. We may disclose this information to third party platforms
- Legal basis:
- Consent (e.g., non-essential cookies, to the extent required under applicable law)
- Legitimate interest (e.g., essential cookies for the Services to work, marketing)
- Consequences of not providing the Personal Data: Certain Services features may not be available and we may not be able to analyze usage of our Services or use the Personal Data for the purposes explained
b. When you request a demo
- Personal Data we collect: Full name, business email address, job title, company, business address, telephone number, country, any other Personal Data that you decide to provide us with. We may also record the demo and/or follow up sessions (which could include note-taking, transcriptions and analyzes thereof, as applicable) for the purposes of business intelligence and improving our Services
- For what purposes:
- To provide you with a demo
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering a contract i.e. subscription agreement
- Legitimate interest (to provide you with a demo or trial, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot provide you a demo or send you marketing communications
- Personal Data we collect: Full name, business email address, any other Personal Data that you decide to provide us with
- For what purposes: To send you communications for which you have subscribed to and other marketing communications
- Legal basis:
- Legitimate interest (to provide you with access to our blog or newsletters or updates which you have subscribed to, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot send you such communications
d. When you contact us
- Personal Data we collect: Full name, business email address, company, job title, work telephone number, country, message (to the extent it includes Personal Data) and any other Personal Data that you decide to provide us with
- For what purposes:
- To answer your questions
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering a contract i.e. subscription agreement
- Legitimate interest (e.g., to answer your questions, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot answer your questions or send you marketing communications
e. When you apply for a job with us
- Personal Data we collect: Full name, email address, any Personal Data contained in your resume (CV), your responses to any assessment, background check results (in accordance with applicable law), any other Personal Data that you decide or agree to provide us with such as if you agree for your interview or assessment to be recorded. Please note that, in most cases, we receive the information directly from you, but we may also receive information from recruitment companies, references or background check companies.
- For what purposes: To assess you as a candidate, review and examine your job application and communicate with you regarding your application.
- Legal basis
- Performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract i.e. employment contract
- Legitimate interest (to assess you as a candidate, recruitment)
- Consequences of not providing the Personal Data: We cannot process your application or communicate with you
f. When you provide us with your Personal Data for marketing reasons (e.g. when you attend a physical or virtual marketing event or webinar, and/or provide us with your business card)
- Personal Data we collect: Full name, business email address, job title, company, address, telephone number, country, any other Personal Data that you decide to provide us with
- For what purposes: To establish a business relationship with you, contact you about the Services and send you marketing communications. Where Wiz is the host of the event, your information may also be shared with event sponsors, as applicable.
- Legal basis:
- Legitimate interest (marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We and/or our event sponsors cannot establish a business connection or send you marketing communications
g. When we acquire your Personal Data from third-party sources for marketing (e.g. lead-generation companies or as part of marketing campaigns)
- Personal Data we collect: Full name, business email address, job title, company, address, telephone number, country
- For what purposes: To contact you regarding the Services and send you marketing communications
- Legal basis:
- Legitimate interest (marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot contact you regarding the Services and send you marketing communications
h. When we use the Personal Data of our customers/end-users and prospects (e.g. when we communicate with customers or prospects, when you log-in to and use our online products and services)
- Personal Data we collect directly from you or from your employer who provides us with your contact details: Full name, business email address, Wiz password (if you have a Wiz account), job title, role, company, address, telephone number, country and any other Personal Data that you decide to provide us with e.g. any feedback you provide to the extent it includes Personal Data. This may include meeting recordings (which could include note-taking, transcriptions and analyzes thereof), where applicable. If you are a member of any of the Wiz Communities, any information including Personal Data that you choose to provide in any of the communities (including a username of your choice) may be publicly available to other Wiz Communities members.
- Personal Data we collect automatically when you use our Services: When you access or use the Services we automatically collect information about you, including data relating to you use of our Services e.g. pages visited, IP address and browser information, access times.
- For what purposes:
- To allow you to register for and log-in to our Services
- To provide our Services and perform our agreements with our customers
- For billing and account management
- To provide support (e.g. ticketing and chat function)
- To monitor our Services
- To collect analytics information on use of the Services
- For security purposes, including for user authentication, logging and debugging and to prevent system abuse
- To maintain and improve our Services
- To communicate with you and allow you to provide feedback on our Services
- To enable you to participate in and contribute to the Wiz Communities
- To send you marketing communications
- To perform sanctions checks and other legally required checks
- Legal basis:
- Performance of a contract to which the customer is a party
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, sanctions laws etc.)
- Legitimate interest (to provide and improve our Services, send contract-related communications, marketing or updates about features or services)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot perform our obligations, provide the Services, or communicate with you.
- Personal Data we collect: In connection with your use of the Services we may collect data that we believe may be potentially related to unauthorized third parties, such as malware, and other suspicious files or potentially harmful artifacts. In some cases, this may contain limited Personal Data, such as IP addresses.
- For what purposes: We use this information to analyze and identify potentially suspicious patterns of malicious behavior to prevent, investigate, or notify of threats, and to improve the Services. We may disclose this information to third parties.
- Legal basis:
- Legitimate interest (to provide and improve the Services and for threat intelligence)
- Consequences of not providing the Personal Data: Certain Services features may not be available or may not be improved.
j. When you apply to be a Wiz partner / integrate with Wiz
- Personal Data we collect: Full name, job title/function, business email address, business telephone number, country of residence, company name, any other Personal Data that you decide to provide us with.
- For what purposes:
- To enable your company to become a Wiz partner / integrate with Wiz
- To communicate with you
- To comply with our legal obligations and record keeping
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the partner is a party (partner / integration agreement) or to take steps at the request of the partner prior to entering a contract (partner / integration agreement)
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.)
- Legitimate interest (to send you contract-related communications, to perform our agreement with your employer, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: You cannot become a Wiz partner / integrate with Wiz
k. When we use the Personal Data of our service providers
- Personal Data we collect: Full name, business email address, job title, company, business address, telephone number, country, payment information, any other Personal Data that you decide to provide us with
- For what purposes:
- To perform our agreement with you
- To communicate with you
- To comply with our legal obligations and record keeping
- Legal basis:
- Performance of a contract to which the service provider is a party
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.)
- Legitimate interest (to send you contract-related communications, to perform our agreement with your employer, marketing)
- Consequences of not providing the Personal Data: We cannot perform the agreement with you or communicate with you
l. When you interact with us on our social media profiles (e.g., Facebook, Instagram, Twitter, LinkedIn)
- Personal Data we collect: Full name, business email address, job title, company, telephone number, any other Personal Data you provide us
- For what purposes: To respond to your requests, establish a business relationship and send you marketing communications
- Legal basis:
- Legitimate interest (responding to your request, marketing, and business development)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We can’t respond to your requests, establish a business relationship and send you marketing communications
m. When we undertake social media marketing, including via use of audiences or list-based advertising
- Personal Data we collect or receive for these purposes: Full name, business email address, job title, company, telephone number, IP address, pages clicked, search and browser history, device information and any other Personal Data you or third parties provide us
- For what purposes: We may use your Personal Information to contact you via social media platforms in order to establish a business relationship with you and contact you about the Services. We may also use your Personal Information in order to create lists of individuals that we would like to target advertising about our Services via social media channels, including via direct messaging marketing solutions. You may be included in such a list (in which case you will see advertising related to Wiz when you visit those social media platforms) or we may use your Personal Information to ask social media platforms to identify a list of other individuals who we think will be interested in our Services, so that those individuals can be presented with advertising about Wiz.
- Legal basis:
- Legitimate interest (marketing, advertising and business development)
- Consent (if required by applicable law)
- Consequences of not providing the Personal Data: We can’t establish a business relationship with you via social media platforms; you will be excluded from advertising and marketing campaigns on social medial platforms.
N.B. Please note that social media platforms may set cookies and other tracking technologies on your device when you visit their pages and when you navigate from their pages. The output of such information may be provided to us (usually for statistical purposes to see how users interact with our content on social media platforms). The social media platforms are responsible for how they handle your Personal Information and information about how these social media platforms collect and use your Personal Information (and how they use cookies and other technologies, including instructions on how you can disable these) can usually be found in their respective privacy policies and cookies policies on their websites.
n. When you participate in our community research, contest, and education websites (e.g., capture the flag competitions, challenges, etc.)
- Personal Data we collect or receive for these purposes: Full name, business email address, job title, company, business address, telephone number, country, username, link to the social media profile of your choice, and password.
- For what purposes: We will use this information to register you in these efforts, provide you with the ability to save your progress, and reward eligible participants where applicable. Some of this Personal Data can also be publicly disclosed on a leaderboard as part of the competition. If you do not want us to disclose your Personal Data publicly, you will need to include a username and a social media link that do not identify you. Wiz will not use the information you enter to register and login for any other purpose. If you express an interest in being contacted by Wiz (for example, if you fill out a separate form so that Wiz contact you on that website), Wiz will use your information for the purposes identified to you and other marketing purposes (see section f above). Only strictly necessary cookies will be used on these websites, as applicable (otherwise, a cookie banner will be presented to you depending on your jurisdiction).
- Legal basis:
- Legitimate interest (to provide an experience that any interested parties in the security community can benefit from)
- Consent (if required by applicable law)
- Consequences of not providing the Personal Data:
- You will not be able to compete in the challenge or obtain the full experience of the initiative.
- Personal Data we collect or receive for these purposes: Visual images collected via closed circuit cameras.
- For what purposes: For the purpose of protecting the physical security of the offices, to safeguard our offices, people and data, and to comply with our contractual obligations (e.g., with customers and insurers).
- Legal basis: Legitimate interest (to protect and secure our offices)
- Consequences of not providing the Personal Data: We cannot protect and secure our offices and comply with our contractual obligations.
Finally, please note that some of the abovementioned Personal Information may be used for detecting, taking steps to prevent, and prosecution of fraud or other illegal activity, to identify and repair errors, to conduct audits, and for security purposes. Personal Information may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims.
In certain cases, we may or will anonymize or de-identify your Personal Information and further use it for internal and external purposes, including, without limitation, to improve our Services and for research and development purposes. "Anonymous Information" means information which does not enable identification of an individual user, such as aggregated information about the use of our Services. We may use Anonymous Information and/or disclose it to third parties without restrictions (for example, in order to improve our Services and enhance your experience with them).
- Personal Data we collect or receive for these purposes*: Full name, business email address, personal email address (if you choose to become certified through your personal email address), your training and test results, and any relevant medical or health information you choose to disclose to us if you request any accommodations.
- *Please note that our testing platform will also process credit or debit card numbers, government issued photo ID, a current photo of you, audio and video recordings of you taking the exam, and keystroke data. This data is used during the exam process only and is not retained after the exam results have been issued.
- For what purposes: We will use your Personal Data to provide you with training, register you and verify your identity, provide the exam, issue the exam results, and grant any badges or certificates associated with the program.
- Legal basis:
- Consent (if required by applicable law)
- Legitimate interests (to provide you with training, issuing your certificate badges or credentials and responding to your inquiries)
- Consequences of not providing the Personal Data: You cannot participate in Wiz’s certification or training programs.
4. HOW WE DISCLOSE YOUR PERSONAL INFORMATION
Depending on the context described above, we may disclose your Personal Data to the following categories of third parties:
- Hosting/ storage
- Email system provider
- Authentication
- Support and ticketing
- Logging and monitoring
- Marketing
- Event sponsors
- CRM
- Data enrichment
- E-mail verification
- Sales engagement
- Sales automation
- Analytics and business intelligence
- Chat and support tools. We use third party vendors to provide chat and support tools via our Website and in-app such as customer service chats, enquiries and to collect information on those interactions
- Sanctions checks and other legally required checks
- Document management / automation
- Conducting background checks (if you are applying for a job with us)
- Automation / management of HR and job application process
- Our partners that offer products and services either in connection with our Services or separately that we think would be of interest to you
- Online testing and issuing a digital badge
- Other service providers to the extent required to fulfill the purposes listed above
We may also disclose your Personal Data as follows:
- to the extent necessary in our good faith determination, with regulators, courts or competent authorities, to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order;
- with our affiliated companies to the extent necessary to fulfill the purposes listed above;
- if, in the future, we sell or transfer some or all of our business, shares, or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business, shares or assets. In the event that we are acquired by or merged with a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer or assign Personal Information in connection with the foregoing events;
- with social media platforms for the purposes mentioned above;
- where you have provided your consent to us disclosing or transferring the Personal Information.
5. HOW WE PROTECT AND STORE YOUR INFORMATION
a. Security: We have implemented appropriate technical, organizational and security measures designed to protect your Personal Information. However, please note that we cannot guarantee that the information will not be compromised including as a result of unauthorized penetration to our servers. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.
b. Retention of your Personal Information. We may store your Personal Information for as long as necessary to fulfil the purpose for which we collected it, and as long as necessary to fulfill your requests or inquiries or provide Services or until we proactively delete it or you send a valid deletion request. In addition, in some circumstances we may store your Personal Information for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Information or dealings. We have an internal data retention policy to ensure that we do not retain your Personal Data perpetually. Regarding retention of cookies, you can read more in our Cookies Policy.
6. ADDITIONAL INFORMATION REGARDING TRANSFERS OF GDPR PROTECTED PERSONAL DATA
a. Internal transfers: Transfers within the Wiz group will be covered by an internal data processing agreement between entities of the Wiz group which contractually obliges each member to ensure that Personal Data receives an adequate and consistent level of protection wherever it is transferred to.
b. External transfers: When Wiz engages in transfers of GDPR and/or UK GDPR and where applicable, the Act on the Protection of Personal Information ("APPI") protected Personal Data outside of the EEA, UK or Japan (for example to third party service providers for the purposes listed above), we generally rely on either: (i) Adequacy Decisions adopted by the European Commission under Article 45 of the GDPR (for example, when our team accesses Personal Data from Israel); (ii) the Standard Contractual Clauses issued by the European Commission or the United Kingdom (as updated from time to time); or (iii) another lawful transfer mechanism provided for under the GDPR or the APPI e.g. Binding Corporate Rules. Wiz also monitors the circumstances surrounding such transfers to ensure that Personal Data continues to be afforded a level of protection that is essentially equivalent to the one guaranteed by the GDPR, UK GDPR and APPI.
7. YOUR PRIVACY RIGHTS
a. Rights: The following rights (which may be subject to certain exemptions or derogations) may apply to certain individuals depending on their jurisdiction of residence. The rights that may be applicable to you are as follows:
- You have a right to access Personal Data held about you. Your right of access may normally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
- You have the right to request that we rectify any Personal Data we hold that is inaccurate or misleading;
- You have the right to request the erasure/deletion of your Personal Data (e.g. from our records). Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the establishment, exercise or defense of legal claims;
- You have the right to object, to or to request restriction, of the processing;
- You have the right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
- You have the right to object to profiling, if applicable;
- You have the right to withdraw your consent at any time. Please note that there may be circumstances in which we are entitled to continue processing your data, in particular if the processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
- You also have a right to request certain details of the basis on which your Personal Data is transferred outside the European Economic Area, the United Kingdom or Japan, as applicable, but data transfer agreements and/or other details may need to be partially redacted for reasons of commercial confidentiality;
- You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place or work or place of alleged infringement) at any time or before the relevant institutions in your place of residence. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.
b. To the extent privacy laws applicable to you afford you with the rights referenced above, we will respect your rights and comply with such laws. You can exercise your rights by contacting us through our Privacy Center. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we require further information in order to fulfill your request.
c. Notice of Right to Opt Out of Sales of Personal Information and Sharing/Processing of Personal Information for Targeted Advertising Purposes. Certain U.S. states provide residents with the ability to opt out of the "sale" of their Personal Information or the "sharing/processing" of their Personal Information for cross-context behavioral and advertising purposes. As discussed above in Section 3(l), we may engage in certain online advertising activities through social media and by re-targeting advertising for our Services on other websites. We may use third-party ad networks to assist in these activities, which involves their collection of cookie and device identifier information to perform these activities. Under certain U.S. state laws you have the right to opt out of these activities. If you would like to opt out of our online disclosure such as through cookie and pixel technology of your Personal Information for purposes that could be considered "sales" or "sharing" for purposes of cross-contextual behavioral advertising, please click the ‘Do Not Sell or Share My Personal Information’ link in the footer of the Wiz.io website here. You can also submit a request to opt out of our offline disclosures of Personal Information that are subject to applicable opt out rights by clicking here. Please note that if you have a legally-required browser-based opt out preference signal turned on via your device browser (e.g., the Global Privacy Control), we recognize such preference in accordance with applicable law.
d. To help protect the security of your Personal Data, Wiz will verify your identity in connection with any requests. We also take steps to ensure that only you or your authorized representative can exercise rights with respect to your information. If you are an authorized agent making a request, we may require and request additional information to protect the Personal Data entrusted to Wiz, including information to verify that you are authorized to make that request. There may be situations where we cannot grant your request, for example, in the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent possible, all in accordance with applicable law.
e. We will not discriminate against you (e.g., by restricting or denying you access to our Services) because of choices and requests you make in connection with your Personal Data. Please note, certain choices may affect our ability to deliver the Services. For example, if you sign up to receive marketing communications by email, then ask Wiz to delete all of your information, we will be unable to send you marketing communications. You may exercise any of your rights in relation to your Personal Information by contacting us using the details provided under the "CONTACT US" section below.
8. USE BY CHILDREN
We do not offer our Services for use by children and, therefore, we do not knowingly collect Personal Information from, and/or about children under the age of eighteen (18). If you are under 18, you may not use the Website or Services, or provide any information to the Website without involvement of a parent or a guardian. In the event that we become aware that you provide Personal Information in violation of applicable laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at privacy@wiz.io.
9. LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS
Our Website or Services may enable you to interact with or contain links to your third party accounts and other third party websites, mobile software applications and products or services that are not owned or controlled by us (each a "Third Party Service"). We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services may collect Personal Information from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third Party Service that you choose to use or interact with.
10. DO NOT TRACK NOTICE
Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. Please note that we do not currently respond to or honor DNT signals. As explained above in Section 7, however, we do honor legally-required browser-based opt out preference signals such as the Global Privacy Control.
Please refer to our Cookies Policy for information about cookies and other tracking tools Wiz uses on our Website.
11. PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS
If you are a California resident, the California Consumer Privacy Act ("CCPA") requires us to provide you with the following additional information about: (1) the purpose for which we use each category of "personal information" (as defined in the CCPA) we collect; and (2) the categories of third parties to which we (a) disclose such personal information for a business purpose, (b) "share" personal information for "cross-context behavioral advertising," and/or (c) "sell" such personal information. Under the CCPA, "sharing" is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites, and "selling" is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration. Please see the "What Personal Information we collect and how we use it" and the "How we disclose your Personal Information" sections above in our Privacy Policy for detailed information about our data collection and use practices, as well as for more information about our advertising practices. The following chart details the categories of Personal Information that we sell/share with third parties:
Category of Personal Information | Categories of Third Parties to Which We Sell/Share this Category of Personal Information |
Device identifiers and Service usage information | Ad networks and advertising analytics partners |
Email address | Ad networks and advertising analytics partners |
Your Choices Regarding "Sharing" and "Selling": You have the right to opt out of our sale/sharing of your personal information for purposes of online advertising by clicking the ‘Do Not Sell or Share My Personal Information’ link in the footer of the Wiz.io website here. To opt out of the offline disclosure of your personal information to third parties for these purposes, please click here. Please note that there may be circumstances in which we are entitled by law to continue to sell or share your Personal Data. Also note that your withdrawal of consent shall not affect our right to request your consent to such sell or share again after twelve (12) months.
Other CCPA Rights. If we ever offer any financial incentives in exchange for your personal information, we will provide you with appropriate information about such incentives. The CCPA also allows you to limit the use or disclosure of your "sensitive personal information" (as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for business purposes for which you cannot opt out under the CCPA. Please see Section 7 of the Privacy Policy, "Your Privacy Rights," for information about the additional rights you have with respect to your personal information under California law and how to exercise them.
California "Shine the Light" disclosure. The California "Shine the Light" law gives residents of California the right under certain circumstances to opt out of the disclosure of certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes, or in the alternative, that we provide a cost-free means for consumers to opt out of any such disclosure. For more information about our compliance under the Shine the Light law please contact us via privacy@wiz.io.
12. PRIVACY INFORMATION FOR JAPAN RESIDENTS
- Right to Access: You have the right to access your personal data and, if applicable, any record of data transfer. You also have the right to request disclosure of purpose of use of your personal data.
- Right to Rectify: If the personal data held by us is incorrect or incomplete, you are entitled to request correction, addition, or deletion of the inaccurate or incomplete information.
- Right to Erasure and Restriction of Processing: You may request the deletion or restriction of processing of your personal data in cases where the data has been used beyond the necessary scope for achieving the original purpose of collection, was collected or processed unlawfully, or if the utilization of data could lead to unlawful acts. You may also request the restriction of processing of your personal data or the cessation of transfers of your personal data to third parties if we no longer need to use your personal data, your personal data was compromised, or your rights and legitimate interests may be harmed due to our handling of your personal data.
- Right to Restrict Third-Party Transfers: You can request cessation of transfers of your personal data to third parties if such transfers violate relevant laws.
13. CONTACT US
If you have any questions regarding this notice we encourage you to contact us at privacy@wiz.io. If you wish to exercise your rights, you can visit our Privacy Center.
In addition, VeraSafe has been appointed as Wiz's representative in the EEA for data protection matters, pursuant to Article 27 of the GDPR. If you are in the EEA, VeraSafe can be contacted in addition to Wiz, only on matters related to the processing of Personal Data. To make such an inquiry, you may contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.
Alternatively, VeraSafe can be contacted at: VeraSafe Netherlands BV, Keizersgracht 555, 1017 DR Amsterdam, Netherlands.
If you live in the EEA, the UK or Switzerland, Wiz Cloud Limited, located at Suite 4, 7th Floor, 50 Broadway London, SW1H 0DB, is the data controller for your Personal Information.
Effective October 23rd 2024 to January 15th 2025
DownloadTable of Contents
Wiz Privacy Policy
Last updated: 23 October 2024
Table of Contents:
- INTRODUCTION
- TERMS OF USE
- WHAT PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
- HOW WE DISCLOSE YOUR PERSONAL INFORMATION
- HOW WE PROTECT AND STORE YOUR PERSONAL INFORMATION
- ADDITIONAL INFORMATION REGARDING TRANSFERS OF GDPR PROTECTED PERSONAL DATA
- YOUR PRIVACY RIGHTS
- USE BY CHILDREN
- LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS
- DO NOT TRACK NOTICE
- PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS
- CONTACT US
1. INTRODUCTION
This privacy policy ("Privacy Policy") describes how we, Wiz, Inc. and our affiliates ("we", "our" or "us") process, use, collect and store Personal Information (defined below) that we receive from or about you ("you") in connection with your use of the Wiz website, any websites owned or operated by Wiz, and our service offerings (collectively referred to herein as the "Services"). Please read this Privacy Policy carefully, so you can fully understand our practices in relation to your Personal Information. Important note: Nothing in this Privacy Policy is intended to limit in any way your statutory right, including your rights to a remedy or means of enforcement.
In situations where Wiz is providing Services to our customer where the customer entity has entered into an agreement for use of the services with Wiz, Wiz is the processor/service provider (a provider that processes Personal Data on behalf of or at the direction of a controller, or other similar designation under the law) and the customer entity is the controller/business (the entity that decides how and why information is processed) of the information provided to Wiz via use of the Services. In such situations, our processing of your Personal Information may also be subject to an applicable data processing agreement with our customer. In the event of a conflict between the data processing agreement and this Privacy Policy, the data processing agreement governs.
"Personal Information" and/or "Personal Data" mean any information that can be used, alone or together with other data, to uniquely identify any living human being and any information deemed as Personally Identifiable Information by applicable privacy laws.
Please note that this is a master privacy policy and some of its provisions only apply to individuals in certain jurisdictions. For example, some jurisdictions require that we provide you with the "legal basis" for processing your Personal Information, and we have included this information below.
We may update this Privacy Policy from time to time and therefore we ask you to check back periodically for the latest version. If we implement any significant changes to the use of your Personal Information in a manner different from that stated at the time of collection, we will notify you by posting a notice on our website or by other means in accordance with applicable legal requirements.
2. TERMS OF USE
This Privacy Policy forms part of our Website Terms of Use ("Terms"). Any capitalized but undefined term in this Privacy Policy shall have the meaning given to it in the Terms.
3. WHAT PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
a. When you browse or use our Services
- Personal Data we collect: We may use analytics tools, cookies, pixels, other similar technologies and log files in our Services which may collect information such as IP address, pages clicked, events, search and browser information, and device information. For more information about our use of cookies, please read our Cookies Policy
- For what purposes: We use this information to analyze trends and behavior, maintain and improve the Services and marketing and promotional efforts. We may disclose this information to third party platforms
- Legal basis:
- Consent (e.g., non-essential cookies, to the extent required under applicable law)
- Legitimate interest (e.g., essential cookies for the Services to work, marketing)
- Consequences of not providing the Personal Data: Certain Services features may not be available and we may not be able to analyze usage of our Services or use the Personal Data for the purposes explained
b. When you request a demo
- Personal Data we collect: Full name, business email address, job title, company, business address, telephone number, country, any other Personal Data that you decide to provide us with. We may also record the demo and/or follow up sessions for the purposes of business intelligence and improving our Services
- For what purposes:
- To provide you with a demo
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering a contract i.e. subscription agreement
- Legitimate interest (to provide you with a demo or trial, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot provide you a demo or send you marketing communications
- Personal Data we collect: Full name, business email address, any other Personal Data that you decide to provide us with
- For what purposes: To send you communications for which you have subscribed to and other marketing communications
- Legal basis:
- Legitimate interest (to provide you with access to our blog or newsletters or updates which you have subscribed to, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot send you such communications
d. When you contact us
- Personal Data we collect: Full name, business email address, company, job title, work telephone number, country, message (to the extent it includes Personal Data) and any other Personal Data that you decide to provide us with
- For what purposes:
- To answer your questions
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering a contract i.e. subscription agreement
- Legitimate interest (e.g., to answer your questions, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot answer your questions or send you marketing communications
e. When you apply for a job with us
- Personal Data we collect: Full name, email address, any Personal Data contained in your resume (CV), your responses to any assessment, background check results (in accordance with applicable law), any other Personal Data that you decide or agree to provide us with such as if you agree for your interview or assessment to be recorded. Please note that, in most cases, we receive the information directly from you, but we may also receive information from recruitment companies, references or background check companies.
- For what purposes: To assess you as a candidate, review and examine your job application and communicate with you regarding your application.
- Legal basis
- Performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract i.e. employment contract
- Legitimate interest (to assess you as a candidate, recruitment)
- Consequences of not providing the Personal Data: We cannot process your application or communicate with you
f. When you provide us with your Personal Data for marketing reasons (e.g. when you attend a physical or virtual marketing event or webinar, and/or provide us with your business card)
- Personal Data we collect: Full name, business email address, job title, company, address, telephone number, country, any other Personal Data that you decide to provide us with
- For what purposes: To establish a business relationship with you, contact you about the Services and send you marketing communications
- Legal basis:
- Legitimate interest (marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot establish a business connection or send you marketing communications
g. When we acquire your Personal Data from third-party sources for marketing (e.g. lead-generation companies or as part of marketing campaigns)
- Personal Data we collect: Full name, business email address, job title, company, address, telephone number, country
- For what purposes: To contact you regarding the Services and send you marketing communications
- Legal basis:
- Legitimate interest (marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot contact you regarding the Services and send you marketing communications
h. When we use the Personal Data of our customers/end-users and prospects (e.g. when we communicate with customers or prospects, when you log-in to and use our online products and services)
- Personal Data we collect directly from you or from your employer who provides us with your contact details: Full name, business email address, Wiz password (if you have a Wiz account), job title, role, company, address, telephone number, country and any other Personal Data that you decide to provide us with e.g. any feedback you provide to the extent it includes Personal Data. This may include meeting recordings where applicable. If you are a member of any of the Wiz Communities, any information including Personal Data that you choose to provide in any of the communities (including a username of your choice) may be publicly available to other Wiz Communities members.
- Personal Data we collect automatically when you use our Services: When you access or use the Services we automatically collect information about you, including data relating to you use of our Services e.g. pages visited, IP address and browser information, access times.
- For what purposes:
- To allow you to register for and log-in to our Services
- To provide our Services and perform our agreements with our customers
- For billing and account management
- To provide support (e.g. ticketing and chat function)
- To monitor our Services
- To collect analytics information on use of the Services
- For security purposes, including for user authentication, logging and debugging and to prevent system abuse
- To maintain and improve our Services
- To communicate with you and allow you to provide feedback on our Services
- To enable you to participate in and contribute to the Wiz Communities
- To send you marketing communications
- To perform sanctions checks and other legally required checks
- Legal basis:
- Performance of a contract to which the customer is a party
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, sanctions laws etc.)
- Legitimate interest (to provide and improve our Services, send contract-related communications, marketing or updates about features or services)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot perform our obligations, provide the Services, or communicate with you.
- Personal Data we collect: In connection with your use of the Services we may collect data that we believe may be potentially related to unauthorized third parties, such as malware, and other suspicious files or potentially harmful artifacts. In some cases, this may contain limited Personal Data, such as IP addresses.
- For what purposes: We use this information to analyze and identify potentially suspicious patterns of malicious behavior to prevent, investigate, or notify of threats, and to improve the Services. We may disclose this information to third parties.
- Legal basis:
- Legitimate interest (to provide and improve the Services and for threat intelligence)
- Consequences of not providing the Personal Data: Certain Services features may not be available or may not be improved.
j. When you apply to be a Wiz partner / integrate with Wiz
- Personal Data we collect: Full name, job title/function, business email address, business telephone number, country of residence, company name, any other Personal Data that you decide to provide us with.
- For what purposes:
- To enable your company to become a Wiz partner / integrate with Wiz
- To communicate with you
- To comply with our legal obligations and record keeping
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the partner is a party (partner / integration agreement) or to take steps at the request of the partner prior to entering a contract (partner / integration agreement)
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.)
- Legitimate interest (to send you contract-related communications, to perform our agreement with your employer, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: You cannot become a Wiz partner / integrate with Wiz
k. When we use the Personal Data of our service providers
- Personal Data we collect: Full name, business email address, job title, company, business address, telephone number, country, payment information, any other Personal Data that you decide to provide us with
- For what purposes:
- To perform our agreement with you
- To communicate with you
- To comply with our legal obligations and record keeping
- Legal basis:
- Performance of a contract to which the service provider is a party
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.)
- Legitimate interest (to send you contract-related communications, to perform our agreement with your employer, marketing)
- Consequences of not providing the Personal Data: We cannot perform the agreement with you or communicate with you
l. When you interact with us on our social media profiles (e.g., Facebook, Instagram, Twitter, LinkedIn)
- Personal Data we collect: Full name, business email address, job title, company, telephone number, any other Personal Data you provide us
- For what purposes: To respond to your requests, establish a business relationship and send you marketing communications
- Legal basis:
- Legitimate interest (responding to your request, marketing, and business development)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We can’t respond to your requests, establish a business relationship and send you marketing communications
m. When we undertake social media marketing, including via use of audiences or list-based advertising
- Personal Data we collect or receive for these purposes: Full name, business email address, job title, company, telephone number, IP address, pages clicked, search and browser history, device information and any other Personal Data you or third parties provide us
- For what purposes: We may use your Personal Information to contact you via social media platforms in order to establish a business relationship with you and contact you about the Services. We may also use your Personal Information in order to create lists of individuals that we would like to target advertising about our Services via social media channels, including via direct messaging marketing solutions. You may be included in such a list (in which case you will see advertising related to Wiz when you visit those social media platforms) or we may use your Personal Information to ask social media platforms to identify a list of other individuals who we think will be interested in our Services, so that those individuals can be presented with advertising about Wiz.
- Legal basis:
- Legitimate interest (marketing, advertising and business development)
- Consent (if required by applicable law)
- Consequences of not providing the Personal Data: We can’t establish a business relationship with you via social media platforms; you will be excluded from advertising and marketing campaigns on social medial platforms.
N.B. Please note that social media platforms may set cookies and other tracking technologies on your device when you visit their pages and when you navigate from their pages. The output of such information may be provided to us (usually for statistical purposes to see how users interact with our content on social media platforms). The social media platforms are responsible for how they handle your Personal Information and information about how these social media platforms collect and use your Personal Information (and how they use cookies and other technologies, including instructions on how you can disable these) can usually be found in their respective privacy policies and cookies policies on their websites.
n. When you participate in our community research, contest, and education websites (e.g., capture the flag competitions, challenges, etc.)
- Personal Data we collect or receive for these purposes: Full name, business email address, job title, company, business address, telephone number, country, username, link to the social media profile of your choice, and password.
- For what purposes: We will use this information to register you in these efforts, provide you with the ability to save your progress, and reward eligible participants where applicable. Some of this Personal Data can also be publicly disclosed on a leaderboard as part of the competition. If you do not want us to disclose your Personal Data publicly, you will need to include a username and a social media link that do not identify you. Wiz will not use the information you enter to register and login for any other purpose. If you express an interest in being contacted by Wiz (for example, if you fill out a separate form so that Wiz contact you on that website), Wiz will use your information for the purposes identified to you and other marketing purposes (see section f above). Only strictly necessary cookies will be used on these websites, as applicable (otherwise, a cookie banner will be presented to you depending on your jurisdiction).
- Legal basis:
- Legitimate interest (to provide an experience that any interested parties in the security community can benefit from)
- Consent (if required by applicable law)
- Consequences of not providing the Personal Data:
- You will not be able to compete in the challenge or obtain the full experience of the initiative.
- Personal Data we collect or receive for these purposes: Visual images collected via closed circuit cameras.
- For what purposes: For the purpose of protecting the physical security of the offices, to safeguard our offices, people and data, and to comply with our contractual obligations (e.g., with customers and insurers).
- Legal basis: Legitimate interest (to protect and secure our offices)
- Consequences of not providing the Personal Data: We cannot protect and secure our offices and comply with our contractual obligations.
Finally, please note that some of the abovementioned Personal Information may be used for detecting, taking steps to prevent, and prosecution of fraud or other illegal activity, to identify and repair errors, to conduct audits, and for security purposes. Personal Information may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims.
In certain cases, we may or will anonymize or de-identify your Personal Information and further use it for internal and external purposes, including, without limitation, to improve our Services and for research and development purposes. "Anonymous Information" means information which does not enable identification of an individual user, such as aggregated information about the use of our Services. We may use Anonymous Information and/or disclose it to third parties without restrictions (for example, in order to improve our Services and enhance your experience with them).
- Personal Data we collect or receive for these purposes*: Full name, business email address, personal email address (if you choose to become certified through your personal email address), your training and test results, and any relevant medical or health information you choose to disclose to us if you request any accommodations.
- *Please note that our testing platform will also process credit or debit card numbers, government issued photo ID, a current photo of you, audio and video recordings of you taking the exam, and keystroke data. This data is used during the exam process only and is not retained after the exam results have been issued.
- For what purposes: We will use your Personal Data to provide you with training, register you and verify your identity, provide the exam, issue the exam results, and grant any badges or certificates associated with the program.
- Legal basis:
- Consent (if required by applicable law)
- Legitimate interests (to provide you with training, issuing your certificate badges or credentials and responding to your inquiries)
- Consequences of not providing the Personal Data: You cannot participate in Wiz’s certification or training programs.
4. HOW WE DISCLOSE YOUR PERSONAL INFORMATION
Depending on the context described above, we may disclose your Personal Data to the following categories of third parties:
- Hosting/ storage
- Email system provider
- Authentication
- Support and ticketing
- Logging and monitoring
- Marketing
- Event sponsors
- CRM
- Data enrichment
- E-mail verification
- Sales engagement
- Sales automation
- Analytics and business intelligence
- Chat and support tools. We use third party vendors to provide chat and support tools via our Website and in-app such as customer service chats, enquiries and to collect information on those interactions
- Sanctions checks and other legally required checks
- Document management / automation
- Conducting background checks (if you are applying for a job with us)
- Automation / management of HR and job application process
- Our partners that offer products and services either in connection with our Services or separately that we think would be of interest to you
- Online testing and issuing a digital badge
- Other service providers to the extent required to fulfill the purposes listed above
We may also disclose your Personal Data as follows:
- to the extent necessary in our good faith determination, with regulators, courts or competent authorities, to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order;
- with our affiliated companies to the extent necessary to fulfill the purposes listed above;
- if, in the future, we sell or transfer some or all of our business, shares, or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business, shares or assets. In the event that we are acquired by or merged with a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer or assign Personal Information in connection with the foregoing events;
- with social media platforms for the purposes mentioned above;
- where you have provided your consent to us disclosing or transferring the Personal Information.
5. HOW WE PROTECT AND STORE YOUR INFORMATION
a. Security: We have implemented appropriate technical, organizational and security measures designed to protect your Personal Information. However, please note that we cannot guarantee that the information will not be compromised including as a result of unauthorized penetration to our servers. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.
b. Retention of your Personal Information. We may store your Personal Information for as long as necessary to fulfil the purpose for which we collected it, and as long as necessary to fulfill your requests or inquiries or provide Services or until we proactively delete it or you send a valid deletion request. In addition, in some circumstances we may store your Personal Information for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Information or dealings. We have an internal data retention policy to ensure that we do not retain your Personal Data perpetually. Regarding retention of cookies, you can read more in our Cookies Policy.
6. ADDITIONAL INFORMATION REGARDING TRANSFERS OF GDPR PROTECTED PERSONAL DATA
a. Internal transfers: Transfers within the Wiz group will be covered by an internal data processing agreement between entities of the Wiz group which contractually obliges each member to ensure that Personal Data receives an adequate and consistent level of protection wherever it is transferred to.
b. External transfers: When Wiz engages in transfers of GDPR and/or UK GDPR protected Personal Data outside of the EEA or UK (for example to third party service providers for the purposes listed above), we generally rely on either: (i) Adequacy Decisions adopted by the European Commission under Article 45 of the GDPR (for example, when our team accesses Personal Data from Israel); (ii) the Standard Contractual Clauses issued by the European Commission or the United Kingdom (as updated from time to time); or (iii) another lawful transfer mechanism provided for under the GDPR e.g. Binding Corporate Rules. Wiz also monitors the circumstances surrounding such transfers to ensure that Personal Data continues to be afforded a level of protection that is essentially equivalent to the one guaranteed by the GDPR and UK GDPR.
7. YOUR PRIVACY RIGHTS
a. Rights: The following rights (which may be subject to certain exemptions or derogations) may apply to certain individuals depending on their jurisdiction of residence. The rights that may be applicable to you are as follows:
- You have a right to access Personal Data held about you. Your right of access may normally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
- You have the right to request that we rectify any Personal Data we hold that is inaccurate or misleading;
- You have the right to request the erasure/deletion of your Personal Data (e.g. from our records). Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the establishment, exercise or defense of legal claims;
- You have the right to object, to or to request restriction, of the processing;
- You have the right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
- You have the right to object to profiling, if applicable;
- You have the right to withdraw your consent at any time. Please note that there may be circumstances in which we are entitled to continue processing your data, in particular if the processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
- You also have a right to request certain details of the basis on which your Personal Data is transferred outside the European Economic Area or the United Kingdom, as applicable, but data transfer agreements and/or other details may need to be partially redacted for reasons of commercial confidentiality;
- You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place or work or place of alleged infringement) at any time or before the relevant institutions in your place of residence. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.
b. To the extent privacy laws applicable to you afford you with the rights referenced above, we will respect your rights and comply with such laws. You can exercise your rights by contacting us through our Privacy Center. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we require further information in order to fulfill your request.
c. Notice of Right to Opt Out of Sales of Personal Information and Sharing/Processing of Personal Information for Targeted Advertising Purposes. Certain U.S. states provide residents with the ability to opt out of the "sale" of their Personal Information or the "sharing/processing" of their Personal Information for cross-context behavioral and advertising purposes. As discussed above in Section 3(l), we may engage in certain online advertising activities through social media and by re-targeting advertising for our Services on other websites. We may use third-party ad networks to assist in these activities, which involves their collection of cookie and device identifier information to perform these activities. Under certain U.S. state laws you have the right to opt out of these activities. If you would like to opt out of our online disclosure such as through cookie and pixel technology of your Personal Information for purposes that could be considered "sales" or "sharing" for purposes of cross-contextual behavioral advertising, please click the ‘Do Not Sell or Share My Personal Information’ link in the footer of the Wiz.io website here. You can also submit a request to opt out of our offline disclosures of Personal Information that are subject to applicable opt out rights by clicking here. Please note that if you have a legally-required browser-based opt out preference signal turned on via your device browser (e.g., the Global Privacy Control), we recognize such preference in accordance with applicable law.
d. To help protect the security of your Personal Data, Wiz will verify your identity in connection with any requests. We also take steps to ensure that only you or your authorized representative can exercise rights with respect to your information. If you are an authorized agent making a request, we may require and request additional information to protect the Personal Data entrusted to Wiz, including information to verify that you are authorized to make that request. There may be situations where we cannot grant your request, for example, in the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent possible, all in accordance with applicable law.
e. We will not discriminate against you (e.g., by restricting or denying you access to our Services) because of choices and requests you make in connection with your Personal Data. Please note, certain choices may affect our ability to deliver the Services. For example, if you sign up to receive marketing communications by email, then ask Wiz to delete all of your information, we will be unable to send you marketing communications. You may exercise any of your rights in relation to your Personal Information by contacting us using the details provided under the "CONTACT US" section below.
8. USE BY CHILDREN
We do not offer our Services for use by children and, therefore, we do not knowingly collect Personal Information from, and/or about children under the age of eighteen (18). If you are under 18, you may not use the Website or Services, or provide any information to the Website without involvement of a parent or a guardian. In the event that we become aware that you provide Personal Information in violation of applicable laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at privacy@wiz.io.
9. LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS
Our Website or Services may enable you to interact with or contain links to your third party accounts and other third party websites, mobile software applications and products or services that are not owned or controlled by us (each a "Third Party Service"). We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services may collect Personal Information from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third Party Service that you choose to use or interact with.
10. DO NOT TRACK NOTICE
Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. Please note that we do not currently respond to or honor DNT signals. As explained above in Section 7, however, we do honor legally-required browser-based opt out preference signals such as the Global Privacy Control.
Please refer to our Cookies Policy for information about cookies and other tracking tools Wiz uses on our Website.
11. PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS
If you are a California resident, the California Consumer Privacy Act ("CCPA") requires us to provide you with the following additional information about: (1) the purpose for which we use each category of "personal information" (as defined in the CCPA) we collect; and (2) the categories of third parties to which we (a) disclose such personal information for a business purpose, (b) "share" personal information for "cross-context behavioral advertising," and/or (c) "sell" such personal information. Under the CCPA, "sharing" is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites, and "selling" is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration. Please see the "What Personal Information we collect and how we use it" and the "How we disclose your Personal Information" sections above in our Privacy Policy for detailed information about our data collection and use practices, as well as for more information about our advertising practices. The following chart details the categories of Personal Information that we sell/share with third parties:
Category of Personal Information | Categories of Third Parties to Which We Sell/Share this Category of Personal Information |
Device identifiers and Service usage information | Ad networks and advertising analytics partners |
Email address | Ad networks and advertising analytics partners |
Your Choices Regarding "Sharing" and "Selling": You have the right to opt out of our sale/sharing of your personal information for purposes of online advertising by clicking the ‘Do Not Sell or Share My Personal Information’ link in the footer of the Wiz.io website here. To opt out of the offline disclosure of your personal information to third parties for these purposes, please click here. Please note that there may be circumstances in which we are entitled by law to continue to sell or share your Personal Data. Also note that your withdrawal of consent shall not affect our right to request your consent to such sell or share again after twelve (12) months.
Other CCPA Rights. If we ever offer any financial incentives in exchange for your personal information, we will provide you with appropriate information about such incentives. The CCPA also allows you to limit the use or disclosure of your "sensitive personal information" (as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for business purposes for which you cannot opt out under the CCPA. Please see Section 7 of the Privacy Policy, "Your Privacy Rights," for information about the additional rights you have with respect to your personal information under California law and how to exercise them.
California "Shine the Light" disclosure. The California "Shine the Light" law gives residents of California the right under certain circumstances to opt out of the disclosure of certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes, or in the alternative, that we provide a cost-free means for consumers to opt out of any such disclosure. For more information about our compliance under the Shine the Light law please contact us via privacy@wiz.io.
12. CONTACT US
If you have any questions regarding this notice we encourage you to contact us at privacy@wiz.io. If you wish to exercise your rights, you can visit our Privacy Center.
In addition, VeraSafe has been appointed as Wiz's representative in the EEA for data protection matters, pursuant to Article 27 of the GDPR. If you are in the EEA, VeraSafe can be contacted in addition to Wiz, only on matters related to the processing of Personal Data. To make such an inquiry, you may contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.
Alternatively, VeraSafe can be contacted at: VeraSafe Netherlands BV, Keizersgracht 555, 1017 DR Amsterdam, Netherlands.
If you live in the EEA, the UK or Switzerland, Wiz Cloud Limited, located at Suite 4, 7th Floor, 50 Broadway London, SW1H 0DB, is the data controller for your Personal Information.
Effective August 15th 2024 to October 23rd 2024
DownloadTable of Contents
Wiz Privacy Policy
Last updated: 14 August 2024
Table of Contents:
- INTRODUCTION
- TERMS OF USE
- WHAT PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
- HOW WE DISCLOSE YOUR PERSONAL INFORMATION
- HOW WE PROTECT AND STORE YOUR PERSONAL INFORMATION
- ADDITIONAL INFORMATION REGARDING TRANSFERS OF GDPR PROTECTED PERSONAL DATA
- YOUR PRIVACY RIGHTS
- USE BY CHILDREN
- LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS
- DO NOT TRACK NOTICE
- PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS
- CONTACT US
1. INTRODUCTION
This privacy policy ("Privacy Policy") describes how we, Wiz, Inc. and our affiliates ("we", "our" or "us") process, use, collect and store Personal Information (defined below) that we receive from or about you ("you") in connection with your use of the Wiz website, any websites owned or operated by Wiz, and our service offerings (collectively referred to herein as the "Services"). Please read this Privacy Policy carefully, so you can fully understand our practices in relation to your Personal Information. Important note: Nothing in this Privacy Policy is intended to limit in any way your statutory right, including your rights to a remedy or means of enforcement.
In situations where Wiz is providing Services to our customer where the customer entity has entered into an agreement for use of the services with Wiz, Wiz is the processor/service provider (a provider that processes Personal Data on behalf of or at the direction of a controller, or other similar designation under the law) and the customer entity is the controller/business (the entity that decides how and why information is processed) of the information provided to Wiz via use of the Services. In such situations, our processing of your Personal Information may also be subject to an applicable data processing agreement with our customer. In the event of a conflict between the data processing agreement and this Privacy Policy, the data processing agreement governs.
"Personal Information" and/or "Personal Data" mean any information that can be used, alone or together with other data, to uniquely identify any living human being and any information deemed as Personally Identifiable Information by applicable privacy laws.
Please note that this is a master privacy policy and some of its provisions only apply to individuals in certain jurisdictions. For example, some jurisdictions require that we provide you with the "legal basis" for processing your Personal Information, and we have included this information below.
We may update this Privacy Policy from time to time and therefore we ask you to check back periodically for the latest version. If we implement any significant changes to the use of your Personal Information in a manner different from that stated at the time of collection, we will notify you by posting a notice on our website or by other means in accordance with applicable legal requirements.
2. TERMS OF USE
This Privacy Policy forms part of our Website Terms of Use ("Terms"). Any capitalized but undefined term in this Privacy Policy shall have the meaning given to it in the Terms.
3. WHAT PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
a. When you browse or use our Services
- Personal Data we collect: We may use analytics tools, cookies, other similar technologies and log files in our Services which may collect information such as IP address, pages clicked, events, search and browser information, and device information. For more information about our use of cookies, please read our Cookies Policy
- For what purposes: We use this information to analyze trends and behavior, maintain and improve the Services and marketing and promotional efforts. We may disclose this information to third party platforms
- Legal basis:
- Consent (e.g., non-essential cookies, to the extent required under applicable law)
- Legitimate interest (e.g., essential cookies for the Services to work, marketing)
- Consequences of not providing the Personal Data: Certain Services features may not be available and we may not be able to analyze usage of our Services or use the Personal Data for the purposes explained
b. When you request a demo
- Personal Data we collect: Full name, business email address, job title, company, business address, telephone number, country, any other Personal Data that you decide to provide us with. We may also record the demo and/or follow up sessions for the purposes of business intelligence and improving our Services
- For what purposes:
- To provide you with a demo
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering a contract i.e. subscription agreement
- Legitimate interest (to provide you with a demo or trial, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot provide you a demo or send you marketing communications
- Personal Data we collect: Full name, business email address, any other Personal Data that you decide to provide us with
- For what purposes: To send you communications for which you have subscribed to and other marketing communications
- Legal basis:
- Legitimate interest (to provide you with access to our blog or newsletters or updates which you have subscribed to, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot send you such communications
d. When you contact us
- Personal Data we collect: Full name, business email address, company, job title, work telephone number, country, message (to the extent it includes Personal Data) and any other Personal Data that you decide to provide us with
- For what purposes:
- To answer your questions
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering a contract i.e. subscription agreement
- Legitimate interest (e.g., to answer your questions, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot answer your questions or send you marketing communications
e. When you apply for a job with us
- Personal Data we collect: Full name, email address, any Personal Data contained in your resume (CV), your responses to any assessment, background check results (in accordance with applicable law), any other Personal Data that you decide or agree to provide us with such as if you agree for your interview or assessment to be recorded. Please note that, in most cases, we receive the information directly from you, but we may also receive information from recruitment companies, references or background check companies.
- For what purposes: To assess you as a candidate, review and examine your job application and communicate with you regarding your application.
- Legal basis
- Performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract i.e. employment contract
- Legitimate interest (to assess you as a candidate, recruitment)
- Consequences of not providing the Personal Data: We cannot process your application or communicate with you
f. When you provide us with your Personal Data for marketing reasons (e.g. when you attend a physical or virtual marketing event or webinar, and/or provide us with your business card)
- Personal Data we collect: Full name, business email address, job title, company, address, telephone number, country, any other Personal Data that you decide to provide us with
- For what purposes: To establish a business relationship with you, contact you about the Services and send you marketing communications
- Legal basis:
- Legitimate interest (marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot establish a business connection or send you marketing communications
g. When we acquire your Personal Data from third-party sources for marketing (e.g. lead-generation companies or as part of marketing campaigns)
- Personal Data we collect: Full name, business email address, job title, company, address, telephone number, country
- For what purposes: To contact you regarding the Services and send you marketing communications
- Legal basis:
- Legitimate interest (marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot contact you regarding the Services and send you marketing communications
h. When we use the Personal Data of our customers/end-users (e.g. when we communicate with customers, when you log-in to and use our online products and services)
- Personal Data we collect directly from you or from your employer who provides us with your contact details: Full name, business email address, Wiz password (if you have a Wiz account), job title, role, company, address, telephone number, country and any other Personal Data that you decide to provide us with e.g. any feedback you provide to the extent it includes Personal Data. If you are a member of any of the Wiz Communities, any information including Personal Data that you choose to provide in any of the communities may be publicly available to other Wiz Communities members.
- Personal Data we collect automatically when you use our Services: When you access or use the Services we automatically collect information about you, including data relating to you use of our Services e.g. pages visited, IP address and browser information, access times.
- For what purposes:
- To allow you to register for and log-in to our Services
- To provide our Services and perform our agreements with our customers
- For billing and account management
- To provide support (e.g. ticketing and chat function)
- To monitor our Services
- To collect analytics information on use of the Services
- For security purposes, including for user authentication, logging and debugging and to prevent system abuse
- To maintain and improve our Services
- To communicate with you and allow you to provide feedback on our Services
- To enable you to participate in and contribute to the Wiz Communities
- To send you marketing communications
- To perform sanctions checks and other legally required checks
- Legal basis:
- Performance of a contract to which the customer is a party
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, sanctions laws etc.)
- Legitimate interest (to provide and improve our Services, send contract-related communications, marketing or updates about features or services)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot perform our obligations, provide the Services, or communicate with you.
- Personal Data we collect: In connection with your use of the Services we may collect data that we believe may be potentially related to unauthorized third parties, such as malware, and other suspicious files or potentially harmful artifacts. In some cases, this may contain limited Personal Data, such as IP addresses.
- For what purposes: We use this information to analyze and identify potentially suspicious patterns of malicious behavior to prevent, investigate, or notify of threats, and to improve the Services. We may disclose this information to third parties.
- Legal basis:
- Legitimate interest (to provide and improve the Services and for threat intelligence)
- Consequences of not providing the Personal Data: Certain Services features may not be available or may not be improved.
j. When you apply to be a Wiz partner / integrate with Wiz
- Personal Data we collect: Full name, job title/function, business email address, business telephone number, country of residence, company name, any other Personal Data that you decide to provide us with.
- For what purposes:
- To enable your company to become a Wiz partner / integrate with Wiz
- To communicate with you
- To comply with our legal obligations and record keeping
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the partner is a party (partner / integration agreement) or to take steps at the request of the partner prior to entering a contract (partner / integration agreement)
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.)
- Legitimate interest (to send you contract-related communications, to perform our agreement with your employer, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: You cannot become a Wiz partner / integrate with Wiz
k. When we use the Personal Data of our service providers
- Personal Data we collect: Full name, business email address, job title, company, business address, telephone number, country, payment information, any other Personal Data that you decide to provide us with
- For what purposes:
- To perform our agreement with you
- To communicate with you
- To comply with our legal obligations and record keeping
- Legal basis:
- Performance of a contract to which the service provider is a party
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.)
- Legitimate interest (to send you contract-related communications, to perform our agreement with your employer, marketing)
- Consequences of not providing the Personal Data: We cannot perform the agreement with you or communicate with you
l. When you interact with us on our social media profiles (e.g., Facebook, Instagram, Twitter, LinkedIn)
- Personal Data we collect: Full name, business email address, job title, company, telephone number, any other Personal Data you provide us
- For what purposes: To respond to your requests, establish a business relationship and send you marketing communications
- Legal basis:
- Legitimate interest (responding to your request, marketing, and business development)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We can’t respond to your requests, establish a business relationship and send you marketing communications
m. When we undertake social media marketing, including via use of audiences or list-based advertising
- Personal Data we collect or receive for these purposes: Full name, business email address, job title, company, telephone number, IP address, pages clicked, search and browser history, device information and any other Personal Data you or third parties provide us
- For what purposes: We may use your Personal Information to contact you via social media platforms in order to establish a business relationship with you and contact you about the Services. We may also use your Personal Information in order to create lists of individuals that we would like to target advertising about our Services via social media channels, including via direct messaging marketing solutions. You may be included in such a list (in which case you will see advertising related to Wiz when you visit those social media platforms) or we may use your Personal Information to ask social media platforms to identify a list of other individuals who we think will be interested in our Services, so that those individuals can be presented with advertising about Wiz.
- Legal basis:
- Legitimate interest (marketing, advertising and business development)
- Consent (if required by applicable law)
- Consequences of not providing the Personal Data: We can’t establish a business relationship with you via social media platforms; you will be excluded from advertising and marketing campaigns on social medial platforms.
N.B. Please note that social media platforms may set cookies and other tracking technologies on your device when you visit their pages and when you navigate from their pages. The output of such information may be provided to us (usually for statistical purposes to see how users interact with our content on social media platforms). The social media platforms are responsible for how they handle your Personal Information and information about how these social media platforms collect and use your Personal Information (and how they use cookies and other technologies, including instructions on how you can disable these) can usually be found in their respective privacy policies and cookies policies on their websites.
n. When you participate in our community research, contest, and education websites (e.g., capture the flag competitions, challenges, etc.)
- Personal Data we collect or receive for these purposes: Full name, business email address, job title, company, business address, telephone number, country, username, link to the social media profile of your choice, and password.
- For what purposes: We will use this information to register you in these efforts, provide you with the ability to save your progress, and reward eligible participants where applicable. Some of this Personal Data can also be publicly disclosed on a leaderboard as part of the competition. If you do not want us to disclose your Personal Data publicly, you will need to include a username and a social media link that do not identify you. Wiz will not use the information you enter to register and login for any other purpose. If you express an interest in being contacted by Wiz (for example, if you fill out a separate form so that Wiz contact you on that website), Wiz will use your information for the purposes identified to you and other marketing purposes (see section f above). Only strictly necessary cookies will be used on these websites, as applicable (otherwise, a cookie banner will be presented to you depending on your jurisdiction).
- Legal basis:
- Legitimate interest (to provide an experience that any interested parties in the security community can benefit from)
- Consent (if required by applicable law)
- Consequences of not providing the Personal Data:
- You will not be able to compete in the challenge or obtain the full experience of the initiative.
- Personal Data we collect or receive for these purposes: Visual images collected via closed circuit cameras.
- For what purposes: For the purpose of protecting the physical security of the offices, to safeguard our offices, people and data, and to comply with our contractual obligations (e.g., with customers and insurers).
- Legal basis: Legitimate interest (to protect and secure our offices)
- Consequences of not providing the Personal Data: We cannot protect and secure our offices and comply with our contractual obligations.
Finally, please note that some of the abovementioned Personal Information may be used for detecting, taking steps to prevent, and prosecution of fraud or other illegal activity, to identify and repair errors, to conduct audits, and for security purposes. Personal Information may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims.
In certain cases, we may or will anonymize or de-identify your Personal Information and further use it for internal and external purposes, including, without limitation, to improve our Services and for research and development purposes. "Anonymous Information" means information which does not enable identification of an individual user, such as aggregated information about the use of our Services. We may use Anonymous Information and/or disclose it to third parties without restrictions (for example, in order to improve our Services and enhance your experience with them).
4. HOW WE DISCLOSE YOUR PERSONAL INFORMATION
Depending on the context described above, we may disclose your Personal Data to the following categories of third parties:
- Hosting/ storage
- Email system provider
- Authentication
- Support and ticketing
- Logging and monitoring
- Marketing
- Event sponsors
- CRM
- Data enrichment
- E-mail verification
- Sales Engagement
- Sales automation
- Analytics and business intelligence
- Chat and support tools. We use third party vendors to provide chat and support tools via our Website and in-app such as customer service chats, enquiries and to collect information on those interactions
- Sanctions checks and other legally required checks
- Document management / automation
- Conducting background checks (if you are applying for a job with us)
- Automation / management of HR and job application process
- Our partners that offer products and services either in connection with our Services or separately that we think would be of interest to you
- Other service providers to the extent required to fulfil the purposes listed above
We may also disclose your Personal Data as follows:
- to the extent necessary in our good faith determination, with regulators, courts or competent authorities, to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order;
- with our affiliated companies to the extent necessary to fulfill the purposes listed above;
- if, in the future, we sell or transfer some or all of our business, shares, or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business, shares or assets. In the event that we are acquired by or merged with a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer or assign Personal Information in connection with the foregoing events;
- with social media platforms for the purposes mentioned above;
- where you have provided your consent to us disclosing or transferring the Personal Information.
5. HOW WE PROTECT AND STORE YOUR INFORMATION
a. Security: We have implemented appropriate technical, organizational and security measures designed to protect your Personal Information. However, please note that we cannot guarantee that the information will not be compromised including as a result of unauthorized penetration to our servers. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.
b. Retention of your Personal Information. We may store your Personal Information for as long as necessary to fulfil the purpose for which we collected it, and as long as necessary to fulfill your requests or inquiries or provide Services or until we proactively delete it or you send a valid deletion request. In addition, in some circumstances we may store your Personal Information for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Information or dealings. We have an internal data retention policy to ensure that we do not retain your Personal Data perpetually. Regarding retention of cookies, you can read more in our Cookies Policy.
6. ADDITIONAL INFORMATION REGARDING TRANSFERS OF GDPR PROTECTED PERSONAL DATA
a. Internal transfers: Transfers within the Wiz group will be covered by an internal data processing agreement between entities of the Wiz group which contractually obliges each member to ensure that Personal Data receives an adequate and consistent level of protection wherever it is transferred to.
b. External transfers: When Wiz engages in transfers of GDPR and/or UK GDPR protected Personal Data outside of the EEA or UK (for example to third party service providers for the purposes listed above), we generally rely on either: (i) Adequacy Decisions adopted by the European Commission under Article 45 of the GDPR (for example, when our team accesses Personal Data from Israel); (ii) the Standard Contractual Clauses issued by the European Commission or the United Kingdom (as updated from time to time); or (iii) another lawful transfer mechanism provided for under the GDPR e.g. Binding Corporate Rules. Wiz also monitors the circumstances surrounding such transfers to ensure that Personal Data continues to be afforded a level of protection that is essentially equivalent to the one guaranteed by the GDPR and UK GDPR.
7. YOUR PRIVACY RIGHTS
a. Rights: The following rights (which may be subject to certain exemptions or derogations) may apply to certain individuals depending on their jurisdiction of residence. The rights that may be applicable to you are as follows:
- You have a right to access Personal Data held about you. Your right of access may normally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
- You have the right to request that we rectify any Personal Data we hold that is inaccurate or misleading;
- You have the right to request the erasure/deletion of your Personal Data (e.g. from our records). Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the establishment, exercise or defense of legal claims;
- You have the right to object, to or to request restriction, of the processing;
- You have the right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
- You have the right to object to profiling, if applicable;
- You have the right to withdraw your consent at any time. Please note that there may be circumstances in which we are entitled to continue processing your data, in particular if the processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
- You also have a right to request certain details of the basis on which your Personal Data is transferred outside the European Economic Area or the United Kingdom, as applicable, but data transfer agreements and/or other details may need to be partially redacted for reasons of commercial confidentiality;
- You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place or work or place of alleged infringement) at any time or before the relevant institutions in your place of residence. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.
b. To the extent privacy laws applicable to you afford you with the rights referenced above, we will respect your rights and comply with such laws. You can exercise your rights by contacting us at privacy@wiz.io. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we require further information in order to fulfil your request.
c. Notice of Right to Opt Out of Sales of Personal Information and Sharing/Processing of Personal Information for Targeted Advertising Purposes. Certain U.S. states provide residents with the ability to opt out of the "sale" of their Personal Information or the "sharing/processing" of their Personal Information for cross-context behavioral and advertising purposes. As discussed above in Section 3(l), we may engage in certain online advertising activities through social media and by re-targeting advertising for our Services on other websites. We may use third-party ad networks to assist in these activities, which involves their collection of cookie and device identifier information to perform these activities. Under certain U.S. state laws you have the right to opt out of these activities. If you would like to opt out of our online disclosure such as through cookie and pixel technology of your Personal Information for purposes that could be considered "sales" or "sharing" for purposes of cross-contextual behavioral advertising, please click the ‘Do Not Sell or Share My Personal Information’ link in the footer of the Wiz.io website here. You can also submit a request to opt out of our offline disclosures of Personal Information that are subject to applicable opt out rights by clicking here. Please note that if you have a legally-required browser-based opt out preference signal turned on via your device browser (e.g., the Global Privacy Control), we recognize such preference in accordance with applicable law.
d. To help protect the security of your Personal Data, Wiz will verify your identity in connection with any requests. We also take steps to ensure that only you or your authorized representative can exercise rights with respect to your information. If you are an authorized agent making a request, we may require and request additional information to protect the Personal Data entrusted to Wiz, including information to verify that you are authorized to make that request. There may be situations where we cannot grant your request, for example, in the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent possible, all in accordance with applicable law.
e. We will not discriminate against you (e.g., by restricting or denying you access to our Services) because of choices and requests you make in connection with your Personal Data. Please note, certain choices may affect our ability to deliver the Services. For example, if you sign up to receive marketing communications by email, then ask Wiz to delete all of your information, we will be unable to send you marketing communications. You may exercise any of your rights in relation to your Personal Information by contacting us using the details provided under the "CONTACT US" section below.
8. USE BY CHILDREN
We do not offer our Services for use by children and, therefore, we do not knowingly collect Personal Information from, and/or about children under the age of eighteen (18). If you are under 18, you may not use the Website or Services, or provide any information to the Website without involvement of a parent or a guardian. In the event that we become aware that you provide Personal Information in violation of applicable laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at privacy@wiz.io.
9. LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS
Our Website or Services may enable you to interact with or contain links to your third party accounts and other third party websites, mobile software applications and products or services that are not owned or controlled by us (each a "Third Party Service"). We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services may collect Personal Information from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third Party Service that you choose to use or interact with.
10. DO NOT TRACK NOTICE
Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. Please note that we do not currently respond to or honor DNT signals. As explained above in Section 7, however, we do honor legally-required browser-based opt out preference signals such as the Global Privacy Control.
Please refer to our Cookies Policy for information about cookies and other tracking tools Wiz uses on our Website.
11. PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS
If you are a California resident, the California Consumer Privacy Act ("CCPA") requires us to provide you with the following additional information about: (1) the purpose for which we use each category of "personal information" (as defined in the CCPA) we collect; and (2) the categories of third parties to which we (a) disclose such personal information for a business purpose, (b) "share" personal information for "cross-context behavioral advertising," and/or (c) "sell" such personal information. Under the CCPA, "sharing" is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites, and "selling" is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration. Please see the "What Personal Information we collect and how we use it" and the "How we disclose your Personal Information" sections above in our Privacy Policy for detailed information about our data collection and use practices, as well as for more information about our advertising practices. The following chart details the categories of Personal Information that we sell/share with third parties:
Category of Personal Information | Categories of Third Parties to Which We Sell/Share this Category of Personal Information |
Device identifiers and Service usage information | Ad networks and advertising analytics partners |
Email address | Ad networks and advertising analytics partners |
Your Choices Regarding "Sharing" and "Selling": You have the right to opt out of our sale/sharing of your personal information for purposes of online advertising by clicking the ‘Do Not Sell or Share My Personal Information’ link in the footer of the Wiz.io website here. To opt out of the offline disclosure of your personal information to third parties for these purposes, please click here. Please note that there may be circumstances in which we are entitled by law to continue to sell or share your Personal Data. Also note that your withdrawal of consent shall not affect our right to request your consent to such sell or share again after twelve (12) months.
Other CCPA Rights. If we ever offer any financial incentives in exchange for your personal information, we will provide you with appropriate information about such incentives. The CCPA also allows you to limit the use or disclosure of your "sensitive personal information" (as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for business purposes for which you cannot opt out under the CCPA. Please see Section 7 of the Privacy Policy, "Your Privacy Rights," for information about the additional rights you have with respect to your personal information under California law and how to exercise them.
California "Shine the Light" disclosure. The California "Shine the Light" law gives residents of California the right under certain circumstances to opt out of the disclosure of certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes, or in the alternative, that we provide a cost-free means for consumers to opt out of any such disclosure. For more information about our compliance under the Shine the Light law please contact us via privacy@wiz.io.
12. CONTACT US
If you have any questions regarding this notice, or if you wish to exercise your rights, we encourage you to contact us at privacy@wiz.io.
In addition, VeraSafe has been appointed as Wiz's representative in the EEA for data protection matters, pursuant to Article 27 of the GDPR. If you are in the EEA, VeraSafe can be contacted in addition to Wiz, only on matters related to the processing of Personal Data. To make such an inquiry, you may contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.
Alternatively, VeraSafe can be contacted at: VeraSafe Netherlands BV, Keizersgracht 555, 1017 DR Amsterdam, Netherlands.
If you live in the EEA, the UK or Switzerland, Wiz Cloud Limited, located at Suite 4, 7th Floor, 50 Broadway London, SW1H 0DB, is the data controller for your Personal Information.
Effective August 1st 2024 to August 15th 2024
DownloadTable of Contents
Wiz Privacy Policy
Last updated: 25 July 2024
Table of Contents:
- INTRODUCTION
- TERMS OF USE
- WHAT PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
- HOW WE DISCLOSE YOUR PERSONAL INFORMATION
- HOW WE PROTECT AND STORE YOUR PERSONAL INFORMATION
- ADDITIONAL INFORMATION REGARDING TRANSFERS OF GDPR PROTECTED PERSONAL DATA
- YOUR PRIVACY RIGHTS
- USE BY CHILDREN
- LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS
- DO NOT TRACK NOTICE
- PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS
- CONTACT US
1. INTRODUCTION
This privacy policy ("Privacy Policy") describes how we, Wiz, Inc. and our affiliates ("we", "our" or "us") process, use, collect and store Personal Information (defined below) that we receive from or about you ("you") in connection with your use of the Wiz website, any websites owned or operated by Wiz, and our service offerings (collectively referred to herein as the "Services"). Please read this Privacy Policy carefully, so you can fully understand our practices in relation to your Personal Information. Important note: Nothing in this Privacy Policy is intended to limit in any way your statutory right, including your rights to a remedy or means of enforcement.
In situations where Wiz is providing Services to our customer where the customer entity has entered into an agreement for use of the services with Wiz, Wiz is the processor/service provider (a provider that processes Personal Data on behalf of or at the direction of a controller, or other similar designation under the law) and the customer entity is the controller/business (the entity that decides how and why information is processed) of the information provided to Wiz via use of the Services. In such situations, our processing of your Personal Information may also be subject to an applicable data processing agreement with our customer. In the event of a conflict between the data processing agreement and this Privacy Policy, the data processing agreement governs.
"Personal Information" and/or "Personal Data" mean any information that can be used, alone or together with other data, to uniquely identify any living human being and any information deemed as Personally Identifiable Information by applicable privacy laws.
Please note that this is a master privacy policy and some of its provisions only apply to individuals in certain jurisdictions. For example, some jurisdictions require that we provide you with the "legal basis" for processing your Personal Information, and we have included this information below.
We may update this Privacy Policy from time to time and therefore we ask you to check back periodically for the latest version. If we implement any significant changes to the use of your Personal Information in a manner different from that stated at the time of collection, we will notify you by posting a notice on our website or by other means in accordance with applicable legal requirements.
2. TERMS OF USE
This Privacy Policy forms part of our Website Terms of Use ("Terms"). Any capitalized but undefined term in this Privacy Policy shall have the meaning given to it in the Terms.
3. WHAT PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
a. When you browse or use our Services
- Personal Data we collect: We may use analytics tools, cookies, other similar technologies and log files in our Services which may collect information such as IP address, pages clicked, events, search and browser information, and device information. For more information about our use of cookies, please read our Cookies Policy
- For what purposes: We use this information to analyze trends and behavior, maintain and improve the Services and marketing and promotional efforts. We may disclose this information to third party platforms
- Legal basis:
- Consent (e.g., non-essential cookies, to the extent required under applicable law)
- Legitimate interest (e.g., essential cookies for the Services to work, marketing)
- Consequences of not providing the Personal Data: Certain Services features may not be available and we may not be able to analyze usage of our Services or use the Personal Data for the purposes explained
b. When you request a demo
- Personal Data we collect: Full name, business email address, job title, company, business address, telephone number, country, any other Personal Data that you decide to provide us with. We may also record the demo and/or follow up sessions for the purposes of business intelligence and improving our Services
- For what purposes:
- To provide you with a demo
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering a contract i.e. subscription agreement
- Legitimate interest (to provide you with a demo or trial, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot provide you a demo or send you marketing communications
- Personal Data we collect: Full name, business email address, any other Personal Data that you decide to provide us with
- For what purposes: To send you communications for which you have subscribed to and other marketing communications
- Legal basis:
- Legitimate interest (to provide you with access to our blog or newsletters or updates which you have subscribed to, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot send you such communications
d. When you contact us
- Personal Data we collect: Full name, business email address, company, job title, work telephone number, country, message (to the extent it includes Personal Data) and any other Personal Data that you decide to provide us with
- For what purposes:
- To answer your questions
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering a contract i.e. subscription agreement
- Legitimate interest (e.g., to answer your questions, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot answer your questions or send you marketing communications
e. When you apply for a job with us
- Personal Data we collect: Full name, email address, any Personal Data contained in your resume (CV), your responses to any assessment, background check results (in accordance with applicable law), any other Personal Data that you decide or agree to provide us with such as if you agree for your interview or assessment to be recorded. Please note that, in most cases, we receive the information directly from you, but we may also receive information from recruitment companies, references or background check companies.
- For what purposes: To assess you as a candidate, review and examine your job application and communicate with you regarding your application.
- Legal basis
- Performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract i.e. employment contract
- Legitimate interest (to assess you as a candidate, recruitment)
- Consequences of not providing the Personal Data: We cannot process your application or communicate with you
f. When you provide us with your Personal Data for marketing reasons (e.g. when you attend a physical or virtual marketing event or webinar, and/or provide us with your business card)
- Personal Data we collect: Full name, business email address, job title, company, address, telephone number, country, any other Personal Data that you decide to provide us with
- For what purposes: To establish a business relationship with you, contact you about the Services and send you marketing communications
- Legal basis:
- Legitimate interest (marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot establish a business connection or send you marketing communications
g. When we acquire your Personal Data from third-party sources for marketing (e.g. lead-generation companies or as part of marketing campaigns)
- Personal Data we collect: Full name, business email address, job title, company, address, telephone number, country
- For what purposes: To contact you regarding the Services and send you marketing communications
- Legal basis:
- Legitimate interest (marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot contact you regarding the Services and send you marketing communications
h. When we use the Personal Data of our customers/end-users (e.g. when we communicate with customers, when you log-in to and use our online products and services)
- Personal Data we collect directly from you or from your employer who provides us with your contact details: Full name, business email address, Wiz password (if you have a Wiz account), job title, role, company, address, telephone number, country and any other Personal Data that you decide to provide us with e.g. any feedback you provide to the extent it includes Personal Data. If you are a member of any of the Wiz Communities, any information including Personal Data that you choose to provide in any of the communities may be publicly available to other Wiz Communities members.
- Personal Data we collect automatically when you use our Services: When you access or use the Services we automatically collect information about you, including data relating to you use of our Services e.g. pages visited, IP address and browser information, access times.
- For what purposes:
- To allow you to register for and log-in to our Services
- To provide our Services and perform our agreements with our customers
- For billing and account management
- To provide support (e.g. ticketing and chat function)
- To monitor our Services
- To collect analytics information on use of the Services
- For security purposes, including for user authentication, logging and debugging and to prevent system abuse
- To maintain and improve our Services
- To communicate with you and allow you to provide feedback on our Services
- To enable you to participate in and contribute to the Wiz Communities
- To send you marketing communications
- To perform sanctions checks and other legally required checks
- Legal basis:
- Performance of a contract to which the customer is a party
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, sanctions laws etc.)
- Legitimate interest (to provide and improve our Services, send contract-related communications, marketing or updates about features or services)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot perform our obligations, provide the Services, or communicate with you.
i. When you apply to be a Wiz partner / integrate with Wiz
- Personal Data we collect: Full name, job title/function, business email address, business telephone number, country of residence, company name, any other Personal Data that you decide to provide us with.
- For what purposes:
- To enable your company to become a Wiz partner / integrate with Wiz
- To communicate with you
- To comply with our legal obligations and record keeping
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the partner is a party (partner / integration agreement) or to take steps at the request of the partner prior to entering a contract (partner / integration agreement)
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.)
- Legitimate interest (to send you contract-related communications, to perform our agreement with your employer, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: You cannot become a Wiz partner / integrate with Wiz
j. When we use the Personal Data of our service providers
- Personal Data we collect: Full name, business email address, job title, company, business address, telephone number, country, payment information, any other Personal Data that you decide to provide us with
- For what purposes:
- To perform our agreement with you
- To communicate with you
- To comply with our legal obligations and record keeping
- Legal basis:
- Performance of a contract to which the service provider is a party
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.)
- Legitimate interest (to send you contract-related communications, to perform our agreement with your employer, marketing)
- Consequences of not providing the Personal Data: We cannot perform the agreement with you or communicate with you
k. When you interact with us on our social media profiles (e.g., Facebook, Instagram, Twitter, LinkedIn)
- Personal Data we collect: Full name, business email address, job title, company, telephone number, any other Personal Data you provide us
- For what purposes: To respond to your requests, establish a business relationship and send you marketing communications
- Legal basis:
- Legitimate interest (responding to your request, marketing, and business development)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We can’t respond to your requests, establish a business relationship and send you marketing communications
l. When we undertake social media marketing, including via use of audiences or list-based advertising
- Personal Data we collect or receive for these purposes: Full name, business email address, job title, company, telephone number, IP address, pages clicked, search and browser history, device information and any other Personal Data you or third parties provide us
- For what purposes: We may use your Personal Information to contact you via social media platforms in order to establish a business relationship with you and contact you about the Services. We may also use your Personal Information in order to create lists of individuals that we would like to target advertising about our Services via social media channels, including via direct messaging marketing solutions. You may be included in such a list (in which case you will see advertising related to Wiz when you visit those social media platforms) or we may use your Personal Information to ask social media platforms to identify a list of other individuals who we think will be interested in our Services, so that those individuals can be presented with advertising about Wiz.
- Legal basis:
- Legitimate interest (marketing, advertising and business development)
- Consent (if required by applicable law)
- Consequences of not providing the Personal Data: We can’t establish a business relationship with you via social media platforms; you will be excluded from advertising and marketing campaigns on social medial platforms.
N.B. Please note that social media platforms may set cookies and other tracking technologies on your device when you visit their pages and when you navigate from their pages. The output of such information may be provided to us (usually for statistical purposes to see how users interact with our content on social media platforms). The social media platforms are responsible for how they handle your Personal Information and information about how these social media platforms collect and use your Personal Information (and how they use cookies and other technologies, including instructions on how you can disable these) can usually be found in their respective privacy policies and cookies policies on their websites.
m. When you participate in our community research, contest, and education websites (e.g., capture the flag competitions, challenges, etc.)
- Personal Data we collect or receive for these purposes: Full name, business email address, job title, company, business address, telephone number, country, username, link to the social media profile of your choice, and password.
- For what purposes: We will use this information to register you in these efforts, provide you with the ability to save your progress, and reward eligible participants where applicable. Some of this Personal Data can also be publicly disclosed on a leaderboard as part of the competition. If you do not want us to disclose your personal data publicly, you will need to include a username and a social media link that do not identify you. Wiz will not use the information you enter to register and login for any other purpose. If you express an interest in being contacted by Wiz (for example, if you fill out a separate form so that Wiz to contact you on that website), Wiz will use your information for the purposes identified to you and other marketing purposes (see section f above). Only strictly necessary cookies will be used on these websites, as applicable (otherwise, a cookie banner will be presented to you depending on your jurisdiction).
- Legal basis:
- Legitimate interest (to provide an experience that any interested parties in the security community can benefit from)
- Consent (if required by applicable law)
- Consequences of not providing the Personal Data:
- You will not be able to compete in the challenge or obtain the full experience of the initiative.
Finally, please note that some of the abovementioned Personal Information may be used for detecting, taking steps to prevent, and prosecution of fraud or other illegal activity, to identify and repair errors, to conduct audits, and for security purposes. Personal Information may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims.
In certain cases, we may or will anonymize or de-identify your Personal Information and further use it for internal and external purposes, including, without limitation, to improve our Services and for research and development purposes. "Anonymous Information" means information which does not enable identification of an individual user, such as aggregated information about the use of our Services. We may use Anonymous Information and/or disclose it to third parties without restrictions (for example, in order to improve our Services and enhance your experience with them).
4. HOW WE DISCLOSE YOUR PERSONAL INFORMATION
Depending on the context described above, we may disclose your Personal Data to the following categories of third parties:
- Hosting/ storage
- Email system provider
- Authentication
- Support and ticketing
- Logging and monitoring
- Marketing
- Event sponsors
- CRM
- Data enrichment
- E-mail verification
- Sales Engagement
- Sales automation
- Analytics and business intelligence
- Chat and support tools. We use third party vendors to provide chat and support tools via our Website and in-app such as customer service chats, enquiries and to collect information on those interactions
- Sanctions checks and other legally required checks
- Document management / automation
- Conducting background checks (if you are applying for a job with us)
- Automation / management of HR and job application process
- Our partners that offer products and services either in connection with our Services or separately that we think would be of interest to you
- Other service providers to the extent required to fulfil the purposes listed above
We may also disclose your Personal Data as follows:
- to the extent necessary in our good faith determination, with regulators, courts or competent authorities, to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order;
- with our affiliated companies to the extent necessary to fulfill the purposes listed above;
- if, in the future, we sell or transfer some or all of our business, shares, or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business, shares or assets. In the event that we are acquired by or merged with a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer or assign Personal Information in connection with the foregoing events;
- with social media platforms for the purposes mentioned above;
- where you have provided your consent to us disclosing or transferring the Personal Information.
5. HOW WE PROTECT AND STORE YOUR INFORMATION
a. Security: We have implemented appropriate technical, organizational and security measures designed to protect your Personal Information. However, please note that we cannot guarantee that the information will not be compromised including as a result of unauthorized penetration to our servers. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.
b. Retention of your Personal Information. We may store your Personal Information for as long as necessary to fulfil the purpose for which we collected it, and as long as necessary to fulfill your requests or inquiries or provide Services or until we proactively delete it or you send a valid deletion request. In addition, in some circumstances we may store your Personal Information for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Information or dealings. We have an internal data retention policy to ensure that we do not retain your Personal Data perpetually. Regarding retention of cookies, you can read more in our Cookies Policy.
6. ADDITIONAL INFORMATION REGARDING TRANSFERS OF GDPR PROTECTED PERSONAL DATA
a. Internal transfers: Transfers within the Wiz group will be covered by an internal data processing agreement between entities of the Wiz group which contractually obliges each member to ensure that Personal Data receives an adequate and consistent level of protection wherever it is transferred to.
b. External transfers: When Wiz engages in transfers of GDPR and/or UK GDPR protected Personal Data outside of the EEA or UK (for example to third party service providers for the purposes listed above), we generally rely on either: (i) Adequacy Decisions adopted by the European Commission under Article 45 of the GDPR (for example, when our team accesses Personal Data from Israel); (ii) the Standard Contractual Clauses issued by the European Commission or the United Kingdom (as updated from time to time); or (iii) another lawful transfer mechanism provided for under the GDPR e.g. Binding Corporate Rules. Wiz also monitors the circumstances surrounding such transfers to ensure that Personal Data continues to be afforded a level of protection that is essentially equivalent to the one guaranteed by the GDPR and UK GDPR.
7. YOUR PRIVACY RIGHTS
a. Rights: The following rights (which may be subject to certain exemptions or derogations) may apply to certain individuals depending on their jurisdiction of residence. The rights that may be applicable to you are as follows:
- You have a right to access Personal Data held about you. Your right of access may normally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
- You have the right to request that we rectify any Personal Data we hold that is inaccurate or misleading;
- You have the right to request the erasure/deletion of your Personal Data (e.g. from our records). Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the establishment, exercise or defense of legal claims;
- You have the right to object, to or to request restriction, of the processing;
- You have the right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
- You have the right to object to profiling, if applicable;
- You have the right to withdraw your consent at any time. Please note that there may be circumstances in which we are entitled to continue processing your data, in particular if the processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
- You also have a right to request certain details of the basis on which your Personal Data is transferred outside the European Economic Area or the United Kingdom, as applicable, but data transfer agreements and/or other details may need to be partially redacted for reasons of commercial confidentiality;
- You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place or work or place of alleged infringement) at any time or before the relevant institutions in your place of residence. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.
b. To the extent privacy laws applicable to you afford you with the rights referenced above, we will respect your rights and comply with such laws. You can exercise your rights by contacting us at privacy@wiz.io. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we require further information in order to fulfil your request.
c. Notice of Right to Opt Out of Sales of Personal Information and Sharing/Processing of Personal Information for Targeted Advertising Purposes. Certain U.S. states provide residents with the ability to opt out of the "sale" of their Personal Information or the "sharing/processing" of their Personal Information for cross-context behavioral and advertising purposes. As discussed above in Section 3(l), we may engage in certain online advertising activities through social media and by re-targeting advertising for our Services on other websites. We may use third-party ad networks to assist in these activities, which involves their collection of cookie and device identifier information to perform these activities. Under certain U.S. state laws you have the right to opt out of these activities. If you would like to opt out of our online disclosure such as through cookie and pixel technology of your Personal Information for purposes that could be considered "sales" or "sharing" for purposes of cross-contextual behavioral advertising, please click the ‘Do Not Sell or Share My Personal Information’ link in the footer of the Wiz.io website here. You can also submit a request to opt out of our offline disclosures of Personal Information that are subject to applicable opt out rights by clicking here. Please note that if you have a legally-required browser-based opt out preference signal turned on via your device browser (e.g., the Global Privacy Control), we recognize such preference in accordance with applicable law.
d. To help protect the security of your Personal Data, Wiz will verify your identity in connection with any requests. We also take steps to ensure that only you or your authorized representative can exercise rights with respect to your information. If you are an authorized agent making a request, we may require and request additional information to protect the Personal Data entrusted to Wiz, including information to verify that you are authorized to make that request. There may be situations where we cannot grant your request, for example, in the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent possible, all in accordance with applicable law.
e. We will not discriminate against you (e.g., by restricting or denying you access to our Services) because of choices and requests you make in connection with your Personal Data. Please note, certain choices may affect our ability to deliver the Services. For example, if you sign up to receive marketing communications by email, then ask Wiz to delete all of your information, we will be unable to send you marketing communications. You may exercise any of your rights in relation to your Personal Information by contacting us using the details provided under the "CONTACT US" section below.
8. USE BY CHILDREN
We do not offer our Services for use by children and, therefore, we do not knowingly collect Personal Information from, and/or about children under the age of eighteen (18). If you are under 18, you may not use the Website or Services, or provide any information to the Website without involvement of a parent or a guardian. In the event that we become aware that you provide Personal Information in violation of applicable laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at privacy@wiz.io.
9. LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS
Our Website or Services may enable you to interact with or contain links to your third party accounts and other third party websites, mobile software applications and products or services that are not owned or controlled by us (each a "Third Party Service"). We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services may collect Personal Information from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third Party Service that you choose to use or interact with.
10. DO NOT TRACK NOTICE
Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. Please note that we do not currently respond to or honor DNT signals. As explained above in Section 7, however, we do honor legally-required browser-based opt out preference signals such as the Global Privacy Control.
Please refer to our Cookies Policy for information about cookies and other tracking tools Wiz uses on our Website.
11. PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS
If you are a California resident, the California Consumer Privacy Act ("CCPA") requires us to provide you with the following additional information about: (1) the purpose for which we use each category of "personal information" (as defined in the CCPA) we collect; and (2) the categories of third parties to which we (a) disclose such personal information for a business purpose, (b) "share" personal information for "cross-context behavioral advertising," and/or (c) "sell" such personal information. Under the CCPA, "sharing" is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites, and "selling" is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration. Please see the "What Personal Information we collect and how we use it" and the "How we disclose your Personal Information" sections above in our Privacy Policy for detailed information about our data collection and use practices, as well as for more information about our advertising practices. The following chart details the categories of Personal Information that we sell/share with third parties:
Category of Personal Information | Categories of Third Parties to Which We Sell/Share this Category of Personal Information |
Device identifiers and Service usage information | Ad networks and advertising analytics partners |
Email address | Ad networks and advertising analytics partners |
Your Choices Regarding "Sharing" and "Selling": You have the right to opt out of our sale/sharing of your personal information for purposes of online advertising by clicking the ‘Do Not Sell or Share My Personal Information’ link in the footer of the Wiz.io website here. To opt out of the offline disclosure of your personal information to third parties for these purposes, please click here. Please note that there may be circumstances in which we are entitled by law to continue to sell or share your Personal Data. Also note that your withdrawal of consent shall not affect our right to request your consent to such sell or share again after twelve (12) months.
Other CCPA Rights. If we ever offer any financial incentives in exchange for your personal information, we will provide you with appropriate information about such incentives. The CCPA also allows you to limit the use or disclosure of your "sensitive personal information" (as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for business purposes for which you cannot opt out under the CCPA. Please see Section 7 of the Privacy Policy, "Your Privacy Rights," for information about the additional rights you have with respect to your personal information under California law and how to exercise them.
California "Shine the Light" disclosure. The California "Shine the Light" law gives residents of California the right under certain circumstances to opt out of the disclosure of certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes, or in the alternative, that we provide a cost-free means for consumers to opt out of any such disclosure. For more information about our compliance under the Shine the Light law please contact us via privacy@wiz.io.
12. CONTACT US
If you have any questions regarding this notice, or if you wish to exercise your rights, we encourage you to contact us at privacy@wiz.io.
In addition, VeraSafe has been appointed as Wiz's representative in the EEA for data protection matters, pursuant to Article 27 of the GDPR. If you are in the EEA, VeraSafe can be contacted in addition to Wiz, only on matters related to the processing of Personal Data. To make such an inquiry, you may contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.
Alternatively, VeraSafe can be contacted at: VeraSafe Netherlands BV, Keizersgracht 555, 1017 DR Amsterdam, Netherlands.
If you live in the EEA, the UK or Switzerland, Wiz Cloud Limited, located at Suite 4, 7th Floor, 50 Broadway London, SW1H 0DB, is the data controller for your Personal Information.
Effective May 6th 2024 to August 1st 2024
DownloadTable of Contents
Last updated: 19 November 2023
- INTRODUCTION
- TERMS OF USE
- WHAT PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
- HOW WE DISCLOSE YOUR PERSONAL INFORMATION
- HOW WE PROTECT AND STORE YOUR PERSONAL INFORMATION
- ADDITIONAL INFORMATION REGARDING TRANSFERS OF GDPR PROTECTED PERSONAL DATA
- YOUR PRIVACY RIGHTS
- USE BY CHILDREN
- LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS
- DO NOT TRACK NOTICE
- PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS
- CONTACT US
- Personal Data we collect: We may use analytics tools, cookies and log files in our Services which may collect information such as IP address, pages clicked, search and browser history, and device information. For more information about our use of cookies, please read our Cookies Policy
- For what purposes: We use this information to analyze trends and behavior, maintain and improve the Services and marketing and promotional efforts. We may disclose this information to third party platforms
- Legal basis:
- Consent (e.g., non-essential cookies, to the extent required under applicable law)
- Legitimate interest (e.g., essential cookies for the Services to work, marketing)
- Consequences of not providing the Personal Data: Certain Services features may not be available and we may not be able to analyze usage of our Services or use the Personal Data for the purposes explained
- Personal Data we collect: Full name, business email address, job title, company, business address, telephone number, country, any other Personal Data that you decide to provide us with. We may also record the demo and/or follow up sessions for the purposes of business intelligence and improving our Services
- For what purposes:
- To provide you with a demo
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering a contract i.e. subscription agreement
- Legitimate interest (to provide you with a demo or trial, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot provide you a demo or send you marketing communications
c. When you subscribe for our blog or newsletter, status page or to receive updates to our sub-processor list
- Personal Data we collect: Full name, business email address, any other Personal Data that you decide to provide us with
- For what purposes: To send you communications for which you have subscribed to and other marketing communications
- Legal basis:
- Legitimate interest (to provide you with access to our blog or newsletters or updates which you have subscribed to, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot send you such communications
- Personal Data we collect: Full name, business email address, company, job title, work telephone number, country, message (to the extent it includes Personal Data) and any other Personal Data that you decide to provide us with
- For what purposes:
- To answer your questions
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering a contract i.e. subscription agreement
- Legitimate interest (e.g., to answer your questions, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot answer your questions or send you marketing communications
- Personal Data we collect: Full name, email address, any Personal Data contained in your resume (CV), your responses to any assessment, background check results (in accordance with applicable law), any other Personal Data that you decide or agree to provide us with such as if you agree for your interview or assessment to be recorded. Please note that, in most cases, we receive the information directly from you, but we may also receive information from recruitment companies, references or background check companies.
- For what purposes: To assess you as a candidate, review and examine your job application and communicate with you regarding your application.
- Legal basis
- Performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract i.e. employment contract
- Legitimate interest (to assess you as a candidate, recruitment)
- Consequences of not providing the Personal Data: We cannot process your application or communicate with you
- Personal Data we collect: Full name, business email address, job title, company, address, telephone number, country, any other Personal Data that you decide to provide us with
- For what purposes: To establish a business relationship with you, contact you about the Services and send you marketing communications
- Legal basis:
- Legitimate interest (marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot establish a business connection or send you marketing communications
- Personal Data we collect: Full name, business email address, job title, company, address, telephone number, country
- For what purposes: To contact you regarding the Services and send you marketing communications
- Legal basis:
- Legitimate interest (marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot contact you regarding the Services and send you marketing communications
- Personal Data we collect directly from you or from your employer who provides us with your contact details: Full name, business email address, Wiz password (if you have a Wiz account), job title, role, company, address, telephone number, country and any other Personal Data that you decide to provide us with e.g. any feedback you provide to the extent it includes Personal Data. If you are a member of any of the Wiz Communities, any information including Personal Data that you choose to provide in any of the communities may be publicly available to other Wiz Communities members.
- Personal Data we collect automatically when you use our Services: When you access or use the Services we automatically collect information about you, including data relating to you use of our Services e.g. pages visited, IP address and browser information, access times.
- For what purposes:
- To allow you to register for and log-in to our Services
- To provide our Services and perform our agreements with our customers
- For billing and account management
- To provide support (e.g. ticketing and chat function)
- To monitor our Services
- To collect analytics information on use of the Services
- For security purposes, including for user authentication, logging and debugging and to prevent system abuse
- To maintain and improve our Services
- To communicate with you and allow you to provide feedback on our Services
- To enable you to participate in and contribute to the Wiz Communities
- To send you marketing communications
- To perform sanctions checks and other legally required checks
- Legal basis:
- Performance of a contract to which the customer is a party
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, sanctions laws etc.)
- Legitimate interest (to provide and improve our Services, send contract-related communications, marketing or updates about features or services)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We cannot perform our obligations, provide the Services, or communicate with you.
- Personal Data we collect: Full name, job title/function, business email address, business telephone number, country of residence, company name, any other Personal Data that you decide to provide us with.
- For what purposes:
- To enable your company to become a Wiz partner / integrate with Wiz
- To communicate with you
- To comply with our legal obligations and record keeping
- To send you marketing communications
- Legal basis:
- Performance of a contract to which the partner is a party (partner / integration agreement) or to take steps at the request of the partner prior to entering a contract (partner / integration agreement)
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.)
- Legitimate interest (to send you contract-related communications, to perform our agreement with your employer, marketing)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: You cannot become a Wiz partner / integrate with Wiz
- Personal Data we collect: Full name, business email address, job title, company, business address, telephone number, country, payment information, any other Personal Data that you decide to provide us with
- For what purposes:
- To perform our agreement with you
- To communicate with you
- To comply with our legal obligations and record keeping
- Legal basis:
- Performance of a contract to which the service provider is a party
- Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.)
- Legitimate interest (to send you contract-related communications, to perform our agreement with your employer, marketing)
- Consequences of not providing the Personal Data: We cannot perform the agreement with you or communicate with you
- Personal Data we collect: Full name, business email address, job title, company, telephone number, any other Personal Data you provide us
- For what purposes: To respond to your requests, establish a business relationship and send you marketing communications
- Legal basis:
- Legitimate interest (responding to your request, marketing, and business development)
- Consent (for marketing, if required under applicable law)
- Consequences of not providing the Personal Data: We can’t respond to your requests, establish a business relationship and send you marketing communications
- Personal Data we collect or receive for these purposes: Full name, business email address, job title, company, telephone number, IP address, pages clicked, search and browser history, device information and any other Personal Data you or third parties provide us
- For what purposes: We may use your Personal Information to contact you via social media platforms in order to establish a business relationship with you and contact you about the Services. We may also use your Personal Information in order to create lists of individuals that we would like to target advertising about our Services via social media channels, including via direct messaging marketing solutions. You may be included in such a list (in which case you will see advertising related to Wiz when you visit those social media platforms) or we may use your Personal Information to ask social media platforms to identify a list of other individuals who we think will be interested in our Services, so that those individuals can be presented with advertising about Wiz.
- Legal basis:
- Legitimate interest (marketing, advertising and business development)
- Consent (if required by applicable law)
- Consequences of not providing the Personal Data: We can’t establish a business relationship with you via social media platforms; you will be excluded from advertising and marketing campaigns on social medial platforms.
- Hosting/ storage
- Email system provider
- Authentication
- Support and ticketing
- Logging and monitoring
- Marketing
- Event sponsors
- CRM
- Data enrichment
- E-mail verification
- Sales Engagement
- Sales automation
- Analytics and business intelligence
- Chat and support tools. We use third party vendors to provide chat and support tools via our Website and in-app such as customer service chats, enquiries and to collect information on those interactions
- Sanctions checks and other legally required checks
- Document management / automation
- Conducting background checks (if you are applying for a job with us)
- Automation / management of HR and job application process
- Our partners that offer products and services either in connection with our Services or separately that we think would be of interest to you
- Other service providers to the extent required to fulfil the purposes listed above
- to the extent necessary in our good faith determination, with regulators, courts or competent authorities, to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order;
- with our affiliated companies to the extent necessary to fulfill the purposes listed above;
- if, in the future, we sell or transfer some or all of our business, shares, or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business, shares or assets. In the event that we are acquired by or merged with a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer or assign Personal Information in connection with the foregoing events;
- with social media platforms for the purposes mentioned above;
- where you have provided your consent to us disclosing or transferring the Personal Information.
- You have a right to access Personal Data held about you. Your right of access may normally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
- You have the right to request that we rectify any Personal Data we hold that is inaccurate or misleading;
- You have the right to request the erasure/deletion of your Personal Data (e.g. from our records). Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the establishment, exercise or defense of legal claims;
- You have the right to object, to or to request restriction, of the processing;
- You have the right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
- You have the right to object to profiling, if applicable;
- You have the right to withdraw your consent at any time. Please note that there may be circumstances in which we are entitled to continue processing your data, in particular if the processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
- You also have a right to request certain details of the basis on which your Personal Data is transferred outside the European Economic Area or the United Kingdom, as applicable, but data transfer agreements and/or other details may need to be partially redacted for reasons of commercial confidentiality;
- You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place or work or place of alleged infringement) at any time or before the relevant institutions in your place of residence. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.
Category of Personal Information | Categories of Third Parties to Which We Sell/Share this Category of Personal Information |
Device identifiers and Service usage information | Ad networks and advertising analytics partners |
Email address | Ad networks and advertising analytics partners |
Effective November 20th 2023 to May 6th 2024
DownloadTable of Contents
Last updated: 19 November 2023
- INTRODUCTION
- TERMS OF USE
- WHAT PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
- HOW WE DISCLOSE YOUR PERSONAL INFORMATION
- HOW WE PROTECT AND STORE YOUR PERSONAL INFORMATION
- ADDITIONAL INFORMATION REGARDING TRANSFERS OF GDPR PROTECTED PERSONAL DATA
- YOUR PRIVACY RIGHTS
- USE BY CHILDREN
- LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS
- DO NOT TRACK NOTICE
- PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS
- CONTACT US