GENERAL TERMS AND CONDITIONS

1.                  THE SERVICES

1.1.             Subject to Customer’s compliance with and satisfaction of the Conditions Precedent set forth in Annex ACellebrite shall use its best efforts to provide the Services to Customer. The Services include unlocking and extraction - Cellebrite shall make its best efforts to reveal the user lock passcode and extract the data from certain Device(s).

1.2.             Prior to delivering any Device(s) to Cellebrite labs or requesting Cellebrite personnel to perform the Service on the Device(s) at Customer’s premises, Customer shall submit to Cellebrite a fully completed copy of the ‘Device Data’ form, a copy of which is attached hereto as Annex B. After Cellebrite receives the fully completed ‘Device Data’ form, Cellebrite shall notify Customer in writing of whether it agrees to perform the Services on the Device(s) specified in the ‘Device Data’ form. Only after Cellebrite provides its written acceptance of the Services with respect to each Device specified in the ‘Device Data’ form, Customer shall deliver any relevant Device to Cellebrite labs or request Cellebrite personnel to perform the Service on the Device(s) at Customer’s premises, as applicable.

1.3.             Cellebrite shall provide to Customer the Services as set out in the Services Agreement to which these General Terms and Conditions are attached (together the “Agreement”). Cellebrite may provide the Services through one or more Affiliates. For the purposes of the Agreement, an “Affiliate” of a Party means any entity, whether incorporated or not, that Controls, is Controlled by, or is under common Control with such Party. “Control” means the ability, whether directly or indirectly, to direct the affairs of another by means of ownership, contract or otherwise. Cellebrite may subcontract the performance of any of its obligations under the Agreement without the prior written consent of Customer.

2.                  SCOPE AND PURPOSE

2.1.             These General Terms and Conditions shall apply to the Services including with respect to any Device accepted and received by Cellebrite from Customer.

2.2.             This Agreement may not be varied, unless varied by an agreement made in writing and executed by duly authorised representatives of the Parties.

2.3.             Customer  agrees not to engage in any deceptive, misleading, illegal or unethical practices that may be detrimental to Cellebrite or to any of Cellebrite’s products or services, including but not limited to the Services, and agrees to comply with all applicable laws, rules and regulations (including, without limitation, data protection, privacy, computer misuse, telecommunications interception, intellectual property, and import and export compliance laws and regulations) while using the Services.

3.                  FEES

3.1.             Unless otherwise agreed in writing, Customer shall pay all amounts invoiced by Cellebrite under the Agreement, including the Fees, within thirty (30) days following receipt of a valid invoice issued by Cellebrite and in accordance with the Payment Terms set forth in the Service Agreement.

3.2.             In the event that the Services are performed by Cellebrite at Cellebrite’s premises or to Cellebrite’s designated laboratory, as shall be instructed by Cellebrite, Customer shall deliver, at Customer’s risk, cost and expense, the Devices to Cellebrite’s premises or to Cellebrite’s designated laboratory.

3.3.             In the event that Cellebrite is unable to complete the Service for specific Device(s) and the Service a specific Device(s) within three (3) business days due to a lack of time, Customer shall have the right to have Cellebrite transport the Device to Cellebrite’s premises or to Cellebrite’s designated laboratory to complete the Services on the applicable Device. Once the Service is completed, Cellebrite shall ship the Device(s) back to Customer, at Customer’s expense (in accordance with DAP Incoterms 2010). It is hereby clarified that in the event that Cellebrite provides Customer with a Completion Notice under which Cellebrite fails to achieve a Successful Completion in respect of a specific Device, Customer shall not have the right to have Cellebrite transport the Device to Cellebrite’s premises or to Cellebrite’s designated laboratory. 

3.4.             Subject to Section 3.2 above, Cellebrite shall be entitled to impose or pass on and Customer shall reimburse Cellebrite for any and all expenses directly resulting from the performance of its obligations under the Agreement provided however that Customer has approved such expenses in advance unless Section 3.5 below applies.

3.5.             Customer acknowledges that there are instances where expenses, by the nature of the work to which they relate, must be incurred by Cellebrite before Customer consent can be obtained in accordance with Section 3.4. Cellebrite shall be entitled to impose or pass on and Customer shall reimburse Cellebrite for any and all expenses reasonably incurred by Cellebrite without Customer consent where obtaining such consent would be impracticable. 

3.6.             Each Voucher shall be deemed as consummated and used upon the earlier of (i) Cellebrite delivery of a Completion Notice confirming the achievement of a Successful Completion; or (ii) Customer asked to have the Device sent back before a Completion Notice was delivered by Cellebrite ; or (iii) upon the lapse of the Term of the Voucher.

3.7.             If Cellebrite provides Customer with a Completion Notice that confirms Cellebrite’s failure to achieve a Successful Completion, Customer shall have the right to reuse the applicable Voucher on another Device during the Term applicable to such Voucher.

3.8.             If any sum due and payable by the Customer hereunder is not paid on or before the due date in accordance with the provisions of this Section 23 and in accordance with the terms of payment set forth in the Service Agreement (“Unpaid Amount”), the Unpaid Amount shall bear interest at the rate of 1.5% per month from the due date (or such lesser amount as is the maximum rate permitted under applicable law) until the date of full and final payment (as well after as before decree or judgment) of the Unpaid Amount (including any accrued interest).

3.9.             All amounts payable under the Agreement are exclusive of, and Customer is responsible for payment of, all taxes, charges and duties applicable to such amounts, including without limitation any sales, use, value added, customs, excise, withholding and similar taxes and duties imposed by any government entity (“Taxes”), excluding Taxes based on Cellebrite’s net income. If Cellebrite is obligated to collect Taxes, then the appropriate amount will be added to the applicable invoice. If Customer is required to withhold or deduct any Tax from any payment due hereunder, Customer will increase the sum payable to Cellebrite such that Cellebrite receives an amount equal to the sum it would have received had Customer made no withholding or deduction.

4.                  DELIVERY, PACKAGING, TITLE AND RISK

4.1.             In the event that the Services are performed by Cellebrite at Cellebrite’s premises or to Cellebrite’s designated laboratory, as shall be instructed by Cellebritethe Devices shall be delivered Ex Works (in accordance with Incoterms 2010) on the delivery date agreed with Cellebrite during normal business hours to the delivery address as shall be instructed by Cellebrite (“Delivery Address”).

4.2.             Customer shall (i) issue advance shipment notices/dispatch notes to Cellebrite; (ii) accompany all deliveries with a list all of the Devices (including unique identification numbers) and such other information as reasonably requested by Cellebrite.

4.3.             After the delivery of a Completion Notice to Customer with respect to each Device provided to Cellebrite, Customer shall provide Cellebrite a written request to ship the Devices under the Completion Notice back to Customer. According and subject to Cellebrite’s receipt of such notice from Customer, Cellebrite will ship such Devices Ex Works (in accordance with Incoterms 2010) to the Delivery Address, at Customer’s expense.

4.4.             Customer shall ensure that all packaging contains clearly identifiable and proper markings consistent with Cellebrite’s instructions and all applicable laws and is secure and tamper proof to ensure that the contents reach the delivery address in undamaged condition.

4.5.             Title to the Devices shall remain vested in Customer or the relevant third party and shall not pass to Cellebrite.

4.6.             Customer shall bear all risk of loss or damage to the Devices at all times, except at times when the Device is located at Cellebrite’s premises or at Cellebrite’s designated laboratory.

5.                  WARRANTIES

5.1.             Each Party warrants, represents and undertakes that:

5.1.1.                 it has and shall continue to have full ability, capacity and authority required by law or otherwise to enter into and to perform its obligations under the Agreement in a reliable and professional manner;

5.1.2.                 the Agreement is executed by a duly authorised representative of that Party;

5.1.3.                 there are at the Effective Date no actions, suits or proceedings or regulatory investigations pending or, to that Party's knowledge, threatened against or affecting that Party before any court or administrative body or arbitration tribunal that might adversely affect the ability of that Party to meet and carry out its obligations under the Agreement; and

5.1.4.                 once duly executed the Agreement will constitute its legal, valid and binding obligations.

5.2.             Cellebrite warrants, represents and undertakes that its performance of its obligations in accordance with the terms of the Agreement and the provision of the Services will not breach any agreement by which it is bound.

5.3.             Cellebrite warrants, represents and undertakes that it has the professional skills required to fulfil its obligations under the Agreement.

5.4.             Customer warrants, represents and undertakes that:

5.4.1.                 Customer and the Devices provided to Cellebrite under this Agreement are in full compliance with the Conditions Precedent set forth in Annex A;

5.4.2.                 it has obtained, prior to the consummation of this Agreement, all approvals, permits, licences, consents, authorisations, permissions, notices, registrations, certifications, rulings, orders, judgements and other authorisations from any applicable data subject, employee, employee representative body, regulatory authority, or third party entity or person necessary for the retention and performance of the Services (“Permissions”);

5.4.3.                 the execution, delivery and performance of this Agreement have been duly authorised by all necessary corporate actions;

5.4.4.                 neither the execution and delivery of this Agreement, nor compliance by it with the terms and provisions hereof and thereof, will conflict with, or result in a breach of any judgment, order, writ, decree, statute, rule, regulation or restriction;

5.4.5.                 its performance of its obligations in accordance with the terms of the Agreement will not breach any agreement by which it is bound, or violate or infringe any law or any copyrights;

5.4.6.                 it shall use reasonable endeavours to provide such information and assistance which is reasonably required to fulfil Cellebrite's obligations under the Agreement;

5.4.7.                 it has the right to be in possession of, access, interact with and otherwise use, all Devices, equipment, programmes, data and media (including any telecommunications systems) provided to Cellebrite for the purposes of providing the Services and that its collection, possession, processing and transfer of such Devices, equipment, programmes, data and media and its instructions to Cellebrite in connection with performance of the Services on the same shall be in compliance with all data protection and criminal laws and other applicable laws to which Customer and the Services are subject;

5.4.8.                 all information provided by it to Cellebrite during the Term (as defined below) shall be complete and accurate in all material respects, and that it is entitled to provide the information to Cellebrite for its use as contemplated under the Agreement;

5.4.9.                 it shall fulfil all of its obligations under the Agreement and shall cooperate with Cellebrite in all matters relating to the Agreement; and

5.5.             Where necessary for, or incidental to, the performance of the Services, Customer authorises Cellebrite to:

5.5.1.                 access all Devices and all programmes, data and media contained on them;

5.5.2.                 process the data and media contained on the Devices, inter alia, by using Cellebrite’s tools, technology and other means. The processing may include, collecting, analysing, organising, and structuring the data or any part thereof;

5.5.3.                 obtain and retain personal data on the Devices or programmes, data and media contained on them;

5.5.4.                 access and intercept communications on the Devices and programmes, data and media contained on them; and

5.5.5.                 use technology or other means to circumvent measures designed to prevent unauthorised access to Devices and all programmes, data and media contained on them, including where such measures are designed to protect copyright works.

5.6.             Customer shall provide to Cellebrite in a timely manner the following documents, information, items, written evidence and materials in any form (whether owned by Customer or third party) and ensure that they are accurate and complete in all material respects:

5.6.1.                 Customer’s IT Policy;

5.6.2.                 Customer’s Acceptable Use Policy;

5.6.3.                 Customer’s “Bring Your Own Device” Policy; and

5.6.4.                 evidence that Customer has obtained all Permissions required to permit Cellebrite to perform the Services

5.7.             Customer shall:

5.7.1.                 implement appropriate measures and policies to mitigate the risks of Customer's employees, agents, subcontractors or consultants reporting any activities that form part of Cellebrite's Services directly to any law enforcement authority; and

5.7.2.                 immediately notify Cellebrite if, Customer becomes aware that any of Customer's employees, agents, subcontractors or consultants have reported any activities that form part of Cellebrite's Services directly to any law enforcement authority.

5.8.             The warranties, terms and conditions stated in the Agreement are in lieu of all other conditions, warranties, terms or representations concerning the subject matter of the Agreement which might but for this Section 5 have effect between Cellebrite and Customer or would otherwise be implied or incorporated into the Agreement or any collateral contract whether by statute, common law or otherwise, all of which are hereby excluded (including, without limitation, the implied conditions, warranties or terms as to satisfactory quality, fitness for purpose or as to the use of reasonable skill and care).

5.9.             Customer acknowledges that unless otherwise instructed, as part of the provision of the Services Cellebrite retains the data extracted from the Device upon completion of the Services for a period of three (3) months to support Customer.

5.10.         Customer acknowledges that the provision of the Services, by Cellebrite is done on a premise of ‘best effort’ and Cellebrite does not warrant or otherwise represent a guaranteed success in achieving a Successful Completion (as such term is defined in the Services Agreement) or any other objective as set by this Agreement. The Parties agree that the Services are being performed solely for the purposes of accessing the Device, extracting data from the Device and copying data from the Device. Customer acknowledges that the provision of the Services by Cellebrite is done in good faith and no act or omission of Cellebrite in performing the Services in accordance with Customer's instructions shall be deemed to exceed Customer's instructions or constitute a breach of contract, civil wrong or criminal offence.

6.                  COMPLIANCE

6.1.             Customer is obligated to comply with the law applicable in connection with the business relationship with Cellebrite. Customer is obliged to comply with Cellebrite’s then current business conduct policies.

6.2.             Customer commits itself not to (i) offer, promise or grant any benefit to a public official for that person or a third party for the discharge of a duty; (ii) offer, promise or grant an employee or an agent of a business for competitive purposes a benefit for itself or a third party in a business transaction as consideration for an unfair preference in the purchase of goods or commercial services; (iii) demand, allow itself to be promised or to accept a benefit for itself or another in a business transaction as consideration for an unfair preference to another in the competitive purchase of goods or commercial services; (iv) violate any applicable anticorruption regulations and, if applicable, not to violate the US Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act.

6.3.             Upon Cellebrite’s request, Customer confirms in writing that it adheres to the obligations under this Section 6 and that Customer is not aware of any breaches of the obligations under this Section 6. In the event of reasonable suspicion that the obligations under this Section 6 were not met, Cellebrite has the right, after notifying Customer regarding the reasonable suspicion, to demand Customer in accordance with applicable law to permit and participate - at its own expense - auditing, inspection, certification or screening to verify compliance with the obligations under this Section 6. The proceedings referred to can be executed by Cellebrite itself or a third party who is bound to secrecy and are exercised in compliance with applicable laws.

6.4.             In the event Customer is in contact with a Government Official concerning Cellebrite, discussing or negotiating, or Customer engages a third party to do so, Customer is obligated (i) to inform Cellebrite in advance and in writing, clearly defining the scope of the interaction, (ii) upon request, to provide Cellebrite with a written record of each conversation or meeting with a Government Official and (iii) to provide Cellebrite monthly a detailed expense report, with all original supporting documentation. A “Government Official” is any person performing duties on behalf of a public authority, government agency or department, public corporation or international organization.

6.5.             In the event Customer is in contact with a Government Official concerning the Services, the Customer acknowledges that Cellebrite shall not disclose any of the Sources and Methods (as defined in Section 6.6.1 below) that it applies to perform the requested Services; whether in live, written, or other testimony. In the event Customer is in contact with a Government Official concerning the Services, it is hereby clarified that Cellebrite shall not cooperate with any service of subpoenas or testify in any legal proceeding, unless such service of subpoenas and request to testify, are properly issued and served.

6.6.             In connection with any investigations, indictments, motions, hearings, trials, or any other form of judicial proceedings, whether civil or criminal (collectively, “Judicial Proceedings”), the Customer hereby accepts, acknowledges, and agrees to the following terms and conditions:

6.6.1.                      Cellebrite’s sources and methods of performing the Services (the “Sources and Methods”) are proprietary and confidential Trade Secrets (as defined in Section 11.2 below).  As such, Customer shall forebear, refrain and desist from seeking disclosure, testimony, or other publication for any purpose at any time related to such Trade Secrets. In any event, Cellebrite shall refuse any request or demand to provide any disclosure, testimony, or any other communications concerning such Sources and Methods.

 

6.6.2.                      As a matter of policy, Cellebrite shall not consent to service of defectively issued or served subpoenas or other legal process.  Cellebrite shall only respond to properly served legal process issued by courts of competent jurisdiction over Cellebrite.

 

6.6.3.                      In the event that Cellebrite is properly served with a subpoena seeking testimony concerning any Services, issued by a court of competent jurisdiction, then any testimony by Cellebrite personnel shall be limited to chain of custody issues concerning any Device on which Services have been provided and any Data extracted from any Device in connection with such Services.

 

6.6.4.                      The names, addresses, telephone numbers, email addresses, social security numbers, and other personal information of Cellebrite employees and former employees is Confidential Information (as defined in Section 11.1 below) that will not be disclosed by Cellebrite except by order of a court with competent jurisdiction over Cellebrite.

 

6.6.5.                      Customer shall bear all costs and expenses relating to Cellebrite’s involvement in any Judicial Proceedings, including travel, lodging, and related out of pocket expenses.  Customer shall further pay Cellebrite the then applicable day service rates for the involvement by Cellebrite personnel in Judicial Proceedings for each day that Cellebrite personnel are unable to work at Cellebrite’s offices due to involvement in such Judicial Proceedings.

 

6.6.6.                      The Customer shall indemnify and hold harmless Cellebrite in connection with any document demands, subpoenas, legal process, in connection with any Judicial Proceedings by parties or their counsel, in relation to the Services provided by Cellebrite, including reimbursement of all costs and expenses, including reasonable attorneys’ fees.

6.7.             In the event Customer, despite respective notification, violates obligations under this Section 6 and cannot prove that the respective violation has occurred without fault or that adequate measures were taken to prevent respective violations from being made, Cellebrite has the right to withdraw from or terminate the Agreement. These termination rights also apply in the event of serious one-time violations unless Customer is not at fault. In addition, existing contractual and/or legal termination rights continue to exist independently and unlimitedly.

6.8.             Customer shall indemnify Cellebrite and Cellebrite’s employees from any liability claims, demands, damages, losses, costs and expenses that result from a culpable violation of this Section 6 by Customer.

6.9.             Customer shall make all effort to pass on the provision of this Section 6 to its affiliates and to bind its affiliates accordingly and verify compliance with the provisions within a possible use of the Services.

7.                  TERM AND TERMINATION

7.1.             This Agreement shall be effective as of the Effective Date and shall remain in effect until the later of: (i) the last Term of the Voucher (as defined below), or; (ii) for a period of thirty-six (36) months as of the Effective Date or; (iii) until terminated by either Party as provided in Section 7.2 hereunder (the “Term”).

7.2.             Either Party may terminate this Agreement for any reason at any time by furnishing the other Party with a notice of termination thirty (30) days prior to such notice of termination having effect.  

7.3.             Notwithstanding the Term of the Agreement, the Agreement may be terminated immediately by either Party by giving written notice, where the other Party commits a material breach of the Agreement which is not cured within five (5) days following the notification of such breach.

7.4.             Cellebrite may terminate the Agreement with immediate effect in the event that Cellebrite reasonably determines that it can no longer comply with the terms of the Agreement in accordance with the requirement of any applicable law, rule and/or regulations.

7.5.             Unless otherwise expressly provided herein, the termination of the Agreement for any reason shall not give either Party the right to claim any compensation, indemnity or reimbursement whatsoever from the other by reason of such termination, but termination shall be without prejudice to any rights or remedies available to, or any obligations or liabilities accrued to, either Party at the effective date of termination.

7.6.             Notwithstanding the aforementioned, upon any termination or expiry of the Agreement, Sections 2, 3, 4.6, 5, 6, 7.4, 9, 10, 11, 12, 13, and this Section 7.5 to the Agreement and any other Section or annex which should reasonably survive termination of the Agreement shall continue to be in force and effect even after termination or expiry of the Agreement and shall be without prejudice to the rights of either Party in respect of any antecedent breach of the Agreement.

7.7.             Vouchers purchased by the Customer shall remain in full force and effect during the time periods set forth below (the “Term of the Voucher”):

7.7.1.                     In the event that the Customer purchased either (i) one (1) Voucher; (ii) five (5) Vouchers; or (iii) ten (10) Vouchers, each Voucher shall remain in full force and effect for a period of twelve (12) months from the date on which Cellebrite issued the Voucher to the Customer.

7.7.2.                     In the event that the twenty-five (25) Vouchers, each Voucher shall remain in full force and effect for a period of twenty-four (24) months from the date on which Cellebrite issued the Voucher to the Customer.

7.7.3.                     In the event that the Customer purchased a bundled solution (a.k.a Premium Unlimited Package) which includes (i) Cellebrite Advance Services; and (ii) Cellebrite Premium, each Voucher shall remain in full force and effect during the Cellebrite Premium License Term (as such term is defined under the Cellebrite Premium Agreement).

7.8.             In the event of termination of the Agreement and/or expiration of the Term of the Voucher all Services shall be considered as completed by Cellebrite and the Customer shall not be entitled to any refund and/or any other rights driving from such Services.

8.                  FORCE MAJEURE

8.1.             No Party hereto shall be liable for delays in performance caused by any extreme circumstance or event beyond the said Party's reasonable control and which was unforeseeable and unpreventable by said Party, and which interferes with the performance of the Services or agreements related thereto (“Force Majeure”). For avoidance of any doubt, Force Majeure shall include, but not be limited to, acts of God, war (whether declared or undeclared), act of terrorism, strikes, fires, accidents, floods, civil disturbance and natural disasters. Upon the ceasing or termination of Force Majeure, the Parties hereto shall resume their responsibilities under the terms of the Agreement within seven (7) days (or, if the same is not possible, within reasonable period of time).

8.2.             The Force Majeure exonerates of liability the Party which invokes it, to the extent that this Party submits to the other Party a written notification within five (5) days as of the occurrence of the Force Majeure.

9.                  RELATIONSHIP OF THE PARTIES

9.1.             The Parties hereby acknowledge that nothing herein shall constitute an employer – employee relationship between them, during the Term or thereafter, and under no circumstances shall Cellebrite or any of its group companies or others on its behalf be or be deemed to be an employee of Customer.

9.2.             No provision of the Agreement creates a partnership between the Parties or makes a Party the agent of the other Party for any purpose.

9.3.             Customer has no authority to bind or obligate Cellebrite by contract or otherwise, nor make any representations or warranties, without Cellebrite’s prior written authorisation.

9.4.             The provisions of this Section 9 shall survive the termination of the Agreement.

10.               DATA PROTECTION

10.1.          The Parties shall, in performing their respective obligations under this Agreement, comply with any associated legislation to the extent applicable to such Party, any applicable data protection legislation or regulations which may subsequently be introduced and any similar legislation or regulations in any other jurisdiction in which its obligations are performed.

10.2.          Customer shall be the controller and Cellebrite shall be the processor in respect of any personal data processed by Cellebrite on Customer’s behalf in performing its obligations under this Agreement. 

10.3.          Customer acknowledges and agrees that the Personal Data may be transferred or stored outside the EEA or the country where Customer is located in order to carry out the Services and Cellebrite's other obligations under this Agreement.

10.4.          Customer shall ensure that:

10.4.1.                  Customer is entitled to transfer the relevant personal data to Cellebrite so that Cellebrite may lawfully use, process and transfer the personal data in accordance with this Agreement on Customer's behalf; and

10.4.2.                  the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation.

10.5.          Cellebrite shall process the personal data only in accordance with the terms of this Agreement and any lawful instructions reasonably given by Customer from time to time.

10.6.          Each Party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.

10.7.          Customer shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of any data provided by Customer to Cellebrite, including on any equipment or Devices which are provided to Cellebrite for the purposes of performing the Services.

10.8.          In the event of any loss or damage to any data provided to Cellebrite in connection with this Agreement, Customer’s sole and exclusive remedy shall be for Cellebrite to use reasonable commercial endeavours to restore the lost or damaged data from the latest back-up of such data maintained by Cellebrite in accordance with Cellebrite's internal archiving procedure. Cellebrite shall not be responsible for any loss, destruction, alteration or disclosure of data caused by any third party (except those third parties sub-contracted by Cellebrite to perform services related to data maintenance and back-up).

10.9.          Cellebrite shall, in providing the Services, comply with its internal privacy and security policies relating to the privacy and security of the data provided by Customer in connection with this Agreement, as such documents may be amended from time to time by Cellebrite in its sole discretion.

10.10.      The Parties shall abide by and adhere to the Data Processing Addendum attached as Annex C.

11.               CONFIDENTIALITY AND NON-COMPETE

11.1.         Each Party acknowledges that in the course of performing its duties hereunder, it may receive or become aware of proprietary and confidential information, technical data, technical or operational process, know-how, business plans, customer lists (including any personally-identifiable data relating to Customers), and Trade Secrets (as defined below) of the other Party and other information that the receiving Party should reasonably believe to be confidential (“Confidential Information”), and that the disclosure or unauthorised use of any such Confidential Information may cause irreparable damage to the disclosing Party. Each Party shall at all times maintain in the strictest confidence, and cause its employees, consultants, sub-contractors, and any other person acting on its behalf, to maintain in the strictest confidence, all such Confidential Information, and shall not use, access, disclose, disseminate, process, store or otherwise handle any Confidential Information of the disclosing Party, other than as required for performance of its obligations, and exercise of its rights, under the Agreement.

11.2.         Pursuant to 18 U.S.C. §1833(b), Customer shall not be held criminally or civilly liable under any Federal or State trade secret law for the disclosure of Cellebrite’s Trade Secrets (as defined below) only if such disclosure is made: (i) in confidence to a Federal, State, or local government official or to an attorney, solely for the purpose of reporting or investigating a suspected violation of law; or (ii) in a complaint or other document filed in a lawsuit or other proceeding, if such filing is made under seal. In court proceedings claiming retaliation by Cellebrite for Customer’s reporting a suspected violation of law, Customer may only disclose Cellebrite Trade Secrets to Customer’s legal counsel and may only use the Trade Secret information, if Customer (i) files documents containing Trade Secrets under seal; and (ii) Customer does not otherwise disclose Cellebrite Trade Secrets, except pursuant to a court order.

“Trade Secret” means all forms and types of financial, business, scientific, technical, economic, or engineering information, including patterns, plans, compilations, program devices, formulas, designs, prototypes, methods, techniques, processes, procedures, programs, or codes, whether tangible or intangible, and whether or how stored, compiled, or memorialized physically, electronically, graphically, photographically, or in writing if: (a) Cellebrite has taken reasonable measures to keep such information secret; and (b) the information derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable through proper means by, another person who can obtain economic value from the disclosure or use of the information.

11.3.         The Confidential Information of a Party shall not include and this Section 11 shall not apply to data or information which: (i) was publicly available at the time it was disclosed or becomes publicly available, except through the fault of the receiving Party; (ii) was known to the receiving Party at the time of disclosure without an obligation of confidentiality; (iii) was disclosed after written approval of the disclosing Party; or (iv) becomes known to the receiving Party from a source other than the disclosing Party without breach of theAgreement by the receiving Party. Nothing in theAgreement shall prevent the receiving Party from disclosing Confidential Information to the extent the receiving Party is legally compelled to do so by any governmental investigative or judicial agency pursuant to proceedings over which such agency has jurisdiction; provided, however, that prior to any such disclosure, the receiving Party shall, unless prohibited by law (a) assert the confidential nature of the confidential information to the agency; (b) immediately notify the disclosing Party in writing of the agency's order or request to disclose; and (c) reasonably cooperate with the disclosing Party in protecting against any such disclosure or obtaining a protective order narrowing the scope of the compelled disclosure and protecting its confidentiality

11.4.         Each Party shall immediately upon becoming aware of the same give notice to the other of any unauthorised disclosure, misuse, theft or other loss of Confidential Information of the other Party, whether inadvertent or otherwise.

11.5.         The provisions of this Section ‎‎11 shall survive the termination of the Agreement for any reason whatsoever.

11.6.         During the Term, and for additional period of three (3) years thereafter Customer shall not, directly or indirectly, (i) solicit, endeavor to entice away from Cellebrite or otherwise interfere with the relationship of Cellebrite with any person or organisation who is, or was within the three (3) years preceding the effective date of termination of the Agreement, a customer, employee, consultant or office holder of Cellebrite; or (ii) own an interest in, manage, operate, join, control, or participate in or be connected with, as an officer, executive, partner, stockholder, consultant, service provider or otherwise, any person or organisation in an activity which directly competes with Cellebrite’s activities at the time of the termination of the Agreement.

11.7.         Both Parties agree to maintain the details of this Agreement, including without limitation the Services provided hereunder, their respective terms and existence, as confidential information. Unless as may be required by applicable law, any of the Parties requiring to revel the existence of this Agreement or any detail or term of it, including without limitations any information regarding the Services, will obtain a prior and written consent from the other Party.

12.               LIABILITY

12.1.         Cellebrite’s total aggregate liability to Customer and Customer group whether based on an action or claim in contract, tort (including negligence), breach of statutory duty or otherwise arising out of, or in relation to, the Agreement, will be limited to the amounts paid by Customer to Cellebrite during the twelve (12) months period that immediately preceded the event that gave rise to the applicable claim in accordance with the Agreement less any amount previously paid by Cellebrite to Customer (or any of its group companies) in satisfaction of any Claim.

12.2.         Nothing in the Agreement shall limit or exclude either Party’s liability:

12.2.1.             for any losses, liabilities, fines, charges, damages, actions, costs and expenses, professional fees (including legal fees actually incurred) and disbursements and costs of investigation, litigation, settlement, judgment, interest and penalties (“Loss”) to the extent it is caused by fraud, dishonesty or deceit;

12.2.2.             for death or personal injury caused by its (or its agents') negligence;

12.2.3.             that may not otherwise be limited or excluded by law.

12.3.         Except as set out in Sections 12.1 and 12.4, neither Party, nor any member of Customer group, will be liable whether based on a claim in contract, tort (including negligence), under an indemnity, breach of statutory duty or otherwise arising out of, or in relation to, the Agreement, for:

12.3.1.             any loss of profit;

12.3.2.             loss of goodwill;

12.3.3.             loss of further business;

12.3.4.              loss or corruption of, any records, software, programs or other data or information; or

12.3.5.             any indirect or consequential Losses (including where such loss or damage is of the type specified in Section 12.3.

12.4.         The limitations and exclusions of liability set out in Section 12.3 will not apply in respect of the indemnities detailed in Section 12.6 and 12.7 and the obligation of Customer to pay undisputed charges which have already become due to Cellebrite in accordance with the Agreement.

12.5.         Each Party shall use its best effort to mitigate loss which, for the avoidance of doubt, shall apply to any Losses within the scope of any indemnity under the Agreement. 

12.6.         Each Party (the “Indemnifying Party”) shall indemnify and hold harmless the other Party (the “Indemnified Party”) from direct losses, expenses, costs or damages (including reasonable legal fees) which may be brought against or suffered by the Indemnified Party (or its respective employees, directors, agents or consultants) as a result of gross negligence or wilful misconduct of the Indemnifying Party (or its respective employees, directors, agents or consultants) of its obligations under the Agreement, or as a result of any breach by either Party of its obligations under Section ‎‎11 (Confidentiality and Non-Compete) of the Agreement.

12.7.         Customer shall, at its own expense:

12.7.1.             indemnify and hold Cellebrite and its group companies, officers and directors harmless from any claim (whether brought by a third party or an employee, consultant or agent of Customer’s)

12.7.1.1.                      arising from any use of the Services, or any deliverable provided by Cellebrite as part thereof, in a manner other than as authorised under the Agreement or under any law;

12.7.1.2.                      arising from any steps taken by Cellebrite to provide the Services (or any deliverables), pursuant to an instruction from Customer, which is contrary to any applicable law;

12.7.1.3.                      for any breach by Customer of Section 5.4.7 of the Agreement; or

12.7.1.4.                      for any breach by Customer of Section 10 of the Agreement;    

12.7.2.             reimburse on demand Cellebrite for any expenses, costs and liabilities (including reasonable attorney fees) incurred relating to such claim; and

12.7.3.             pay on demand all settlements, damages and costs assessed against Cellebrite and attributable to such claim.



 

13.               GENERAL TERMS

13.1.         Notwithstanding any other provision of this Agreement, each Party shall retain responsibility for its compliance with all applicable export control laws and economic sanctions programs relating to its respective business, facilities and provision of services to third parties. In performing their respective obligations under this Agreement neither Party will be required to undertake any activity that would violate any applicable laws or mandatory regulations, including any applicable export control laws and economic sanctions programs.

13.2.         Cellebrite and Customer each agree and undertake to the other that in connection with this Agreement and the provision of Services contemplated by this Agreement, they will each respectively comply with any applicable foreign or domestic anti-bribery and anti-corruption laws and regulations, including any laws intended to implement the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions.

13.3.         For the avoidance of doubt, the terms of this Agreement shall be considered as Cellebrite’s Confidential Information. Customer shall not communicate in any form with the media or make any disclosure, publication, press release or any other announcements on any matter concerning this Agreement and/or Cellebrite and/or the Services without the prior written consent of Cellebrite.

13.4.         Except where the context otherwise requires, the terms “including” and “includes” shall mean “including without limitation” and “includes without limitation”, respectively.

13.5.         Capitalised terms used under this Agreement shall have the meaning ascribed to them in the Service Agreement, unless otherwise defined herein.

13.6.         Section headings in this Agreement are intended solely for convenience, and will have no meaning in or effect on the interpretation of the Agreement.

13.7.         Customer will fully cooperate with any third party company that Cellebrite chooses to engage during the term of this Agreement in any way necessary to enable proper provision of the Services.

13.8.         This Agreement, together with its appendices, contains all the terms agreed between the Parties regarding the subject matter and supersedes and replaces any prior agreement, understanding or arrangement between the Parties, whether oral or in writing.  No representation, undertaking or promise shall be taken to have been given or be implied from anything said or written in negotiations between the Parties prior to this Agreement except as expressly stated in this Agreement.  Neither Party shall have any remedy in respect of any untrue statement made by the other upon which that Party relied in entering into this Agreement (unless such untrue statement was made fraudulently). Without prejudice to the foregoing, the only remedy available to a Party in respect of a breach of any representation which is incorporated into this Agreement shall be for breach of contract.

13.9.         This Agreement may be executed in any number of counterparts, each of which is an original and all of which together evidence the same agreement.

13.10.     This Agreement may not be amended except by an agreement in writing expressed to vary this Agreement signed by duly authorised representatives of the Parties.

13.11.     Failure or neglect by either Party to enforce at any time any of the provisions hereof shall not be construed as nor shall be deemed to be a waiver of that Party’s rights hereunder nor in any way affect the validity of the whole or any part of this Agreement nor prejudice that Party’s right to take subsequent action.  The terms of this Agreement may only be waived by a document in writing which makes reference to this Agreement and the Parties hereto.

13.12.     This Agreement and/or the rights and/or obligations rising from this Agreement may not be assigned and/or pledged without the prior written authorisation of the other Party.

13.13.     It is expressly declared that no rights shall be conferred under this Agreement on any person other than Customer and Cellebrite, and no person other than Customer and Cellebrite shall have any right to enforce any term of this Agreement.

13.14.     In the event any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions of this Agreement will remain in full force and effect. 

13.15.     All notices shall be given in writing, and will be deemed to have been delivered to the addressee immediately on their delivery if delivered by hand or within 72 hours after being sent by registered mail, as per the addresses set forth above or such other address as a Party may hereafter give notice to the other Party.

13.16.     The Services were developed exclusively at private expense and qualify as a “commercial item” as defined and used at FAR (48 C.F.R.) 2.101.  Use, duplication or disclosure of the Services by the U.S. Government are subject to restrictions set forth in this Agreement, in accordance with FAR 12.212 and/or DFARS 227.7202, as applicable.

13.17.     The construction, validity and performance of this Agreement and all non-contractual obligations arising from or connected with this Agreement shall be governed exclusively by the laws of the State of New York.

13.18.     Each Party irrevocably agrees to submit to the exclusive jurisdiction of the courts in New York over any claim or matter arising under or in connection with this Agreement.



 

Annex A

                                                                                                                                                                                                     Conditions Precedent

1.                  General

The Parties acknowledge and agree to fulfil the conditions set forth in this Annex A to the Agreement for the provision of Services by Cellebrite under the Agreement (the “Conditions Precedent”).

Customer acknowledges that in the event that any of the Conditions Precedent are not met, achieved or maintained throughout the Term of the Agreement by Customer, Cellebrite will not be able to provide the Services to Customer and shall be entitled to terminate the Agreement forthwith.

Customer further acknowledges that Cellebrite’s non-performance of the Services which is due to a default of Customer to meet the Conditions Precedent will not be deemed as breach of the Agreement and Customer will not be entitled to any refund of payments made to Cellebrite and Cellebrite will be entitled to charge any direct expenses it incurred in preparation and anticipation for the service provision.

2.                  Conditions Precedent for Service performed at Cellebrite’s premises or to Cellebrite’s designated laboratory.

2.1.             After submitting the fully executed ‘Device Data’ form to Cellebrite and prior to sending any Device(s) to Cellebrite, Customer is to receive a written confirmation and consent from Cellebrite to sending the Devices. Cellebrite’s approval or denial for sending the Device shall be based, among others, on Cellebrite’s internal list of the then-current Service supported devices.

3.                  Conditions Precedent for Service performed at Customer premises

3.1.             After submitting the fully executed ‘Device Data’ form to Cellebrite, Customer will work with Cellebrite’s designated person to coordinate timeframe for arrival to perform the Service.

3.2.             Customer shall provide written confirmation of Customer’s allocation of a designated room (the “Designated Room”) to performance of the Services. Until Successful Completion of the Services, the access to such Designated Room should be restricted to Cellebrite’s personnel only.

3.3.             The Designated Room is to be suitable for 1-2 people conveniently working and be equipped with at least 4 power outlets.

3.4.             Cellebrite shall have the right to inspect the Designated Room prior to the commencement of provision of the Services. In the event that Cellebrite finds the Designated Room not suitable for the performance of the Services, Customer shall either make the room suitable or designate a different room.

3.5.             Customer shall assure and approve in writing that the Designated Room is not videotaped and/or monitored in any manner except for entry/exit monitoring which is allowed and encouraged.

3.6.             Customer shall provide written confirmation approving Cellebrite’s personnel to carry into Customer’s premises and in the Designated Room, the required equipment in a sealed packaging and assure that the equipment will not be inspected before, during or after performance of the Services.

3.7.             Customer shall obtain, at Customer’s expense, and provide to Cellebrite’s personnel any documents, permit (including but not limited to visa), approvals or invitations which are required by Customer or by the laws of the country in which Customer and/or the Designated Room is located.



Annex B – Device Data

Service Code

 

Date In

Reference

Device Model

Model code

iOS Version

IMEI/MEID

Serial

Compatible

Condition Notes

1

 

 

 

 

 

 

 

 

 

2

 

 

 

 

 

 

 

 

 

3

 

 

 

 

 

 

 

 

 

4

 

 

 

 

 

 

 

 

 

5

 

 

 

 

 

 

 

 

 

6

 

 

 

 

 

 

 

 

 

7

 

 

 

 

 

 

 

 

 

8

 

 

 

 

 

 

 

 

 

9

 

 

 

 

 

 

 

 

 

10

 

 

 

 

 

 

 

 

 

11

 

 

 

 

 

 

 

 

 

12

 

 

 

 

 

 

 

 

 

13

 

 

 

 

 

 

 

 

 

14

 

 

 

 

 

 

 

 

 

15

 

 

 

 

 

 

 

 

 

16

 

 

 

 

 

 

 

 

 

 



 

Annex C

Data Processing Addendum

  1. Customer commissions, authorises and requests that Cellebrite provide Customer the Services, which involves Processing Personal Data (as these capitalised terms are defined and used in the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679, in Directive 2016/680 on the processing of personal data by authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences, and in national laws supplementing the GDPR or transposing and implementing that directive (all collectively referred to as “Data Protection Law”)).
  2. When performing the Services, Cellebrite is acting as a Processor or a sub-processor on behalf of Customer and Customer and Cellebrite are each responsible for complying with the Data Protection Law applicable to them in their roles as Controller and Processor/sub-processor, respectively (as these terms are defined and used in Data Protection Law).  
  3. With respect to those activities of Cellebrite as a Processor, Cellebrite will Process the Personal Data, only on Customer’s behalf, for as long as Customer instructs Cellebrite to do so, only as set forth in this Addendum and shall not Process the Personal Data for any purpose other than the purpose set forth in the next section.
  4. The subject matter and purposes of the Processing activities are the unlocking of end-user digital devices (e.g., mobile phones), decoding data from digital devices and extracting data from digital devices, collecting end user data from cloud services, and performing analysis and analytics on such end user data – all as the case may be pursuant to the Agreement and Customer’s instructions. The Personal Data Processed may include, without limitation:
    1. Data and meta data from end-user digital devices; End user data and meta data from cloud services
    2. Names, titles and contact information of Customer’s employees
  5. The Data Subjects, as defined in the Data Protection Law, about whom Personal Data is Processed are data subjects with respect to which Customer uses Cellebrite’s Products and Services and Customer’s employees.
  6. With respect to those activities of Cellebrite as a Processor, Cellebrite will Process the Personal Data only on documented instructions from Customer, unless Cellebrite is otherwise required to do so by law to which it is subject (and in such a case, Cellebrite shall inform Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest).

7.       Customer may only use the services to process Personal Data pursuant to a recognised and applicable lawful basis under Data Protection Law. Customer is solely responsible for determining the lawfulness of the data processing instructions it provides to Cellebrite and shall provide Cellebrite only instructions that are lawful under Data Protection Law.

  1. Cellebrite will make available to Customer all information in its disposal directly relevant to Customer and the services performed and necessary to demonstrate compliance with the obligations under Data Protection Law, shall maintain all records required by Data Protection Law, and shall make them available to Customer upon request.
  2. Customer acknowledges and agrees that Cellebrite uses the following sub-processors to Process Personal Data relating to names, titles and contact information of Customer’s employees: Microsoft Corporation, Amazon Web Services, Inc., Signiant Inc., Salesforce.com, and Oracle.
  3. Customer authorises Cellebrite to engage other sub-processors for carrying out specific processing activities of the Services, provided that Cellebrite informs Customer at least 21 days in advance of any new or substitute sub-processor, in which case Customer shall have the right to object, on reasoned grounds, to that new or replaced sub-processor. If Customer so objects, Cellebrite may not engage that new or substitute sub-processor for the purpose of Processing Personal Data in the provision of the Platform and may terminate the Agreement with Customer for convenience, without liability to Customer for such premature termination.
  4. Customer instructs Cellebrite and its sub-processors to Process the Personal Data only in member states of the European Economic Area, in territories and territorial sectors recognised under an adequacy decision pursuant to Data Protection (e.g., Israel; U.S. companies certified to Privacy Shield), or in territories in which the recipient is bound by adequate safeguards recognised by the European Commission as pursuant to Data Protection Law (e.g. Model Clauses).
  5. Cellebrite will procure that the sub-processors Process the Personal Data in a manner consistent with Cellebrite’s obligations under this Annex C and Data Protection Law, with such obligations imposed on that sub-processor by way of law or contract, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of Data Protection Law.
  6. In Processing Personal Data, Cellebrite will implement appropriate technical and organisational measures to protect the Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access in accordance with Article 32 of the GDPR and Cellebrite’s IT Security Policy which Customer can request a copy of from Cellebrite. Cellebrite will ensure that its staff authorised to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  7. Cellebrite shall allow for and contribute to audits, including carrying out inspections on Cellebrite's business premises conducted by Customer or another auditor mandated by Customer during normal business hours and subject to a prior notice to Cellebrite of at least 30 days as well as appropriate confidentiality undertakings by Customer covering such inspections in order to establish Cellebrite's compliance with this Annex C and the provisions of the applicable Data Protection Law as regards the Personal Data that Cellebrite processes on behalf of Customer. If such audits entail material costs or expenses to Cellebrite, the parties shall first come to agreement on Customer reimbursing Cellebrite for such costs and expenses.
  8. Cellebrite shall assist Customer by any appropriate means available to it and applicable to its provision of the Services, to ensure compliance with the provisions of Data Protection Law on the data subject's rights.
  9. Subject to sections 17 and 18 below, Cellebrite will delete the Personal Data it has Processed on Customer's behalf under this Addendum from its own and its sub-processor’s systems in due course following the date of cessation of the provision of the Services involving the Processing of Personal Data. Upon Customer’s request, Cellebrite will furnish written confirmation that the Personal Data has been deleted pursuant to this section.
  10. Subject to section 18 below, Customer may, by written notice to Cellebrite, require Cellebrite to (a) return to Customer any Personal Data in Cellebrite's possession or control; or (b) delete the Personal Data it has Processed on Customer's behalf.
  11. Notwithstanding the foregoing, Cellebrite may retain the Personal Data to the extent required by applicable laws and only to the extent and for such period as required by applicable laws, provided that Cellebrite shall ensure the confidentiality of all such Personal Data and shall ensure that such Personal Data is only Processed as necessary for the purposes specified in the applicable laws requiring its storage and for no other purpose.
  12. Cellebrite shall without undue delay notify Customer of any ‘Personal Data Breach’ (as this term is defined and used in Data Protection Law) that it becomes aware of regarding Personal Data of Data Subjects that Cellebrite Processes. Cellebrite will use commercial efforts to mitigate the breach and prevent its recurrence. Customer and Cellebrite will cooperate in good-faith on issuing any statements or notices regarding such breaches, to authorities and Data Subjects.
  13. Cellebrite will assist Customer with the eventual preparation of data privacy impact assessments and prior consultation as appropriate, provided, however, that if such assistance entails material costs or expenses to Cellebrite, the parties shall first come to agreement on Customer reimbursing Cellebrite for such costs and expenses.
  14. Cellebrite will provide Customer prompt notice of any request it receives from authorities to produce or disclose Personal Data it has Processed on Customer’s behalf, so that Customer may contest or attempt to limit the scope of production or disclosure request.
  15. All notices required or contemplated under this Annex C to be sent by Cellebrite will be sent either by electronic mail to Customer to the email address that Cellebrite has on file for Customer’s main contact person.