ForgeRock Open Banking Service Terms and Conditions Rev. 12.03.2019
PLEASE READ THESE FORGEROCK OPEN BANKING SERVICE TERMS AND CONDITIONS CAREFULLY. BY SELECTING THE "ACCEPT" BUTTON BELOW, YOU HEREBY REPRESENT AND WARRANT TO FORGEROCK THAT YOU ARE A DULY AUTHORIZED REPRESENTATIVE OF YOUR COMPANY WITH AUTHORITY TO BIND IT TO THESE FORGEROCK OPEN BANKING SERVICE TERMS AND CONDITIONS, AND THEREBY YOUR COMPANY (“COMPANY”) HEREBY AGREES TO BE BOUND BY THESE FORGEROCK OPEN BANKING SERVICE TERMS AND CONDITIONS. IF YOU DO NOT AGREE TO THESE TERMS, YOU AND YOUR COMPANY ARE NOT AUTHORIZED TO RECEIVE ACCESS TO FORGEROCK’S OPEN BANKNING SERVICE.
- Definitions .
“Agreement” means these Open Banking Service Terms and Conditions.
“Applicable Law” means any of the following, to the extent that it applies to Company or ForgeRock: a) any statute, regulation, directive, by law, ordinance or subordinate legislation in force from time to time; b) the common law and the law of equity; c) any binding court order, judgement or decree; d) any applicable industry code, guidelines, policy or standard including but not limited to the FCA Handbook; and e) any applicable guidance, direction, policy, rule or order that is given by a Regulatory Body, in any jurisdiction applicable to this Agreement.
“Confidential Information" means, with respect to Company or FORGEROCK, any materials either marked as “Confidential” or that should reasonably be deemed confidential and with respect to FORGEROCK: (a) the Service, including, without limitation, all (i) computer software (both object and source codes) and related Service documentation or specifications; (ii) techniques, concepts, methods, processes and designs embodied in or relating to the Service; and (iii) all application program interfaces, system infrastructure, system security and system architecture design relating to the Service; (b) FORGEROCK research and development, product offerings, pricing and availability; and (c) any information about or concerning any third party which information was provided to FORGEROCK subject to an applicable confidentiality obligation to such third party.
“Company Data” means content provided to FORGEROCK by Company through the Service. Company agrees the content it provides to FORGEROCK must be strictly test, dummy, non-production data only, provided in the course of testing the Service. Company agrees that Company Data should not include any personally identifiable information as determined by Applicable Law.
“Customer” means the ForgeRock subscription customer whose open banking sandbox Company is testing.
“Service” means the generally available hosted, on-demand, web-based sandbox provided to Customer and via Customer to Company accessed via the Site
“Site” means an FORGEROCK established Internet site through which the Service may be accessed.
“Subscription Term” means the period of the subscription for which Customer has procured the Service.
- Service Usage. Company shall not remove notices and notations on the Site or in the Service that refer to copyrights, trademark rights, patent rights and other intellectual property rights. FORGEROCK or its licensors own all right, title and interest in any and all copyrights, trademark rights, patent rights and other intellectual property or other rights in the Service, as well as any work product, and any improvements, design contributions or derivative works conceived or created by either party in or to the Service. This Agreement does not transfer from FORGEROCK any proprietary right or interest in the Service. All rights not expressly granted to Company in this Agreement are reserved by FORGEROCK and its licensors. When using the Service, Company shall not: (a) copy, translate, disassemble, decompile, reverse-engineer or otherwise modify any parts of the Service; (b) intentionally or through lack of good industry standard controls transmit any personal data or content, data or information that is unlawful, harmful, threatening, malicious, abusive, harassing, tortious, defamatory, vulgar, obscene, libelous, invasive of another’s privacy or right of publicity, hateful, or racially, ethnically or otherwise objectionable; (c) infringe the intellectual property rights of any entity or person; (d) interfere with or disrupt the FORGEROCK software or FORGEROCK systems used to host the Service, or other equipment or networks connected to the Service, or disobey any requirements, procedures, policies or regulations of networks connected to the Service made known to Company; (e) use the Service in the operation of a service bureau, outsourcing or time-sharing service; (f) provide, or make available, any links, hypertext (Universal Resource Locator (URL) address) or other similar item (other than a “bookmark” from a Web browser), to the Site or Service, or any part thereof; (g) circumvent the user authentication or security of the Site or Service or any host, network, or account related thereto; (h) use any application programming interface to access the Service other than those made available by FORGEROCK; (i) make any use of the Service that violates any Applicable Law; (j) allow any third party to use any user identification(s), code(s), password(s), procedure(s) and user keys issued to, or selected by or given to, Company for access to the Service; or (k) upload or allow the uploading of any data into the Service that includes any live, production or non-dummy data, including any personally identifiable information as defined by Applicable law. FORGEROCK shall be entitled to monitor Company’s compliance with the terms of this Agreement. FORGEROCK will use limited security technologies in providing the Service; these security technologies are not currently industry standard. Company shall comply with any applicable FORGEROCK security guidelines and procedures made known to Company through the Service or otherwise. Company agrees that FORGEROCK does not control the transfer of data, including but not limited to Company Data, over telecommunications facilities, including the Internet, and FORGEROCK does not warrant secure operation of the Service or that such security technologies will be able to prevent third party disruptions of the Service.
- Company Data. Company grants to FORGEROCK the nonexclusive right to use Company Data for the sole purpose of and only to the extent necessary for FORGEROCK to provide the Service. Company shall be responsible for Company Data entered into the Service. Company hereby represents and warrants to FORGEROCK that the Company Data is free of all viruses, Trojan horses, and comparable elements which could harm the systems or software used by FORGEROCK or its subcontractors to provide the Service. Company agrees that it has collected and shall maintain and handle all Company Data in compliance with Applicable Law. Company shall change all passwords used to access the Service at regular intervals. Should Company learn of an unauthorized third party having obtained knowledge of a password, Company shall inform FORGEROCK thereof without undue delay and promptly change the password. Company is responsible for the connection to the Service, including the Internet connection. Company agrees that it shall not provide any personal data to ForgeRock during the term of the Service and shall indemnify and hold ForgeRock harmless against any claims by any third party alleging data breach or unlawful processing of personal data that Company provides ForgeRock. Company represents that it is an organization or natural person registered with the OBIE and that uses APIs developed to standards to access Customer’s accounts in order to provide account information services and/or to initiate payments. Company agrees that it is entirely responsible for the content of Company Data.
- Term . This Agreement shall become effective upon the Agreement Effective Date and shall continue in full force and effect for the duration of the Customer’s Subscription Term after which this Agreement shall terminate. Notwithstanding the foregoing, this Agreement shall terminate (i) immediately after FORGEROCK gives Company notice of Company’s material breach of any provision of the Agreement or (ii) immediately FORGEROCK determine and notify Company that continued use of the Service may result in harm to the Service (including the systems used to provide the Service) or FORGEROCK customers, or result in a violation of Applicable Law, legal obligation or legal rights of another. In addition to any other remedies available at law or in equity, FORGEROCK will have the right immediately, in FORGEROCK’s sole and reasonable discretion, to remove any potentially offending Company Data from the Service, deactivate Company’s user name(s) and password(s) and/or suspend Company access to the Service and so notify Company if the circumstances permit. Upon the effective date of termination, Company’s access to the Service will be terminated. Company shall have the ability to access its Company Data at any time during a Customer Subscription Term. Thirty (30) days after the effective date of termination, FORGEROCK shall have no obligation to maintain or provide any Company Data.
- Company Obligations. Company shall defend FORGEROCK and its Affiliates against claims brought against FORGEROCK by any third party arising from or related to (i) any use of the Service in violation of section 2 of this Agreement or any Applicable Law or regulation; or (ii) an allegation that the Company Data or Company’s use of the Service in violation of this Agreement violates, infringes or misappropriates the rights of a third party. Company will pay damages finally awarded against FORGEROCK (or the amount of any settlement Company enters into) with respect to such claims. The foregoing shall apply regardless of whether such damage is caused by the conduct of Company or by the conduct of a third party using Company’s access credentials. This obligation of Company shall not apply if FORGEROCK fails to timely notify Company in writing of any such claim, however FORGEROCK’s failure to provide or delay in providing such notice shall not relieve Company of its obligations under this Section except to the extent Company is prejudiced by FORGEROCK’s failure to provide or delay in providing such notice. Company is permitted to fully control the defense and any settlement of any such claim as long as such settlement does not include a financial obligation on or admission of liability by FORGEROCK or otherwise obligates FORGEROCK to specific performance. In the event FORGEROCK declines Company’s proffered defense, or otherwise fails to cede full control of the defense to Company’s designated counsel, then FORGEROCK waives Company’s obligations under this Section 5. FORGEROCK shall reasonably cooperate in the defense of such claim and may appear, at its own expense, through counsel reasonably acceptable to Company. FORGEROCK shall have no liability for any delay or failure to perform hereunder due to circumstances beyond such it’s reasonable control, including acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems (excluding those involving such party's employees), internet or other service disruptions involving hardware, software or power systems not within such party's possession or reasonable control, and denial of service attacks (“Force Majeure Event”).
- Confidentiality. ForgeRock and Company agree that, for a period of three (3) years after last receipt of the other party's Confidential Information, it will: (a) use the other party's Confidential Information only in connection with fulfilling its rights and obligations under this Agreement; and (b) hold the other party’s Confidential Information in strict confidence and exercise due care with respect to its handling and protection, consistent with its own policies concerning protection of its own Confidential Information of like importance but in no instance with less than reasonable care, such due care including without limitation requiring its employees, professional advisors and contractors to execute non-disclosure agreements which are consistent with the terms and conditions of this Agreement and no less protective of each party’s Intellectual Property Rights as set forth herein before allowing such parties to have access to the Confidential Information of the other party. Exceptions to Obligation. Notwithstanding this Section 6, either party may disclose Confidential Information to the extent required by law, provided the other party uses commercially reasonable efforts to give the party owning the Confidential Information sufficient notice of such required disclosure to allow the party owning the Confidential Information reasonable opportunity to object to and to take legal action to prevent such disclosure.
- WARRANTY. THE SERVICE LICENSED HEREUNDER IS PROVIDED “AS IS” AND WITHOUT WARRANTY OF ANY KIND. FORGEROCK AND ITS LICENSORS EXPRESSLY DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTY OF NON-INFRINGEMENT.
- LIMITATION OF LIABILITY AND DISCLAIMER OF CONSEQUENTIAL DAMAGES. IN NO EVENT SHALL FORGEROCK BE LIABLE FOR ANY DATA BREACH OR LOSS, THE COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, ANY LOST PROFITS, REVENUE, OR DATA, INTERRUPTION OF BUSINESS OR FOR ANY INCIDENTAL, SPECIAL, CONSEQUENTIAL OR INDIRECT DAMAGES OF ANY KIND, AND WHETHER ARISING OUT OF BREACH OF WARRANTY, BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE OR IF SUCH DAMAGE COULD HAVE BEEN REASONABLY FORESEEN. IN NO EVENT SHALL FORGEROCK’S LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, EXCEED IN THE AGGREGATE £1,000 STERLING.