PICUS SECURITY PRIVACY POLICY

Last Updated: 26.03.2026

1. INTRODUCTION

This Privacy Policy describes how Picus Security, Inc. and its Affiliates listed in Section 11 (collectively, "Picus", "we", "us", or "our") process personal data in connection with our websites, products, services, and related interactions.

Picus is committed to protecting personal data and maintaining transparency regarding its processing activities. This Privacy Policy applies to personal data processed through our websites (including www.picussecurity.com and app.picussecurity.com), our Services (as described below), and any other ​​electronic communications networks by Picus.

This document is an informational disclosure of our privacy practices. While the use of our Services is subject to the Picus Subscription Agreement (PSA), this Policy serves to inform you about how and why we collect, process, and protect your personal data.

2. COLLECTION OF YOUR PERSONAL INFORMATION

Personal Data is any information that directly or indirectly identifies a natural ​​person. We will ask for your consent when we need information that personally identifies you (personal ​​information) or allows us to contact you to provide a service or carry out a transaction that you ​​have requested, such as receiving information about Picus Security products and services, ​​ordering email newsletters, joining a limited-access site or service, or purchasing, ​​downloading and/or registering Picus Security products.

The channels and types of personal information we may collect, including but not limited to, are listed below:

2.1. Information you directly provide to us

We collect information when you request a service, register for an event, or communicate with us.

• Free-trial & Demo requests: Under your free-trial or demo requests, we may collect your ​first name, last name, company name, company email address, country, and phone number (optional).

• Platform account: We may collect your company email addresses for authentication and logging into our online platform.

• General Inquiries (Contact Us): When you make inquiries, such as scheduling a demo, learning about pricing, or upgrading a product, we may collect your first name, last name, company email, company name, job title, country, phone number (optional) information and any descriptive message submitted to facilitate the inquiry.

• Job application: We receive your job applications through a third-party platform. If you apply for a job at Picus, we may collect your full name, email, resume/CV, phone (optional), current company (optional), LinkedIn Profile (optional), and any other optional information submitted within your application.

• Partner account & User application: Under our partner program, we may collect your corporate email address.

• Picus Technology Alliances Partner Program application: Under our Technology Alliances Partner Program (TAP), we may collect your first name, last name, work email address, and role information.

• Picus Technology Alliances Team meeting request: For meeting requests with the Picus Technology Alliances Team, we may collect your first name, last name, and email address.

• Blog: If you subscribe to our blog, we may collect your company email address.

• Purple Academy by Picus: If you wish to obtain a service from Purple Academy, we may collect your full name, company email address, company, country, and job title information.

• Content Requests (Webinars, Case Studies, Reports): For webinars, case studies, and reports requests, we may collect your full name, company email address, company, country, and job title information.

• Exclusive Reports: Under exclusive report requests, we may collect your full name, company email address, company name, title, and country information.

We may also collect your personal data such as your first name, last name, and email address when you follow us on social media, attend our events, or correspond with us by phone, email, social media, or otherwise.

2.2. Information from your visits to our website

Our website enables us to communicate with you about us, our products, and our services. Even if you do not login with an account, we may automatically collect certain information each time you visit our website. This may include the name of the Internet Service ​Provider, Internet Protocol (IP) address, date ​​and time of access browser type and version, time zone setting, operating system and platform, pages accessed, and the Internet ​​address of the website from which you linked directly to our website. This information is mainly used ​to provide access to our website, improve the webpage view, and adapt to device settings and language. We also use this information to analyze trends and to improve our website and online services.

For more details on automatically collected information about your visit to our website, ​please see our Cookie Policy.

2.3. Information from other resources

We may also collect your personal information indirectly from third party sources such as business partners, advertising networks, payment and delivery services as well as public records, such as social media platforms and industry associations.

Please note that, in such cases, we strive to ensure that these parties adhere to privacy standards consistent with ours. However, we do not have any liability or responsibility over their use, storage, and disclosure of your personal information, as governed by their own privacy policies and such third parties are responsible for their own processing activities in accordance with their respective privacy policies.

3. USE AND CONTROL OF YOUR PERSONAL INFORMATION

We process personal data depending on the nature of our relationship with you (e.g., customer, prospective customer, user, partner, or job applicant) and the context in which the data is collected.

Consistent with applicable data protection laws and choices that may be available to you, we may use your personal information for the following purposes, including but not limited to:

Service Delivery and Contractual Obligations: To provide, operate, and maintain our products and services, including responding to requests, fulfilling contractual obligations, and delivering requested information.

Communication and Customer Engagement: To communicate with you regarding our products, services, updates, support requests, and relevant business communications.

Marketing and Events: To send marketing communications, event invitations, and promotional materials, in accordance with your preferences and, where required, your consent.

Platform Improvement and Analytics: To analyze usage, improve functionality, optimize performance, and enhance user experience across our websites and services.

Security and Fraud Prevention: To maintain the security of our systems, detect, investigate, and prevent unauthorized access, fraud, abuse, or other illegal activities.

Legal and Regulatory Compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests.

Legal Basis for Processing (GDPR): Where applicable, we rely on the following legal bases under GDPR:

- Performance of a contract (Article 6(1)(b))

- Compliance with legal obligations (Article 6(1)(c))

- Legitimate interests (Article 6(1)(f)), such as improving services and ensuring security

- Consent (Article 6(1)(a)), where required (e.g., marketing communications)

Marketing Preferences: You may opt out of marketing communications at any time by following the unsubscribe instructions in our emails or contacting us directly. You may also withdraw your consent at any time where processing is based on consent.

We will collect and use your personal data (as described in section 3) in accordance with applicable data protection laws. Our grounds for processing your personal data are as follows:

• Explicit Consent: Where necessary we will only collect and process your personal data if you have given your clear and affirmative consent for us to do so.
• Legitimate Interests: We may use and process some of your personal data where we have sensible and legitimate business grounds for doing so. Our legitimate interests for processing your personal data are for us to enable you access and use of our Services, to create and update our active cybersecurity initiatives or activities having been flagged with previous intent to conduct fraudulent or criminal activity, to effectively implement our features, to understand and to administer our technical and customer support for the delivery of our Services.
• Legal obligations: We may need to process your personal data when we are required to comply with a legal obligation.
• Performance of a contract: Provided that it is directly related to the establishment or performance of the contract, it is necessary to process the personal data of the parties to the contract. We may need to process your personal data when we provide Services to you or when we communicate with you about the Service.

4. HOW WE SHARE YOUR PERSONAL DATA

We do not sell your personal information. We only share your personal data in the following circumstances:

• Service Providers (Data Processors): We share data with trusted third-party vendors who provide services on our behalf, such as cloud hosting, CRM, analytics, and email delivery. These providers are strictly bound by data processing agreements.
• Affiliates: We may share data within the Picus affiliates to support global service delivery and operations.
• Legal & Regulatory Authorities: We may disclose your information if required by law, court order, or governmental request, or to protect the rights, property, and safety of Picus, our users, or the public.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, personal data may be transferred to the acquiring entity.

5. COOKIES

Cookies are small files or identifiers placed on your device when you visit our websites. They enable us to recognize your device, facilitate navigation between pages, enhance user experience, and maintain the security and functionality of our platforms

We use cookies on our Websites (​www.picussecurity.com and app.picussecurity.com) to track user preferences, improve user experience, and conduct behavioral advertising.

For detailed information, including how to manage your preferences, please visit our Cookie Policy.

6. INTERNATIONAL DATA TRANSFERS

As a globally operating company hosted on cloud-based infrastructure, personal data may be transferred to and processed in countries outside of your jurisdiction (such as the United States).

We ensure that such transfers comply with applicable data protection laws. Regardless of the destination, we utilize legally recognized transfer mechanisms, including the European Commission’s Standard Contractual Clauses (SCCs), where applicable, to guarantee an adequate level of data protection.

7. DATA SECURITY AND RETENTION

We implement robust technical and organizational measures to protect your personal data and prevent unauthorized access, disclosure, use, or modification. At Picus, we utilize industry-standard technologies, operational security methods, and cyber security solutions, including access controls, encryption, and monitoring mechanisms, for the protection of personal data.

In this context, we regularly review and validate the adequacy and effectiveness of our security controls, tools, and procedures to maintain a secure environment. Please note that no security measures are completely secure. For more information, please see our Corporate Practices.

Picus retains personal information only for the period necessary to fulfill the purposes for which it was collected. Thereafter, personal data may be retained for a reasonable period to comply with audit, contractual, or legal obligations, or where we have a legitimate interest in retaining it.

Retention periods are determined based on the type of personal data and the nature of the processing. When personal data is no longer required for these purposes, it is securely deleted, destroyed, or anonymized in accordance with applicable laws and our internal policies.

Adequate technical and administrative measures have been implemented within our Information Security Management System to ensure secure storage and destruction of personal information.

8. YOUR RIGHTS

We respect your privacy and your rights under applicable data protection laws, including the GDPR, CCPA, and KVKK. Depending on your jurisdiction and the nature of our processing, your rights may include:

Right to Access: Request a copy of the personal data we hold about you.

Right to Rectification: Request the correction of inaccurate or incomplete personal data.

Right to Erasure (“Right to be Forgotten”): Request the deletion of your personal data under certain conditions.

Right to Restriction of Processing: Request that we limit how we use your data.

Right to Data Portability: Request the transfer of your data to another organization or directly to you.

Right to Object: Object to the processing of your data based on legitimate interests or for direct marketing purposes.

Withdrawal of Consent: Where processing is based on your consent, you have the right to withdraw it at any time.

To exercise any of these rights, please fill out the initial request form here so that we can provide you the appropriate data subject request form depending on the legal source of your request.

9. CHILDREN AND SENSITIVE DATA

• Children: Our Website, application, and services are intended for business use and we do not expect them to be of any interest to minors. We do not knowingly or intentionally collect personal data from anyone under 16 years of age.

• Sensitive data: We do not collect or receive any sensitive categories of personal data. We explicitly request that you do not send or disclose any sensitive personal information to us, whether directly or through our products, AI features, or support channels.

10. CONTACT US

If you have any questions or concerns regarding this Policy or our data protection practices, please contact us ​​at privacy@picussecurity.com.

11. AFFILIATES

Picus Affiliates covered by this Policy include Picus Security, Inc., Picus Bilişim Güvenlik Ticaret A.Ş., and Picus Security US, LLC.

12. CHANGES TO THIS PRIVACY POLICY

We review this Privacy Policy regularly and may change it to reflect our product and service updates, corporate practices, regulatory requirements, or other purposes.

We encourage you to frequently check this page as the "Last Updated" date at the top of this Policy indicates the most recent modifications. For significant changes, we will provide a more prominent notice, such as via email or a notification within our platform, as required by applicable law.

Last Updated: 24.03.2026

INTRODUCTION

Picus Security Inc., along with its affiliates, Picus Bilişim Güvenlik Tic. A.Ş. and Picus Security US, LLC (“Picus Security” or “Company”), may collect and process personal data for various purposes through cookies on our websites ​www.picussecurity.com and app.picussecurity.com ​(“Websites”).

This Cookie Policy explains what cookies are, how we use them, the legal basis for processing your data, and how you can manage your preferences in compliance with applicable data protection laws. When you visit our Websites, a cookie consent banner allows you to manage these preferences directly. For more information on how we collect, store, and use your personal data, please refer to our Privacy Policy.

Please note that this policy may be updated from time to time to reflect changes in technology, legal requirements, or our Company's data practices.

WHAT ARE COOKIES?

Cookies are small text files placed on your device when you visit a website. They act as a digital memory for your browser, allowing our Websites to recognize your device on subsequent visits and remember your preferences.

These files may store or retrieve information on your browser to ensure our Websites function properly, enable security features, and provide analytics or advertising insights. In addition to cookies, we may use similar technologies such as pixels, tags, or scripts for these purposes.

Cookies typically contain data such as a unique identifier, session information, or user preferences.

Cookies do not typically directly identify you, such as by name or contact details. However, they may contain unique identifiers or other data that, when combined with other information we collect, could be used to recognize or remember you across different sessions or websites. In such cases, this information may be considered personal data under applicable data protection laws and will be processed in accordance with our Privacy Policy.

By making websites work more efficiently, cookies enhance your user experience and provide essential information to website owners.

WHY WE USE COOKIES

At Picus Security, we use cookies and similar technologies to operate our Websites, maintain security, understand how our Websites are used, remember user preferences, and, where applicable, support advertising and marketing activities.

Depending on their purpose, cookies may be used to:

• Ensure the security and proper functioning of our Websites
• Enable core features and improve usability
• Analyze usage and performance of our Websites
• Personalize content and support marketing activities

Legal Basis: “Necessary” cookies are used based on our legitimate interest in operating and securing our Websites.

Where required by applicable law, analytics, functionality, and advertising cookies are used only with your consent.

COOKIE CATEGORIES

We categorize cookies based on their purpose to provide transparency on how your data is processed:

Necessary Cookies: These cookies are essential for the operation, security, and accessibility of our Websites. They enable core functionalities such as page navigation, authentication, and secure access. As these cookies are required for the Websites to function, they do not require user consent and cannot be switched off in our systems.

Analytics Cookies: These cookies collect aggregated and statistical information about how visitors interact with the Websites. They help us understand usage patterns, identify usability issues, and improve performance.

Advertising Cookies: These cookies are used to deliver relevant advertisements and measure the effectiveness of our marketing campaigns. They may track your browsing activity across different websites and services.

Functional Cookies: These cookies are optional for the website to function. These cookies allow the Websites to remember user preferences and settings (such as language or region) to personalize your experience.

COOKIE SOURCES

Cookies may also be categorized depending on who implements them:

First-Party Cookies: These cookies are issued directly by our Websites and are used to support core functionality, performance, and user experience within our domain.

Third-Party Cookies: These cookies are set by third-party service providers that support analytics, advertising, and certain functionalities of the Websites.

Third-party providers may collect information about your browsing behavior across multiple websites and use such data to:

• Analyze usage and performance,
• Deliver targeted advertisements, and
• Measure the effectiveness of marketing campaigns.

The processing of data by such third parties is governed by their respective privacy policies.

We use both third-party cookies and our cookies to show you personalized ads on various websites. This practice, known as "retargeting", is based on your clicks, the pages you browse on our Websites, the products you view, and the advertisements that are shown to you. We also use cookies as part of our online marketing campaigns to understand how users interact with our Websites after seeing online ads, including those displayed on third-party websites.

You can manage your preferences or withdraw your consent for non-essential cookies at any time through the cookie settings available on our Websites. Additionally, most web browsers allow you to control or delete cookies through their settings.

For more information on third-party providers and their data practices, please refer to the privacy policies listed in Table 1 below.

COOKIE INVENTORY

When you visit our Websites or log in to our Platform (app.picussecurity.com), we use the following services:

Table 1: Advertisement, Analytics/Targeting Cookies Used on our Websites

These cookies are not integral to the functioning of our site, and your use and experience of ​​our site will not be impaired by blocking or deleting them. However, certain features of our site ​may not function fully or as intended.

Our Websites use Google Analytics, an analysis service of Google LLC ("Google") with IP anonymization features. On the other hand, Google Analytics uses cookies to enable the analysis of website usage. The information generated by cookies about the use of the website is transmitted to and stored on a Google server in the USA. Upon the instruction of the operator of this website, Google uses this information to prepare reports to evaluate your use and provide related services. The IP address transmitted from your browser within the framework of Google Analytics is not combined with other data from Google. If you do not want these cookies to be stored, you can adjust your settings accordingly in your browser.

In addition, our website (www.picussecurity.com) may also use Google AdWords and double-click cookies for statistical purposes.

If you think we have missed a cookie, please let us know by sending an email to security@picussecurity.com.

HOW TO CONTROL COOKIES

You have the right to decide whether to accept or reject cookies. You can exercise your preferences through the following methods:

• Cookie Consent Banner: When you first visit our Websites, a cookie consent banner will appear, allowing you to accept all cookies or customize your preferences by opting in or out of specific categories. You can update these settings at any time through our Websites.
• Browser Controls Most web browsers allow you to manage cookies through their settings. You can set your browser to refuse all cookies or to indicate when a cookie is being sent. However, please note that if you disable cookies, certain features of our Websites may not function as intended, and your user experience may be impacted.
• Google Analytics Opt-Out To specifically prevent your data from being used by Google Analytics across all websites, you can install the Google Analytics Opt-out Browser Add-on.

Your choices are browser- and device-specific, so you may need to update your preferences separately on each device and browser you use.

FURTHER INFORMATION ON COOKIES

To learn more about cookies, including how to see which cookies have been set and how to​ ​manage and delete them, you can visit the following websites: All About Cookies, About Cookies, Your Choices Online, and Cookie Database.

CONTACT

If you have any questions about our use of cookies, please contact us at security@picussecurity.com.

PICUS SUBSCRIPTION AGREEMENT

IMPORTANT – CAREFULLY READ ALL THE TERMS AND CONDITIONS OF THIS PICUS SUBSCRIPTION AGREEMENT (THE “AGREEMENT”). BY SIGNING AN ORDER FORM INCORPORATING THIS AGREEMENT, CLICKING “I ACCEPT”, CLICKING “CREATE”, PROCEEDING WITH THE INSTALLATION AND/OR ACCESS AND USE OF THE PICUS SOLUTIONS, OR USING THE PICUS SOLUTIONS AS AN AUTHORIZED REPRESENTATIVE OF YOUR COMPANY NAMED ON THE APPLICABLE ORDER FORM ON WHOSE BEHALF YOU INSTALL AND/OR USE THE PICUS SOLUTIONS, YOU ARE INDICATING THAT YOU HAVE READ, UNDERSTOOD, AND ACCEPT THIS AGREEMENT WITH PICUS (AS DEFINED BELOW). IF YOU DO NOT AGREE WITH ALL OF THE TERMS OF THIS AGREEMENT, DO NOT INSTALL, COPY, OR OTHERWISE USE THE PICUS SOLUTIONS. THE EFFECTIVE DATE OF THIS AGREEMENT SHALL BE THE DATE THAT YOU SIGN AN ORDER FORM WITH PICUS OR OTHERWISE ACCEPT THIS AGREEMENT.

Last Updated: July 31, 2025

1. DEFINITIONS.  Capitalized terms used in this AGREEMENT shall have the meaning given to them in Schedule 1: Definitions, attached hereto.
2. ORDERS.

2.1.  Formation.  This AGREEMENT governs the overall relationship of the parties in relation to Customer’s use of the Picus Solutions. Customer is not permitted to use the Picus Solutions until it has recorded its consent to this AGREEMENT via a signed Order Form referencing this Agreement or an electronic acceptance of this Agreement. Each executed Order Form creates a separate Agreement between Picus and Customer. Upon Picus’ written acceptance of the Order Form, Picus or its Partner (as defined below) shall provide Customer with a license certificate evidencing the purchase of the Picus Solutions.  

2.2.  Informal. Provision of the Picus Solutions, Support, or any other products or services provided by Picus or its Affiliates to Customer or its Affiliates is governed by this AGREEMENT unless otherwise agreed in writing by the parties.

2.3.  Affiliate Orders. If an Order Form incorporating this AGREEMENT is executed by an Affiliate of either party, the terms “Customer” and “Picus”, as used in this AGREEMENT, shall be read to mean the applicable Customer Affiliate and/or Picus Affiliate that executed the applicable Order Form.

2.4.  Orders through Partners. If Customer purchases the Picus Solutions from or through an authorized distributor, reseller, or managed services provider (each a “Partner”), Customer’s and its Users’ access to and use of the Picus Solutions will be governed by this AGREEMENT. Instead of Customer paying Fees to Picus, Customer will pay applicable amounts to the Partner as agreed upon between Customer and Partner, and Partner will pay Picus the Fees set forth in the applicable Partner Order (defined below). Customer’s order details (e.g., scope of use including Permitted Capacity, Subscription Term, and Fees) will be as stated in the order form placed by Partner with Picus on Customer’s behalf (“Partner Order”).  Partner is responsible for the accuracy of such Partner Order. Picus may suspend or terminate Customer’s rights to access and use the Picus Solutions if it does not receive the corresponding payment from Partner.  This AGREEMENT is directly between Picus and Customer and governs all use of the Picus Solutions by Customer and its Users. Partners are not authorized to modify this AGREEMENT or make any promises, representations, warranties, or commitments on Picus’s behalf, and Picus is not bound by any obligations to Customer other than as set forth in this AGREEMENT.  Picus is not a party to (or responsible under) any separate agreement between Customer and Partner and is not responsible for any Partner’s acts, omissions, products, or services. The amount paid or payable by Partner to Picus for Customer’s use of the Picus Solution under this Agreement will be deemed the amount paid by and due from Customer to Picus under this AGREEMENT.

3. PICUS SOLUTIONS.

3.1.  License Grant.  Subject to Customer’s compliance with the terms and conditions of the Agreement, including payment of all applicable fees, Picus hereby grants to Customer for its internal business purposes a limited, non-sublicensable, non-exclusive, non-customized, non-transferable, worldwide license, solely during the Subscription Term or Trial Period, as applicable and as set forth in the Order Form, to:

(a)  either:

(i) install, execute, and use, or permit Users to install, execute, and use, in object code form only, the Software on Customer-provided infrastructure; or

(ii) access and use the Cloud Service; and

(b) reproduce and use a reasonable number of copies of the Documentation for use with the Picus Solutions.

(c) shall ensure that use of the Picus Platform is subject to the restrictions and limitations contained in this Agreement, including the export control law requirements.

Picus shall own and retain all right, title, and interest in the Picus Solutions and all intellectual property rights inherent therein, including – without limitation – all changes or improvements requested or suggested by Customer, notwithstanding any use of terms such as "purchase", "sale", or the like within this Agreement.  Customer agrees that its use of the Picus Solutions will be solely to facilitate satisfaction of its obligations under this Agreement.  Should Customer use the Picus Solutions for any other purpose (including Customer's internal or production use), Customer agrees to report such use to Picus, to pay the applicable fee (on a pro-rata basis) for any past use, and to enter into an agreement to purchase a license for the Picus Solutions.  Any unauthorized use of the Picus Solutions will be deemed to be a material breach of this Agreement.

3.2.  Control Systems.

(a)  Upon execution of this Agreement and subject to the terms outlined in this Agreement, Customer may use the Picus Solutions to test the defensive capabilities of the Control Systems that the Picus Solutions are designed to test.  The Picus Solutions may not cover all of Customer’s identified Control Systems, and Picus may unilaterally add or remove different Control Systems categories provided by the Picus Solutions.

(b)  Customer authorizes Picus to perform Security Validation tests on Control Systems specified by Customer. Picus will provide Customer with the results of any Security Validation tests automatically via the Picus Solutions user interface. The Picus Solutions aim at revealing which threats identified by Customer are blocked and not blocked by the Control Systems used in Customer’s different digital environments, and Customer acknowledges that Security Validation test results may differ for the same security control technology in use in different environments. Picus shall not be held liable if the Picus Solutions fail to discover certain security or configuration shortcomings on the target Control Systems and shall not become subject to any claim and request (including but not limited to compensation, damage, loss, or reimbursement) related to any such failure.

3.3.  Trial Versions and Beta Features.

3.3.1.  Beta Features. Beta Features may be subject to additional beta terms as provided by Picus from time to time. Picus may, in its sole discretion: (i) cease providing Beta Features at any time; or (ii) cease providing Beta Features free of charge and require Customer to purchase such features for continued use as part of the Picus Solutions. Customer will not attempt to circumvent, dismantle, or otherwise interfere with any time-control disabling functionality in any Beta Feature that causes the Beta Feature to cease functioning. 

3.3.2.  Trial Versions. Picus may provide the Trial Version free of charge for a time period of two weeks days or such longer period as may be granted by Picus (“Trial Period”). Picus may extend the Trial Period in its sole and exclusive discretion. Picus may immediately terminate Customer’s access to and use of the Trial Version at any time. Picus will have no liability under the Agreement arising out of or related to any use of a Trial Version by Customer or any End User or the deletion of any data generated during the Trial Period. Any use of a Trial Version is solely at Customer’s own risk and may be subject to additional requirements as specified by Picus. Picus is not obligated to provide Support for any Trial Version, and all Trial Versions are provided as-is without warranty. Customer agrees to use the Trial Version in a non-production environment.

3.4.  Support.  Picus will provide Customer with Support for the Picus Solutions.  Customer may obtain Support from Picus by logging a support request in the Picus support portal (currently available at the following URL: https://support.picussecurity.com/) or by sending a support request to the TAC (Technical Assistance Center) team.

3.5. Compliance with Law.  In performing its duties hereunder and in any of its dealings with respect to the Picus Solutions, Customer will comply with all applicable international, national, state, regional, and local laws and regulations, including data protection, data privacy, export control, and anti-corruption laws.  Picus shall not be responsible for Customer’s compliance with applicable laws.  With respect to any Customer Information, the parties acknowledge that, under the EU General Data Protection Regulation (“GDPR”) and applicable personal data protection law, Picus is a data controller for Customer Information and will maintain and otherwise Process such Personal Information according to their own policies and procedures.  Without limiting anything else in this Section 3, Customer represents and warrants that it (i) has all necessary rights and authorizations to disclose, transfer, provide, or cause to be disclosed, transferred or provided such Customer Information; (ii) will provide any required notice to and obtain any required consent from Customer and other third parties to the transfer to and Processing by Picus of such Customer Information.  Picus will Process such Customer Information as part of its provision of the Picus Solution and any related Support and maintenance activities and services, and as otherwise stated in Picus Privacy Policy as may be updated from time to time by Picus. A current version of which is located here: https://www.picussecurity.com/trust-center/privacy-security 

4. ADDITIONAL CUSTOMER RESPONSIBILITIES.

Customer: (i) must keep its passwords secure and confidential and use industry-standard password management practices; (ii) is solely responsible for the Content and all activity conducted through its account within the Picus Solutions; (iii) must use commercially reasonable efforts to prevent unauthorized access to its account and notify Picus promptly of any such unauthorized access; (iv) may use the Picus Solution only in accordance with the Documentation and applicable law; (v) is responsible for its Users’ compliance with the terms of the Agreement; and (vi) must not exceed the Permitted Capacity (defined below).

5. FEES AND PAYMENT.

5.1.  Subscription Fees.  Fees are due and payable as set forth on the Order Form.  Unless otherwise stated on an Order Form, Customer shall timely pay all fees within thirty (30) days of the date of invoice.  Payment obligations are non-cancelable, and fees paid are non-refundable.  All payments shall be made in the currency stated on the Order Form.  Picus may charge interest on overdue amounts at the lesser of 1.5% per month or the maximum legal rate and may charge Customer for any cost or expense arising out of collection efforts.  Except as provided below in Subsection 5.2 (Permitted Capacity), there will be no fee increases during Customer’s Subscription Term; however, Customer’s fees are subject to increase upon renewal (including any auto-renewal) following expiration of the then-current Subscription Term. 

5.2.  Permitted Capacity.  Customer understands that its right to use the Picus Solutions is limited by the Permitted Capacity purchased.  Customer and its Affiliate's combined use may in no event exceed the Permitted Capacity authorized under the applicable Order.  The Permitted Capacity may be defined during the registration process or on an Order Form.  Customer may submit a request to increase Permitted Capacity at any time, and, upon execution of an Order Form, Customer will pay fees due for such increase at a prorated amount for the remainder of Customer’s then-current Subscription Term.  Any Order Form for such an increase will renew concurrently with Customer’s then-current Subscription Term for a period equal to Customer’s initial Subscription Term.

5.3. Taxes.  All fees are exclusive of Taxes (as defined below), and Customer shall pay or reimburse Picus for all Taxes arising out of transactions contemplated by this Agreement.  If Customer is required to withhold any Tax for payments due, Customer shall gross up its payments to Picus so that Picus receives sums due in full, free of any deductions.  As reasonably requested, Customer will provide documentation to Picus showing that Taxes have been paid to the relevant taxing authority.  “Tax(es)” means any sales, VAT, GST, use, withholding, or other taxes (other than taxes on Picus’s income), export and import fees, customs duties and similar charges imposed by any government or other authority.  Customer hereby confirms that Picus can rely on the name and address that Customer provides to Picus when Customer agrees to the fees or in connection with Customer’s payment method as being the place of supply for sales tax and income tax purposes or as being the place of supply for VAT or GST purposes where Customer has established its business.

6. CONFIDENTIAL INFORMATION.

As used in this Agreement, “Confidential Information” means any nonpublic information or materials disclosed under this Agreement by either party to the other party, either directly or indirectly, in writing, orally, or by inspection of tangible objects, which the disclosing party clearly identifies as confidential or proprietary.  Picus’s Confidential Information includes the Picus Solutions and any information or materials relating to the Picus Solutions (including pricing), or otherwise. Confidential Information may also include confidential or proprietary information disclosed to a disclosing party by a third party.

The receiving party will: (i) hold the disclosing party’s Confidential Information in confidence and use reasonable care to protect the same; (ii) restrict disclosure of such Confidential Information to those employees or agents with a need to know such information and who are under a duty of confidentiality respecting the protection of Confidential Information substantially similar to those of this Agreement; and (iii) use Confidential Information only for the purposes for which it was disclosed, unless otherwise set forth in this Agreement. The restrictions will not apply to Confidential Information, excluding Personal Data, to the extent it: (i) is (or through no fault of the recipient, has become) generally available to the public; (ii) was lawfully received by the receiving party from a third party without such restrictions; (iii) was known to the receiving party without such restrictions prior to receipt from the disclosing party; or (iv) was independently developed by the receiving party without breach of this Agreement or access to or use of the disclosing party’s Confidential Information.

The receiving party may disclose Confidential Information to the extent the disclosure is required by law, regulation, or judicial order, provided that the receiving party will provide to the disclosing party prompt notice, where permitted, of such order and will take reasonable steps to contest or limit the steps of any required disclosure.  The parties agree that, in addition to any other relief to which the non-breaching party may be entitled, any material breach of this Section 6 will cause irreparable injury and the non-breaching party may seek injunctive relief in a court of competent jurisdiction without the need of posting bond.

7. RESTRICTIONS. Except as expressly set forth in the Agreement, and to the maximum extent permitted by applicable law, Customer will not (and will not allow any third party to): (i) decompile, disassemble, reverse engineer, or otherwise attempt to derive the structure of the Picus Solutions or the source code from the Picus Solutions; (ii) download or export the threat or attack libraries/codes from Picus Solutions; (iii) distribute, license, sublicense, assign, transfer, provide, lease, lend, rent, disclose, use for timesharing or service bureau purposes, or otherwise use for the benefit of any third party the Picus Solutions (iv) use or access the Picus Solutions in order to build a similar or competitive product or service or to disclose to any third party any benchmarking or comparative study involving the Picus Solutions; (v) modify, adapt, translate, or create derivative works of the Picus Solutions or Documentation; (vi) remove, alter, or obscure in any way any proprietary rights notices (including copyright notices) of Picus or its suppliers on or within the Picus Solutions or Documentation; or (vi) use the Picus Solutions on any hardware or other system not owned by Customer.
8. TERM AND TERMINATION.

8.1.  Subscription Term.  Subject to the termination rights set forth herein, the term of this AGREEMENT will commence on the Effective Date and will continue as long as the Picus Solutions is being provided to Customer under an Order Form.  Unless otherwise agreed in the Order Form, the Subscription Term stated on an Order Form will automatically renew for successive terms of 12 months each unless either party gives the other party written notices of non-renewal not less than 45 calendar days before the expiration of the then-current Subscription Term.

8.2.  Termination for Material Breach.   Customer may terminate this Agreement immediately without further notice if Picus materially breaches its obligations under the Agreement and does not remedy such breach within 30 calendar days of receiving written notice of such breach from Customer.  Picus may terminate an affected Order Form, all Order Forms, or the Agreement in place between Picus and Customer immediately without further notice if Customer materially breaches its obligations under the Agreement and does not remedy such breach within 30 calendar days of receiving written notice of such breach from Picus.

8.3.  Termination for Dissolution, Bankruptcy.  Subject to applicable law, either party may immediately terminate the AGREEMENT and/or any Order Form on written notice if the other party enters compulsory or voluntary liquidation or reorganization, enters into an assignment for the benefit of the creditors, ceases to carry on business, or takes or suffers any similar action which the other party reasonably believes means that it may be unable to pay its debts.

8.4.  Parties’ Rights After Expiration or Termination.  Expiration or termination of all or part of the Agreement shall not affect any accrued rights, remedies, obligations, or liabilities of the parties.  Nothing in this Agreement shall constitute a waiver or limitation of any rights that Picus may have under applicable law. Customer may only use the Picus Solutions during the period for which Customer has paid the subscription fee.  

8.5.  Upon the Termination of an Applicable Order Form.  Upon termination of an applicable Order Form: (i) the licenses granted under the Order Form for the Picus Solutions will immediately terminate, and Customer and its Users will immediately cease use of the Picus Solutions; (ii) Picus’s obligations to provide Support will immediately terminate; (iii) in the event of a termination for Customer’s breach of the Agreement, Customer will pay to Picus the full amount of any outstanding fees due hereunder; (iv) in the event of a termination for Picus’s breach of the Agreement, Picus will refund to customer the pro-rata amount of any prepaid but unused fees; (v) for Cloud Service Customers, Customer may request that Picus delete the Content belonging to Customer; and (vi) on Customer’s request, Picus will destroy, anonymize, inaccessible, or return all Customer Confidential Information in its possession or control and will not make or retain any copies of such information in any form, except that Picus may retain one archival copy of such information solely  to ensure compliance with the Agreement; in the context of statistical/benchmark result analyzes that cannot be directly linked to the Customer or as required by applicable law or regulation.

8.6.  Customer Acknowledgment.  CUSTOMER ACKNOWLEDGES AND AGREES THAT THE PICUS SOLUTIONS MAY CONTAIN DISABLING CODE THAT (EITHER AUTOMATICALLY OR AT PICUS’S CONTROL) WILL RENDER THE PICUS SOLUTIONS (AND RELATED DATA) UNUSABLE UPON TERMINATION OR CUSTOMER’S BREACH OF THE AGREEMENT AND FAILURE TO CURE WITHIN 30 DAYS OF RECEIVING NOTICE OF SUCH BREACH FROM PICUS. 

8.7.  Survival. Sections 3 (Picus Solutions), 4 (Additional Customer Responsibilities), 5 (Fees a Payment), 6 (Confidential Information), 7 (Restrictions), 8 (Term and Termination), 9 (Proprietary Rights), 12 (Indemnification), 13 (Limitation on Liability), and 19 (Miscellaneous) shall survive any termination or expiration of this Agreement, along with any other provisions which by their express terms do survive or by their nature should survive.

9. PROPRIETARY RIGHTS.  The Picus Solutions, Picus Content, and Picus Marks are licensed, not sold, under the terms of this Agreement.  Use of “purchase” in conjunction with licenses under this Agreement does not imply a transfer of ownership.  Except for the limited rights expressly granted by Picus to Customer under this Agreement, Customer acknowledges and agrees that all right, title, and interest in and to all copyrights, trademarks, patents, trade secrets, intellectual property (including without limitation algorithms, business processes, improvements, enhancements, modifications, derivative works, and information collected and analyzed in connection with the Picus Solutions), and other proprietary rights arising out of or relating to the Picus Solutions, Picus Content, and Picus Marks, and the provision of each, belong exclusively to Picus or its suppliers or licensors.  All right, title, and interest in and to content which may be accessed through the Picus Solutions is the property of the respective owner and may be protected by applicable intellectual property laws and treaties. The Picus Solutions may include software products licensed from third parties ("Third Party Components”).  Licensors of any Third Party Components shall have no obligations or liability to Customer under this Agreement but are third-party beneficiaries of this Agreement. All rights not expressly granted to Customer under this Agreement are reserved by Picus, and this Agreement does not grant any implied rights to the Picus Solutions, Picus Content, Picus Marks, or Third Party Components.
10. DATA SECURITY AND PRIVACY.

10.1.  Content. Customer-owned Content remains the property of Customer. Customer represents and warrants to Picus that Customer has provided all required notices and has obtained all required licenses, permissions, and consents regarding Content for use within the Picus Solution. Customer grants Picus a perpetual, transferrable, worldwide, fully paid, royalty-free right and license to use the Content in accordance with this Agreement.

For the purposes of this Agreement, Customer Content includes data generated, provided, or collected during customer interactions with the Picus Platform, including but not limited to simulation and analytics results, as well as data gathered from customer actions through Picus products and services. Picus retains simulation run data, as part of Content data, for a limited duration in accordance with its data retention policies. Data exceeding this period will be deleted as part of routine data management. The security requirements stated in Section 10 constitute the sole contractual obligations of Picus regarding the handling, use, and security of Customer Content.

10.2.  Data Security Measures and Data Processing Addendum.  

(a)  Security Measures.  Picus (i) implements and maintains reasonable security measures appropriate to the nature of the Content including, without limitation, technical, physical, administrative, and organizational controls designed to maintain the confidentiality, security, availability, and integrity of Content; (ii) implements and maintains industry standard systems and procedures for detecting, preventing, responding to attacks, intrusions, or other systems failures and regularly tests or otherwise monitors the effectiveness of the safeguards’ key controls, systems, and procedures; (iii) designates an employee or employees to coordinate implementation and maintenance of its security measures (as defined below); and (iv) identifies reasonably foreseeable internal and external risks to the security, confidentiality, availability, and integrity of Content that could result in the unauthorized disclosure, access, misuse, alteration, destruction, or other compromise of such information.

(b)  Data Processing Agreement.  When legally required, the parties agree to comply with the terms of Picus’s Data Processing Agreement (the “DPA”); and also Policies that are presently found at the following URL: https://www.picussecurity.com/trust-center/ as may be periodically updated by Picus.  

(c)  Customer User Information. With respect to any User Information, the parties acknowledge that, under the terms of the DPA, Picus is a data processor for End User Information and will maintain and otherwise Process such Personal Information according to its own policies, procedures, and DPA requirements. Without limiting anything else in this Section, Customer represents and warrants that it (i) has all necessary rights and authorizations to disclose, transfer, provide, or cause to be disclosed, transferred, or provided, such User Information; (ii) will provide any required notice to and obtain any required consent from Users and other third parties to the transfer to and Processing by Picus of such User Information. Picus will Process such User Information as part of its provision of the Picus Solutions and any related Support services and as otherwise stated in Picus Privacy Policy, as may be updated regularly by Picus (the current version of which is located here: https://www.Picussecurity.com/trust-center/).

10.3.  Statistical Data.  Picus may utilize Content and other data, results, and analytics (“Statistical Data”) to improve the Picus Solutions for marketing and product improvement purposes and to manage its license models. To the extent used for external marketing purposes, Statistical Data will be aggregated and anonymized and will not identify Customer, its Users, or any natural person.

10.4.  Cookies.  Whenever Customer or Users interact with the Picus Solutions or Picus websites, Picus automatically receives and records some technical and usage information on its server logs from the browser or device, which may include user activities, IP address, and the type of browser and/or device being used to access the Picus Solutions or Picus websites, as further described in the Cookies Policy (the current version of which is located here: https://www.picussecurity.com/trust-center/). 

11. WARRANTY AND DISCLAIMERS.

11.1.  Picus Warranty.

(a) Picus warrants that for the duration of the Term: (i) it will not materially decrease the overall security of the Picus Solutions; (ii) it will not materially decrease the overall functionality of the Picus Solutions; (iii) the Picus Solutions will perform substantially in conformance with the Documentation; (iv) Picus will maintain all necessary licenses, consents, and permissions for performance of its obligations under the Agreement; and (v) it uses commercially reasonable efforts consistent with industry standards to regularly scan for and remove any Malware from the Picus Solutions.  Customer acknowledges that the foregoing is null and void to the extent the Picus Solutions: (i) fail to conform with this warranty because of Customer’s use with any third-party hardware or software other than as authorized by Picus in the Documentation; (ii) are used other than in accordance with its published Documentation; or (iii) are used in breach of the Agreement. If the Picus Solutions do not conform with the warranties stated in this Subsection 11.1(a), then Customer’s sole remedy, and Picus entire liability, is to correct the non-conformance promptly.

(b) Availability SLA.  Picus warrants that it will maintain the availability of the Cloud Service as provided in the Availability SLA attached hereto as Schedule 2.

11.2.  Customer Warranty.  Customer warrants that it has the full right, power, and authority to consent to the use the Picus Solutions to perform the Security Validation tests of the Control Systems set as target systems by Customer or its representatives.

11.3.  Picus Warranty Disclaimer.  EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT, THE PICUS SOLUTIONS, PICUS CONTENT, PICUS MARKS, SUPPORT, AND ALL OTHER PRODUCTS AND SERVICES PROVIDED HEREUNDER OR MADE AVAILABLE UNDER THIS AGREEMENT, INCLUDING THIRD PARTY HOSTED SERVICES OR SOFTWARE (COLLECTIVELY, FOR THE PURPOSES OF THIS PARAGRAPH, “PRODUCTS”), ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, PICUS DISCLAIMS AND EXCLUDES ALL REPRESENTATIONS AND WARRANTIES OF ANY KIND, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, ACCURACY, RELIABILITY, SECURITY, LOSS OR CORRUPTION OF DATA, CONTINUITY, OR ABSENCE OF DEFECT RELATING TO THE PRODUCTS OR THE RESULTS OF THE SAME.  PICUS DOES NOT WARRANT THAT THE PRODUCTS, INCLUDING ANY SPECIFICATIONS OR FUNCTIONS CONTAINED IN THEM, WILL MEET END USERS’ REQUIREMENTS, THAT THE PRODUCTS WILL BE ERROR-FREE, OR THAT DEFECTS IN THE PRODUCTS WILL BE CORRECTED.

12. INDEMNIFICATION

12.1.  By Picus.  Subject to Subsection 12.3 (Process), Picus will, at its cost and expense, indemnify and hold Customer harmless from any third party claim brought against Customer alleging that Customer’s authorized use of the Picus Solutions provided by Picus to Customer pursuant to this Agreement infringes or misappropriates any U.S. patent, copyright, trademark, trade secret, or other intellectual property rights of a third party, provided: (i) Customer’s use of the Picus Solutions complies with this Agreement; (ii) the infringement or misappropriation is not caused by modification or alteration of the Picus Solutions or Documentation; (iii) the infringement or misappropriation was not caused by a combination or use of the Picus Solutions with products or software not supplied by Picus; and/or (iv) the infringement or misappropriation is not caused by Customer’s negligence or willful misconduct. This Section states Picus’s entire liability (and shall be Customer’s sole and exclusive remedy) with respect to indemnification by Picus to Customer.  If a claim under this Section occurs, or in Picus’s opinion appears reasonably likely to occur, then Picus may at its expense and in its sole discretion: (i) modify the Picus Solutions to become non-infringing; (ii) procure the necessary rights to allow Customer to continue using the Picus Solutions; (iii) replace the Picus Solutions with a functional equivalent; or (iv) if neither (i) through (iii) are commercially practicable, terminate the Picus Solutions and refund any prepaid and unused fees.

12.2.  By Customer.  Subject to Subsection 12.3, Customer will, at its cost and expense, indemnify, defend, and hold Picus and its directors and employees harmless from and against any and all losses arising from or in connection with (a) the performance of its obligations under this Agreement or a breach of this Agreement; (b) any allegation that Customer infringed upon or misappropriated any patent, copyright, trademark, or other intellectual property right of a third party; (c) any allegation that Customer infringed upon or misappropriated any Picus intellectual property; or (d) the gross negligence or willful misconduct of Customer. 

12.3.  Process.  If the indemnified party receives notice of a claim that is covered by this Section 12, the indemnified party shall give the indemnifying party prompt written notice such claim, provided that failure to give prompt notice shall not relieve a party of its obligations under this Section unless such failure materially prejudices the claim.  The indemnifying party shall be allowed to solely conduct the defense of the matter, including choosing legal counsel to defend the claim, provided that the choice is reasonable and is communicated to the indemnified party in advance.  The indemnified party shall comply with the indemnifying party’s reasonable requests for assistance and cooperation in the defense of the claim.  The indemnifying party may not settle the claim without the indemnified party’s consent, which may not be unreasonably withheld, delayed, or conditioned.

13. LIMITATION OF LIABILITY. 

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL PICUS, ITS AFFILIATES, OR ITS OR THEIR DIRECTORS, EMPLOYEES, AGENTS, OR LICENSORS HAVE ANY LIABILITY, CONTINGENT OR OTHERWISE, FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, STATUTORY, OR EXEMPLARY DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOST PROFITS, LOST OR CORRUPTED DATA, LOSS OF GOODWILL, WORK STOPPAGE, EQUIPMENT FAILURE OR MALFUNCTION, PROPERTY DAMAGE, OR ANY OTHER ECONOMIC DAMAGES OR LOSSES ARISING OUT OF OR RELATING TO THIS AGREEMENT, THE PICUS SOLUTIONS, PICUS CONTENT, PICUS MARKS, OR ANY OTHER PRODUCTS OR SERVICES PROVIDED HEREUNDER, EVEN IF THEY HAVE BEEN ADVISED OF THE POSSIBILITY THEREOF, AND REGARDLESS OF THE LEGAL OR EQUITABLE THEORY (CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, INDEMNITY, OR OTHERWISE) UPON WHICH ANY SUCH LIABILITY IS BASED.

THE AGGREGATE LIABILITY OF PICUS, ITS AFFILIATES, AND ITS DIRECTORS, EMPLOYEES, LICENSORS, SUPPLIERS, AND AGENTS SHALL BE LIMITED TO DAMAGES NOT TO EXCEED THE TOTAL AMOUNT PAYABLE OR PAID TO PICUS UNDER THIS AGREEMENT DURING THE TWELVE (12) MONTHS PRIOR TO THE EVENT GIVING RISE TO THE CLAIM.

14. FUTURE FUNCTIONALITY. Customer agrees that it has not relied on the availability of any future functionality of the Picus Solutions or any other future product or service in executing the Agreement.  Customer acknowledges that information provided by Picus regarding future functionality should not be relied upon to make a purchase decision.
15. GOVERNMENT LICENSES.  For purposes of sales to government entities in the United States, the Picus Solutions and the accompanying Documentation are deemed to be “commercial computer software” and “commercial computer software documentation”, respectively, pursuant to DFARS Section 227.7202 and FAR Section 12.212(b), as applicable. Any use, modification, reproduction, release, performing, displaying, or disclosure of the Picus Solutions or the accompanying Documentation by or for the U.S. Government will be governed solely by the terms and conditions of the Agreement, in conjunction with statutes, regulations, and the terms of the GSA Schedule, if applicable.
16. EXPORT COMPLIANCE AND ANTI-CORRUPTION.

16.1.  Picus’s products and services are subject to U.S. export control, sanctions, import compliance, and anticorruption laws and regulations (“Trade Controls”).  Customer agrees that it shall not sell, provide access to, license, or transfer any of the Picus’s products or services to any Persons that are: (i) subject to the restriction of a sanctions or export denial list, including, but not limited to, the U.S. Department of the Treasury’s Specially Designated Nationals and Blocked Persons (“SDN”) List maintained by OFAC and the U.S. Department of Commerce’s Bureau of Industry and Security’s (“BIS”) Entity List; (ii) located in, ordinarily resident in, organized under the laws of, or owned or controlled by a region subject to a comprehensive U.S. or other applicable embargo and/or sanctions (presently including Cuba, Iran, Syria, North Korea and the Crimea, Donetsk People’s Republic, Luhansk People’s Republic regions of Ukraine, Afghanistan, Belarus, Myanmar/Burma, Russia, and Venezuela; (iii) engaged in or facilitating end uses prohibited by Trade Controls, including, but not limited to, nuclear, chemical, or biological weapons proliferation, restricted military or military-intelligence users or use, restricted supercomputers or semiconductor development or production in China, missile systems or technology, restricted unmanned aerial vehicle end uses, or any other activities that are prohibited to a U.S. person; (iv) or otherwise acting on behalf or for the benefit of the foregoing. Customer represents and warrants that it is not directly or indirectly owned by, controlled by, a Person in (i)-(iv).  

Customer represents and warrants that neither Customer, its Representatives, nor, to Customer’s knowledge, its Affiliate’s Representatives are currently the subject of any investigation by the Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury, the Bureau of Industry (BIS) of the U.S. Department of Commerce, or any other governmental authority pursuant to any laws that other governmental authorities administer.  

Customer shall promptly notify Picus if it or any of its representatives or its affiliates’ representatives become the subject of any such investigation at trade.compliance@picussecurity.com..  

Customer represents and warrants that its use of Picus’s Services will in all respects comply with current U.S. export controls regulations and requirements, including, without limitation, those promulgated by U.S. Departments of State, Commerce, Homeland Security, Treasury, and Defense. Any breach of this Section 16.1 is a material breach of the Agreement for which no cure period shall apply.

16.2.  Customer warrants and agrees that it has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any Picus employee or agent in connection with the Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction.

16.3.  If Customer learns of any violation of the above restriction, Customer will promptly notify the Picus legal department at legal@picussecurity.com. 

16.4.  Customer’s failure to comply with any term of this Section 16 will constitute a material breach of the Agreement and will entitle Picus to immediately terminate the Agreement without notice in addition to any other remedy available at law or equity.

16.5. Customer represents and warrants that it is in compliance with all applicable anti-corruption laws, and that it has not and will not violate any anti-corruption law, including but not limited to the United States Foreign Corrupt Practices Act, the United Kingdom Bribery Act, and any applicable local anti-corruption laws.

Without limiting the foregoing, Customer represents and warrants that it, and its employees, agents, and representatives have not and will not, directly or indirectly, offer, pay, give, promise, or authorize the payment of any money, gift, or anything of value to: (i) any officer, employee or person acting in an official capacity for any government department, agency or instrumentality, including state-owned or state-controlled companies, and public international organizations, as well as a political party or official thereof or candidate for political office (“Government Official”), or (ii) any person while Customer knows or has reason to know that all or a portion of such money, gift, or thing of value will be offered, paid or given, directly or indirectly, to any Government Official, for the purpose of (1) influencing an act or decision of the Government Official in his or her official capacity, (2) inducing the Government Official to do or omit to do any act in violation of the lawful duty of such official, (3) securing an improper advantage, or (4) inducing the Government Official to use his influence to affect, or influence any act or decision of a government or instrumentality, in order to assist Picus or any of its affiliates in obtaining or retaining business. Customer agrees that should it learn or have reason to know of any payment or transfer (or any offer or promise to pay or transfer) in connection with this Agreement or Picus’ business that would violate applicable anti-corruption laws, it must immediately provide Picus with written notice.

17. AUDITS.  Customer will keep and maintain written records and accounts regarding Customer’s use of the Picus Solutions and compliance with this Agreement.  Picus, or a third-party certified public accounting firm designated by Picus, shall have the right upon fifteen (15) days written notice to Customer to conduct an inspection and audit of all relevant facilities and records of Customer.  Such audit shall be conducted during regular business hours at Customer’s offices and in such a manner as not to interfere with Customer’s normal business activities.  In no event shall audits be conducted hereunder more frequently than once every 6 months.  Any such audit shall be conducted at Picus’s expense; provided, however, that if the audit reveals that Customer has failed to comply with any material term of this Agreement, Customer shall pay all reasonable costs and expenses incurred by Picus in conducting the audit.
18. PICUS SOLUTIONS LIFECYCLE.  

18.1.  Picus has no obligation to provide Support for any version of the Picus Solutions other than the most current and previous minor release (“Current Version”).  Picus shall have no liability for damages resulting from or in connection with Customer’s failure to install and/or use a Current Version.  Picus may, in its sole and exclusive discretion, discontinue Support for and retire a non-Current Version (“End of Life”).  Picus may publicly post (on its website) a notice of End of Life, including the last date of general commercial availability of the affected version of the Picus Solutions and the timeline for discontinuing Support.

18.2.  Due to operation of law, regulation, or to comply with reasonable security standards (e.g., patching a known vulnerability), Picus may require Customer to update to the most current version of the Picus Solution (“Emergency Update”). Picus will clearly communicate the need for usage the Current Versions and any such Emergency Updates. Picus shall have no liability for damages resulting from or in connection with Customer’s failure to implement an Emergency Update or usage of the non-Current Versions.

19. MISCELLANEOUS.

19.1.  Publicity.  Customer agrees that Picus may publicly disclose that it is providing the Picus Solutions to Customer and may use Customer’s name and logo to identify Customer in our website and promotional materials, provided that Picus does not state or imply that Customer endorses the Picus Solutions.

19.2.  Feedback.  To the extent Customer or any User provides suggestions or feedback to Picus regarding the functioning, features, or other characteristics of the Picus Solutions, Documentation, or other materials or services provided or made available by Picus (“Feedback”), Customer hereby grants Picus a perpetual, irrevocable, non-exclusive, royalty-free, fully-paid, fully-transferable, worldwide license (with rights to sublicense through multiple tiers of sublicensees) to Picus to use and exploit such Feedback in any manner for the purpose of improving and continuing the development of the Picus Solutions.

19.3.  Order of Precedence.  Any ambiguity, conflict, or inconsistency between documents comprising the Agreement shall be resolved in the following order of precedence: (i) the AGREEMENT; (ii) any document or URL incorporated into the AGREEMENT; and (iii) the Order Form.  Any and all additional or conflicting terms provided by Customer, whether in a purchase order, an alternative license agreement, or otherwise, shall be void and shall have no effect.

19.4.  Irreparable Harm.  Any breach by a party to the Agreement or any violation of the other party’s Intellectual Property Rights or Confidential Information could cause irreparable injury or harm to the other party.  The other party may seek a court order to stop any breach or avoid any future breach of the Agreement.

19.5.  Assignment.  The Agreement may not be assigned by either party without the prior written approval of the other party, such approval not to be unreasonably withheld, except in connection with: (i) a merger, consolidation, or similar transaction involving (directly or indirectly) a party; (ii) a sale or other disposition of all or substantially all of the assets of a party; or (iii) any other form of combination or reorganization involving (directly or indirectly) such party.  Any purported assignment in violation of this Subsection shall be null and void and have no effect.

19.6.  Force Majeure.  Picus will not be liable for any delay or failure to perform obligations under this Agreement due to any cause beyond its reasonable control, including: acts of God; labor disputes; industrial disturbances; systematic electrical, telecommunications, or other utility failures; earthquakes, storms, or other elements of nature; blockages; embargoes; riots; acts or orders of government; acts of terrorism; war; or any other cause beyond its reasonable control if Picus makes reasonable efforts to perform (“Force Majeure Event”).  The Party exposed to force majeure that prevents the fulfillment of its obligations arising from the Agreement immediately notifies the other Party in writing. In this case, the obligations of the Parties are postponed until the end of the force majeure and fulfilled by the Parties as soon as possible following the end of the force majeure. In case the force majeure lasts longer than 30 (thirty) days, the Parties may decide to terminate this Agreement. In order to avoid any doubt, force majeure provisions will not apply in the performance of money debts.

19.7.  Relationship of the Parties.  Each party is an independent contractor of the other under the Agreement, and nothing in the Agreement shall be construed to create a partnership, joint venture, agency relationship, fiduciary relationship, or any other arrangement related to sharing of profits and losses.  Each party is responsible for its own expenses in meeting its obligations under the Agreement.  Each party agrees that it has the full power and authority to enter into the Agreement and to carry out the actions contemplated herein.

19.8.  Notices.  Any notices required under this Agreement will be in writing and will be delivered by electronic mail, personal delivery (with a copy by email), or certified or registered mail (return receipt requested and with a copy by email) to the applicable notice address of the other party as set forth on the signature page below (or to such other notice address that a party may designate by at least ten (10) days’ prior written notice to the other party).

19.9.  Waiver and Enforceability.  The delay or failure of either party to exercise any right provided in this Agreement shall not be deemed a waiver of that right, nor will any partial exercise of any right or power hereunder preclude further exercises.  If any provision of this Agreement is held to be unenforceable, illegal, or void, that shall not affect the enforceability of the remaining provisions.  The Parties further agree that the unenforceable provision(s) shall be deemed replaced by a provision(s) that is binding and enforceable and that differs as little as possible from the unenforceable provision(s), with considerations of the object and purpose of this Agreement.

19.10.  Governing Law.  

(a) If the Customer resides within the United States. The validity, interpretation, and enforcement of this Agreement shall be governed by and construed in accordance with the laws of the State of Delaware of the United States, without regard to any conflict of law provisions, except that the United Nations Convention on the International Sale of Goods and the provisions of the Uniform Computer Information Transactions Act shall not apply to this Agreement.  Customer hereby consents to the exclusive jurisdiction of the state and federal courts in Dover, Delaware.  Customer hereby waives all rights to trial by jury with respect to any dispute arising out of or relating to this Agreement or the Picus Solutions, Picus Marks, or Picus Content.  If Customer has any claim arising out of or relating to this Agreement or the Picus Solutions, Picus Marks, or Picus Content, Customer must bring the claim in an appropriate court as set forth in this Section within two (2) years after Customer’s right to bring the claim accrued.  If Picus brings litigation against Customer regarding this Agreement or the Picus Solutions, Picus Marks, or Picus Content, in addition to any other relief to which Picus may be entitled, Picus shall be entitled to recover reasonable attorneys’ fees, expenses, and costs of litigation.  If this Agreement is translated into a language other than English and there are conflicts between the translations of this Agreement, Customer agrees that the English version of this Agreement shall prevail and control.

(b) If the Customer resides outside the United States. In the event of any dispute, claim, question, or disagreement arising from or relating to this agreement or the breach thereof, the parties hereto shall use their best efforts to settle the dispute, claim, question, or disagreement.  To this effect, they shall consult and negotiate with each other in good faith and, recognizing their mutual interests, attempt to reach a just and equitable solution satisfactory to both parties.  If they do not reach such solution within a period of thirty (30) days, then, upon notice by either party to the other, the dispute shall be finally settled under the Rules of Arbitration (the “Rules”) of the International Chamber of Commerce (“ICC”) by three (3) arbitrators designated by the Parties.  Each Party shall designate one arbitrator.  The third arbitrator shall be designated by the two arbitrators designated by the Parties.  If either Party fails to designate an arbitrator within thirty (30) days after the filing of the Dispute with the ICC, such arbitrator shall be appointed in the manner prescribed by the Rules.  An arbitration proceeding hereunder shall be conducted in Zurich, Switzerland and shall be conducted in the English language. The decision or award of the arbitrators shall be in writing and is final and binding on both Parties. The arbitration panel shall award the prevailing Party its attorneys’ fees and costs, arbitration administrative fees, panel member fees and costs, and any other costs associated with the arbitration, the enforcement of any arbitration award and the costs and attorney’s fees involved in obtaining specific performance of an award; provided, however, that if the claims or defenses are granted in part and rejected in part, the arbitration panel shall proportionately allocate between the Parties those arbitration expenses in accordance with the outcomes; provided, further, that the attorney’s fees and costs of enforcing a specific performance arbitral award shall always be paid by the non-enforcing Party, unless the applicable action was determined to be without merit by final, non-appealable decision.  The arbitration panel may only award damages as provided for under the terms of this Agreement and in no event may punitive, consequential, or special damages be awarded.  In the event of any conflict between the Rules and any provision of this Agreement, this Agreement shall govern.

19.11. No Protected Health Information.  Customer expressly acknowledge and agree that it shall neither submit to the Picus Solutions, nor use the Picus Solutions to store, maintain, process, or transmit, any data or information that constitutes protected health information as defined under the Health Insurance Portability and Accountability Act of 1996, as amended and supplemented (“HIPAA”), or otherwise use the Picus Solutions in any manner that would require Picus or the Picus Solutions to be compliant with HIPAA.  Customer acknowledges and agrees that Picus shall have no liability to Customer for any such data or information. Customer further acknowledges and agrees that neither Picus or its Affiliates are acting on behalf of Customer as a Business Associate (as defined under HIPAA).  Picus may immediately and upon notice suspend all or portion of Customer’s access to the Picus Solutions (without any liability to Customer in connection with such suspension), if Picus has a good faith belief that Customer has breached this paragraph.

19.12.  Translations Other Than English.  The English language version of this Agreement and any documents exchanged pursuant to this Agreement shall be controlling in all respects.  Any translations of this Agreement into a language other than English shall have no legal effect and are for the convenience of the parties only.

19.13.  No Amendment or Modification.  Except as Picus is otherwise permitted to do so under this Agreement, this Agreement shall not be amended or modified except in a writing signed by authorized representatives of each party.

19.14.  Cumulative Rights.  Picus’s rights and remedies set forth in this Agreement are cumulative and are not intended to be exhaustive.

19.15.  Headings.  Paragraph headings are for convenience and shall have no effect on interpretation.

19.16.  Execution in Counterparts.  This Agreement and Order Forms may be executed in counterparts, each of which shall be deemed an original and all of which shall constitute one and the same instrument and Agreement between the parties.  The parties may exchange signature pages by delivering a signed, scanned copy by email or via an electronic signature tool such as Adobe Signature, DocuSign, and such copy shall be effective to bind the parties.

19.17. Third Party Rights.  Other than as expressly provided herein, this Agreement does not create any rights for any person who is not a party to it, and no person not a party to this Agreement may enforce any of its terms or rely on an exclusion or limitation contained in it.

19.18. Changes to these terms. Picus reserve the right to modify, update, or discontinue the Services and Agreement, or any part of them, at our discretion. The revised Agreement shall become effective upon such publishing or notification to the Customer. Customer will always find the latest version of these Agreement at https://www.picussecurity.com/trust-center/privacy-security. Any continued use by Customer of the Services following publication or notification of revised Agreement shall constitute Customer’s acceptance to the revised Agreement.

19.19.  Schedules.  All Schedules annexed hereto or referred to herein are hereby incorporated in and made a part of this Agreement as if set forth in full herein

Schedule 1: Definitions

“Affiliates” means an entity that then is directly or indirectly controlled by, is under common control with, or controls that party, and here “Control” means an ownership, voting, or similar interest representing 50% or more of the total interests then outstanding of that entity.  

“Agreement” means the applicable Order Form and this AGREEMENT (including any terms incorporated by reference in the AGREEMENT) which govern the provision of the Picus Solutions and Support provided to Customer or the Customer’s Affiliate.

“Beta Feature(s)” means any Picus Solutions feature that is identified by Picus, including via the applicable Picus Solutions user interface or via other communications to Customer, as “Beta”, “Alpha”, “Experimental”, “Limited Release” or “Pre-Release” or that is otherwise identified by Picus as unsupported.

“Business Days” means Monday through Friday, excluding public holidays in the country whose laws govern the Agreement.

“Cloud Service” means the Picus proprietary software as a service provided for use over the internet and any and all modified, updated, or enhanced versions thereof that Picus may provide to Customer or its Users.

“Content” means data gathered through use of the Picus Solutions or provided for use with the Picus Solutions, wheresoever stored.

“Control Systems” ​means cybersecurity prevention technologies such as endpoint protection software systems (such as endpoint antivirus, host-based intrusion prevention systems, endpoint detection and response, and other solutions that may be considered as endpoint protection software), secure email gateway, data-leakage or loss systems, network intrusion prevention systems, next-generation firewall systems, secure web gateway systems, and other similar prevention technologies.

“Documentation” means the operating instructions, user manuals, product specifications, “read-me” files, and other documentation that Picus makes available to Customer in hard copy or electronic form for the Picus Solutions, including any modified, updated, or enhanced versions of such documentation.

“Intellectual Property Rights” means all intellectual property rights, including copyrights, trademarks, service marks, trade secrets, patents, patent applications, moral rights, and all other proprietary rights, whether registered or unregistered.

“Malware” means software programs designed to damage or do other unwanted actions on a computer system, including viruses, worms, Trojan Horses, and spyware.

“Order Form” means an order form or other ordering document entered into between Customer and Picus or a Picus Affiliate for Customer’s purchase of the Picus Solutions or other services from Picus. 

“Permitted Capacity” ​means the number of “Security Testing” delivered, term, Picus Agents, threat samples, or other license metrics set forth in the delivery of the service.

“Personal Data” means any information that can be used to identify an individual as that term is defined under Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”) and under Regulations listed in the Picus Data Processing Addendum.

“Picus” means Picus Security Inc. (1401 Pennsylvania Avenue Unit 105 Suite 104, Wilmington, DE 19806) and its affiliates Picus Bilisim Guvenlik Tic. A.S. (Hacettepe Teknokent, Üniversiteler Mah. 1596. Cad. 1. Ar-Ge 97/12 Beytepe, Çankaya/ Ankara, Türkiye) and Picus Security US, LLC (3001 North Rocky Point Drive East Suite 200 Tampa, FL 33607 USA).

“Picus Agent” ​means the software component provided for the supported Operating Systems that is used to test the security level of the Control Systems when an assessment is executed.

“Picus Marks” means the trademarks and service marks that are specifically approved by Picus.

“Picus Solutions" or “Picus Platform” means the Picus proprietary programs or products made available to Customer as the Software or Cloud Service, including without limitation its features, modules, reports, results, functions, user interfaces, and related Support services (each as defined below), as specified on an Order Form.

“Process” means access, view, create, generate, amend, disclose, export, import, share, transfer (including across national borders), use, delete, store, combine, or any other activity, action, or process performed upon data or information.

“Software” means the Picus proprietary software provided in executable code form and all modified, updated, or enhanced versions thereof that Picus may provide to Customer or its Users. 

“Subscription” means a subscription license purchased by Customer to install or access online and use the Picus Solutions and to receive Support during the applicable Subscription Term.

“Subscription Term” means the contract term for Customer’s access and use of the Picus Solutions as set forth on the applicable Order Form.

“Support” means the standard maintenance or support services provided by Picus for the Picus Solutions.  

“Trial Version(s)” means any Picus Solutions version that is provided by Picus on a “Trial”, “Evaluation”, or “Proof of Concept” basis whether or not identified as such by Picus on an Order Form.  

“Uptime SLA” means the service level commitments applicable to the Cloud Service attached hereto as Schedule 2.

“User(s)” means Customer’s employees, contractors, or agents (including those of Customer’s Affiliates) who are authorized by the Customer to use the Picus Solutions.

Schedule 2: Service Level Agreement

Picus endeavors to provide the best customer experience during the Subscription Term for Customer’s use of the Picus Solutions. As part of its commitment to meeting its customers’ needs, Picus has established the following Service Level Agreements (SLA) to outline the availability and support standards it maintains.

1. Availability SLA.  Picus Security shall use best efforts to maintain a minimum availability for its Cloud Services of 99.5% per month for Users logging in and utilizing the dashboard metrics.  
2. Support SLA.  During the Subscription Term, Picus will provide Support for all incidents within the supported versions of the Service as further detailed in the Support Services Guide made available by Picus Support on request and as may be updated by Picus from time to time.  Picus commits to respond to Support requests in accordance with the following table based on the severity levels of reported problems as determined by Picus in its sole discretion:

Severity Level	Definition	Initial Response Time
High	An incident that is causing a significant loss of service and no workaround is available	6 Business Hours
Medium	An incident that has a partial impact on mission-critical functionality	8 Business Hours
Low	An incident that has no impact on Customer business functionality	16  Business Hours

 

 

 

 

 

The Initial Response Time stated above shall be based on the support hours stated in the Support Services Guide and is calculated as the duration before a qualified Support representative contacts the customer or partner in response to a Support request.   All Support requests should be sent via the online ticketing system (https://support.picussecurity.com/) and via email the TAC (Technical Assistance Center) team.

Please note that the above Picus’ SLAs are subject to periodic review and may be updated to reflect the evolving needs of customers and the development of the Picus Solutions. Customer’s continued use of the Picus Solutions following any such update  indicates acceptance of the SLAs in effect at that time.

3. Customer Responsibilities.  Customer will comply with the following requirements to facilitate Picus’s delivery of Support:

3.1.  Customer will use best efforts to ensure that its use of the Picus Solutions does not harm the Customer computer system on which a Picus Agent is installed.

3.2.  Customer will provide Picus timely responses and access to accurate and complete information relative to Support requests.

3.3.  Customer is responsible for its own data and applications, and Picus will only Provide support for the Picus Solutions.

3.4. Customer will use the current Picus Solutions version. The customer follows Picus who must provide timely communication and guidance in proactive cases, system/product changes, and emergency updates that will affect the operation of Picus solutions and in possible incident management issues.

4. General Exclusions and Limitations.

4.1.  Picus has no obligation to provide Support: (i) outside the scope of the AGREEMENT, Order Form, these terms, or for issues arising out of or in connection with the unauthorized use of the Picus Solutions; (ii) if Customer fails to pay all applicable fees when due; (iii) for issues arising out of or in connection with unauthorized third-party products and services or issues arising exclusively from authorized third-party products and services; (iv) for modifications or changes to the Picus Solution not performed, directed, or authorized by Picus; and (v) for any use of the Picus Solutions in violation of this Agreement.

4.2.  Customer acknowledges that Support does not include: (i) developing custom scripts, templates, or tests; (ii) Picus interpretation of any results from the Security Validation tests; or (iii) performing installations, configurations, migrations, or upgrades in any Customer environment.

1. AGREEMENT TO TERMS

Definition

For the purposes of these Terms of Use:  

    -Affiliate means an entity that controls is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for the election of directors or other managing authority.

    -Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Picus Security and all its affiliates listed in Section 20.

    -Device means any device that can access the Service, such as a computer, a cellphone, or a digital tablet.

    -Service refers to the Website.

    -Terms of Use (also referred to as "Terms") mean these Terms of Use that form the entire agreement between You and the Company regarding the use of the Service.

    -Third-party Social Media Service means any services or content (including data, information, products, or services) provided by a third party that may be displayed, included, or made available by the Service.

    -Website refers to PICUS, accessible from (www. picussecurity.com) and (picus.io)

You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

These Terms of Use constitute a legally binding agreement made between you, whether personally or on behalf of an entity (“you”) and Picus Security Inc., doing business as PICUS ("PICUS," “we," “us," or “our”), concerning your access to and use of the http://www.picussecurity.com website as well as any other media form, media channel, mobile website or mobile application related, linked, or otherwise connected thereto (collectively, the “Site”). We are registered in Delaware, United States, and have our registered office at 1401 Pennsylvania Ave Unit 105 STE 104 Wilmington, DE 198063.You agree that by accessing the Site, you have read, understood, and agreed to be bound by all of these Terms of Use. IF YOU DO NOT AGREE WITH ALL OF THESE TERMS OF USE, THEN YOU ARE EXPRESSLY PROHIBITED FROM USING THE SITE AND YOU MUST DISCONTINUE USE IMMEDIATELY.

Supplemental terms and conditions or documents that may be posted on the Site from time to time are hereby expressly incorporated herein by reference. We reserve the right, in our sole discretion, to make changes or modifications to these Terms of Use from time to time. We will alert you about any changes by updating the “Last Updated” date of these Terms of Use, and you waive any right to receive specific notice of each such change. Please ensure that you check the applicable Terms every time you use our Site so that you understand which Terms apply. You will be subject to and will be deemed to have been made aware of and to have accepted the changes in any revised Terms of Use by your continued use of the Site after the date such revised Terms of Use are posted.

The information provided on the Site is not intended for distribution to or use by any person or entity in any jurisdiction or country where such distribution or use would be contrary to law or regulation or which would subject us to any registration requirement within such jurisdiction or country. Accordingly, those persons who choose to access the Site from other locations do so on their own initiative and are solely responsible for compliance with local laws, if and to the extent local laws are applicable.

The Site is not tailored to comply with industry-specific regulations (Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), etc.), so if your interactions would be subjected to such laws, you may not use this Site. You may not use the Site in a way that would violate the Gramm- Leach-Bliley Act (GLBA).

The Site is intended for users who are at least 18 years old. Persons under the age of 18 are not permitted to use or register for the Site.

2. INTELLECTUAL PROPERTY RIGHTS

Unless otherwise indicated, the Site is our proprietary property and all source code, databases, functionality, software, website designs, audio, video, text, photographs, and graphics on the Site (collectively, the “Content”) and the trademarks, service marks, and logos contained therein (the “Marks”) are owned or controlled by us or licensed to us, and are protected by copyright and trademark laws and various other intellectual property rights and unfair competition laws of the United States, international copyright laws, and international conventions. The Content and the Marks are provided on the Site “AS IS” for your information and personal use only. Except as expressly provided in these Terms of Use, no part of the Site and no Content or Marks may be copied, reproduced, aggregated, republished, uploaded, posted, publicly displayed, encoded, translated, transmitted, distributed, sold, licensed, or otherwise exploited for any commercial purpose whatsoever, without our express prior written permission.

Provided that you are eligible to use the Site, you are granted a limited license to access and use the Site and to download or print a copy of any portion of the Content to which you have properly gained access solely for your personal, non-commercial use. We reserve all rights not expressly granted to you in and to the Site, the Content, and the Marks.

3. USER REPRESENTATIONS

By using the Site, you represent and warrant that: (1) all registration information you submit will be true, accurate, current, and complete; (2) you will maintain the accuracy of such information and promptly update such registration information as necessary; (3) you have the legal capacity and you agree to comply with these Terms of Use; (4) you are not a minor in the jurisdiction in which you reside; (5) you will not access the Site through automated or non-human means, whether through a bot, script, or otherwise; (6) you will not use the Site for any illegal or unauthorized purpose; and (7) your use of the Site will not violate any applicable law or regulation.

If you provide any information that is untrue, inaccurate, not current, or incomplete, we have the right to suspend or terminate your account and refuse any and all current or future use of the Site (or any portion thereof).

4. USER REGISTRATION

You may be required to register with the Site. You agree to keep your password confidential and will be responsible for all use of your account and password. We reserve the right to remove, reclaim, or change a username you select if we determine, in our sole discretion, that such username is inappropriate, obscene, or otherwise objectionable.

5. PROHIBITED ACTIVITIES

You may not access or use the Site for any purpose other than that for which we make the Site available. The Site may not be used in connection with any commercial endeavors except those that are specifically endorsed or approved by us.

As a user of the Site, you agree not to:

    -Systematically retrieve data or other content from the Site to create or compile, directly or indirectly, a collection, compilation, database, or directory without written permission from us.

    -Trick, defraud, or mislead us and other users, especially in any attempt to learn sensitive account information such as user passwords.

    -Circumvent, disable, or otherwise interfere with security-related features of the Site, including features that prevent or restrict the use or copying of any Content or enforce limitations on the use of the Site and/or the Content contained therein.

    -Disparage, tarnish, or otherwise harm, in our opinion, us and/or the Site. 

    -Use any information obtained from the Site in order to harass, abuse, or harm another person.

    -Make improper use of our support services or submit false reports of abuse or misconduct.

    -Use the Site in a manner inconsistent with any applicable laws or regulations. 

    -Engage in unauthorized framing of or linking to the Site.

    -Upload or transmit (or attempt to upload or to transmit) viruses, Trojan horses, or other material, including excessive use of capital letters and spamming (continuous posting of repetitive text), that interferes with any party’s uninterrupted use and enjoyment of the Site or modifies, impairs, disrupts, alters, or interferes with the use, features, functions, operation, or maintenance of the Site.

    -Engage in any automated use of the system, such as using scripts to send comments or messages, or using any data mining, robots, or similar data gathering and extraction tools.

    -Delete the copyright or other proprietary rights notice from any Content. 

    -Attempt to impersonate another user or person or use the username of another user.

    -Upload or transmit (or attempt to upload or to transmit) any material that acts as a passive or active information collection or transmission mechanism, including without limitation, clear graphics interchange formats (“gifs”), 1×1 pixels, web bugs, cookies, or other similar devices (sometimes referred to as “spyware” or “passive collection mechanisms” or “pcms”).

    -Interfere with, disrupt, or create an undue burden on the Site or the networks or services connected to the Site.

    -Harass, annoy, intimidate, or threaten any of our employees or agents engaged in providing any portion of the Site to you.

    -Attempt to bypass any measures of the Site designed to prevent or restrict access to the Site, or any portion of the Site.

    -Copy or adapt the Site’s software, including but not limited to Flash, PHP, HTML, JavaScript, or other code.

    -Except as permitted by applicable law, decipher, decompile, disassemble, or reverse engineer any of the software comprising or in any way making up a part of the Site.

    -Except as may be the result of the standard search engine or Internet browser usage, use, launch, develop, or distribute any automated system, including without limitation, any spider, robot, cheat utility, scraper, or offline reader that accesses the Site, or using or launching any unauthorized script or other software.

    -Use a buying agent or purchasing agent to make purchases on the Site.

    -Make any unauthorized use of the Site, including collecting usernames and/or email addresses of users by electronic or other means for the purpose of sending unsolicited email, or creating user accounts by automated means or under false pretenses.

    -Use the Site as part of any effort to compete with us or otherwise use the Site and/or the Content for any revenue-generating endeavor or commercial enterprise.

    -Use the Site to advertise or offer to sell goods and services. 

    -Sell or otherwise transfer your profile.

6. USER GENERATED CONTRIBUTIONS

The Site does not offer users to submit or post content. We may provide you with the opportunity to create, submit, post, display, transmit, perform, publish, distribute, or broadcast content and materials to us or on the Site, including but not limited to text, writings, video, audio, photographs, graphics, comments, suggestions, or personal information or other material (collectively, "Contributions"). Contributions may be viewable by other users of the Site and through third-party websites. As such, any Contributions you transmit may be treated in accordance with the Site Privacy Policy. When you create or make available any Contributions, you thereby represent and warrant that:

    -The creation, distribution, transmission, public display, or performance, and the accessing, downloading, or copying of your Contributions do not and will not infringe the proprietary rights, including but not limited to the copyright, patent, trademark, trade secret, or moral rights of any third party.

    -You are the creator and owner of or have the necessary licenses, rights, consents, releases, and permissions to use and to authorize us, the Site, and other users of the Site to use your Contributions in any manner contemplated by the Site and these Terms of Use.

    -You have the written consent, release, and/or permission of each and every identifiable individual person in your Contributions to use the name or likeness of each and every such identifiable individual person to enable inclusion and use of your Contributions in any manner contemplated by the Site and these Terms of Use.

    -Your Contributions are not false, inaccurate, or misleading.

    -Your Contributions are not unsolicited or unauthorized advertising, promotional materials, pyramid schemes, chain letters, spam, mass mailings, or other forms of solicitation.

    -Your Contributions are not obscene, lewd, lascivious, filthy, violent, harassing, libelous, slanderous, or otherwise objectionable (as determined by us). Your Contributions do not ridicule, mock, disparage, intimidate, or abuse anyone.

    -Your Contributions are not used to harass or threaten (in the legal sense of those terms) any other person and to promote violence against a specific person or class of people.

    -Your Contributions do not violate any applicable law, regulation, or rule. 

    -Your Contributions do not violate the privacy or publicity rights of any third party.

    -Your Contributions do not violate any applicable law concerning child pornography or otherwise intended to protect the health or well-being of minors.

    -Your Contributions do not include any offensive comments that are connected to race, national origin, gender, sexual preference, or physical handicap.

Any use of the Site in violation of the foregoing violates these Terms of Use and may result in, among other things, termination or suspension of your rights to use the Site.

7. CONTRIBUTION LICENSE

You and the Site agree that we may access, store, process, and use any information and personal data that you provide following the terms of the Privacy Policy and your choices (including settings).

By submitting suggestions or other feedback regarding the Site, you agree that we can use and share such feedback for any purpose without compensation to you.

We do not assert any ownership over your Contributions. You retain full ownership of all of your Contributions and any intellectual property rights or other proprietary rights associated with your Contributions. We are not liable for any statements or representations in your Contributions provided by you in any area on the Site. You are solely responsible for your Contributions to the Site and you expressly agree to exonerate us from any and all responsibility and to refrain from any legal action against us regarding your Contributions.

8. SUBMISSIONS

You acknowledge and agree that any questions, comments, suggestions, ideas, feedback, or other information regarding the Site ("Submissions") provided by you to us are non-confidential and shall become our sole property. We shall own exclusive rights, including all intellectual property rights, and shall be entitled to the unrestricted use and dissemination of these Submissions for any lawful purpose, commercial or otherwise, without acknowledgment or compensation to you. You hereby waive all moral rights to any such Submissions, and you hereby warrant that any such Submissions are original with you or that you have the right to submit such Submissions. You agree there shall be no recourse against us for any alleged or actual infringement or misappropriation of any proprietary right in your Submissions.

9. SITE MANAGEMENT

We reserve the right, but not the obligation, to: (1) monitor the Site for violations of these Terms of Use; (2) take appropriate legal action against anyone who, in our sole discretion, violates the law or these Terms of Use, including without limitation, reporting such user to law enforcement authorities; (3) in our sole discretion and without limitation, refuse, restrict access to, limit the availability of, or disable (to the extent technologically feasible) any of your Contributions or any portion thereof; (4) in our sole discretion and without limitation, notice, or liability, to remove from the Site or otherwise disable all files and content that are excessive in size or are in any way burdensome to our systems; and (5) otherwise manage the Site in a manner designed to protect our rights and property and to facilitate the proper functioning of the Site.

10. PRIVACY POLICY

We care about data privacy and security. Please review our Privacy

Policy: https://www.picussecurity.com/privacy. By using the Site, you agree to be bound by our Privacy Policy, which is incorporated into these Terms of Use. Please be advised the Site is hosted in the United States. If you access the Site from any other region of the world with laws or other requirements governing personal data collection, use, or disclosure that differ from applicable laws in the United States, then through your continued use of the Site, you are transferring your data to the United States, and you agree to have your data transferred to and processed in the United States.

11. TERM AND TERMINATION

These Terms of Use shall remain in full force and effect while you use the Site. WITHOUT LIMITING ANY OTHER PROVISION OF THESE TERMS OF USE, WE RESERVE THE RIGHT TO, IN OUR SOLE DISCRETION AND WITHOUT NOTICE OR LIABILITY, DENY ACCESS TO AND USE OF THE SITE (INCLUDING BLOCKING CERTAIN IP ADDRESSES), TO ANY PERSON FOR ANY REASON OR FOR NO REASON, INCLUDING WITHOUT LIMITATION FOR BREACH OF ANY REPRESENTATION, WARRANTY, OR COVENANT CONTAINED IN THESE TERMS OF USE OR OF ANY APPLICABLE LAW OR REGULATION. WE MAY TERMINATE YOUR USE OR PARTICIPATION IN THE SITE OR DELETE YOUR ACCOUNT AND ANY CONTENT OR INFORMATION THAT YOU POSTED AT ANY TIME, WITHOUT WARNING, AT OUR SOLE DISCRETION.

If we terminate or suspend your account for any reason, you are prohibited from registering and creating a new account under your name, a fake or borrowed name, or the name of any third party, even if you may be acting on behalf of the third party. In addition to terminating or suspending your account, we reserve the right to take appropriate legal action, including without limitation pursuing civil, criminal, and injunctive redress.

12. MODIFICATIONS AND INTERRUPTIONS

We reserve the right to change, modify, or remove the contents of the Site at any time or for any reason at our sole discretion without notice. However, we have no obligation to update any information on our Site. We also reserve the right to modify or discontinue all or part of the Site without notice at any time. We will not be liable to you or any third party for any modification, price change, suspension, or discontinuance of the Site.

We cannot guarantee the Site will be available at all times. We may experience hardware, software, or other problems or need to perform maintenance related to the Site, resulting in interruptions, delays, or errors. We reserve the right to change, revise, update, suspend, discontinue, or otherwise modify the Site at any time or for any reason without notice to you. You agree that we have no liability whatsoever for any loss, damage, or inconvenience caused by your inability to access or use the Site during any downtime or discontinuance of the Site. Nothing in these Terms of Use will be construed to obligate us to maintain and support the Site or to supply any corrections, updates, or releases in connection therewith.

13. GOVERNING LAW

These Terms of Use and your use of the Site are governed by and construed in accordance with the laws of the State of Delaware applicable to agreements made and to be entirely performed within the State of Delaware, without regard to its conflict of law principles.

14. DISPUTE RESOLUTION

Informal Negotiations

To expedite resolution and control the cost of any dispute, controversy or claim related to these Terms of Use (each "Dispute" and collectively, the “Disputes”) brought by either you or us (individually, a “Party” and collectively, the “Parties”), the Parties agree to first attempt to negotiate any Dispute (except those Disputes expressly provided below) informally for at least thirty (30) days before initiating the arbitration. Such informal negotiations commence upon written notice from one Party to the other Party.

Binding Arbitration

Any dispute arising from the relationships between the Parties to this contract shall be determined by one arbitrator who will be chosen in accordance with the Arbitration and Internal Rules of the European Court of Arbitration being part of the European Centre of Arbitration having its seat in Strasbourg, and which are in force at the time the application for arbitration is filed, and of which adoption of this clause constitutes acceptance. The seat of arbitration shall be London, United Kingdom. The language of the proceedings shall be English. Applicable rules of substantive law shall be the law of the United Kingdom.

Restrictions

The Parties agree that any arbitration shall be limited to the Dispute between the Parties individually. To the full extent permitted by law, (a) no arbitration shall be joined with any other proceeding; (b) there is no right or authority for any Dispute to be arbitrated on a class-action basis or to utilize class action procedures, and (c) there is no right or authority for any Dispute to be brought in a purported representative capacity on behalf of the general public or any other persons.

Exceptions to Informal Negotiations and Arbitration

The Parties agree that the following Disputes are not subject to the above provisions concerning informal negotiations and binding arbitration: (a) any Disputes seeking to enforce or protect, or concerning the validity of, any of the intellectual property rights of a Party; (b) any Dispute related to or arising from, allegations of theft, piracy, invasion of privacy, or unauthorized use; and (c) any claim for injunctive relief. If this provision is found to be illegal or unenforceable, then neither Party will elect to arbitrate any Dispute falling within that portion of this provision found to be illegal or unenforceable, and such Dispute shall be decided by a court of competent jurisdiction within the courts listed for jurisdiction above, and the Parties agree to submit to the personal jurisdiction of that court.

15. CORRECTIONS

There may be information on the Site that contains typographical errors, inaccuracies, or omissions, including descriptions, pricing, availability, and various other information. We reserve the right to correct any errors, inaccuracies, or omissions and to change or update the information on the Site at any time, without prior notice.

16. DISCLAIMER

The Service is provided to You "AS IS" and "AS AVAILABLE" and with all faults and defects without warranty of any kind. To the maximum extent permitted under applicable law, the Company, on its own behalf and on behalf of its Affiliates and its and their respective licensors and service providers, expressly disclaims all warranties, whether express, implied, statutory or otherwise, with respect to the Service, including all implied warranties of merchantability, fitness for a particular purpose, title and non-infringement, and warranties that may arise out of course of dealing, course of performance, usage or trade practice. Without limitation to the foregoing, the Company provides no warranty or undertaking, and makes no representation of any kind that the Service will meet Your requirements, achieve any intended results, be compatible or work with any other software, applications, systems or services, operate without interruption, meet any performance or reliability standards or be error free or that any errors or defects can or will be corrected.

Without limiting the foregoing, neither the Company nor any of the company's provider makes any representation or warranty of any kind, express or implied: (i) as to the operation or availability of the Service, or the information, content, and materials or products included thereon; (ii) that the Service will be uninterrupted or error-free; (iii) as to the accuracy, reliability, or currency of any information or content provided through the Service; or (iv) that the Service, its servers, the content, or e-mails sent from or on behalf of the Company are free of viruses, scripts, trojan horses, worms, malware, timebombs or other harmful components.

Some jurisdictions do not allow the exclusion of certain types of warranties or limitations on applicable statutory rights of a consumer, so some or all of the above exclusions and limitations may not apply to You. But in such a case the exclusions and limitations set forth in this section shall be applied to the greatest extent enforceable under applicable law.

17. LIMITATIONS OF LIABILITY

IN NO EVENT WILL WE OR OUR DIRECTORS, EMPLOYEES, OR AGENTS BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, SPECIAL, OR PUNITIVE DAMAGES, INCLUDING LOST PROFIT, LOST REVENUE, LOSS OF DATA, OR OTHER DAMAGES ARISING FROM YOUR USE OF THE SITE, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

18. INDEMNIFICATION

You agree to defend, indemnify, and hold us harmless, including our subsidiaries, affiliates, and all of our respective officers, agents, partners, and employees, from and against any loss, damage, liability, claim, or demand, including reasonable attorneys’ fees and expenses, made by any third party due to or arising out of: (1) use of the Site; (2) breach of these Terms of Use; (3) any breach of your representations and warranties set forth in these Terms of Use; (4) your violation of the rights of a third party, including but not limited to intellectual property rights; or (5) any overt harmful act toward any other user of the Site with whom you connected via the Site. Notwithstanding the foregoing, we reserve the right, at your expense, to assume the exclusive defense and control of any matter for which you are required to indemnify us, and you agree to cooperate, at your expense, with our defense of such claims. We will use reasonable efforts to notify you of any such claim, action, or proceeding which is subject to this indemnification upon becoming aware of it.

19. USER DATA

We will maintain certain data that you transmit to the Site for the purpose of managing the performance of the Site, as well as data relating to your use of the Site. Although we perform regular routine backups of data, you are solely responsible for all data that you transmit or that relates to any activity you have undertaken using the Site. You agree that we shall have no liability to you for any loss or corruption of any such data, and you hereby waive any right of action against us arising from any such loss or corruption of such data.

20. AFFILIATES

Picus Bilişim Güvenlik Ticaret A.Ş.; Picus Security, Inc.; Picus Security US, LLC.

21. ELECTRONIC COMMUNICATIONS, TRANSACTIONS, AND SIGNATURES

Visiting the Site, sending us emails, and completing online forms constitute electronic communications. You consent to receive electronic communications, and you agree that all agreements, notices, disclosures, and other communications we provide to you electronically, via email, and on the Site, satisfy any legal requirement that such communication be in writing. YOU HEREBY AGREE TO THE USE OF ELECTRONIC SIGNATURES, CONTRACTS, ORDERS, AND OTHER RECORDS, AND TO ELECTRONIC DELIVERY OF NOTICES, POLICIES, AND RECORDS OF TRANSACTIONS INITIATED OR COMPLETED BY US OR VIA THE SITE. You hereby waive any rights or requirements under any statutes, regulations, rules, ordinances, or other laws in any jurisdiction which require an original signature or delivery or retention of non-electronic records, or to payments or the granting of credits by any means other than electronic means.

22. FOR EUROPEAN UNION (EU) USERS

If You are a European Union consumer, you will benefit from any mandatory provisions of the law of the country in which you are resident in.

23. UNITED STATES LEGAL COMPLIANCE

You represent and warrant that (i) You are not located in a country that is subject to the United States government embargo, or that has been designated by the United States government as a "terrorist supporting" country, and (ii) You are not listed on any United States government list of prohibited or restricted parties.

24. CALIFORNIA USERS AND RESIDENTS

If any complaint with us is not satisfactorily resolved, you can contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs in writing at 1625 North Market Blvd., Suite N 112, Sacramento, California 95834 or by telephone at (800) 952-5210 or (916) 445-1254.

25. MISCELLANEOUS

These Terms of Use and any policies or operating rules posted by us on the Site or in respect to the Site constitute the entire agreement and understanding between you and us. Our failure to exercise or enforce any right or provision of these Terms of Use shall not operate as a waiver of such right or provision. These Terms of Use operate to the fullest extent permissible by law. We may assign any or all of our rights and obligations to others at any time. We shall not be responsible or liable for any loss, damage, delay, or failure to act caused by any cause beyond our reasonable control. If any provision or part of a provision of these Terms of Use is determined to be unlawful, void, or unenforceable, that provision or part of the provision is deemed severable from these Terms of Use and does not affect the validity and enforceability of any remaining provisions. There is no joint venture, partnership, employment, or agency relationship created between you and us as a result of these Terms of Use or use of the Site. You agree that these Terms of Use will not be construed against us by virtue of having drafted them. You hereby waive any and all defenses you may have based on the electronic form of these Terms of Use and the lack of signing by the parties hereto to execute these Terms of Use.

26. CONTACT US

In order to resolve a complaint regarding the Site or to receive further information regarding the use of the Site, please contact us at:

Picus Security Inc.

1401 Pennsylvania Avenue Unit 105 Suite 104, Wilmington, DE 19806

info@picussecurity.com

Picus Security Inc. (“Picus” or “Company”), which is a pioneer in violation and attack  simulation technologies, serves many institutions and organizations domestically and abroad  with its new and integrated approach in the field of information technologies. For the Picus,  which works on security services in the field of information technologies, protecting personal  data is extremely important.  

Picus has set a target to act in accordance with the Personal Data Protection Law ("PDPL")  numbered 6698 that is in force in Turkey and with other legal practices accepted in the  international arena as well. In this context, this Clarification Text for the Protection and  Processing of Personal Data (“Clarification Text”) has been prepared in order to enlighten the  relevant persons regarding general conditions regarding how and for what purpose the  Personal Data is processed, how they are protected and how long they are stored by Picus,  from its customers, potential customers, suppliers, business partners and their employees  and officials, visitors, employees, ex-employees and candidate employees, and also to third  parties whose personal data is processed for business transactions while maintaining their  business relations with Picus.  

All the concepts and expressions in this Clarification Text will express the meaning ascribed  to them in PDPL and other legislation.  

In the event of inconsistency between the KVKK and other relevant legislative provisions and  this Clarification Text, the KVKK and other relevant legislative provisions will be applied first.  Our company takes the necessary technical and administrative measures to ensure the  security of personal data. This text can be changed if deemed necessary according to the  current legislation and the practices of our Company. You can access the final version of the  text from our website www.picussecurity.com ("Website").  

1. THE CONDITIONS OF PROCESSING PERSONAL DATA 

All personal data processed by Picus are processed in accordance with PDPL and related  legislation. In accordance with Article 4 of PDPL, the basic principles to be applied in the  processing of your personal data are listed.  

The personal data are processed by Picus;  

- With the purchase of Picus products and / or services;  

- When you offer products or services to Picus;  

- When you contact Picus by any means;  

- When you request or choose to receive commercial electronic messages we send for  marketing;  

- When you apply for a job at Picus and / or start working at Picus;  

- When you attend our events and organizations organized by Picus and  - When you visit our Website  

in accordance with the rules determined in this Clarification Text and / or its annexes.  Picus complies with the rules stated in the scope of PDPL and the following basic principles: 

    -Processing in accordance with the law and honesty rule. 

    -Ensuring that personal data are accurate and up to date when necessary. 

    -Operation for specific, clear and legitimate purposes. 

    -Being connected, limited and restrained for the purpose for which they are processed.

    -Storage for the period required by the relevant legislation or for the purpose for which  they are processed.  

Within the scope of the services it provides, Picus processes some commercial, legal and /  or personal data regarding its customers, potential customers, suppliers, business partners  and their employees and officials, visitors, employees, ex-employees and employee  candidates, as well as third parties whose personal data are processed in accordance with  their business processes. This data will be protected as the same care that Picus apply to its  own data, even if Picus does not specified as a trade secret in accordance with a contract or  the applicable legislation, unless it is required by Picus to share with third parties within the  scope of the service provided under the contractual relationship, unless otherwise specified  in the applicable legislation.  

The e-mail addresses, names and surnames, Turkish ID no, identification information,  addresses or phone numbers of customers, potential customers, suppliers, business  partners and their employees and officials, visitors, employees, ex-employees and employee  candidates as well as third parties whose personal data are processed in accordance with  their business processes, can be processed by Picus. In addition, via the website, your IP  address, the start and end information about your use, the type and scope of your use, and  the type of your browser and operating system are also recorded.  

In addition to these, if you upload your name and surname, title, phone number, e-mail  address, personal messages and similar information to the website through forms available  at various locations on the Website, and thus share this information with Picus, we process  this information you provide in accordance with your request and for the purposes of the  services offered by Picus.  

Our website uses Google Analytics, an analysis service of Google Inc. ("Google"). On the  other hand, Google Analytics uses “cookies”, that is, text files that are saved on your  computer and enable the use of the website to be analyzed. The information generated by  cookies about the use of the website is transmitted to and stored on a Google server in the  USA. Upon the instruction of the operator of this website, Google uses this information to  prepare reports to evaluate your use and to provide related services. The IP address  transmitted from your browser within the framework of Google Analytics is not combined with  other data of Google. If you do not want these cookies to be stored, you can make settings  accordingly in your browser. In addition, our website uses AdWords and double-click-Cookies  for statistical purposes. If you do not want these tools to be used, you can disable them by  setting them in your browser. However, we would like to state that in this case, you may not  be able to use all the functions on the website completely.  

We use third-party cookies and our own cookies to show you personalized ads on websites.  This is called "retargeting" and aims to base your clicks on the pages you browse on our  website, the products you display, and the advertising space shown to you. We also use  cookies as part of our online marketing campaigns to see how users interact with our website  after online ads are shown, including those on third-party websites. You can delete these  cookies from your browser at any time.  

Special c personal data is not processed by Picus without the informed explicit consent of the  relevant person.  

The personal data processed may differ in relation to the products and / or services offered  by Picus. Personal data collected orally, in writing or electronically via online or offline  means, during the period of use of the products and services offered by Picus, are processed  with the consent of the person's before the effective date of Personal Data Protection Law  no. 6698 or explicit consent after the effective date of the law, or within the framework of the  rules and conditions specified in the Personal Data Protection Law. 

BASIC PRINCIPLES FOR PROCESSING OF THE PERSONAL DATA  

Personal data is processed on condition that it is required to obtain open consent in  accordance with the applicable legislation or without explicit consent, unless explicit consent  is required under the applicable legislation, in line with the objectives of the services provided  by Picus, in order Picus to continue its activities, to provide better service, to measure and  improve the quality of its service, to determine the preferences and needs of our dealers,  suppliers, customers and employees, to process and evaluate job applications, to provide  communication with people who have a business relationship with our company, to comply  with the current legislation, to send bulletins by e-mail and to make notifications.  

The personal data will only be collected within the scope of Picus activities, will be used in  connection with the purposes of collection, will be stored for the periods required by the  processing purposes, will not be processed in excess of the rules and exceptions specified in  the current legislation, and in cases where the reasons requiring its processing disappear,  with the exception of situations arising from other legislation in force, will be deleted,  destroyed or anonymized.  

Keeping the personal data accurate and up-to-date is one of our primary goals. For this  reason, our Company meets the technical and administrative requirements required to keep  personal data accurate and up-to-date.  

Only authorized persons can access personal data and unauthorized persons working in our  Company and / or having a contractual relationship with our Company are prohibited from  accessing personal data. In this context, we would like to state that; Our company takes the  necessary measures to ensure the security and confidentiality of personal data.  

2. TRANSFER OF THE PERSONAL DATA 

Transfer of the Personal Data Domestically  

Picus is under the responsibility of acting in accordance with primarily art. 8 of PDPL and the  decisions and related regulations envisaged in the PDPL and taken by the Board. As a rule,  personal data and special categories of data cannot be transferred to other real persons or  legal entities by Picus without the explicit consent of the relevant person.  

However, in cases foreseen in Articles 5 and 6 of PDPL, transfer is possible without the  explicit consent of the relevant person. Picus, in accordance with the conditions stipulated in  PDPL and other relevant legislation and by taking the security measures specified in the  legislation; can transfer the personal data to third parties unless otherwise arranged in law or  other relevant legislation in Turkey.  

Transfer of the Personal Data Abroad 

Picus can transfer the personal data abroad by processing the personal data in Turkey or to  be processed and stored outside of Turkey, in accordance with the conditions foreseen in  PDPL and by taking security measures specified in the legislation.  

We transfer your personal data abroad by taking the necessary technical and administrative  measures, through cloud informatics technology, to take advantage of the opportunities of  technology in order to carry out our company activities in the most efficient way and to  provide services at world standards.  

We work with the above mentioned service providers for the purposes of developing our  websites and platforms, increasing the variety of products and services and measuring the  user experience according to the preferences of our customers and users. We would like to  point out that you should also review the policies of the relevant service providers, as Picus  has no responsibility for the policies of the respective service providers for processing  personal data. 

3. RIGHTS OF THE RELEVANT PERSON 

Regarding the processing of personal data, according to the definition specified in the  legislation, the data controller is Picus Informatics Security trade INC.  

In accordance with Article 11 of PDPL, the relevant persons have the right of, by applying to  Picus; Learning whether your personal data is processed, requesting information if it is  processed, requesting the purpose of processing your personal data and whether it is used  in accordance with its purpose, knowing the third party people that the person data is  transferred, requesting correction of personal data if it is incomplete or incorrectly processed,  requesting the deletion or removal of your personal data, requesting a notification for the  third parties to whom their personal data are transferred about the deletion or removal  process, objecting to the emergence of a result against you by analyzing your processed  personal data exclusively with automated systems, and requesting the compensation of your  loss if you are harmed due to illegal processing of personal data.  

To use these specified rights arising from the current legislation, you need make a written  application to address of the company given below or fill in the Application Form with the  registered electronic mail (REM) address, secure electronic signature or mobile signature by  adding the following information and documents according to Article 13 of PDPL; Your name  and your last name and the signature, if you are a citizen of the Republic of Turkey, your  Turkish ID number, if you are not a citizen of Republic of Turkey, your nationality, passport  number, if you have, your ID number, your location, or workplace address that is set for  notifications, main e-mail address and telephone number that are set for notifications and  your demand issues, and other necessary information and documents to be used for  identification.  

The application made by you or representative authorized person will be evaluated by our  Company and concluded free of charge within thirty days.  

Application methods and addresses are as follows: 

Application methods	The addresses where  application can be made
The applicant, can apply by filling out the Application  Form with the necessary information and documents  that is required to determine his/her identity by coming  to the address of Picus Security Inc..	www.picussecurity.com
The applicant, him/herself or by a Proxy who is  authorized to represent, can apply by filling out the  Application Form and sending it to the address of Picus  Informatics Security trade INC. through notary or  certified mail.	Üniversiteler Mah. 1596  Cad. Arge 1 No:12   Beytepe 06800 Çankaya/ ANKARA
The applicant can apply with an electronic mail  registered with a secure electronic signature.	picusbilisim@hs01.kep.tr

 

Picus Security, Inc. is based in the state of Delaware in the United States. The Website can be accessed from countries around the world. Access to the Website may not be legal by certain persons or in certain jurisdictions. If you access the Website from outside the United States, you do so on your initiative and are responsible for compliance with all laws applicable to you, including local laws. Access to the Website from jurisdictions where the Website or any of its services or products are illegal is prohibited.

You may not access, download, use, or export materials posted to the Website in violation of U.S. export laws or regulations or violation of any other applicable export or import laws or regulations. You agree to comply with all export laws, restrictions, and regulations of any United States or foreign agency or authority.

Without limiting the foregoing, you represent and warrant that you are not located in, and shall not use the Website from, any country that is subject to U.S. export restrictions.