CAST

Documentation

End-User License Agreement

This End-User License Agreement (“Agreement”) governs the terms and conditions upon which Licensee has obtained a license regarding the Menditect Application(s) through a Menditect Partner or Menditect directly, as the case may be. Menditect and Licensee shall herein referred to each as a “Party” and collectively as the “Parties”.

1 Definitions

All capitalized terms used in this Agreement that are not otherwise defined herein, shall have the meaning shown below, for both singular and plural forms. Unless otherwise specified, any reference in this Agreement to a section or other subdivision is a reference to a section or subdivision of this Agreement.

“Affiliates” means any corporation, partnership or other entity now existing or hereafter organized that directly or indirectly controls, is controlled by or under common control with a Party. For purposes of this definition “control” means the direct possession of a majority of the outstanding voting securities of an entity.
“App” or “Application” means Licensee’s Application Model as deployed on and interpreted by the Mendix Platform in order to make it a functioning application ready to process Licensee Data.
“Application Model” means the visual model of Licensee’s application, which visual model has been created by Licensee or by a third party per Licensee’s instructions and requirements, making use of the Mendix Platform.
“Claim” has the meaning given to it in section 8.1 (Menditect Indemnification).
“Confidential Information” has the meaning given to it in section 3.1 (Confidential Information).
“Documentation” means the documentation provided by Menditect to assist users in the use of the Menditect Application(s) describing the operational functionality of (elements of) the Menditect Application(s), including user and system administrator guides and manuals, found in the MTA product.
“DPA” has the meaning given to it in section 7.5 (Data Protection).
“End-of-Life-Date” has the meaning given to it in section 2.7 (End-of-Life-Date).
“Feedback” means any suggestions, enhancement requests, recommendations, corrections or other feedback provided by Customer, its Affiliates, and/or Users relating to the features or operation of the Menditect Application(s) and Documentation or services.
“Incident” has the meaning given to it in section 7.8 (Incident Management and Breach Notification).
“Licensee Data” means any electronic information, including but not limited to, any data, information or material, such as posts, comments, documents, project information, application data, user information and account information which is submitted, created, saved, added, uploaded or made available in the Application. For the avoidance of doubt, the Application Model is not part of Licensee Data.
“Menditect” is a private limited liability companies under Dutch law with the name Menditect B.V. and/or any affiliated or subsidiary company
“Menditect Application(s)” means all software and services provided by Menditect whether such software and services are provided physically at Licensee’s location, through the internet or installed on Licensee’s hardware, including but not limited to, the Menditect website(s) and Documentation.
Private Menditect Application Programming Interface (“Private API”) is any API that is not explicitly published by Menditect as a public API.
“Mendix Platform” means all software and services provided by Mendix (www.mendix.com) whether such software and services are provided physically at Licensee’s location, through the internet or installed on Licensee’s hardware, including but not limited to, the Mendix website(s), (Web / Desktop) Modeler, Team Server, Platform Portal (Cloud Portal and Developer Portal), App Store, Support Portal, Partner Portal, Mendix Cloud, Mendix Runtime, Mendix Community, Mendix Forum, Sandbox, Platform-as-a-Service, and Documentation.
“Legal Notices” has the meaning given to it in section 9.7 (Notices).
“Losses” has the meaning given to it in section 8 (Indemnification).
“Order Document” means an ordering document provided by a Menditect Partner and signed by Licensee, which details, amongst other things, the subscription or other services to be provided by Menditect, the applicable usage limitations and the price payable by Licensee for the Menditect Application(s) and related services, and the term for which the Menditect Application(s) and any related services are provided.
“Representatives” has the meaning given to it in section 3.1 (Confidential Information).
“Security Breach” has the meaning given to it in section 7.8 (Incident Management and Breach Notification).
“Subscription Term” means the term for the recurring/ongoing services, such as subscription items, as set forth in the relevant Order Form.
“Update” means a modification made by Menditect to the Menditect Application(s) and provided to Licensee under the terms and conditions of this Agreement. Updates shall not include any version, option or future products provided by Menditect not included in the subscription as set forth in the relevant Order Form.
“Upgrade” means a new, major software release of the Menditect Application(s) whose primary purpose is to add new functionality or enhance the performance of the Menditect Application(s), which is identified by an increment in the first two (2) numbers of the software version. Notwithstanding the foregoing, an Upgrade will not include new software or modules (whether or not branded as Menditect software) that Menditect markets and prices separately.
“Users” means individuals who are authorized by Licensee to use the Menditect Application(s) and have been supplied passwords by Licensee (or by Menditect at Licensee’s request). Users consist of any employee of Licensee or its Affiliates and any independent contractor of Licensee or its Affiliates.

2 Access

2.1. Access. Menditect shall (a) provide Licensee with (access to) the Menditect Application(s) and related services, specified on an Order Document, pursuant to this Agreement, and (b) use commercially reasonable efforts to make the Menditect Application(s) available 24 hours a day, 7 days a week, save for: (i) planned downtime (of which Menditect will give advance electronic notice as provided in the Documentation and/or applicable service level agreement); and (ii) any unavailability caused by circumstances beyond the reasonable control of Menditect as set forth in section 9.10 (Force Majeure). Support will be provided in accordance with the service level determined in the applicable Order Document and as set forth in the applicable service level agreement. Any conflict between the terms and conditions set forth in this Agreement, the applicable service level agreement and any Order Document shall be resolved in favor of this Agreement, unless explicitly agreed otherwise in writing. Licensee agrees that purchases hereunder are neither contingent on the delivery of any future functionality or features nor dependent on any oral or written comments made by Menditect regarding future functionality or features.

2.2. License Grant. Subject to the terms and conditions of this Agreement, and in consideration for the payment of the subscription fees set forth on the applicable Order Document, Menditect hereby grants to Licensee and its Affiliates, solely during the Subscription Term of the applicable Order Form, a non-exclusive, non-transferable (except as set forth in section 9.4 (Assignment)) license to access and use the Menditect Application(s) solely for Licensee’s internal business purposes. This license is restricted to use by Licensee and its Affiliates, and its Users and does not include the right to use the Menditect Application(s) on behalf of any third party. Furthermore, this license is subject to the limitations set forth on the applicable Order Document, including but not limited to: instances, users, storage, memory, time or other designated metric. Licensee and its Affiliates obtain a right to use and access the Menditect Application(s) only, and therefore have no right to receive a copy of the source code of the Menditect Application(s). Licensee is responsible for procuring and maintaining the network connections that connect Licensee to the Menditect Application(s). Licensee agrees: (i) that only authorized Users are permitted to use the Menditect Application(s); (ii) that it is responsible for authorized Users’ actions or failures to act in connection with activities contemplated under this Agreement; and (iii) to otherwise take all commercially reasonable steps to protect the Menditect Application(s) and the Documentation from unauthorized use and/or access.

2.3. Feedback. Notwithstanding anything to the contrary in this Agreement, Licensee hereby agrees that all intellectual property rights in the Feedback, and all other ownership in any ideas, modifications, enhancements, improvements, or any other suggestion specifically relating to the Menditect Application(s), are hereby assigned to Menditect and shall be the sole and exclusive property of Menditect. All Feedback shall be treated as Menditect’ Confidential Information.

2.4. License Restrictions. Notwithstanding anything set forth in this Agreement to the contrary, Licensee may not: (i) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute its rights to any other person or otherwise commercially exploit the Menditect Application(s) in any other way than explicitly allowed under this Agreement; (ii) make the Menditect Application(s) available to anyone who is not a User; (iii) create any derivative works based upon the Menditect Application(s) or Documentation other than an Application Model; (iv) copy any feature, design or graphic, or reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code form or structure of the Menditect Application(s); (v) access or let anyone access the Menditect Application(s) in order to build a competitive solution or to assist someone else to build a competitive solution; (vi) send spam or otherwise duplicative or unsolicited messages in violation of applicable laws; (vii) send, upload, store or otherwise transmit, display or distribute any unlawful, infringing, tortious, obscene, threatening, abusive, harassing, defamatory, vulgar, libelous, invasive of another’s privacy, hateful or racially, ethnically or otherwise objectionable material, including but not limited to children or material that violates third party privacy rights or infringes any proprietary rights or intellectual property rights; (viii) interfere with or disrupt the integrity or performance of the Menditect Application(s) or the data contained therein; (ix) upload or otherwise transmit any material that contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment; and/or (x) use the Menditect Application(s) in a way that violates any criminal, public or civil law. (xi) call a Menditect “Private API” from other systems than Menditect Application(s)

2.5. Affiliates. Subject to the terms of the Order Document, Licensee may make the Menditect Application(s) available to its Affiliates provided that all licensing restrictions are complied with in each instance by each such Affiliate and that Licensee shall be liable for any breach of the terms and conditions of this Agreement by any of its Affiliates.

2.6. Licensee Responsibility. Licensee is and remains responsible for: (i) all activities conducted under its User logins and for its Users’ compliance with this Agreement; (ii) maintaining up-to-date hard-/software that is compatible with the Menditect Application(s), as set out in the Documentation; (iii) a high-speed/broadband internet connection of good quality and reliability to access the Menditect Application(s) and/or Applications; (iv) scheduling, implementing and/or installing changes for Updates and Upgrades of the Menditect Application(s), as well as for upgrading of Licensee’s equipment in order to make efficient use of the Menditect Application(s); and (v) providing all information, access and good faith cooperation reasonably necessary to enable Menditect to meet its obligations under this Agreement and/or an Order Document (if Licensee fails to do so, Menditect will be relieved from its obligations under such agreement to the extent that such obligations are dependent upon Licensee’s performance or cooperation).

2.7. End-of-Life-Date. Menditect recognizes that Licensee may have legitimate business reasons for not upgrading to a new, major software release of the Mendix Platform as soon as an Upgrade becomes available. However, Menditect will only support the current major release and the two (2) prior major releases of the Mendix platform.

2.8. Non-Menditect Providers. Menditect or third parties may make available (e.g. through a marketplace or otherwise) third-party products or services, including, but not limited to: (i) web-based, mobile, offline or other software application functionality that is (a) provided by Licensee or a third party and interoperates with a service, including, for example, an application that is developed by or for Customer, or (b) is listed on a marketplace (such as app services, layouts, modules, themes, widgets, GitHub or connectors); and (ii) implementation and other consulting services. Any acquisition by Licensee of such products or services, and any exchange of data between Licensee and any non-Menditect provider, product or service is solely between Licensee and the applicable non-Menditect provider. Menditect does not warrant or support such non-Menditect functionality or other non-Menditect products or services, whether or not they are designated by Menditect as ‘certified’ or otherwise, unless expressly provided otherwise in an Order Document.

3 Confidentiality

3.1. Confidential Information. Either party may, from time to time, deliver to the other certain non-public information including formulas, flow charts, diagnostic routines, business information, forecasts, financial plans and data, balance sheet information, customer information, marketing plans, hardware, software and unannounced product information (“Confidential Information”). Confidential Information shall also include the Application Model, Licensee Data and any other information disclosed by a Party to the other Party, in whatever form, including visually and orally, and designated in writing as proprietary or confidential, or which – to a reasonable person familiar with the disclosing Party’s business and the industry in which it operates – is of a proprietary or confidential nature. During the term of this Agreement and following three (3) years after its termination, each Party will not disclose any such Confidential Information except as set forth herein. The receiving Party shall hold in confidence, and shall not disclose (or permit or suffer its personnel to disclose) any Confidential Information to any person or entity except to a director, officer, employee, outside consultant, or advisor (collectively “Representatives”) who have a need to know such Confidential Information in the course of the performance of their duties for the receiving Party and who are bound by a duty of confidentiality no less protective of the disclosing Party’s Confidential Information than this Agreement. The receiving Party and its Representatives shall use such Confidential Information only for the purpose for which it was disclosed and shall not use or exploit such Confidential Information for the benefit of another without the prior written consent of the disclosing Party. Each Party accepts responsibility for the actions of its Representatives and shall protect the other Party’s Confidential Information in the same manner as it protects its own valuable confidential information, but in no event, shall less than reasonable care be used. The Parties expressly agree that the terms of this Agreement are Confidential Information and Licensee further agrees that it shall not use the services for the purposes of conducting comparative analysis, evaluations or product benchmarks with respect to the services and will not publicly post any analysis or reviews of the services without Menditect’ prior written approval. A receiving Party shall promptly notify the disclosing Party upon becoming aware of a breach or threatened breach hereunder, and shall cooperate with any reasonable request of the disclosing Party in enforcing its rights.

3.2. Exclusions. Information will not be deemed Confidential Information hereunder if such information: (i) is known prior to receipt from the disclosing Party, without any obligation of confidentiality; (ii) becomes known to the receiving Party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing Party; (iii) becomes publicly known or otherwise publicly available, except through a breach of this Agreement; or (iv) is independently developed by the receiving Party without use of the disclosing Party’s Confidential Information. The receiving Party may disclose Confidential Information pursuant to the requirements of applicable law, legal process or government regulation, provided that, where legally permitted to do so, it gives the disclosing Party reasonable prior written notice to permit the disclosing Party to contest such disclosure, and such disclosure is otherwise limited to the required disclosure.

3.3. Injunctive Relief. Notwithstanding any other provision of this Agreement, both Parties acknowledge that any use of the disclosing Party’s Confidential Information in a manner inconsistent with the provisions of this Agreement may cause the disclosing Party irreparable and immediate damage for which remedies other than injunctive relief may be inadequate. Therefore, both Parties agree that, in addition to any other remedy which the disclosing Party may be entitled hereunder, at law or equity, the disclosing Party shall be entitled to an injunction or injunctions (without the posting of any bond and without proof of actual damages) to restrain such use in addition to other appropriate remedies available under applicable law.

4 Warranties; Disclaimer

4.1. General. Each Party represents and warrants that: (i) it has the legal power to enter into and perform under this Agreement; and (ii) it will comply with all laws and regulations in the performance of this Agreement. Menditect has implemented and will maintain during the term of this Agreement security measures reasonably designed to protect the confidentiality, security and availability of the Customer Data.

4.2. Menditect Application(s) Warranties. Menditect warrants that: (i) the Menditect Application(s) will function substantially as described in the Documentation; and (ii) Menditect owns or otherwise has secured the right to provide the Menditect Application(s) to Licensee and its Affiliates under this Agreement.

4.2.1. Notwithstanding any service level arrangements between the Parties, if the Menditect Application(s) does not function substantially in accordance with the Documentation, Menditect must, at its option and at its own expense, either (a) modify the Menditect Application(s) to conform to the Documentation, or (b) provide a workaround solution that will reasonably meet Licensee’s requirements. If neither of these options is commercially feasible, either Party may terminate the relevant Order Document under this Agreement, in which case Menditect shall refund to Licensee all fees pre-paid to Menditect under the relevant Order Document for the period in which the Menditect Application(s) will remain unused by Licensee.
4.2.2. However, Menditect makes no warranties: (i) to the extent that the Menditect Application(s) has been modified by Licensee, its Affiliates or any third party, unless such modification has been approved by Menditect in writing; (ii) for a version of the Menditect Application(s) that has passed its End-of-Life-Date; or (iii) for errors, omissions, problems, malfunctions, faults, etc. in the Menditect Application(s) caused by any third-party software or hardware, by accidental damage or by other matters beyond Menditect’ reasonable control.

4.3. No Other Warranty. MENDITECT DOES NOT REPRESENT THAT THE MENDITECT APPLICATION(S) WILL BE ERROR-FREE, OR THAT IT WILL MEET LICENSEE’S REQUIREMENTS, OR THAT IT WILL BE ABLE TO CORRECT ALL REPORTED DEFECTS OR ERRORS IN THE MENDITECT APPLICATION(S), OR THAT THE OVERALL SYSTEM THAT MAKES THE MENDITECT APPLICATAION(S) AVAILABLE (INCLUDING BUT NOT LIMITED TO THE INTERNET, OTHER TRANSMISSION NETWORKS, AND LICENSEE’S LOCAL NETWORK AND EQUIPMENT) WILL BE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS, OR THAT THE USE THE MENDITECT APPLICATAION(S) WILL BE UNINTERREUPTED OR ERROR FREE. MENDITECT MAKES NO WARRANTY REGARDING FEATURES OR SERVICES PROVIDED BY THIRD PARTIES. THE WARRANTIES STATED IN SECTION 4 (WARRANTIES) ABOVE ARE THE SOLE AND EXCLUSIVE WARRANTIES OFFERED BY MENDITECT, THERE ARE NO OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WITHOUT LIMITATION, THOSE OF MERCHANTIBILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT OF THIRD-PARTY RIGHTS. LICENSEE ASSUMES ALL RESPONSIBILITY FOR DETERMINING WHETHER THE MENDITECT APPLICATION(S) ARE ACCURATE OR SUFFICIENT FOR LICENSEE’S PURPOSES, AS WELL AS THE SELECTION OF THE MENDITECT APPLICATION(S) AND DOCUMENTATION NECESSARY TO ACHIEVE LICENSEE’S INTENDED RESULTS, AND FOR THE USE AND RESULTS OF THE MENDITECT APPLICATION(S).

5 Limitation of Liability

5.1. Consequential Damage Exclusion. NEITHER PARTY WILL BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY FOR LOSS OF PROFITS OR FOR ANY SPECIAL, INDIRECT, INCIDENTAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES (INCLUDING WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, LOSS OF GOODWILL, BUSINESS INTERRUPTION) IN CONNECTION WITH THE USE OR PERFORMANCE OF THE MENDITECT APPLICATION(S), OR THE USE OR PERFORMANCE OF ANY OTHER OBLIGATION UNDER THIS AGREEMENT, EVEN IF IT IS AWARE OF THE POSSIBILITY OF THE OCCURRENCE OF SUCH DAMAGES.

5.2. Limitation of Liability. EACH PARTY’S TOTAL LIABILITY FOR ANY DIRECT LOSS, COST, CLAIM OR DAMAGES OF ANY KIND RELATED TO THE AGREEMENT, THE APPLICATION AND/OR RELEVANT ORDER DOCUMENT/FORM SHALL NOT – IN ANY EVENT, OR MULTIPLE, RELATED SUBSEQUENT EVENTS – EXCEED THE AMOUNT OF THE FEES PAID OR PAYABLE BY LICENSEE TO MENDITECT UNDER THE APPLICABLE ORDER DOCUMENT DURING THE TWELVE (12) MONTHS PRIOR TO THE EVENT(S) GIVING RISE TO SUCH LOSS, COST, CLAIM OR DAMAGES.

5.3. Exclusions. HOWEVER, NOTHING IN THIS SECTION 5 SHALL HAVE THE EFFECT OF LIMITING A PARTY’S LIABILITY FOR (a) PERSONAL INJURY OR DEATH CAUSED BY THE NEGLIGENCE OF THE OTHER PARTY, (b) ITS INDEMNITY OBLIGATIONS, (c) GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, (d) BREACH OF A PARTY’S CONFIDENTIALITY OBLIGATIONS, OR (e) INFRINGEMENT OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS.

6 Term and Termination

6.1. Term. This Agreement will commence on the date Licensee has duly executed and returned this Agreement to Menditect, and will continue in effect until otherwise terminated in accordance with section 6.2 (Termination) below. The Subscription Term shall be set forth on the Order Document. Unless otherwise expressly provided in the applicable Order Document, the Subscription Term shall automatically renew for additional terms of one (1) year each unless either Party notifies the other Party in writing at least sixty (60) days prior to the then current expiration date that it has elected not to renew. The per-unit pricing during any automatic renewal Subscription Term will be the same as that during the immediately prior Subscription Term, unless Menditect has given Licensee written notice of a pricing increase at least ninety (90) days prior to the end of the then current Subscription Term, in which case the pricing increase will be effective upon subscription renewal and thereafter. Any such pricing increase will not exceed 5% of the subscription pricing in the immediately prior subscription term, unless the pricing in the prior Subscription Term was designated in the relevant Order Document as promotional or one-time.

6.2. Termination. Notwithstanding the foregoing, either Party may terminate this Agreement or any Order Document immediately (a) in the event of a material breach of this Agreement or any such Order Document by the other Party that is not cured within thirty (30) days of written notice from the other Party; or (b) if the other Party ceases doing business or is the subject of a bankruptcy or insolvency proceeding, that is not dismissed within sixty (60) days of filing. Termination or expiration of an Order Document shall not be deemed a termination of this Agreement. Either Party may also terminate this Agreement upon no less than thirty (30) days’ prior written notice to the other Party for any reason, if at such time there are no outstanding Order Documents then currently in effect. All rights and obligations of the Parties which by their nature are reasonably intended to survive such termination or expiration will survive termination or expiration of this Agreement and each Order Form and SOW, including but not limited to sections 3 (Confidentiality), 4 (Warranties; Disclaimer), 5 (Limitation of Liability), 7 (Ownership; Licensee Data; Data Protection; Security), 8 (Indemnification), 9.5 (Disputes), 9.7 (Notices), 9.14 (Non-Solicitation of Employees) and 9.16 (Waiver and Severability).

6.3. Effect of Termination. Upon any termination or expiration of this Agreement or any applicable Order Document, Menditect shall no longer provide the Menditect Application(s) as applicable to Licensee and Licensee shall promptly cease and cause its Users to promptly cease using the Menditect Application(s). Licensee shall pay Menditect for all fees that had accrued prior to the termination or expiration date. Menditect also reserves the right to suspend Licensee’s access to the Menditect Application(s) at any time, without having to terminate this Agreement or an Order Document, if Licensee is more than sixty (60) days late with respect to any undisputed payments due hereunder. Except as expressly provided herein, termination of this Agreement by either Party will be a non-exclusive remedy for breach and will be without prejudice to any other right or remedy of such Party. Upon termination or expiration of this Agreement, each Party shall promptly return or destroy all Confidential Information of the other Party in its possession, provided, however, Licensee may retrieve all Licensee Data as set forth in section 7.9 (Data Portability).

7 Ownership; Licensee Data; Data Protection; Security

7.1. Ownership Menditect Application(s). Licensee acknowledges and agrees that as between Menditect and Licensee, all right, title and interest in and to the Menditect Application(s) and Documentation, and including all modifications and configurations, all Menditect data and Confidential Information, and all of Menditect’ proprietary technology, including without limitation, all software, products, processes, algorithms, user interfaces, knowhow, techniques, designs and other tangible or intangible technical material or information made available to Licensee by Menditect in providing the Menditect Application(s) and Documentation and all derivatives thereof are and shall remain Menditect’ or its licensors’. The Menditect name and logo, and the product names associated with the Menditect Application(s) are trademarks of Menditect or third parties, and no right or license is granted to use them. During the term of this Agreement, Menditect grants to Licensee a limited, worldwide, non-exclusive, non-transferable (except as set forth in section 9.4 (Assignment)), royalty-free right to use, display, transmit, and distribute the Menditect data solely in connection with Licensee’s permitted use of the Menditect Application(s) and Documentation. Menditect shall have the right to collect, use and distribute aggregated information, analysis, statistics and other data generated by the Menditect Application(s) and Documentation (or derived from Licensee’s use of the Menditect Application(s) and Documentation) provided, however, that Menditect shall not disclose any such data unless such data is in an anonymized, aggregated form that would not permit a third party to identify the data as associated with Licensee or any of its Users.

7.2. Ownership of Licensee Data and Application Model. Licensee retains ownership of all right, title and interest in and to all Licensee Data and the Mendix Application Model. During the term of this Agreement, Licensee hereby grants to Menditect a limited, worldwide, non-exclusive, non-transferable (except as set forth in section 9.4 (Assignment)), royalty-free right to use, store, display, transmit, and distribute Licensee Data and the Application Model solely as necessary to provide its services to Licensee, and for no other purpose whatsoever.

7.3. Licensee Data. Licensee is solely responsible for the accuracy, integrity and quality of Licensee Data for use in the Menditect Application(s) and Mendix Application Model. Menditect shall not modify or add to the Licensee Data and Menditect shall not make any claim for any right of ownership in the Licensee Data and/or Mendix Application Model.

7.4. Back-up and Disaster Recovery. The Licensee Data is automatically backed-up daily. Back-ups are stored in secure, geographically dispersed locations and Menditect offers disaster recovery services. Upon termination of this Agreement or the expiration of the last term under an Order Document Menditect shall no longer have the obligation to preserve or back-up any Licensee Data.

7.5. Data Protection. Each Party to this Agreement warrants that it shall (seek to) comply at all times with its obligations under data protection laws and regulations applicable to the Parties in connection with the provision and consummation of the services hereunder, such as, but not limited to the EU Data Protection Directive 95/46/EC as implemented in local laws and regulations in the relevant jurisdiction, US federal privacy laws (e.g. the Health Insurance Portability and Accountability Act (HIPAA) and Judicial Redress Act), and the South African Protection of Personal Information Act 2013 (POPI) (individually and collectively referred to as the “DPA”). Unless expressly stated otherwise, (a) Licensee and/or its Affiliates is and shall remain the data controller of the Licensee Data (which, for the purposes of this Agreement, may include personal data / personally identifiable information it uploads, stores or provides as part of the services under this Agreement, as the case may be), and (b) Menditect is a service provider to Licensee that is and shall remain the data processor of the same, as defined in the DPA. In this respect Menditect will: (i) act, as a data processor, only on and comply with Licensee’s instructions in relation to the processing of Licensee Data as given and varied from time to time by Licensee; (ii) take appropriate technical and organizational security measures, taking into account both the state of technologies and the costs of implementation, against unauthorized or unlawful processing or further processing of Licensee Data, and against accidental loss or destruction of, and damage to Licensee Data; (iii) at the request of Licensee, inform Customer of the general scope of security measures taken; and (iv) keep Licensee Data confidential in accordance with the applicable contractual confidentiality obligations. Notwithstanding anything to the contrary, to provide the services in the most efficient manner, Menditect reserves the right to use suppliers and subcontractors including for processing, hosting and storage purposes, which Licensee accepts, whereby Menditect remains responsible for the quality of the services under this Agreement, and the suppliers’ and subcontractors’ compliance with the DPA as it applies to data processors. In this respect Licensee consents that Licensee Data may be processed, hosted and stored from locations either in the United States (by default for customers domiciled in the United States, Canada or a country in Central or South America or the Caribbean) or Europe (by default for customers domiciled elsewhere than in the aforementioned countries), in accordance with the above requirements.

7.6. Organization Level Security Measures. Menditect commits to embed security in company processes and standard operating procedures by adopting a representative subset of the ISO 27001 Information Security Framework.

7.7. Incident Management and Breach Notification. Menditect evaluates and responds to incidents that create suspicion of unauthorized access to or handling of Licensee Data (“Incident”). Menditect is informed of such Incidents and, depending on the nature of the activity, defines escalation paths and response teams to address those Incidents. Menditect will work with Licensee and, where necessary, with outside law enforcement to respond to the Incident. The goal of the Incident response will be to restore the confidentiality, integrity, and availability of the services, and to establish root causes and remediation steps. For purposes of this section 7.8, “Security Breach” means the misappropriation of Licensee Data located on Menditect systems that compromises the security, confidentiality or integrity of such information. Menditect will inform Licensee within 36 hours if Menditect determines that Licensee Data has been subject to a Security Breach (including by a Menditect employee) or any other circumstance in which Licensee is required to provide a notification under applicable law, unless otherwise required by law. Menditect will promptly investigate the Security Breach and take reasonable measures to identify its root cause(s) and prevent a recurrence. As information is collected or otherwise becomes available, unless prohibited by law, Menditect will provide Licensee with a description of the Security Breach, the type of data that was the subject of the breach, and other information Licensee may reasonably request concerning the affected persons. The Parties agree to coordinate in good faith on developing the content of any related public statements or any required notices for the affected persons and/or the relevant data protection authorities.

7.8. Data Portability. At all times during the subscription term and at the latest until thirty (30) days have passed following the earliest of (a) termination of this Agreement or (b) the expiration of the last term under an Order Document, Licensee may retrieve all Licensee Data in accordance with established and reasonable system access procedures. After such period, Menditect will have no further obligation to store and/or make available the Licensee Data and may delete the same, except as may be required by law.

7.9. Legally Required Disclosures. Except as otherwise required by law, Menditect will promptly notify Licensee of any subpoena, judicial, administrative or arbitral order of an executive or administrative agency or other governmental authority that it receives and which relates to Licensee Data. At Licensee’s request, Menditect will provide Licensee with reasonable information in its possession that may be responsive to such demand and any assistance reasonably required for Licensee to respond to said demand in a timely manner. Licensee acknowledges that Menditect has no responsibility to interact directly with the entity making the demand.

8 Indemnification

8.1. Menditect Indemnification. Subject to section 8.3 (Indemnification Procedure) below, Menditect will indemnify, defend and hold Licensee and its Affiliates harmless from and against any claim, demand, suit, action or proceeding (collectively, a “Claim”), and will pay any costs, liabilities, losses, and expenses (including but not limited to, reasonable attorneys’ fees) awarded against Licensee either in judgment or settlement agreed to by Menditect in writing (collectively, “Losses”), arising out of or in connection with an allegation by a third party against Licensee or any of its Affiliates that the use of the Menditect Application(s) and Documentation as permitted hereunder infringes any intellectual property right or constitutes a misappropriation of a trade secret of a third party. Excluded from Menditect’ above indemnification obligations are claims to the extent arising from: (i) use of the Menditect Application(s) and Documentation in violation of this Agreement or applicable law; (ii) continued use by Licensee of the Menditect Application(s) and Documentation after Menditect has notified Licensee in writing to cease the use of the Menditect Application(s) and Documentation; (iii) any claim relating to any third-party products or services or Licensee Data; (iv) modifications to the Menditect Application(s) and Documentation made other than by Menditect (where the claim would not have arisen but for such modification); (v) the combination, operation, or use of the Menditect Application(s) with software or equipment which was not provided by Menditect, to the extent that Licensee’s liability for such claim would have been avoided in the absence of such combination, operation, or use; or (vi) compliance by Menditect with Licensee’s custom requirements or specifications if and to the extent such compliance with Licensee’s custom requirements or specifications resulted in the infringement. If Licensee’s use of the Menditect Application(s) becomes enjoined, Menditect shall at its sole option, either: (i) procure, at no cost to Licensee, the right to continue using the Menditect Application(s); (ii) modify the Menditect Application(s) to render it non-infringing; or (iii) if, in Menditect’ reasonable opinion, neither (i) nor (ii) above are commercially feasible, immediately terminate this Agreement (and Licensee’s rights to use the Menditect Application(s)), and refund to Licensee fees paid for the Menditect Application(s) on a pro rata basis for the remainder of the then-current Subscription Term. The rights and remedies granted to Licensee under this section 8.1 state Menditect’ entire liability, and Licensee’s exclusive remedy, with respect to any claim or infringement of the intellectual property rights of a third party, whether arising under statutory or common law or otherwise.

8.2. Licensee Indemnification. Subject to section 8.3 (Indemnification Procedure) below, Licensee will indemnify, defend and hold Menditect and its Affiliates harmless from and against any Claim and shall pay all Losses incurred which arise out of any allegation by a third party against Menditect or any of its Affiliates that arises out of or results from (a) a claim alleging that the Licensee Data, or any use thereof, infringes the intellectual property rights or proprietary rights or others, or negatively impacts (protection of) the privacy of individuals, or otherwise has caused harm to a third party, or (b) Licensee’s breach of section 2 (Access) above or violation of any applicable law or regulations.

8.3. Indemnification Procedure. The indemnified Party shall: (i) promptly notify the indemnifying Party in writing of any claim, suit, action, or proceeding for which indemnity is claimed, provided that failure to so notify will not remove the indemnifying Party’s obligation except to the extent it is prejudiced thereby, and (ii) allow the indemnifying Party to solely control the defense of any Claim and all negotiations for settlement, provided that the indemnifying Party shall not settle any Claim that imposes a financial obligation or admission of liability or guilt on the indemnified Party without the indemnified Party’s prior written consent (such consent not to be unreasonably withheld or delayed). The indemnified Party shall also provide the indemnifying Party with reasonable cooperation and assistance in defending such claim, at the indemnifying Party’s cost, however the indemnified Party shall bear all costs of engaging its own counsel.

9 General Provisions

9.1. Export Compliance. The Menditect Application(s) and other technology and services Menditect may make available to Licensee, and all derivatives thereof, may be subject to export laws and regulations of the United States, United Kingdom, European Union and other jurisdictions. Each Party represents that it is not named on any denied-party list. Furthermore, Licensee shall not permit Users to access or use the Menditect Application(s) and other technology and services Menditect may make available to Licensee, and all derivatives thereof, in an embargoed country (currently Cuba, Iran, North Korea, Sudan, Syria or Crimea) or in violation of any applicable export law or regulation.

9.2. Anti-Corruption. Licensee agrees that it has not received or been offered any illegal or improper bribe, kickback, payment, gift or anything of value from any of Menditect’ employees or agents in connection with this Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If Licensee learns of any violation of the above restriction, Licensee will use reasonable efforts to promptly notify Menditect’ legal and business conduct department at [email protected].

9.3. Entire Agreement and Order of Precedence. This Agreement contains the entire agreement between the Parties with respect to the subject matter hereof, and supersedes all prior or contemporaneous proposals, understanding, representations, warranties, covenants, and any other communications (whether written or oral) between the Parties relating thereto and is binding upon the Parties and their permitted successors and assigns. Except as otherwise provided herein, no modification, amendment, or waiver of any provision of this Agreement will be effective unless in writing and signed by the Parties. The Parties agree that any term or condition stated in Licensee’s purchase order or in any other Licensee order documentation (excluding Order Documents) is void, even if the order is accepted by Menditect. This Agreement shall be construed and interpreted fairly, in accordance with the plain meaning of its terms, and there shall be no presumption or inference against the Party drafting this Agreement in construing or interpreting the provisions hereof. In the event of any conflict or inconsistency among the following documents, the order of precedence shall be: (1) this Agreement, (2) the applicable Order Document, (3) the applicable service level agreement, and (4) the Documentation.

9.4. Assignment. Either Party may assign this Agreement, and all Order Documents, as part of a corporate reorganization, consolidation, merger, or sale of all or substantially all of its assets. Except as expressly stated in this Agreement, neither Party may otherwise assign its rights or delegate its duties under this Agreement either in whole or in part without the prior written consent of the other Party, and any attempted assignment or delegation without such consent will be void. Menditect may use independent contractors or subcontractors to assist in the delivery of services, provided, however, that Menditect shall remain liable for the actions or omissions of such independent contractors or subcontractors and for the payment of their compensation.

9.5. Disputes. The Parties shall attempt in good faith to resolve any claim or dispute concerning the Agreement prior to the commencement of litigation.

9.6. Contracting Menditect entity, Governing Law and Jurisdiction. The Menditect entity Licensee is contracting with under this Agreement, to whom Licensee should direct notices under this Agreement, the governing law that will apply in any dispute or lawsuit arising out of or in connection with this Agreement, without giving effect to any choice of conflict of law provision or rule, and which courts shall have jurisdiction over any such dispute or lawsuit, shall be determined based on where Licensee is domiciled:

If Licensee is domiciled in:	Licensee is contracting with:	Notices should be addressed to:	The governing law is:	The courts having exclusive
Any country	Menditect B.V.	Databankweg 12G, 3821 AL, Amersfoort, The Netherlands	Dutch laws	Utrecht, The Netherlands

9.7. Notices. Any notice, approval, request, authorization, direction or other communication under this Agreement shall be given in writing and will be effective upon (a) personal delivery, (b) the second business day after mailing, or (c), except for notices of termination or an indemnifiable claim (“Legal Notices”), which shall clearly be identifiable as Legal Notices, the day of sending by email. Billing-related notices to Licensee will be addressed to the relevant billing contact designated by Licensee. All other notices to Licensee will be addressed to the relevant contact person / administrator designated by Licensee at the address stated at the beginning of this Agreement.

9.8. Headings. The headings to the sections of this Agreement are for ease of reference only and shall not affect the interpretation or construction of this Agreement.

9.9. Relationship of the Parties. Menditect and Licensee are independent contractors, and nothing in this Agreement shall be construed as making them partners, joint venturers, principals, agents or employees of the other, for any purposes whatsoever. No officer, director, employee, agent, affiliate or contractor retained by Menditect to perform work on Licensee’s behalf under this Agreement shall be deemed to be an employee, agent or contractor of Licensee. Neither Party shall make any contracts, warranties or representations or assume or create any obligations, express or implied, in the other Party’s name or on its behalf.

9.10. Force Majeure. Except for the obligation to make payments, neither Party shall be in default if failure to perform any obligation hereunder is caused solely by supervening conditions beyond the non-performing Party’s reasonable control, including but not limited to civil commotion, strikes, fire, flood and governmental acts or orders of restriction, internet service provider failure or delay, or denial of service attacks. When a Party’s delay or nonperformance continues for a period of thirty (30) days or more, the other Party may terminate this Agreement, the applicable Order Document without penalty. Any prepaid amounts shall be refunded on a prorated basis.

9.11. Insurance. Menditect shall maintain in full force and effect during the term of any Order Document comprehensive insurance with a reputable insurance company to cover its potential liabilities under this Agreement, such as commercial general liability insurance and professional liability insurance (errors and omissions). As evidence of insurance coverage, Menditect shall deliver if requested certificates of insurance issued by that insurance company showing such policies in force during the term of this Agreement.

9.12. Modifications to the Menditect Application(s). Menditect may make modifications to the Menditect Application(s) or particular components of the Menditect Application(s) from time to time provided that such modifications do not materially degrade any functionality or features of the Menditect Application(s).

9.13. Publicity. Licensee hereby grants Menditect a non-exclusive license solely during the term of this Agreement to list Licensee’s name and display Licensee’s logo in the customer section of Menditect’ website and to use Licensee’s name and logo in Menditect’ customer lists but at all times only to the extent that other customers of Menditect are also listed on such list. Any other use by Menditect of Licensee’s name, logo or trademark requires the prior written consent of Licensee.

9.14. Non-Solicitation of Employees. During the term of this Agreement and for the twelve (12) months thereafter, neither Licensee nor Menditect, shall knowingly solicit or hire for employment or as a consultant, any employee or former employee of the other Party who has been actively involved in the subject matter of this Agreement. The foregoing restriction shall not apply to any general recruiting efforts of either Party which are not aimed specifically at the employees of the other Party.

9.15. No Third-Party Beneficiaries. Nothing contained in this Agreement is intended or shall be construed to confer upon any person any rights, benefits or remedies of any kind or character whatsoever, or to create any obligation of a Party to any such person.

9.16. Waiver and Severability. Performance of any obligation required by a Party hereunder may be waived only by a written waiver signed by an authorized representative of the other Party, which waiver shall be effective only with respect to the specific obligation described therein. The failure of either Party to exercise any of its rights under this Agreement will not be deemed a waiver or forfeiture of such rights. The invalidity or unenforceability of one or more provisions of this Agreement will not affect the validity or enforceability of any of the other provisions hereof, and this Agreement will be construed in all respects as if such invalid or unenforceable provision(s) were omitted.

9.17. Counterparts. Signatures to this Agreement transmitted by facsimile, by electronic mail in ‘portable document format’ (‘.pdf’), or by any other electronic means which preserves the original graphic and pictorial appearance of the Agreement, shall have the same effect as physical delivery of the paper document bearing the original signature.

10 Questions or Additional Information

If You have questions regarding these Terms of Use or wish to obtain additional information, please contact us via www.menditect.com/contact/

Privacy Policy

This Privacy Policy applies to all personal identifiable information (“Personal Data”) we collect and process. It covers what we collect and how we use, disclose, transfer and store Personal Data as well as your rights to this information. We value your privacy and observe due care in processing and protecting Personal Data. We recommend you read this notice carefully.

We process Personal Data through the CAST sites within the Digital Technologies Group website, applications (“CAST Sites”) and services. By voluntarily using the CAST Sites and services, and/or providing data or other information via the CAST Sites and services, you are indicating your consent to this Privacy Policy and agreement to be bound by its terms.

Who we are

The CAST Sites are provided by Digital Technologies Group Ltd, a UK registered company.

You may submit inquiries regarding personal data protection, privacy and security matters or contact us for other reason via [email protected].

Scope

The scope of this Privacy Policy includes the collection of Personal Data through:

The website available at www.digtechgroup.com and other web sites form which you are accessing this Privacy Policy.
Our social media pages located at:
- Linkedin.com/digtechgroup
- Youtube.com/digtechgroup
- X.com/digtechgroup
HTML-formatted email messages and polls that we send to you and that link to this Privacy Policy; and applies to all visitors/users of the CAST Sites and services, and our Social Media Pages.

Personal data

You may visit the CAST Sites anonymously, without telling us who you are and without revealing any information about yourself. There are times, however, when we may need certain Personal Data from you.

You may choose to provide us with Personal Data (such as your name, email address and company name) through the CAST Sites when you elect to register with CAST. When you provide Personal Data in order to register with CAST, such Personal Data will be used in order to provide you with access to the requested products, services, content and/or information. We may also use Personal Data to help us understand who is using our products and services, to support you in the development as community member or developer and optimizing the use of the CAST Application(s), and to help us manage business development activities.

How we collect Personal Data

We may collect your Personal Data:

When you contact us with your questions, comments, ideas, complaints, or communications regarding CAST (including when applying for employment with Digital Technologies Group): we may collect various information, depending on the manner in which you contact us (e.g. if you send us an email, we will collect your email address; if you solicit for a job, we will collect your details as provided in your application) and the reason for contacting us. In any case, we will collect your contact details to be able to respond and further communicate with you.
When you subscribe to our newsletters, blogs and updates mailing list: we will collect your email address and country
When you submit a support ticket with CAST: we will collect your email address so we can respond to your report. You will also need to describe the problem that you have experienced with our services so we can take care of it. We strongly recommend you not to send us screenshots and/or attachments that contain production data of your applications, or any confidential or personal data, when you submit a support ticket with us.
When you visit the CAST Sites: We may also collect certain data from your computer and internet connection, including the IP address of your computer, the date and time you accessed our web sites, the internet address of web sites from which you link to the CAST Sites, the device you are using (such as laptop or tablet) and your movements and preferences on the CAST Sites.
When you enquire to schedule a demonstration of the CAST application: We collect your first and last name, your email address, your telephone number, the region and the name of the company you work.
When you attend a webinar or an online event of CAST: We collect your first name, last name, your email address, company name, the country, and the area of focus.
From other sources: we may receive Personal Data from other sources, marketing partners, social media platforms, talent acquisition partners, from your co-workers and friends, as well as from other third parties. We also may receive data from publicly available sources by data enrichment services.
Offline: we may collect Personal Data about you offline, such as when you attend one of our events or visit our exhibition booths by scanning your badge or call our customer service representatives.

If you submit any Personal Data relating to other people to us in connection with our services or talent acquisition, you represent you have the authority to do so and permit us to use the information in accordance with this Privacy Policy.

Newsletters & Updates

If you subscribe to our newsletter and/or updates, we will use your email address to send the newsletter and/or updates to you. You may unsubscribe at any time by using the link in each newsletter or to unsubscribe or update communication.

Invitations to CAST Application(s)

If you choose to invite another person to use the CAST Application, we will ask you for the name and email address of that person. We will automatically send that person an invitation email to visit the CAST Sites, to create an account or join your project. CAST stores this information for the sole purpose of sending this one-time email and tracking the success of our referral program.

Statistical Information

We collect information from visits to the CAST Sites to help us provide a better experience, service and to make the CAST Sites as user friendly and purposeful as possible. For example, we keep track of the domains from which people visit and we also measure visitor activity on the CAST Sites. However, when we do so, we do so in ways that keep the information anonymous.

CAST may use this data to analyse trends and statistics and to help us provide better user experience and service. None of the information described in this paragraph is reviewed at an individual level.

Links to Other Web Sites

The CAST Sites may contain links to other web sites. CAST is not responsible for the privacy practices or the content of such web sites. The links from the CAST Sites to other web sites do not imply that CAST endorses or has reviewed the third party web sites. We suggest contacting the operators of those websites directly for information on their privacy policies.

CAST Application Usage Analytics

We collect information from visits to the CAST Application to help us and our community members, developers and customers to provide a better experience, service and give insight to developments. This analysis, statistics and other data generated by your use of the CAST Application may be disclosed with your team members.

Use of Personal Data

We use Personal Data only when we are allowed to by law and only for the reasons, we collected it. Most commonly, the reasons are the performing of a contract with you or your employer, the consent you gave to us, when it is necessary for our legitimate interests (and your interests and rights don’t override ours), and when we need to comply with legal or regulatory obligations.

We may use Personal Data:

To login you to the CAST application;
To manage our relationship with you, such as your registration to our events or as a customer;
Providing you with the products and services you have requested;
To respond to your inquiries and fulfill your requests;
To send administrative information to you, such as the services and changes to our terms, conditions and policies;
To allow you to send messages to your connections through the services;
To send marketing communications that may be relevant to you;
For our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products, enhancing, improving and modifying our services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities;
To understand your use of the CAST Application as community member or developer;
To support you as developer in your performance, your training and the development on your projects;
To support your team in the performance on the projects your team is working on
To allow you to participate in prize draws, competitions and promotional activities and to administer these activities (some of these activities have additional rules, which could contain additional information about how we use, so we suggest that you read these rules carefully);
To facilitate social sharing functionality, and
As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal processes; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations and those of any of our affiliates; (f) to protect our rights, privacy, safety and property, and that of our affiliates, you and others; and (g) to allow us to pursue available remedies and limit the damages that we may sustain.

We may use Personal Data for compatible purposes if we think we need to do so.

Legitimate interest

For any uses on the basis of legitimate interest, we have conducted a legitimate interest assessment to ensure that such processing isn’t overridden by your rights or interests.

Developing the CAST Application: We use aggregated and personal data about your use of the CAST Application and services to develop the platform. These activities are necessary to fulfil our interest in creating a better platform and helping us create better technology and better communications.

Sending Direct Marketing Communications: We use your data to send marketing communications about our products and services and offerings from our affiliates. We may send these communications via email, post or call. As for most companies, our ability to market our products and services is necessary for our commercial interests and may allow us to expand our customer base.

Share Personal Data

CAST is not in the business of selling Personal Data. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share Personal Data with certain third parties without further notice to you, as set forth below:

Digital Technologies Group Ltd may share Personal Data for the purposes of this Privacy Policy with affiliates and other related company sites.
Digital Technologies Group Ltd, like many businesses, sometimes hires other companies to perform certain business-related functions, such as web site hosting, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing, processing payments, and other similar services. When we employ another company to perform a function of this nature, we only provide them with the information that they need to perform their specific function.
By you, on message boards, chat, profile pages and blogs and other services to which you are being able to post information and materials (including, without limitation, our Social Media Pages). Please note that any information you post or disclose will become public information and may be available to users of the CAST Sites and services, and our Social Media Pages, and to the general public. We urge you to be very careful when deciding to disclose any information about you.
To your connections associated with your social media account, to other web site users, as well as to your social media account provider, in connection with your social sharing activity, such as if you connect your social media account to your CAST account or log into your CAST account from your social media account. By connecting your CAST account and your social media account, you authorize us to share information with your social media account provider and you understand that the use of the information we share will be governed by the social media site’s privacy policy. If you do not want Personal Data about you shared with other users or with your social media account provider, please do not connect your social media account with your CAST account and do not participate in social sharing on the CAST Sites and services.
CAST may share your registration data for an event of CAST with Partners of CAST who are listed on the registration page, The Partners will use your registration data for the purposes of their participation in the event. If a Partner intends to use your personal data for any other purposes, they will contact you to explain how and for which other purposes they will use your registration data.
In the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings) we may disclose Personal Data to a third party.
As we believe to be necessary or appropriate we may also disclose Personal Data to a third party: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal processes; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations and those of any of our affiliates; (f) to protect our rights, privacy, safety and property, and that of our affiliates, you and others; and (g) to allow us to pursue available remedies and limit the damages that we may sustain.

Security

Personal Data related to you is treated as strictly confidential and we have taken appropriate technical and organizational security measures against loss and unlawful processing of such information. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please notify us immediately about the problem by contacting us.

Cookies

Cookies are small snippets of text saved on your computer or mobile device that distinguish you from other users. Like most websites, CAST Sites use cookies. Only the strictly necessary cookies are active. These cookies do not collect personal information. By visiting CAST Sites for the first time you can activate other cookies, such as targeting cookies or performance cookies. These cookies will be stored on your device.

Your Rights

If you tell us that you do not want us to use Personal Data as a basis for further contact, we will respect your wishes. Regarding our use of the Personal Data about you, you can exercise a variety of the rights, such as:

Request access to the Personal Data we have about you;
Ask us to erase Personal Data we have about you;
Object any processing we do on the basis of legitimate interests;
Ask us to restrict the processing of Personal Data about you;
If you no longer wish to receive our newsletter and/or updates, unsubscribe at any time by using the unsubscribe link located at the bottom of each newsletter or update communication
Ask us to correct any incorrect Personal Data we have about you.

If you want exercise any of the foregoing rights or have any other question regarding the Personal Data related to you, please contact us at: [email protected]

In your request, please let us know what limitations you would like to put on our use of Personal Data related to you. For your protection, we may only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

Please note also that we may need to retain certain information for recordkeeping purposes. There may also be residual information that will remain within our databases and other records, which will not be removed.

Retention

We will retain Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Transfer of Personal Data

Personal Data may be stored on servers located within the European Union, and may also be processed in any country where we have facilities or in which we engage service providers. If we transfer Personal Data within the company or to business partners located in a country with insufficient level of data protection, we will provide adequate safeguards, according to GDPR.

Changes to Our Policy

We may change our business and the CAST Sites from time to time. As a result, at times it may be necessary for us to make changes to this Privacy Policy. We reserve the right to update or modify this Privacy Policy at any time without prior notice. We recommend that you review this Privacy Policy regularly, so that you remain informed of any changes. Your continued use of the CAST Sites after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised policy.

Service Level Agreement

1 General

1.1 Introduction

This service level agreement (the “SLA”) sets forth the relevant service levels in relation to the use of CAST to Customer under an applicable Order Form. Support for Mendix Applications is not part of this SLA.

1.2 Definitions

All capitalized terms used in this SLA that are not otherwise defined herein, shall have the meaning given to them in the End User Licence Agreement. Unless otherwise specified, any reference in this SLA to a section or other subdivision is a reference to a section or subdivision of this SLA.

1.3 Support Functionalities

The Digital Technologies Group (“DTG”) provides for the following support functionalities at the addresses and telephones

numbers provided:

Support Phone Numbers: +_________

Support email: [email protected]

1.4 Submitting Support Requests

All support requests (incidents and change requests) need to sent by email to the support email address. This enables for all required information to be properly logged and tickets can be addressed in the fastest and most efficient manner.

1.5 Support Process

After the reception of the support request, DTG will analyse the ticket and, if applicable, try to reproduce the incident or evaluate the completeness of the information of a change request. If DTG determines the root cause of the incident is the CAST software, DTG will resolve the issue according to the assigned priority, as defined under section 1.6 (Priority Levels). If the root cause of a reported incident is deemed to be an external failure (i.e. the root cause is not the CAST software, but e.g. the customer specific (model of the) Mendix Application), DTG shall inform Customer of such fact and DTG will have no obligation to resolve such issue. However, in such case DTG shall use reasonable efforts in supporting Customer in resolving the incident which may include DTG Consultancy. DTG will seek Customer’s written approval and agreement to pay any related fees before performing such services.

1.6 Priority Levels

Priority levels are determined based on impact and urgency, as attributable to DTG as set forth below.

Impact:

(i) High: a high priority production incident with a high impact on Customer’s business, impacting (almost) all users
(ii) Medium: a production incident with intermediate impact on Customer’s business, impacting a group of users
(iii) Low: a trivial (production) incident with no impact on the customer’s business

Urgency:

(i) High: operational functionality is severely disrupted
(ii) Medium: operational functionality is limited disrupted
(iii) Low: operational functionality is not/hardly disrupted

	High impact	Medium impact	Low impact
High urgency	Critical priority	High priority	Medium priority
Medium urgency	High priority	Medium priority	Low priority
Low urgency	Medium priority	Low priority	Low priority

If and where DTG provides for a workaround solution the priority level can never be higher than Medium. If incidents arise as a consequence of newer versions of the Mendix platform or Mendix Modeler the priority level is always Low.

1.7 Support Hours

Support via email and/or Support Phone is limited to the support hours as set forth below.

	Standard
Support hours	Office Hours Monday – Friday 9:00 – 17:00 Local Time (excluding national holidays)

For purposes of this SLA, “Local Time” means the time zone for the location of the DTG entity the Customer is contracting with under the Agreement; DTG observes the national and/or public holidays for the same location:

Digital Technologies Group, GMT, UK

1.8 Response Time and Resolution Time Objectives

For solving incidents in CAST software, DTG offers the following response time and resolution time objectives:

	Standard Response Time	Custom Response Time	Standard Response Time	Custom Response Time
Critical	< 2 office hours	t.b.d.	< 8 office hours	t.b.d.
High	< 8 office hours	t.b.d.	Next Business Day	t.b.d.
Medium	Next Business Day	t.b.d.	Reasonable effort	t.b.d.
Low	Reasonable effort	t.b.d.	At DTG discretion	t.b.d.

2 Mendix App Platform

2.1 Software Lifecycle

DTG will only support CAST software for the current major release and the two (2) prior major releases of the Mendix App Platform. This SLA is valid for all Long Term and Medium Term Stable releases of the Mendix platform as defined in https://docs.mendix.com/releasenotes/studio-pro/lts-mts. For monthly releases of the Mendix platform the DTG support level is by default set to “Low”.

The CAST release numbers use the following format. X.Y where X = Major version nr, Y = minor version nr. DTG only supports the last two minor releases of the CAST software as published in the release notes page (https://documentation.CAST.com/release-notes). Customers that run older versions of CAST than the last two minor releases need to upgrade first to one of the supported releases in order to get support according to this SLA.

Upgrading to a higher minor release is only supported for the next minor release (e.g. upgrading from CAST 1.2 to 1.3 is fully supported. In order to upgrade from CAST 1.1 to CAST 1.3 you need to upgrade from CAST 1.1 to CAST 1.2 and then upgrade from CAST 1.2 to CAST 1.3)

2.2 Support of Mendix Applications

This SLA describes the support levels for the CAST Software provided by DTG. The Mendix Platform allows Customers to develop a broad range of Applications which are Customer specific in regard to both functionality and the IT environment in which they are used. Due to the wide range of Applications developed using the Mendix Platform, such Applications require business specific and in-depth domain knowledge in order to be supported. DTG advises to arrange Application support within Customer’s delivery organization (through DTG or another Mendix Partner). DTG can assist delivery organisations in acquiring the right skill set, support them with specialized services or provide application support for applications that have been developed by DTG. Please contact us for more information.

Something in here around first line of support should be within the client organisation for certain thing, deployment et al – what is within the confines of the SLA and what isn’t, and if it isn’t then that is a separate agreement, acquiring skills etc. like this example one says

CAST Definitions

User Roles

System Admin: The System Administrator role is tasked with overseeing and managing the enterprise and users within the app. They are responsible for the set-up and maintenance of the enterprise data, including the sites, regions, buildings, products, enterprise targets and more. They are also responsible for setting up users and managing their roles and permissions.

Enterprise Admin: The Enterprise Administrator role is for key OT cybersecurity personnel. These users can view all data for the enterprise, schedule and conduct assessments, create, and manage vulnerabilities, create actions, and upload documentation.

Cyber Admin: The Cyber Administrator role is for key OT cybersecurity personnel at the site level. This role has permission to view all data, conduct assessments and create actions, but is limited to a single site.

OT User: The OT user role is for a user who is key for the execution of assessments and action plans. They have permission to edit the inventory, conduct assessments, create action plans, and view the management pages.

View: The View user role is for users who only require view access to data at certain sites. This role is ideal for leaders to get access to dashboards to track progress.

General Terms

OT: Operational Technology, or OT, refers to the hardware and software used to monitor and control physical devices, processes, and infrastructure in the manufacturing industries. Unlike Information Technology (IT), which focuses on data processing and communication, OT directly manages the functionality and efficiency of industrial operations.

Risk: Risk in industrial cybersecurity refers to the potential for harm or loss resulting from threats exploiting vulnerabilities in an organisation’s OT assets, systems, or networks. It encompasses the likelihood of a cybersecurity incident occurring and the impact it could have on the confidentiality, integrity, and availability of information.

Assessment: Assessment is the systematic evaluation of an organisation’s digital infrastructure, processes, and controls to identify potential security risks and vulnerabilities. The CAST assessment has three sections, Asset, Procedural and Product. You can also upload and conduct your own questionnaire using the Custom Assessment feature.

Inventory: The Inventory is the comprehensive list of all physical and digital assets used in industrial processes and infrastructure. This includes machinery, smart instrumentation, control systems, actuators, and network devices that are essential for the operation of industrial facilities.

Asset: An Asset is a physical element that is used in the operation of industrial processes. This encompasses a wide range of components. An asset is hardware or virtual hardware which has the ability to be connected to the network and transmit or receive data.

Asset Type: The Asset Type is the general classification of diverse types of assets. Asset Types are configurable in the Master Data.

Action Plan: An Action Plan is a collection of actions that address and mitigate cybersecurity risks and vulnerabilities within industrial environments. This plan outlines specific actions to be taken in response to identified threats or weaknesses identified in the CAST assessment. You can also create a Custom Action Plan based on the results of a Custom Assessment.

Action: An Action is a specific task or measure outlined in the Action Plan to address a cybersecurity risk or vulnerability. Actions are concrete steps taken to enhance the security posture of operational technology (OT) systems and infrastructure within industrial environments. They are linked to questions in the Assessment or can be created as a General Action.

General Action: In the case that an Action is identified but is not related to a question in the Assessment, then users can add a General Action. These can be assigned and tracked like other Actions but are not linked to the Assessment data.

Last Assessment Score: The Last Assessment Score is the result obtained by the related site in their most recent Assessment.

Working Score: The Working Score is a pseudo-current score which is based on a combination of the Last Assessment Score and any Actions that are completed. When Actions are marked as complete, this updates your Working Score to give you an idea of your risk profile at that moment.

Next Target Score: In the context of Action Plans, the Next Target Score is the score that the site will obtain if all Actions in the Action Plan are completed.

Asset Assessment: The Asset Assessment is a section of the CAST Assessment. This section assesses each Asset in the Inventory against a set of criteria to evaluate risk based on criticality, data, physical security and more.

Procedural Assessment: The Procedural Assessment is a section of the CAST Assessment. This section assesses all policies and procedures that are related to OT cybersecurity such as the network management, roles and responsibilities of personnel, remote connection policies, and training.

Product Assessment: The Product Assessment is a section of the CAST Assessment. By assessing products manufactured at the site, this section looks to quantify the risk of a cyber-attack to the site from a supply chain perspective.

Enterprise Target: In OT cybersecurity, the organisation should determine acceptable level of risk that an organization is willing to tolerate regarding the operation and maintenance of its industrial processes and equipment. The Enterprise Admin can set a Target score for the organisation in the Master Data:

Criticality Level: Criticality refers to the degree of importance of a particular piece of equipment to the overall operation of industrial processes. Criticality is often categorised in different ways by organisations, but common criteria include safety, quality, environmental and productivity. In CAST, the Enterprise Admin can define these levels for your organisation.

User Guide for Initial Set-Up

Before using CAST for importing your inventory or carrying out an assessment, you must first populate the Master Data. This includes your Site Management (divisions, regions, sites, etc.) and your Asset Management (products, manufacturers, etc.).

Firstly, you should be logged in as a System Admin. Click on Master Data.

There are 3 tabs within Master Data: Site Management, Asset Management, and Enterprise. The ‘Site Management’ tab is where you populate your Enterprise Hierarchy. The ‘Asset Management’ tab is where you populate the master data to be used in your inventory. The ‘Enterprise’ tab is where you can set the colour / branding theme of your CAST application, and your target risk score.

Site Management

The Site Management tab is where you populate your Enterprise Hierarchy.

Add your divisions.
- Under the Division tab, click on the ‘+ New Division’ button.
- Type in the name of the division and ensure ‘Active’ is set to yes.
- Click ‘Save’.
Add your regions.
- Under the Region tab, click on the ‘+ New Region’ button.
- Type in the name of the region and ensure ‘Active’ is set to yes.
- Click ‘Save’.
Add your sites.
- Under the Site tab, click on the ‘+ New Site’ button.
- Type in the name of the site and ensure ‘Active’ is set to yes.
- From the dropdown lists, select the division(s) and region that this site falls under.
- A site must be associated with both a division and a region.
- Click ‘Save’.
Add your buildings.
- Under the Building tab, click on the ‘+ New Building’ button.
- Type in the name of the building and ensure ‘Active’ is set to yes.
- From the dropdown list, select the site this building is in.
- Each building must be associated with a site.
- Click ‘Save’.
Add your locations.
- Under the Location tab, click on the ‘+ New Location’ button.
- Type in the name of the location and ensure ‘Active’ is set to yes.
- From the dropdown list, select the building this location is in.
- Each location must be associated with a building.
- Click ‘Save’.

Things to note:

The names of all divisions, regions, sites, buildings, and locations can be edited using the pencil icon on the right.
The association of divisions, regions, sites, etc. can also be edited using the pencil icon on the right.
Divisions, regions, sites, buildings, and locations can be deleted, but only if they’re not associated with anything else. For example, a region can be deleted if there are no sites linked to it.
‘Active’ means that the item will appear in dropdown lists and can be linked to.

Asset Management

The Asset Management tab is where you populate the master data to be used in your inventory.

Add your products.
- Under the Product tab, click on the ‘+ New Product’ button.
- Type in the name of the product and ensure ‘Active’ is set to yes.
- There is space to add a description of the product if necessary.
- From the dropdown list, select the division that this product falls under.
- From the dropdown lists, select the site(s) which make this product, and the building(s) within those site(s).
- Click ‘Save’.
Add your manufacturers.
- Under the Manufacturers tab, click on the ‘+ New Manufacturer’ button.
- Type in the name of the manufacturer and ensure ‘Active’ is set to yes.
- Click ‘Save’.
Add your criticality levels.
- Under the Criticality Levels tab, click on the ‘+ New Criticality Level’ button.
- Type in the name of the criticality level and ensure ‘Active’ is set to yes.
- Provide a weighting to this criticality level.
- Click ‘Save’.

Things to note:

Products, manufacturers, and criticality levels can be deleted, but only if they’re not associated with an asset.
The names of all products, manufacturers, and criticality levels can be edited using the pencil icon on the right.
The association of divisions, sites, etc. to products can also be edited using the pencil icon on the right.
‘Active’ means that the item will appear in dropdown lists and can be linked to.

Enterprise

The ‘Enterprise’ tab is where you can set the colour / branding theme of your CAST application, and your target risk score.

Name your Enterprise.
- Type in the name of your Enterprise in the ‘Name’ field.
Input Enterprise Target Score.
- Enter a number between 0 and 100 into the ‘Enterprise Target’ field.
- Note: This is the number which sets the red ‘target’ line on the site assessment graph.
Choose Colours
- For both bar charts and pie charts, there is a dropdown list of preselected colour schemes.
- If you wish to create your own colour scheme, select ‘Theme’ from both dropdown lists. You can add as many colours as you wish to your custom colour scheme. There needs to be 3 colours minimum.
- To add your first colour to your custom colour scheme, click ‘+ New Enterprise Theme Colours’.
- Enter your desired colour’s hex code in the ‘Hex Code’ field and set the order to 1. Select your Enterprise from the dropdown list.
- Repeat the above step for every colour you wish to add to your custom colour scheme, ensuring you increment the order number by 1 each time.
- Note: The order given to the colour determines the order in which the colours appear on the graphs.
- Once you are happy with the Enterprise name, target and colour scheme, click ‘Save’ at the top left.

User Guide for Adding Users

Firstly, you should be logged in as a System Admin. Click on Users.

This page will show you the current list of users. It may only have yourself on it to begin with. To add a user, click the ‘+ Add User’ button at the top right of the page.

Fill out the following information:

First Name
Last Name
Email Address
Job Title
User Role(s) – Select which roles this user can do. This is a dropdown list of the user roles available within the CAST application. These can be found at XXX.
Site(s) – Select which site(s) this user is able to interact with.
Active/Blocked? – Are they allowed to sign in and use CAST?
Set an initial password – This can be changed by the user once they have logged in.

Things to note:

User information can be edited by clicking the pencil icon on the right.
Users can be deleted if necessary, by clicking the trash can icon on the right.

User Guide for Inventory Set-Up

A Cyber Admin or OT User have the functionality of interacting with the inventory. Make sure you have one of these user roles assigned to you.

This is the Inventory Homepage. From here, you can access your inventory, import / export your inventory, and add new assets manually.

Adding / editing an asset
- Click the ‘+ New Asset’ button.
- Fill in the mandatory fields, marked with *.
  - Asset Type is a dropdown list that is prepopulated.
  - Criticality Level is a dropdown list that the System Admin created in the Master Data.
  - Criticality Level is a dropdown list that the System Admin created in the Master Data.
  - Building is a dropdown list of the buildings associated with the site you’re uploading the inventory for. The System Admin configured this list in the Master Data.
  - Building Location is a dropdown list of the locations associated with the building you’ve selected. The System Admin configured this list in the Master Data.
  - Manufacturer is a dropdown list that the System Admin created in the Master Data.
  - Products is a dropdown list that the System Admin created in the Master Data.
- Click ‘Save’.
Importing your Inventory
- Click the ‘Import Assets’ button.
- Browse your device for the file to upload. This must be an excel file.
- Click ‘Upload’.
- If the Master Data has been set up correctly, then all your imported rows should be valid.
- If you have invalid rows, it is because the application is looking for Master Data that does not exist, or there is a spelling mistake for example. You can click on an invalid row to see where the problem is occurring.
- To fix invalid rows, you can click through each item one by one and make the necessary changes, or if it is because something is missing from the Master Data, you can cancel the import and contact your System Admin to make the changes to the Master Data, and then start the import again.
Exporting your Inventory
- Click the ‘Export Assets’ button.
- An excel file will download automatically.

Release Notes

Release Notes: Version 0.9

Beta Preview

In preparation for our Version 1.0 release, we’re excited to provide a sneak peek into the upcoming features. Version 0.9 includes the following:

Feature Teasers: Get a glimpse of the features coming in Version 1.0.
- Inventory Management
- DTG’s Cyber Risk Assessment
- Action Planning
- Vulnerability Management
Performance Enhancements: Optimizations to enhance the speed and reliability of the application.
Bug Fixes: Resolved several reported bugs to ensure a smoother testing experience.

___________________

Release Notes: Version 1.0

Initial Release

We are thrilled to announce the launch of Version 1.0 of CAST! This release marks a significant milestone in our journey. Here’s what’s new:

Profile Management: Easily update your profile information and preferences within the application.
Custom Assessments: Upload your own cyber security risk assessments into CAST.
Responsive Design: Our application is now optimised for various devices, providing a seamless experience across desktop platforms.
Lifecycle management: Schedule and track upcoming assessments for sites.
Bug Fixes and Performance Improvements: We’ve addressed several issues reported during beta testing.

We’re excited to hear your feedback and look forward to continuously improving CAST to better serve your needs.

___________________

Release Notes: Version 1.1

Feature Enhancements

Version 1.1 introduces several enhancements and new features based on user feedback:

User Interface Refinements: Minor tweaks and adjustments to improve the overall user experience.
Notification Centre: See ‘what’s new’ and be notified if you’ve been assigned actions to complete.
Improved Action Planning: Additional prioritisation fields such as cost / effort to implement.
Bug Fixes: Addressed additional issues reported by our users to further enhance application stability.

Frequently Asked Questions (FAQs)

What is CAST?

CAST is an Operational Technology cyber security management hub. It is a Mendix-based web application which helps any organisation to quantify their cyber security risks and lifecycle manage their industrial cyber security programme.

Who is this for?

CAST is for manufacturing organisations of any size and any level maturity with respect to OT cyber security. CAST can be used by business stakeholders to visualise and track performance, by Cyber Security Leads to determine a risk reduction plan and assign actions, and by OT teams who implement and update the action plan.

How does it work?

CAST supports the processes associated with starting and maintaining an OT cyber security programme. This includes creating and maintaining an OT inventory; assessing your business to measure risks and find weaknesses; creating and monitoring an effective action plan to reduce risk and improve compliance; life-cycle management programme for continuous improvement, keeping up to date with regulations, and dealing with unexpected events.

How does CAST support my industrial cyber security program?

Whether your organisation is just starting or whether you are far along the journey, CAST can help. Using CAST, users can maintain the asset inventory, assess to find risks, implement remediation, and deal with unexpected events. CAST provides visualisations so you can track, report, and manage the entire programme in one place.

I already have an assessment process. Can this integrate with CAST?

Yes! CAST can help you digitise, visualise and lifecycle manage any assessment process you have with our Custom Assessment feature.

What makes CAST different?

Many tools exist in the OT cybersecurity market that are highly specialised and technical. We believed that there should be a smart, digital solution to help all businesses accelerate and give direction to their cyber security programme.

CAST is built specifically for Operational Technology systems, but designed with leaders in mind, and takes business needs into account. CAST provides users with a platform to manage their OT cyber security programme.

Can I manage multiple sites?

CAST is purpose built to support multiple sites. Using CAST across a multi-site network allows organisations to fully exploit the cross-site comparison features that gives executives a ‘whole picture’ view of their OT cybersecurity status. CAST uses a standardised assessment criteria for all sites enabling direct cross-site comparison and analysis. Decision makers can easily interpret the data and target weaknesses.

How is an assessment carried out?

The 3-part CAST assessment covers three areas that impact the overall Operational Technology (OT) cyber security posture: asset risk, procedural risk, product risk.

The ‘asset’ assessment evaluates each asset in your inventory, targeting features of assets including data connectivity, software updates and patching.
Each site on your network is subject to a ‘procedural’ assessment which identifies gaps in site-wide policies and procedures that impact the overall OT security posture.
A ‘product’ assessment must be completed for each product manufactured on a site to quantify the cyber risk from elements associated with business strategy, such as stock levels or single source products.

The results are calculated and visualised, enabling the creation of an Action Plan to reduce your risk towards your target score.

How time consuming is it?

CAST has been developed to make the assessment process as quick and seamless as possible. If you already have an OT inventory, CAST can build the inventory from a csv file. If not, assets can be added in the app. The CAST assessment is light-touch and has tools to help you assess your technology and processes with little draw on resources.

Can CAST manage multiple sites?

CAST is purpose built to support organisations of any size. Using CAST across a multi-site network enables organisations to exploit the cross-site comparison features that gives executives a ‘big picture’ view of their OT cybersecurity status. Our approach enables decision makers to easily interpret data and create impactful risk reduction plans.

I don’t have an inventory. How do I start?

We can help you create an inventory of your Operational Technology assets. We offer bespoke services to meet your needs and accelerate your OT cybersecurity journey.

What is Mendix?

CAST is built in Mendix, the market-leading low-code development platform designed to solve complex software development challenges. Using Mendix enables us to accelerate new feature development and create adaptable solutions for our customers. For more info on the Mendix platform, click here.

Where is my data held?

CAST uses the Mendix Cloud for hosting. Mendix Cloud is a multi-tenant cloud built on Cloud Foundry and AWS, and is fully hosted and managed by Mendix. Mendix Cloud is highly secure, low risk and provides high availability. For more info on the Mendix Cloud, click here.

How secure is my data on the CAST platform?

We understand your CAST data can be highly sensitive. We use Mendix Cloud because of it’s high level of security. Security controls for the Mendix Cloud include various levels of encryption, transport layer security (TLS), access restrictions, protection from malicious and unwanted internet traffic, and node settings and permissions. Mendix maintains an extensive roster of certifications, reports, and standards that are available to customers upon request. For more info on the security and compliance of the Mendix Cloud, click here.

CAST

CAST

Documentation

End-User License Agreement

Privacy Policy

Service Level Agreement

CAST Definitions

User Guide for Initial Set-Up

Release Notes

Frequently Asked Questions (FAQs)

Schedule a demo

Get in touch for a personalised tour of our solution. See first-hand how CAST can help you digitise your cyber risk management.

Wherever you are on your digital journey, DTG can help.

Contact Us