Assured Terms of Service (for Provider Companies)

Assured, Inc. (“we”, “our”, “us” or “Visional”) establishes the following Assured Terms and Conditions (“Terms”) for the provision or use of the Assured Service (as defined below), which are provided via communication network using our information database, to the Provider Services,

Chapter 1 General Provisions

Article 1 (Definition)

(1) Assured: means a service of various cloud services with a purpose of registration of Provider Company’s Security Information and use of Security Information by User Companies, provided via the communication network using the database.
(2) Assured System: means an online platform that provides access to the information database on which Assured is based.
(3) Assured Service: means the collective term for services that we provide to the Provider Company and User Companies mainly through Assured System.
(4) Assured Registration Agreement: means a contract including the terms and conditions hereof, mainly for registration and use of security sheets, entered into between the Provider Company and us.
(5) Provider Company: means a legal entity that registers Security Information that has undergone the Assessment to Assured (typically including, but not limited to, cloud service providers).
(6) User Company: means a legal entity that uses Assured as a user after entering into these Terms with us.
(7) Limited Access User Company: means a legal entity that has registered Assured System free of charge and has access only to the Security Information of a particular Provider Company as a Limited Access User Company.
(8) Check Sheet: means the questionnaire used by us to review the Security Information of the Provider Company.
(9) Security Information: means the information concerning the security of the Provider Company registered in Assured after the Assessment conducted by us.
(10) Assessment: means a survey on information security conducted by us and answered by Provider Companies as Assured Services. The Assessment includes, but is not limited to, assessments using Check Sheets.

Article 2 (Application of These Terms)

1 These Terms aim to stipulate rights and obligations of the Provider Company that has agreed to these Terms and that has entered into an Assured Registration Agreement. These Terms shall apply to any and all relations concerning the use of Assured Service between the Provider Company and us.

2 The Provider Company shall confirm that these Terms apply to any and all circumstances when they use Assured Service, and that shall be provided Assured Services upon acceptance and compliance with these Terms.

3 In addition to the services stipulated in these Terms, we may separately establish the terms for various services (which will be included in the definition of the Assured Services) individually provided under the Assured Registration Agreement. In this case, if there is any discrepancy between the contents of these Terms and the contents of the individual service terms (“Individual Terms”), the Individual Terms shall prevail.

4 In addition to the provisions of the preceding paragraph, we may separately establish a term regarding Assured Services by posting on our website or by any other means that we deem appropriate. In this case, unless otherwise stated in the separate terms, the contents of the separate terms shall become part of these Terms.

Article 3 (Amendment of These Terms)

1 We may amend these Terms and the Individual Terms, or establish guidelines and special terms concerning the use of various services (i) if the amendment is in conformity with the interests of the Provider Company or (ii) if the amendment is not inconsistent with the objectives of the Assured Registration Agreement and is reasonable in light of the circumstances concerning the amendment (collectively “Amendment of These Terms”).

2 If we decide to make an Amendment to These Terms, we shall notify the Provider Company in advance that we will make an amendment , as well as the effective date and contents of such amendment, by posting the amendments on Assured System or by any other means that we deem appropriate, t.

3 If the Provider Company uses Assured Services after being notified of any Amendment of These Terms set forth in the preceding paragraph, it shall be deemed that the Provider Company has consented to all matters set forth in the Amendment of These Terms.

Article 4 (Amendment of Assured Services)

We may amend the content of Assured Services to the extent deemed reasonable in light of the Assured Registration Agreement.

Article 5 (Notice)

1 If we notify the Provider Company in connection with Assured Services, we may do so in a manner that we deem appropriate, such as posting on our website, sending e-mails to the e-mail address of the Provider Company registered in Assured System.

2 If the delivery of the e-mail to the e-mail address of the Provider Company registered in Assured System failed because the Provider Company did not conduct notification specified in Paragraph 1 of Article 26, the notification to the Provider Company shall be deemed to have been delivered, and in this case, we may stop sending notifications to such e-mail address.


Chapter 2 Assured Registration Agreement

Article 6 (Application)

1 When a company wishes to register its Security Information in Assured or it has accepted the consultation of Assured’s Security Information from us (“Applicant”), the Applicant shall apply for the Assured Registration Agreement by agreeing to all the content of these Terms and completing an online form specified by us on the registration application screen provided by us.

2 When applying for the Assured Registration Agreement set forth in the preceding paragraph, the Applicant shall submit clarification materials upon our request.

3 In response to the application under Paragraph 1 herein, we shall notify the Applicant of the ID/password required for the use of Assured Service (“Admin IDs”) by e-mail, written notice, Assured System notice, or in any manner that we deem reasonable. The Assured Registration Agreement becomes effective upon the notification of such Admin IDs. However, if the Applicant failed to satisfy the transaction requirement specified by us, we may cancel the Assured Registration Agreement only within two weeks after the application is made.

Article 7 (Term and Automatic Renewal)

The term of Assured Registration Agreement shall continue as long as the Provider Company registers its Security Information on Assured System. However, the Provider Company may cancel the Assured Registration Agreement by voluntarily deleting the registration of its Security Information at any time.


Chapter 3 Use of Assured Service by Provider Company

Article 8 (Assured System)

1 Unless otherwise provided in these Terms, the Provider Company with effective Admin IDs under the Assured Registration Agreement may use Assured System.

2 The Provider Company shall, at its responsibility, strictly control Admin IDs so that they will not be used by any third party. The Provider Company shall assume all the responsibility for any actions taken on Assured using the Admin IDs of the Provider Company, regardless of whether such actions are performed by the Provider Company.

Article 9 (Registration of Security Information)

1 The Provider Company shall register its Security Information in Assured System by undergoing an Assessment (including, but not limited to, the completion of the Check Sheet) promptly after issuing the Admin IDs.

2 The Provider Company has the right to grant access to the Security Information registered in Assured System when requested by the User Company to view and use it (the right to access and use is referred to as the “Access Right”). However, in the event the Provider Company does not make the decision of whether to grant access within a reasonable period, it shall be treated as having refused to grant the access.

3 If the Provider Company grants the Access Right as set forth in the preceding paragraph, the licensed User Company shall be entitled to view and use the Security Information in accordance with the terms and effective period stipulated in the application form, Terms, and/or the Individual Terms. In this case, the User Company’s Access Rights may be renewed.

4 If the Provider Company revokes the grant of such Access Right after granting Access Right to a particular User Company, it shall apply for the revocation of Access Right on Assured System in the manner prescribed by us, and such Access Right shall be revoked accordingly. However, the Security Information that was available to the User Company at the time of revocation may still be viewed even after the revocation.

5 If the Provider Company does not grant the Access Right under Paragraph 2 of this article, the User Company will not be able to view or use the Security Information.

Article 10 (Accuracy and Update of Security Information)

1 The Provider Company must report to our Assessment on a factual basis and register as objective and accurate Security Information as possible.

2 The Provider Company must update their Assessment including the Check Sheet to keep it up-to-date as soon as circumstances that affect or change the Security Information registered in Assured System occur.

3 Notwithstanding the provisions of the preceding two paragraphs, if the Security Information registered in Assured System lacks accuracy or timeliness, the Provider Company shall be responsible for the liability arising from therein, and we shall not be liable to the User Company or any other third parties.

Article 11 (Disclosure of Registered Security Information to non-User Companies)

1 The Provider Company may disclose the Security Information registered in Assured System for its own business by granting restricted Access Right such as Access Right with restricted functions (“Temporary Access Right”) to users who have obtained Access Right or other third parties. In this event, the Security Information shall be disclosed by the Provider Company to a third party in the manner prescribed by Assured System, and Security Information (meaning a security assessment report that is based on the factual assessment reported by the Provider Company in response to an assessment conducted by us, but does not include the factual content of that report itself) shall not be disclosed to a third party outside Assured System.

2 If the disclosure is made to the User Company or any other third party as set forth in the preceding paragraph, the system usage fee may be charged per the provisions of Assured System.

3 In the event of Paragraph 1 of this article, a third party who has been granted disclosure of Security Information by the Provider Company (except for User Companies who have already registered with Assured system) must register as a Limited Access User Company in Assured System per the methods prescribed by Assured System. In registering a third-party Limited Access User Company selected by the Provider Company, the Provider shall assure that:

① The third party registered as a Limited Access User Company shall not be an organized crime group, an organized crime group-related company, a corporate blackmailer (sokaiya), or a person equivalent thereto or a member thereof (collectively “Anti-social Force”).

② The officer of a third party (including the employee who executes business, or director, executive officer, or any other person equivalent thereto) shall not be an Anti-social Force.

③ The access and use of Security Information by a Limited Access User Company are not conducted by Anti-social Force using the name of said Limited Access User Company.

④ The access and use of Security Information by a Limited Access User Company are within the scope of the terms of use for Limited Access User Companies designated by us.

4 If the Provider Company revokes the grant of Temporary Access Right after granting Temporary Access Right, it shall apply for the revocation of Access Right on Assured System in the manner prescribed by us, which shall revoke such Access Right. User Companies that obtained Temporary Access Right and Limited Access User Companies shall not be entitled to access to the Security Information after the revocation.

Article 12 (Public Announcement)

1 The Provider Company may publicly announce that Security Information is registered in Assured System to indicate externally that their security level is secured. In doing so, the Provider Company may use Assured’s trademarks, logos, URL of landing page for Limited Access User Companies (“Assured Trademarks”) by posting them on their websites, sales materials to the extent provided in the following paragraph].

2 We may specify the content of Assured Trademarks available to the Provider Company and the manner of use thereof, and the Provider Company shall comply therewith. The details of Assured Trademarks and the manner of use thereof shall be posted on Assured System or communicated in a manner designated by us.

Article 13 (Intellectual Property Right and License)

1 Copyright or any other rights related to Assured System, Check Sheets, Security Information, software, content, manuals (“Software”) that provided or built by us concerning Assured Service (“Visional IP Right”) shall belong to us or the legitimate owner who granted such rights to us.

2 Except for those expressly granted in Assured Registration Agreement, the conclusion of Assured Registration Agreement does not license the application, use, or utilization of the intellectual property rights held or controlled by us, that means copyrights, patent rights, utility model rights, trademark rights, design rights, including the right to acquire such rights or to apply for registration of such rights, and the same shall apply hereinafter. In addition, except as set forth in the preceding article, the Provider Company may not use the trademarks (including the service marks) held by us without permission.

3 The Provider Company may not reproduce, modify, adapt, analyze, decompile, disassemble, reverse engineer or perform any other similar acts concerning the Software without our prior written consent, and shall not have any third party to do so.

Article 14 (Prohibition)

In addition to the acts prohibited by other provisions of these Terms, the Provider Company shall not engage in any of the following acts concerning the Assured Registration Agreement:

(1) Acts that infringe or may infringe upon the property, privacy, portrait rights, intellectual property rights, or other rights of any third party or ours;

(2) Acts that damage the fame or reputation of any third party or ours;

(3) Acts that cause or may cause demolition, destruction, theft of Assured System or data stored in Assured System;

(4) Disclosure, leakage to, or unauthorized use of Admin IDs by a third party, including Provider Company’s subsidiaries, parent companies, or affiliated companies;

(5) Acts that overload the network or system of Assured System;

(6) Collection of information related to Assured Service or Security Information of Provider Companies registered in Assured Systems for purposes other than Assured Registration Agreement;

(7) Acts that are used for the purpose of designing, developing, and selling systems, products, and services similar to or competing with Assured Services (including having third parties to do so);

(8) Acts that interfere with or may interfere with the third party’s use of the Assured System; and

(9) Other acts that are considered the same or similar to the acts prescribed in the preceding items.


Chapter 4 Payment of Fees

Article 15 (Assured Service Fee)

1 The Provider Company shall pay a service fee to us per the indication on Assured System and the manner set forth in these Terms and applicable Individual Terms.

2 If the Provider Company fails to pay the service fee by the date specified in our invoice, the Provider Company shall pay the unpaid amount together with the delay damages stipulated in the Civil Code of Japan calculated from the following date of the due date.


Chapter 5 Treatment of Information

Article 16 (Confidential Information)

1 The Provider Company shall keep strictly confidential the information concerning the specifications of Assured Services (not including the factual content reported by the Provider Company in response to an assessment conducted by us), data and information including Security Information registered in Assured System, documents concerning Assured Services (including contracts, proposals, quotations, purchase orders, invoices and any other relevant documents.) and any other information that specified by us as confidential, and shall not use such information for any purpose other than the performance of Assured Registration Agreement, and shall not disclose or divulge such information to any third party without our prior written consent.

2 We will maintain strict confidentiality the information specified by the Provider Company as confidential and Security Information registered with Assured, and will not use such information for any purpose other than the performance of Assured Registration Agreement, and will not disclose such information to any third party without the prior consent of the Provider Company.

3 The provisions of the preceding two paragraphs shall not apply to the information specified in each of the following items.

(1) Information already in possession at the time of disclosure

(2) Information rightfully obtained from a third party after disclosure without any obligation of confidentiality

(3) Information already in the public domain at the time of disclosure

(4) Information that has become publicly known through no fault of the receiving party after disclosure

(5) Originally developed information

4 Notwithstanding the provisions of Paragraphs 1 and 2, if the disclosure of confidential information is required under laws and regulations, the Provider Company and we may disclose such confidential information to the minimum extent necessary after giving prior notice to the other party and taking measures to protect the confidentiality as much as possible.

5 Notwithstanding the provisions of Paragraph 2, for purposes of operating our business, we may disclose and provide the existence of a service usage agreement and the transaction history between the contracting party and us ("Contract Information") to our group companies (meaning our affiliated companies and companies having the same parent company as us; hereinafter the same), and such group companies may use the Contract Information within the scope of such purpose. In this case, we will be responsible for the use of the Contractual Information by our relevant group company.

Article 17 (Data)

1 We may back up the data entered by the Provider Company in the application form when using Assured or into Assured System (“Provider Company Data”) for the purpose of maintaining and managing Assured Service, and may use it for the purpose of providing, maintaining, and improving Assured Service.

2 Assured Service is provided under the security measures as much as possible by us. However, in the event of any damage to the Provider Company Data or Security Information of the Provider Company due to malicious acts by a third party, we shall not be liable for such damages, including, without limitation to, restoration or compensation for damages.

Article 18 (Personal Information)

1 Except for the circumstances prescribed in this article, we will acquire and use personal information contained in the Provider Company Data only for the purpose of providing and maintaining Assured Service.

2 We may freely use personal and corporate information contained in the Provider Company Data and record of use of Assured Service by the Provider Company and individuals as statistical information after proper processing to prevent identification of a particular individual or company, and the Provider Company agree to such use.

3 In addition to the preceding two paragraphs, we may handle the personal information of the Provider Company obtained through Assured Service as stated in our Personal Information Policy.

4 If the Provider Company grants a Temporary Access Right to a third party, and such third party does not register as a Limited Access User Company, we will not use any of such third party's personal information (name, email address, etc.) registered on the Assured System.


Chapter 6 Damage and Indemnification

Article 19 (Damage)

If one party suffers any damages arising from the other party’s breach of these Terms and Assured Registration Agreement, the Provider Company or we may claim compensation for damages with a substantial legal cause against the other party.

Article 20 (Waiver)

1 We do not make any warranty concerning the following situations or assume any liability for troubles, handling of troubles, or damages caused by any of the following situations items and any situation prescribed in any other provision of these Terms:

(1) Assured Service has the function expected by the Provider Company regardless of our service’s environment or the Provider Company’s environment.

(2) The use of Assured service by the Provider Company complies with the laws and regulations applicable to the Provider Company or the internal rules of the industrial organization.

(3) Completeness, certainty, and usefulness of information and data including security information that Provider Company obtained through Assured service.

2 We shall not be liable for any damages incurred by the Provider Company due to the loss or leakage of data by the Provider Company or the use of Assured Service other than the intended purpose for which Assured Service is provided.

3 We shall not be liable in any way other than as provided herein for damages to the Provider Company arising in connection with the delay, suspension, modification, cessation, cancellation of the Assured Service, or loss, leakage of the information and data including the Security Information registered or provided.

4 We do not guarantee that Assured Service is compatible with all the information terminals. The Provider Company acknowledges in advance that there is a possibility that bugs may occur during the operation of Assured Service due to the operating system of the information terminal used for Assured Service or the version update of the browser. In the event of such bugs, we will endeavor to resolve such bugs by correcting the program, but we shall not be liable for such bugs.

5 We are not responsible for the condition of communication networks that are not under our control or equipment that does not belong to us, including circumstances of natural disasters.

Article 21 (Temporary Suspension or Cessation of Assured Service)

Without prior notice to the Provider Company, we may temporarily suspend or cease all or part of Assured Service in the event of any of the following circumstances. However, except for emergent situations, we shall notify the suspension or cessation of Assured Service in advance.

(1) Regular maintenance

(2) In the event of inevitable circumstances, such as emergency maintenance, equipment maintenance, failure correspondence, etc.

(3) If the Assured System is heavily loaded due to excessive accesses to Assured Service or other unexpected reasons.

(4) When it is necessary to safeguard the Provider Company or the security of the Provider Company.

(5) In the event of natural disasters including earthquake, typhoon, flood, tsunami, or any other emergencies, or the occurrence of such risks, making it difficult to continue providing Assured Service.

(6) Where the telecommunications carrier has suspended telecommunications services.

(7) If we determine that the provision of Assured Service should be suspended for operational or technical reasons.

Article 22 (Suspension of Assured Service to Provider Company)

1 Where the Provider Company falls under any of the following circumstances, we may suspend the provision of all or part of Assured Service to the Provider Company without prior notice:

(1) When it is found that the information or Security Information of the Provider Company registered with Assured is defective or contrary to the fact or is in such doubt.

(2) When there are changes specified in Paragraph 1 of Article 26, and the Provider Company did not conduct the notification procedure for such changes.

(3) If the Provider Company fails to repay liability to us, or we determine that the Provider Company’s credit status deteriorated significantly and there is the risk of non-performance.

(4) If the Provider Company breached Assured Registration Agreement or these Terms, or we determine that there is a risk of such breach.

(5) If Provider Company’s location is unknown or is out of contact.

(6) In the event of a seizure, collection of tax delinquency, petition for bankruptcy, civil rehabilitation, corporate reorganization, corporate consolidation, special liquidation, or voluntary petition.

(7) In the event of being suspended from trading at the clearinghouse or subject to seizure or collection of tax delinquency.

2 We shall not be liable for any damages to the Provider Company caused by the suspension of Assured Service herein.


Chapter 7 Termination

Article 23 (Termination)

1 If the other party breaches these Terms and Assured Registration Agreement, the Provider Company or we may terminate Assured Registration Agreement upon two weeks prior notice and demand for performance.

2 Notwithstanding the preceding paragraph, if we determine that the Provider Company falls under any of the items in Article 22, we may terminate the Assured Registration Agreement, regardless of whether notice or demand for performance is given to the Provider Company.

Article 24 (Abolition of Assured Service)

1 We has the right to abolish any or all of Assured Services at any time. Under these Terms and any applicable provisions, we shall not be liable for any damage caused to the Provider Company or any other third parties as a result of such abolition.

2 In the event of the abolition of any or all of Assured Services, we will notify the Provider Company not less than three months before abolition. Such abolition shall take effect from the time such notice is delivered to the Provider Company.

3 If the service is abolished due to unforeseen reasons or unavoidable reasons such as laws and regulations, natural disasters, etc., and if three months of prior notice is not possible, we shall promptly notify the Provider Company after the abolition.


Chapter 8 Miscellaneous

Article 25 (Prohibition of Assignment and Pledge)

The Provider Company may not assign, pledge rights and status under Assured Registration Agreement, such as the right to receive the provision of Assured Service to a third party, or otherwise establish third-party rights without our prior consent.

Article 26 (Notification of Change)

1 The Provider Company shall promptly notify us of any changes of the following circumstances per the manner designated by us.

(1) When intending to change the address or location.

(2) When intending to change the trade name or commercial name.

(3) When intending to change the representative or business owner.

(4) When intending to change the registered telephone number or e-mail address of the Provider Company in the Assured Registration Agreement.

2 In the event of notification of changes, the Provider Company shall submit clarification materials designated by us if we deem necessary.

Article 27 (Settlement Upon Termination)

1 We will not refund any payment that we have received upon the termination of the Assured Registration Agreement.

2 If there are any of our outstanding credits against the Provider Company at the time of termination of Assured Registration Agreement, such unpaid debts shall become due and payable, and the Provider Company shall promptly make the payment per our request.

3 The standard for calculating the amount of outstanding credits shall follow these Terms and, if not provided for in these Terms, shall be paid per our request.

Article 28 (Treatment of Data Upon Termination)

In the event of termination of Assured Registration Agreement, from the day following the date of termination of Assured Registration Agreement, we may delete all the registered information of the Provider Company and all the information provided by us to the Provider Company. However, we may retain the Security Information at the time of the termination of the Assured Registration Agreement. The Provider Company shall download the necessary information on its responsibility by the termination date of the Assured Registration Agreement and we shall not provide the information after the termination date.

Article 29 (Severability)

If any provisions of these Terms, or any part thereof, is held to be invalid or unenforceable, the remaining provisions of these Terms (other provisions and sections that are not held invalid or unenforceable) shall not be affected and shall continue in full force and effect thereafter.

Article 30 (Assignment of Assured Service)

If the business relating to Assured Service is transferred to a third party, upon the transfer of such business, we may transfer the status as the operator of Assured Service, the status under these Terms and Assured Registration Agreement, the rights and obligations under these Terms and Assured Registration Agreement, as well as the registered information and other information of the Provider Company to the transferee. The Provider Company of Assured Service shall agree in advance to the transfer of the status as the Provider Company, the status under these Terms, the rights and obligations under these Terms and Assured Registration Agreement, and the transfer of the registered information and other information of the Provider Company.

Article 31 (Outsourcing)

1 We may outsource all or part of the services related to the provision of Assured Service to a third party without obtaining the approval of the Provider Company (“Service Outsourcing”).

2 If we conduct the Service Outsourcing to a third party per the preceding paragraph, we shall comply with the laws and regulations, and shall endeavor not to cause any damage to the Provider Company.

Article 32 (Governing Law and Jurisdiction)

1 These Terms, Assured Registration Agreement, and the relationship between the Provider Company and we shall be governed by the laws of Japan.

2 The Tokyo District Court shall be the exclusive jurisdictional court for the first instance in the event of any litigation concerning these Terms, Assured Registration Agreement, or Assured Service.

 

 

Drafted on November 10, 2020
Revised on January 25, 2022
Revised on February 24, 2022
Revised on August 1, 2022