General Terms & Conditions for Service and License Agreement
Sept 1, 2022.
Table of contents
Definitions
1. Grant of right to use the services
2. Obligations of the service provider
3. Customer responsibilities, usage, and content of the service
4. Restriction of access to the services
5. Third Party Products or Services
6. License grant to Covr Software
7. Terms and conditions for the Covr App
8. Fees and payment
9. Support, Maintenance and Availability
10. Proprietary Rights and Licenses
11. Confidentiality
12. Audit
13. Warranties and disclaimers
14. Indemnification
15. Limitation of liability
16. Notices
17. Term and termination
18. Return or destruction of the Covr Software
19. Miscellaneous
19.1 Force Majeure
19.2. Subcontractors
19.3 Entire Agreement and amendments
19.4 Survival of provisions
20. Governing law disputes
Definitions
Capitalized terms not defined herein shall have the meaning ascribed to them elsewhere in the Agreement.
“Additional Services” shall mean services which the Service Provider can provide to the Customer as agreed between the Parties, including but not limited to integration of the Service or Covr Software as well as adjustments, modifications and additions to the Service or the Covr Software.
“Agreement” shall have the meaning set out in the main agreement document.
“Contact Person” means a person appointed by the Customer to manage the contacts with the Service provider.
“Covr App” means the mobile platform application needed to access the Service.
“COVR Products” shall mean the COVR App, COVR SDK, COVR Software and the Services.
“COVR SDK” means the software development kit provided by COVR.
“Covr Software” means the digital assets needed to be installed by the Customer in order to access the Services, including any Updates and Upgrades, and all related specifications, documentation and any additional materials.
“Customer Data” means any data and information submitted or processed by or for Customer in relation to the Services.
“Malicious Code” means code, files, agents, programs or similar that are intended to do harm including by way of e.g. viruses and Trojan horses.
“Service Fee” means the agreed fees for the ordered Services and Additional Services, payable by the Customer, as set out in the Price Schedule.
“Service Specification” means the description of the Services including its different components included in the Services to be delivered to the Customer under the Agreement as set forth in https://www.covrsecurity.com/covr-app-requirements/. This is a description of the standard Services and does not include any customizations or adaptations made for the Customer.
“Services” means the Software-as-a-Service offered by the Service Provider as specified in the Service Specification, as updated from time to time. The term “Services” does not, for the avoidance of doubt, include any Additional Services.
“Subscription” means a right to use the ordered Services in accordance with the Agreement.
“Third-Party Products” means hardware and software products and tools offered by third parties which might be used by the Customer in connection with the Services.
“TOU” means the Service Provider’s “Terms of Use” to the Services and the Covr App accessible via https://www.covrsecurity.com/covr-app-terms-of-use/ or in the Covr App.
“Updates” shall mean the Service Provider’s published corrections of the Covr Software, which will be provided to the Customer in accordance with the Service Specification.
“Upgrades” shall mean the Service Provider’s published versions of the Covr Software including new or better functionality, which will be provided to the Customer in accordance with the Service Description.
“User” means an individual who is authorized by Customer to use the Services to whom Customer is allowed to provide the Services in accordance with the Agreement and to whom the Customer has supplied a user id and password. Users may include for example employees of the Customer.
1. Grant of right to use the services
1.1 Subject to the Customer’s compliance with the Agreement, the Customer, and the number of Users set out in the main Agreement document, are granted a non-exclusive, non-transferable, limited right, within the Territory, to access and use the Services within the Customer’s business during the term of the Agreement.
1.2 The Services may only be used by the number of Users for which the Customer has paid the Service Fee in accordance with the Price Schedule and in accordance with the other terms and conditions of the Agreement.
1.3 The Customer understands that both the Covr Software and the Covr App are needed to be able to utilize the Service as described in the Service Specification and that the Service, Covr Software and Covr App only function in the specific environment and on the platforms set out in the Service Specification. The Customer further understands that the Customer and the Users have to download and install the Covr App from the applicable mobile application store available and that such installations are not included in the Service.
2. Obligations of the service provider
2.1 The Service Provider will:
(a) make the Services available to Customer pursuant to the Agreement and materially in accordance with the Service Specification;
(b) ensure that the Services are in accordance with applicable laws and government regulations in Sweden (subject to the Services being used according to the Agreement and the applicable TOU);
(c) provide any Additional Services in accordance with what has been agreed between the Parties and do so in a professional and workmanlike manner, and with personnel who are appropriate, qualified and competent for the purpose; and
d) perform any Additional Services in accordance with Customer’s security regulations, as agreed between the Parties.
2.2 Notwithstanding what is set forth in section 2.1, the Service Provider reserves the right to, at the sole discretion of the Service Provider, amend the Services at any time, always provided that the functionality offered via the Services is not materially decreased or that such change is otherwise reasonably not to the detriment of the Customer. The most recent description of the Service is always available at https://www.covrsecurity.com/covr-app-requirements/
3. Customer responsibilities, usage, and content of the service
3.1 The Customer will:
(a) be responsible and liable for all Users’ compliance with the Agreement and the applicable TOU;
(b) be responsible for the legality of all Customer Data and the means by which Customer acquired Customer Data;
(c) use the Services only in accordance with the Agreement, the TOU and applicable laws and government regulations;
(d) use commercially reasonable efforts to prevent unauthorized access to or use of the Services and notify the Service Provider promptly of any such unauthorized use;
(e) not make any Services available to anyone other than the Users in accordance with the Agreement, lease, sublicense, rent, distribute the Services or use the Services to benefit of others;
(f) not permit direct or indirect access to or use the Services in a way that circumvents a contractual usage limit;
(g) not use the Service to store or transmit Malicious Code;
(h) not reverse engineer the Services or use the Services to access the Service Provider’s intellectual property (save for as permitted under the Agreement or mandatory law)
(i) Make such information and documentation regarding the Customer’s operations available to the Service Provider as is necessary for the performance of the Services and any Additional Services. To the extent any Additional Services shall be performed at the Customer’s premises, the Customer shall make available the necessary workspace and infrastructure;
(j) without undue delay the notify Service Provider of any circumstances it becomes aware of that may affect the performance of the Services or Additional Services.
3.2 The Customer shall appoint a Contact Person, with the agreed level of competence, who shall be responsible for, amongst other things, managing the contacts with the Service Provider. The Customer shall provide the Service Provider with contact details for the Contact Person.
3.3 The Customer must further ensure that it complies with the technical requirements set out in the Service Specification and any additional specification agreed between the Parties.
3.4 The Customer shall comply with COVR’s Code of Conduct, if any, as updated from time to time
4. Restriction of access to the services
4.1 In the event the provision of the Services causes damages or risk of damages for the Service Provider or customers of the Service Provider, e.g. in the event of a denial of service attack or introduction of Malicious Code, the Service Provider shall be free to (without any obligation to compensate the Customer) restrict the Customer’s access to the Service. Service Provider will notify the Contact Person without undue delay of any such restrictions and shall only undertake the measures as justified by the circumstances in each case.
5. Third Party Products or Services
5.1 To use the Services the Customer might be dependent on Third Party Products.
5.2 Customer acknowledges and accepts that the Service Provider does not warrant the availability or functionality of such Third Party Products and assumes no liability for the suitability of Third Party Products for the purposes of accessing and using the Services.
5.3 The functionality of the Services is dependent on that the Customer has an adequate internet connection and it is the sole responsibility of the Customer to ensure it holds a proper internet connection for the proper functionality of the Services.
5.4 The Service Provider may however from time to time, without any liability whatsoever, recommend Third Party Products and services which the Service Provider deems suitable to be used in connection with the Services.
6. License grant to Covr Software
6.1 Subject to the Customer paying the Service Fee in accordance with the agreed Price Schedule, the Customer is hereby granted a non-exclusive, non-transferable, time-limited license to use the Covr Software within the Territory on the terms and conditions set out in the Agreement.
6.2 The Covr Software is only intended for the Customer’s internal use and may only be used in the user environment in accordance with the agreed terms and conditions in the Agreement.
6.3 The Customer may not itself, nor by giving permission to a third party, use, copy or otherwise transfer the Covr Software, or parts thereof, except as expressly permitted by the Agreement. The Customer may under no circumstances itself, or by giving permission to any third party, alter, develop or make additions to the Covr Products.
6.4 The Customer may not sub-license, rent, lend or otherwise permit any third party to, directly or indirectly, with or without remuneration, dispose of or otherwise use the Covr Software, unless explicitly set out in the Agreement.
6.5 The Customer may not decompile, disassemble or reverse engineer the Covr Products or by any other means attempt to recreate the source code of the Covr Products or make copies for archival or disaster recovery purposes, other than as expressly permitted by mandatory law.
6.6 The Customer may not alter or remove any proprietary rights notices on the Covr Products, or the media by which it is made available, regarding patents, copyright, trademarks or other intellectual property rights.
6.7 The Covr Products shall be delivered to the Customer in the manner and at the time agreed upon by the Parties.
6.8 As part of an amendment to the Services in accordance with clause 2.2 above, the Service Provider reserves the right to provide Updates or Upgrades to the Covr Products at any time without giving the Customer any prior notice.
6.9 The Customer is solely responsible for the implementation of the Covr Products in accordance with the Service Specification.
7. Terms and conditions for the Covr App
7.1 The terms and conditions for the use of Customer’s and the User’s use of the Covr App are governed by the TOU. The Customer shall be responsible for the Users’ acceptance of the TOU and the Users’ use of the Covr App as if it was it’s own and shall be fully liable for any breach by a User of the TOU.
8. Fees and payment
8.1 Customer will pay the Service Fees in accordance with the prices stipulated in the Price Schedule. Paid Service Fees are non-refundable. The Service Fees will be adjusted annually in January according to the Swedish “Arbetskostnadsindex”, AKI with the baseline as the year of signing.
8.2 The Service Fees are stated exclusive of value-added tax and other additional taxes and charges on the Services and the Additional Services that were imposed after the Agreement was entered into.
8.3 Any Service Fee for the Services shall be payable against invoice and any Additional Services will be invoiced monthly in advance, with payment terms according to Price Schedule from the date of the invoice. The Service Provider reserves the right to charge a service charge (at the current price list) for the invoicing to cover its administrative costs in relation thereto.
8.4 The Service Provider shall be entitled to reimbursement for expenses in accordance with what is specifically agreed. When travelling from the Service Provider’s permanent base as specified in the Agreement, the Service Provider is entitled to remuneration for the costs of subsistence, accommodation and travel. For travel relating to travel by private car, such reimbursement shall be in accordance with the Service Provider’s from time to time applicable price list. For accommodation and travel by other means than car, the Service Provider shall be compensated on the basis of costs incurred.
8.5 If the Customer causes the Service Provider to be unable to utilise allocated resources, the Service Provider is entitled to charge compensation for the allocated time that cannot be utilised. This applies to the extent the Service Provider cannot cover the allocated resources with other work and the Service Provider has informed the Customer’s contact person of such issue.
8.6 In case of late payment, the Customer shall pay late payment interest on any outstanding amount in accordance with the Swedish Interest Act. The service provider shall, upon written notice to the Customer, be entitled to discontinue Customers provision of the Services until any outstanding amounts have been paid in full. In case of late payment, the Customer shall pay late payment interest on any outstanding amount with the Swedish government borrowing rate + 8% .
8.7 New functionality introduced in the Services and Upgrades to the Covr Products may be provided by the Service Provider (collectively “Service Upgrade”). Upon such Service Upgrade, the Service Provider shall be entitled to revise the Service Fee upon giving the thirty (30) days given written notice. The Customer’s continued use of the Services after that period shall be considered as an acceptance of the new Service Fee.
9. Support, Maintenance and Availability
9.1 The Service Provider will provide support and related services as described in the Support, Maintenance and Availability Agreement document available at link hereby integrated into the Agreement.
Covr shall and will only provide support to the Customer and for the avoidance of doubt no support will be provided by Covr to the End Users or the Service Provider.
10. Proprietary Rights and Licenses
10.1 Subject to the limited rights granted hereunder Service Provider reserves all right and title to the Services, the Covr Products including any intellectual property rights related thereto and the result of any Additional Services performed under the Agreement. No rights are granted to Customer other than as expressly set forth in the Agreement.
10.2 With the exception of any Third-Party Products and any Customer Data fed into the system by the Customer, Service Provider owns all rights, including intellectual property rights, in and to the Services and the Covr Software and all parts thereof as well as in any results arising out of the Service Provider’s performance of the Services.
10.3 Where the Customer has been provided access to the Covr SDK and/or the Covr Software source code, Customer acknowledges and agrees that all rights, including copyright and other intellectual property rights, in and to the Software shall remain with the Service Provider and that any software, development or derivative work of the Covr Products created by Service Provider through use of the shall be the property of the Service Provider.
10.4 The Customer shall, at its own expense, ensure that the Service Provider is granted a right to use any trademarks of the Customer as well as any systems or programs reasonably required for the Service Provider to be able perform any of the agreed upon Additional Services. The Service Provider shall only use such trademarks in accordance with the reasonable brand guidelines of the Customer.
11. Confidentiality
11.1 Each Party undertakes not to disclose to any third party without the consent of the other Party any information received from the other Party, including its business, which can reasonably be deemed to be of a confidential nature, including trade secrets and information which is covered by any statutory duty of secrecy. Information stated by one of the Parties to be confidential shall always be deemed to constitute confidential information.
11.2 The Parties’ confidentiality obligations under this Section 14 shall not apply to trade secrets or any other confidential information which the receiving Party can demonstrate (i) is already known when received, (ii) is or has become public knowledge other than through breach of the Agreement, (iii) is received from a third party who lawfully acquired it and who is under no obligation restricting its disclosure, or (iv) is to be made publicly available due to a court order, a decision by a public body or as otherwise required by mandatory law.
11.3 Each Party agrees to impose on its employees and consultants, in an appropriate manner, the above obligations of confidentiality in this Section 14. The Parties shall ensure that any subcontractors engaged, together with any of their employees involved in the assignment, sign a confidentiality undertaking containing equivalent provisions to the benefit of the other Party.
11.4 The Parties’ obligations under this Section 11 shall be valid during the term of the Agreement and continue for a period of three (3) years after expiration or termination of the Agreement, regardless of the reason therefor.
12. Audit
12.1 If the Agreement comprises more than one (1) User, the Customer shall provide the Service Provider with information of the number Users. The Customer shall promptly upon the Service Provider’s request, but no more than twice (2) a year, provide the Service Provider with information regarding the number of Users or if specifically required by the Service Provider an updated list of all Users.
12.2 The Service Provider may appoint an independent auditor to, upon written notice from the Service Provider, during the Customer’s normal working hours conduct audits to determine and verify that the Customer is in compliance with the terms and conditions of the Agreement.
12.3 The Customer shall cooperate with the Service Provider and shall promptly grant the independent auditor appointed by the Service Provider access to the Customer’s premises. The audit shall be restricted in scope, manner, and duration to that reasonably necessary to achieve its purpose and not unnecessarily disrupt the Customer’s operations. The Customer shall promptly remedy any breaches of the Agreement, including but not limited to underpayment of the Service Fee revealed during the audit. If the audit reveals an underpayment of Service Fee in excess of five (5) percent of the Service Fee due for the relevant period, the Customer shall also be liable for the Service Provider’s costs for the audit.
13. Warranties and disclaimers
13.1 The Service Provider warrants that during the term of the Agreement the Services will perform materially in accordance with the Service Specification and the Service Provider will not materially decrease the overall functionality or security of the Services.
13.2 Except as expressly provided in the Agreement, Service Provider makes no warranty of any kind whether express, implied statutory or otherwise and the Customer hereby, to the maximum extent permitted by applicable law, disclaims all implied warranties such as implied warranties for fitness for a particular purpose, merchantability, non-infringement, and the Service being free from errors and bugs.
14. Indemnification
14.1 The Service Provider undertakes to defend the Customer where claims are made or actions are brought against the Customer for infringement of any third party’s intellectual property rights as a consequence of the Customers’s use of the Services, or the Covr Products or the result of any Additional Services in the Territory, provided that such use has been in accordance with the Service Provider’s instructions and the Agreement, and to indemnify the Customer from any cost or damages which the Customer may be obligated to pay in accordance with a judgment, arbitral award or settlement. Service Provider’s undertaking shall only apply provided that Service Provider, without undue delay, is notified by the Customer in writing of the claim or action and that Service Provider is given the sole right to control the defense against such action and decide on any agreement or settlement. The Customer shall nevertheless be given the opportunity to participate in the defense (at its own expense) and the Service Provider shall not settle any claim without the Customer’s prior consent, not to be unreasonably withheld. The Service Provider shall perform the defense in a professional and diligent manner.
14.2 The Service Provider’s obligation to indemnify as set out in the Agreement only applies provided that Customer i) has used the Services, and the Covr Products and the result of any Additional Services only in accordance with the Service Provider’s instructions, ii) that the alleged infringement has not been caused by the use of the Services, or the Covr Products or the result of any Additional Services in combination with any other service or software where the infringement would have been avoided but for such combination and iii) that the infringement has not been caused by the Customer’s own information.
14.3 Any Third-Party Products which form part of the Services are subject to the third party’s terms and conditions regarding infringement.
14.4 The provisions of this Section 14 shall constitute Service Provider’s sole and exclusive responsibility and Customer’s sole remedy in relation to infringements of third party intellectual property rights.
14.5 Customer shall indemnify Service Provider against any and all claims, demands, suits or proceeding made or brought against Service Provider by a third party alleging that the Customer Data or Customer’s use of any Service or Covr Products in breach of the Agreement infringes such third party’s intellectual property rights or violates applicable law, and will indemnify Service Provider from any cost or damages which the Service Provider may be obligated to pay in accordance with a judgment, arbitral award or settlement. Customer’s undertaking shall only apply provided that Customer, without undue delay, is notified by the Service Provider in writing of the claim or action and that Customer is given the sole right to control the defense against such action and decide on any agreement or settlement. The Service Provider shall nevertheless be given the opportunity to participate in the defense (at its own expense) and the Customer shall not settle any claim without the Service Provider’s prior consent, not to be unreasonably withheld. The Customer shall perform the defense in a professional and diligent manner.
15. Limitation of liability
15.1 Unless expressly provided in the Agreement, the Service Provider shall only be liable for direct losses caused by negligence and the total aggregate liability of the Service Provider shall be limited to an amount corresponding to the total compensation paid by the Customer during the twelve (12) months immediately preceding the incident causing the loss.
15.2 The Service Provider shall not be liable for any loss of production, loss of data, loss of business or profit, loss of use, loss of goodwill, the obligation to compensate a third-party or any indirect or damages.
15.3 The Service Provider’s assumes no responsibility, and shall not be liable, for any defects or delays in the Services or Additional Services, including any failure to meet any agreed service level, where such is the result of any act or omission of the Customer or any third party on the Customer’s side, including but not limited to subcontractors engaged by Customer or Customer’s users and Customer’s failure to, in a timely manner install the latest Updates and Upgrades. Defects and delays caused by the Customer, any third party on the Customer’s side, or a force majeure event, shall entitle Service Provider to a reasonable extension of time and to compensation for any costs accrued by the Service Provider due to such delay or defect.
15.4 The above limitations shall not apply in the event of any loss which is caused by the Service Provider’s gross negligence, intentional breach or breach of the confidentiality undertaking set out in the Agreement.
16. Notices
16.1 Any notice or communication is given by either Party to the other, under or in connection with the Agreement, shall be in writing and shall be either:
(a) sent by courier or registered to either its registered office or its principal place of business; or.
(b) sent by email to the addresses stated in the Agreement
Service Provider: Covr Security AB
Nordenskiöldsgatan 24, 211 19 Malmö
Sweden
support@covrsecurity.com
16.2 Any notice or communication shall be deemed to have been received if:
(a) sent by courier or registered mail, at the time recorded by the delivery service.
(b) sent by email, at 9:00 am on the following business day after transmission provided that the sender has not received a notification on the failure to deliver the email.
17. Term and termination
17.1 The Agreement shall enter into force on the Effective Date and shall remain in force for the period set out in the main agreement document.
17.2 Either Party may upon written notice to the other Party terminate the Agreement and/or any SoW:s thereunder with immediate effect if: (i) the other Party has committed a material breach of the Agreement, and has not rectified the same within thirty (30) days after receipt of a written notice thereof; or (ii) the other Party is wound up or if a trustee in bankruptcy or insolvency, liquidator, receiver, or manager on behalf of a creditor is appointed or if circumstances arise which would entitle the court or a creditor to make a winding-up order, or if it otherwise is likely that the other Party is insolvent.
17.3 Upon termination of the Agreement, the Customer shall not be entitled to any refund of the Service Fees paid in advance.
17.4 In the event the Customer has committed a material breach of the Agreement, the Customer shall compensate the Service Provider for its damages, costs, or loss, regardless if the Service Provider chooses to terminate the Agreement for convenience under clause 17.2 or not. If the material breach consists of the Customer’s making unauthorized copies of the Covr Products or parts thereof, the Customer shall be obliged not only to pay a license fee corresponding to the Service Fee for the unauthorized copies but also to compensate the Service Provider for the damage caused due to the breach. The unauthorized copies of the Covr Products shall, by the Service Provider’s own choice and request, be returned to the Service Provider or destroyed in accordance with what is stated in clause 20 below.
18. Return or destruction of the Covr Software
18.1 Upon termination of the Agreement the Customer shall immediately and in accordance with the Service Provider’s instructions return or destroy all copies of the Covr Products, and, whenever applicable, the media on which the Covr Products was made available to the Customer. The Customer shall thereafter certify in writing to the Software Provider that such return or destruction has occurred and that the Customer neither directly or indirectly, in whole or in part, holds or disposes of the Covr Products or any copy thereof.
19. Miscellaneous
19.1 Force Majeure
19.1.1 If and to the extent that a Party’s performance of any of its obligations pursuant to the Agreement is prevented, hindered or delayed due to circumstances beyond the reasonable control of such Party such as, lightning, labour disputes, fire, acts of war, requisition, seizure, currency restriction, riots and civil disorders, shortage of means of transportation, shortage of goods, amendments to regulations issued by governmental authorities, intervention of authorities or defects and/or delays in delivery of his sub-suppliers due to the circumstances here stipulated (each, a “Force Majeure Event”), then the non-performing Party shall be excused from any performance of those obligations affected by the Force Majeure Event for as long as such Force Majeure Event continues. The Party whose performance is prevented, hindered or delayed by a Force Majeure Event shall immediately notify the other Party of the occurrence of the Force Majeure Event and describe in reasonable detail nature thereof. The non-performing Party is, however, always obligated to mitigate the effects of the Force Majeure Events.
19.1.2 Should an event of Force Majeure continue for more than three (3) months, each Party shall have the right to terminate the Agreement or part thereof.
19.2. Subcontractors
19.2.1 The Customer may only assign the rights or obligations under the Agreement to a third-party with the prior written consent of Service Provider.
19.2.2 Service Provider may engage subcontractors to execute the Services and any Additional Services.
19.3 Entire Agreement and amendments
19.3.1 The Agreement shall supersede any prior agreements, arrangements, and understandings between the parties and constitutes the entire agreement between the parties relating to the subject matter hereof. No addition to or modification of any provision of the Agreement shall be binding upon the parties unless made by a written instrument signed by a duly authorized representative of each of the parties.
19.4 Survival of provisions
19.4.1 Any provision in the Agreement that to its nature is intended to survive the termination of the Agreement will survive its termination and remain in force without limitation in time.
20. Governing law disputes
20.1 The Agreement shall be governed by and construed in accordance with the laws of Sweden, with the exclusion of its conflict of law rules.
20.2 Any dispute, controversy or claim arising out of or in connection with the Agreement, or the breach, termination or invalidity thereof, shall be finally settled by arbitration administered by the Arbitration Institute of the Stockholm Chamber of Commerce (the “SCC Institute”). The place of arbitration shall be Stockholm, Sweden. The language to be used in the arbitral proceedings shall be Swedish unless otherwise agreed.
20.3 The Rules for Expedited Arbitrations of the Arbitration Institute of the Stockholm Chamber of Commerce shall apply, unless the SCC Institute, taking into account the complexity of the case, the amount in dispute and other circumstances, determines, in its discretion, that the Rules of the Arbitration Institute of the Stockholm Chamber of Commerce shall apply. In the latter case, the SCC Institute shall also decide whether the arbitral tribunal shall be composed of one or three arbitrators.
20.4 The Parties undertake and agree that all arbitral proceedings conducted with reference to this arbitration clause will be kept strictly confidential. This confidentiality undertaking shall cover all information disclosed in the course of such arbitral proceedings, as well as any decision or award that is made or declared during the proceedings. Information covered by this confidentiality undertaking may not, in any form, be disclosed to a third party without the written consent of the other Party. This notwithstanding, a Party shall not be prevented from disclosing such information in order to safeguard in the best possible way his rights vis-à-vis the other Party in connection with the dispute, or if the Party is obliged to so disclose pursuant to statute, regulation, a decision by an authority or similar.