Article 1 - Definitions
1. Service Provider: Naq Cyber B.V., established in Zoetermeer, Netherlands, Company Registration Number 75310368, or Naq Cyber UK Ltd., established in Leighton Buzzard, UK, Company Registration Number 12714016.
2. The counterparty to the Service Provider is referred to in these general terms and conditions as the Client.
3. Parties: Service Provider and Client together.
4. Agreement: The Service Agreement between the Parties.
5. Infringement: A breach of security that accidentally or unlawfully leads to destruction, loss, alteration or unauthorised provision or unauthorised access to transmitted, stored or otherwise processed (personal) data.
6. The Assignment: The Customer receives from the Service Provider the following services in the context of the following performance: Informing and advising on the (status of) (information) security of the website(s) and information systems of the Customer; monitoring and testing the safety and resilience of the website(s) and other information systems owned by the Customer; conducting security tests on the Customer’s website, as well as conducting (phishing) tests on e-mail security of the Customer; providing online training on information and internet security; providing a set of GDPR- and security policy documents to the Customer and being available for response if a breach of information and IT security occurs.
Article 2 - Applicability of general terms and conditions
1. These terms and conditions apply to all quotations, offers, work, Agreements and deliveries of services or goods by or on behalf of the Service Provider.
2. Deviation from these conditions is only possible if the Parties have explicitly agreed in writing.
3. The Agreement always contains best efforts obligations for the Service Provider, no obligations with regard to results. The client is therefore not entitled to compensation if the intended result is not achieved.
Article 3 - Payment
1. For yearly subscriptions, invoices must be paid within 30 days after the invoice date unless the parties have made different arrangements in writing or a different payment term is stated on the invoice. For monthly subscriptions, the Service Provider will set up a direct debit or enable the Client to make a bank transfer.
2. If the Client does not pay within the agreed period, the Client will be in default by operation of law, without any warning being required. From that moment, the Service Provider is entitled to suspend the obligations until the Client has fulfilled his payment obligations.
3. If the Client fails to do so, the Service Provider will proceed with the collection. The costs with regard to that collection will be borne by the Client. If the Client is in default, the Client will owe legal (commercial) interest, extrajudicial collection costs and other damage to the Service Provider in addition to the principal sum. The collection costs are calculated on the basis of the applicable legislation.
4. In the event of liquidation, bankruptcy, seizure or suspension of payment of the Client, the claims of the Service Provider on the Client are immediately claimable.
5. If the Client refuses his cooperation in the execution of the assignment by the Service Provider, the Client is still obliged to pay the agreed price to the Service Provider.
Article 4 - Offers and quotations
1. The offers of the Service Provider are valid for a maximum of 1 month, unless another period of acceptance is stated in the offer. If the offer is not accepted within the specified period, the offer will expire.
2. Delivery times in quotations are indicative and do not give the Client the right to dissolution or compensation if they are exceeded, unless the parties have explicitly agreed otherwise in writing.
3. Offers and quotations do not automatically apply for an extension of the service. Parties must agree explicitly and in writing.
Article 5 - Prices
1. The prices stated on the website of the Service Provider are excluding VAT and any other government levies, unless explicitly stated otherwise.
2. With regard to any additional service provision next to or instead of the normal subscription and its fees, parties can agree to a fixed price when concluding the Agreement.
3. If no fixed price has been agreed, the rate with regard to the additional services can be determined on the basis of the hours actually spent. The rate is calculated according to the Service Provider's usual hourly rates, valid for the period in which the Service Provider performs the work, unless a different hourly rate has been agreed upon.
4. If no rate has been agreed based on the hours actually spent, a target price will be agreed for the service, whereby the Service Provider is entitled to deviate up to 10% from this. If the target price is more than 10% higher, the Service Provider must inform the Client in good time why a higher price is justified. In that case, the Client has the right to cancel part of the assignment that exceeds the target price plus 10%.
Article 6 - Price indexing
1. The prices agreed upon entering into the Agreement are based on the price level applied at that time. The Service Provider has the right to adjust the fees to be charged to the Client annually as of 1 January.
2. Adjusted prices and rates are communicated to the Client as soon as possible.
Article 7 - Provision of information by the Client
1. Client will provide to the Service Provider all information that is relevant for the execution of the assignment and accepts that if the Client does not, the Service Provider may not be able to adequately carry out the service.
2. The Client is obliged to provide all data and documents that the Service Provider believes are necessary for the correct execution of the assignment, in a timely manner, in the desired form and in the desired manner.
3. The Client guarantees the correctness, completeness and reliability of the data and documents made available to the Service Provider, even if they originate from third parties, unless the nature of the assignment dictates otherwise.
4. The Client indemnifies the Service Provider against any damage in any form whatsoever arising from non-compliance with the provisions of the first paragraph of this article.
5. If and insofar as the Client requests this, the Service Provider returns the relevant documents.
6. If the Client does not make the data and documents required by the Service Provider available, or not in time or properly, and the execution of the order is delayed as a result, the resulting additional costs and additional fees will be borne by the Client.
Article 8 - Withdrawal of assignment
1. The Client is free to terminate the assignment to the Service Provider via the website, the Naq Portal or in electronically written form, subject to a notice period of one month. This notice period allows the Service Provider to fulfil its obligations under the relevant laws and regulations, including but not limited to, the General Data Protection Regulation.
2. If the Client withdraws the assignment, the Client is obliged to pay the fees due and the expenses incurred by the Service Provider until the end of the contract, which will be the last day of the month after the end of the cancellation period. For instance: If Client terminates the Contract on the 24th of May, the contract will end on the 31st of June.
3. If the Client terminates the assignment within the first 5 days of the month, the notice period will be presumed to have been given in the last week of the previous month to avoid unreasonable costs or otherwise negative consequences for the Client. For instance: If Client terminates the Contract on the 3rd of May, the contract will end on the 31st of May, not on the 31st of June.
Article 9 - Execution of the Agreement
1. The Service Provider implements the Agreement to the best of its knowledge and ability and in accordance with the requirements of good workmanship.
2. The Service Provider has the right to have work performed by third parties. The Service Provider will inform the Client if third parties are hired to perform (part of) the work. If third parties have access to personal data for which the Client is responsible, prior permission will be required in accordance with the Data Processing Agreement between the Client and the Service Provider.
3. Implementation of the Services as agreed upon between Parties takes place in mutual consultation and after written Agreement and payment of any agreed advance.
4. The start date of the service is determined in mutual consultation.
Article 10 - Contract duration
1. If the Client signs up for a monthly subscription, the Agreement between Client and Service Provider is entered into for an indefinite period of time. The Client is free to terminate the Agreement in accordance with article 8 of this Agreement.
2. If the Client signs up for an annual subscription, the Agreement between Client and Service Provider is entered into for a definite period of time with tacit renewal, unless the nature of the Agreement dictates otherwise or the parties have explicitly agreed otherwise in writing. The exact duration of the contract will be specified in the service contract between the parties.
Article 11 - Force majeure
1. In addition to the provisions related to Force Majeure of Dutch and British contract law, a failure on the part of the Service Provider to fulfil any obligation vis-à-vis the Client cannot be attributed to the Service Provider in the event of a circumstance independent of the will of the Service Provider, as a result of which his obligations towards the Client are wholly or partially prevented or as a result of which the fulfilment of his obligations cannot reasonably be expected from the Service Provider. These circumstances include non-performance by suppliers or other third parties, power failures, computer viruses, strikes, bad weather conditions and work interruptions.
2. If a situation as referred to above occurs as a result of which the Service Provider cannot meet its obligations towards the Client, those obligations will be suspended as long as the Service Provider cannot meet its obligations. If the situation referred to in the previous sentence has lasted 30 calendar days, the parties have the right to terminate the Agreement in writing in whole or in part.
3. In the case as referred to in the second paragraph of this article, the Service Provider is not obliged to pay compensation for any damage, even if the Service Provider enjoys any benefit as a result of the force majeure situation.
Article 12 - Transfer of rights
Rights of one party to this Agreement cannot be transferred to a third party without the prior written consent of the other party.
Article 13 - Expiry of the claim
Any right to compensation for damage caused by the Service Provider expires in any case 12 months after the event from which the liability arises directly or indirectly.
Article 14 – Assignment, acknowledgement and responsibilities
The service to which these Terms & Conditions are applicable includes a security testing and monitoring service of the Client’s website(s), (web)applications, network(s) and security- and phishing testing of the Client’s e-mail. The objective of the security monitoring and testing service is to identify and report on security vulnerabilities, to allow the client to close the issues in a planned manner, thus significantly raising the level of their security protection. The Client understands and acknowledges that:
- Cyber security is a continually growing and changing field and the service performed by the Supplier does not protect Client against every type or form of attack.
- Testing, scanning and/or monitoring of the Client’s website(s), (web)applications, network(s) and email will be done on a best endeavour’s basis and that it is not possible to guarantee that all vulnerabilities will be discovered.
- Security breaches can and frequently do come from internal sources whose access is not a function of system configuration and/or external access security issues.
The Supplier will:
- Take all reasonable steps to preserve the operational status of tested systems. The operational status of systems cannot be guaranteed in one hundred per cent (100%) of cases in which testing and/or monitoring is carried out.
- Perform tests at its own discretion using appropriate tools and methods.
- Provide a full list of all systems to be tested or monitored prior to performance of any form of testing or monitoring.
- Upon termination of the Service, hand over all materials related to the website, including but not limited to website-assets, log-on credentials, etc. The Supplier guarantees that upon termination of the Service, the Client’s website(s) are fully functioning.
- Hereby grants permission to the Supplier and authorises the Supplier to perform the work as set out in article 1 of these Terms and Conditions.
- Will provide the Supplier with all required information prior to any form of security testing or monitoring.
Article 15 - Liability for damage
- The Client is aware that an Infringement may occur during the service period. The Service Provider cannot be held liable for damage as a result of an Infringement.
- Any liability for damage arising from or related to the implementation of an Agreement is always limited to the amount that is paid out in the relevant case by the (professional) liability insurance policy (s) concluded.
- The Service Provider is not liable for damage ensuing from this Agreement or its (Advisory) services, unless the Service Provider caused the damage intentionally or with gross negligence.
- The liability limitation also applies if the Service Provider is held liable for damage that results directly or indirectly from the testing or monitoring as meant in article 1 of these Terms and Conditions, malfunctioning of the equipment, software, data files, registers or other products, services or matters used by the Service Provider in the performance of the assignment.
- The liability of the Service Provider for damage that is the result of intent or deliberate recklessness on the part of the Service Provider, his supervisor or subordinates is not excluded.
Article 16 – Indemnity
The Client indemnifies the Service Provider against all claims from third parties that are related to the services supplied by the Service Provider.
Article 17 - Complaint obligation
1. The Client is obliged to report complaints about the work performed to the Service Provider in writing in a timely manner. The complaint contains a description of the shortcoming that is as detailed as possible, so that the Service Provider is able to respond adequately.
2. A complaint cannot in any case result in the Service Provider being obliged to perform other work than agreed.
3. Client and Service Provider enter into mutual consultation and will, to the best of their ability, solve the problems to which the complaint referred to in this article relates.
Article 18 - Intellectual property
1. Unless the Parties have agreed otherwise in writing, the Service Provider retains all absolute intellectual property rights (including copyright, patent law, trademark law, drawing and design right, etc.) on all designs, drawings, writings, media with data or other information, quotations, images, sketches, models, etc.
2. The aforementioned absolute intellectual property rights may not be copied, shown to third parties and / or made available or used in any other way without written permission from the Service Provider.
3. The Client undertakes to maintain the confidentiality of the confidential information made available to him by the Service Provider. Confidential information means that information to which this article relates, as well as general company data. The Client undertakes to impose on its staff and / or third parties involved in the implementation of this Agreement a written obligation of confidentiality regarding the scope of this provision.
4. If the Client or one of his employees, service providers or natural persons or legal entities otherwise connected to him violates the intellectual property rights of the service provider, a penalty of €/£5,000 shall be payable for each day the violation continues. Claiming the fine does not affect the right of the service provider to claim damages for this violation.
Article 19 - Confidentiality
1. Each of the parties shall keep the information it receives (in whatever form) from the other party and any other information concerning the other party that it knows or can reasonably suspect is secret or confidential, or information that it may expect that the distribution thereof may cause harm to the other party, and shall take all necessary measures to ensure that its personnel also keep the said information secret.
2. The confidentiality obligation mentioned in the first paragraph of this article does not apply to information:
a. that at the time the recipient received this information was already public or subsequently became public without a violation by the receiving party of a duty of confidentiality imposed on him;
b. of which the receiving party can prove that this information was already in his possession at the time the other party provided it;
c. that the receiving party has received from a third party whereby that third party was entitled to provide this information to the receiving party
d. that is made public by the receiving party on the basis of a legal obligation.
3. The obligation of confidentiality described in this article applies for the duration of this Agreement and for a period of five years after the termination thereof.
4. If the Client or any of his employees, service providers or natural persons or legal entities otherwise connected to him violate this confidentiality clause, a penalty of €/£5,000 shall be payable for each day that the violation continues. Claiming the fine does not affect service provider's right to claim damages for this breach.
Article 20 - Data Processing
1. The Service Provider might have access to personal data for which the Client is responsible in the exercise of the service. The Service Provider shall take all necessary organisational and technical security measures to secure this personal data, in accordance with the UK and EU GDPR. To this end, The Service Provider will provide the Client with a Data Processing Agreement upon request.
Article 21 - Nullity and voidability of these general conditions
If one of the provisions of these general terms and conditions is declared null and void or annullable, the remaining part of these general terms and conditions will remain in force.
In the event of nullification of one of the provisions of these general terms and conditions, the parties will consult with a view to concluding a valid provision. This new provision will be as close as possible to the void or voided provision.
Article 22 - Dissolution
- If the service provider has a reasonable expectation of non-performance of one of the obligations of the underlying agreement, the Service provider shall be entitled to dissolve the underlying agreement with immediate effect.
- The Service provider is entitled to dissolve without prior notice of default.
Article 23- Applicable law and competent court
1. The law applicable to these terms & conditions and the service provision by Naq Cyber is dependent upon the registered location of the Client. If the Client is registered in the UK, British law applies exclusively. If the Client is registered in the Netherlands or elsewhere, Dutch law applies exclusively.
2. The judge in the district where Naq Cyber is established and keeps office is exclusively authorised to take cognizance of any disputes between parties, unless the law prescribes otherwise.