General terms and conditions of IT-Seal GmbH

1. Contractual object, scope of application

1.1. IT-Seal GmbH (IT-Seal) offers companies (Customers) a Software-as-a-Service (SaaS) solution for, among other things, assessing the IT security level ESI^® as well as training programs for employees based on a patented procedure and software developed in-house via web application with the Awareness Academy and the associated modules and services.

1.2. The customer intends to use this web application for training employees.

1.3. These general terms and conditions are an integral part of the contract between IT-Seal and the Customer and shall apply to all Customers upon acceptance of the offer or commissioning of the use of SaaS from IT-Seal.

1.4. Counter-confirmations of the customers with reference to their own terms and conditions of business and/or purchase are hereby contradicted. Individual agreements confirmed in writing remain unaffected by this.

2. Conclusion of contract, scope of services

2.1. The type, content and scope of the services owed by IT-Seal as well as the remuneration to be paid by the Customer shall result from the contractual agreements. Decisive for this are:

• Offer (also order, order confirmation, offer confirmation, performance certificate, contract or corresponding documentation thereof);
• Awareness Academy service provisions;
• General terms and conditions;
• Order;
• Contract for Order Processing (AVV).

2.2. In the event of any discrepancies, the agreements shall apply in the above order, the entirety of which is referred to in these general terms and conditions as the “Agreement”.

2.3. The Awareness Academy is a continuous service for sustainability reasons, it is also offered with a short term.

2.4. Subsidiary agreements and deviations from the general terms and conditions and the contractual documents referred to in section 2.1 must be made in writing with the consent of both parties.

2.5. IT-Seal shall be entitled to use subcontractors with the express consent of the Customer. The Customer may only object to the use of a subcontractor for good cause.

2.6. IT-Seal does not use malware at any time. The simulation of phishing attacks ends at the latest when macro code has been executed on a participant’s device. At no time does IT-Seal take measures whereby further code is executed on the device. IT-Seal ensures that the macro code does not pose any risk to the customer’s data or device. Only information specified in the HTTP/S protocol, or data sent based on user interaction, is transmitted.

2.7. IT-Seal supports the Customer in preparing the use of the Awareness Academy with templates and information texts in the knowledge base. For technical consulting, where an IT-Seal security expert must be consulted in addition to the personal Awareness Consultant, IT-Seal provides the first consulting hour free of charge. Further hours can be requested by the customer, these will be charged with an hourly rate of 175€ (net).

3. Terms of use

3.1. The customer receives a simple, non-transferable right of use for the web application, limited to the term of the contract. A physical transfer of software does not take place.

3.2. The use of the web application is permitted to the number of participants specified in the contract. A participant registration must exist for each participant accessing a product.

3.3. Users of the Awareness Manager (Dashboard) may be assigned by the Customer without limitation within the scope of 3.2.

3.4. Both dashboard users and participant names can be reassigned at any time for implementation within 5 business days. The Customer must inform IT-Seal which participants or dashboard users are to be deactivated and which new participants or dashboard users are to be added.

3.5. The contractually agreed number of users is the basis for invoicing, an expansion of users beyond this will result in a proportional adjustment of invoicing.

4. Contract term, extensions, termination

4.1. The provision of services shall commence upon access to the “Awareness Manager” platform by IT-Seal to the contractual partner.

4.2. The minimum contract term for continuous services is 1 month. In the event that a discount is claimed for the annual advance payment, the minimum contract term shall change to 12 months.

4.3. The contract term shall be automatically extended by the agreed minimum contract term unless terminated in writing by the customer 30 days prior to the expiry of the minimum contract term.

4.4. Extensions of the number of users or upgrades of the booked package are possible in text form by sending the original offer number to the e-mail address upgrade(at)it-seal.de. The implementation will take place within 5 working days.

4.5. The expansion of the number of users beyond the contractually agreed number results in the corresponding adjustment of the settlement sum.

4.6. In case of a downgrade of services of an existing contract, the same deadlines apply as in case of a termination.

4.7. The reduction of the number of users in current contracts only has an influence on the invoicing after written confirmation by IT-Seal GmbH, the price per user shown in the offer is only for the information of the customer.

4.8. Both the Customer and IT-Seal shall have the right to terminate the contract for good cause without notice. An important reason is in particular:

• the serious violation of a contractual partner against the contractual provisions, including these general terms and conditions;
• the tortious act of a contractual partner or the attempt to commit such an act;
• the opening of insolvency proceedings against the assets of a contractual partner or the rejection of the corresponding application for opening of such proceedings for lack of assets.

4.9. Any termination by the Customer must be made in text form by e-mail to: kuendigung(at)it-seal.de. Cancellations by e-mail comply with the text form.

5. Data privacy and data security

5.1. IT-Seal takes the issues of data protection and security very seriously. The provisions of the contract for order processing apply to all products and services offered by IT-Seal. The data protection concept and risk assessment going beyond this can be viewed if required.

5.2. IT-Seal shall only collect, store and process the personal data during the execution of the respective contract if it is necessary for the execution of the respective contract and as far as the legal regulations allow it or an explicit consent of the customer or the data subjects is given.

5.3. The parties undertake to maintain confidentiality with regard to all trade and business secrets of which they become aware in the course of the performance of the contract and not to make them accessible to third parties. Excluded from this is information which is intended for publication or which the respective other party has agreed to pass on. This obligation to maintain secrecy shall exist for an unlimited period of time.

5.4. IT-Seal shall delete any employee reference and the transmitted employee data one month after the end of the contract.

5.5. Company-related information shall be stored anonymously in order to provide a comparison of the results in the event of a possible new order with IT-Seal.

6. Technical restrictions

6.1. The customer is obliged to comply with all technical restrictions that allow the customer to use the product in a special way and not to circumvent them.

6.2. The customer does not acquire any claim to adaptation of the SaaS product to software used by them, should this prevent parts of the in product components from being used without error.

6.3. The customer may download copies of the source code of a product only with express written permission.

7. Changes and availability of the products and services

7.1. The implementation, the substantive and technical arrangement, in particular the scope of the services to be provided shall be coordinated with the Customer. They are within the scope of execution exclusively at the discretion of IT-Seal.

7.2. IT-Seal shall be entitled to make reasonable changes and updates to the products and services from time to time.

7.3. The digital services of IT-Seal are provided for access via browser. At least the last 3 program versions of the browsers Microsoft Edge, Mozilla Firefox, Google Chrome are supported in each case.

7.4. In case of an export of learning modules the SCORM standard is used. The versions Scorm 1.2 or Scorm 2004 Third Edition are supported.

8. Service level agreement:

8.1. IT-Seal shall provide an availability of at least 99% of the user minutes. In the event that this cannot be guaranteed, IT-Seal shall, at the request of the Customer and after approval by IT-Seal, provide a credit for the lost usage time in subsequent months based on the following calculation:

8.1.1. User minutes: The total number of minutes on business days between 7 a.m. and 6 p.m. in a month multiplied by the total number of users.

8.1.2. Downtime: Periods during which participants could not reach valid e-learning content as a server response at the router exit of IT-Seal’s respective data center.

8.1.3. Percentage of monthly uptime: the percentage of monthly uptime is calculated using the following formula:

(user minutes – downtime )/user minutes x 100

Where downtime is measured in user minutes, i.e., downtime for each month is the sum of the length of each incident (in minutes) that occurs in that month multiplied by the number of users affected by that incident.

8.2. Service Credit: Is the percentage of the applicable monthly service charges that will be credited to Customer, upon approval of the claim by IT-Seal.

8.3. The parties agree that for technical reasons it is not possible to record all reactions of the participants. It may happen that the reaction of a participant is not recognized.

9. Payment, delay

9.1. Invoices shall be issued by IT-Seal in advance after conclusion of the contract / acceptance of the offer. All invoices from IT-Seal are in principle due immediately and payable without deduction.

9.2. If the Customer is in delay, IT-Seal shall grant the Customer a period of 14 days to pay the justified outstanding claim. If the Customer has not settled the outstanding claim by the deadline, IT-Seal shall be entitled to charge interest on the claim at a rate of 9 percentage points above the base interest rate.

9.3. If the Customer does not meet his payment obligation despite a reminder and an appropriate deadline, IT-Seal reserves the right to terminate the contract without notice. In this case, the Customer shall be obligated to compensate IT-Seal, unless otherwise agreed, for all activities already performed in proportion to the total volume of the contract, or on the basis of an hourly rate of 175€, as well as to refund any other costs/expenses already incurred in connection with the terminated contract (including the costs of any subcontractors).

10. Liability, limitation of liability

10.1. IT-Seal shall be liable in accordance with the statutory provisions without limitation for damages resulting from injury to life, body or health caused by an intentional or negligent breach of duty or an intentional or negligent breach of duty by its vicarious agents.

10.2. In addition, IT-Seal’s liability towards the customer for breaches of essential contractual obligations caused by slight negligence on the part of its legal representatives or vicarious agents within the scope of this contract shall be limited to the foreseeable, direct damage typical for this type of contract. In total, the liability is limited to a maximum of the contract volume per liability case.

10.3. In all other respects liability is excluded.

10.4. The Customer shall indemnify IT-Seal against all claims which a third party associated with the Customer attempts to assert against IT-Seal in direct connection with effects of the IT security audit on the IT system, insofar as IT-Seal is not responsible for these effects or the IT security audit corresponded to the state of the art.

10.5. The above limitations of liability and exclusions shall not apply to claims which have arisen due to fraudulent conduct on the part of IT-Seal, as well as in the case of liability for guaranteed characteristics, for claims under the Product Liability Act and damages arising from injury to life, body or health.

11. Non-solicitation

The customer undertakes not to actively entice away any employees of IT-Seal GmbH for the duration of this contract and for one year after its termination.

12. Other

12.1. The place of performance for all obligations arising from the contract, including the Customer’s payment obligations, shall be the registered office of IT-Seal.

12.2. The exclusive local place of jurisdiction for all disputes arising from or in connection with this contract, including any tort claims, shall be the place of business of IT-Seal; IT-Seal shall also be entitled to sue the Customer at its place of business.

12.3. The contracting parties have not made any verbal subsidiary agreements. Amendments and supplements to the offer and the GTC must be made in writing. This shall also apply to any waiver of the written form requirement.

12.4. The contractual relationship shall be governed solely by the substantive law of the Federal Republic of Germany with the exception of the United Nations Convention on Contracts for the International Sale of Goods (CISG). The law of the Federal Republic of Germany shall apply – as far as legally possible – even if German law refers to the law of another country (exclusion of conflict of laws).