General terms and conditions
General terms and conditions of the IT-Seal GmbH
1. Contractual object, scope of application
1.1. The IT-Seal GmbH (IT-Seal) offers companies (customers) IT security audits, the implementation of phishing awareness campaigns, social engineering audits, training measures and related services
1.2. These General Terms and Conditions are part of the contract between IT-Seal and the customer and apply to all customers from the first use of services to assess the IT security level of the customer's IT infrastructure or to train employees.
1.3 Counter-confirmations of the customers with reference to their own terms and conditions of business and/or purchase are hereby contradicted. Individual agreements remain unaffected.
2. Conclusion of contract, scope of services
2.1 The type, content and scope of the services owed by IT-Seal as well as the remuneration to be paid by the Customer shall result from additional contractual agreements. Decisive for this are:
- Offer (also called order, order confirmation, quotation or offer confirmation, service certificate, order or the like);
- any contract concluded for order processing;
- General terms and conditions.
In case of discrepancies, the contractual agreements shall apply in the above order.
2.2 IT-Seal shall at no time use malicious software. The simulation of phishing attacks ends at the latest when macro code has been executed on a participant's device. At no time does IT-Seal take any action that causes further code to be executed on the device. IT-Seal shall ensure that the macro-code does not pose a threat to the Customer's data or device. Only information defined in the HTTP/S protocol, or data sent on the basis of user interaction, is transmitted.
2.3 Subsidiary agreements and other deviations from the General Terms and Conditions or the contractual documents mentioned in section 2.1. must be in writing.
2.4 IT-Seal shall be entitled to use subcontractors without the express consent of the Client. In doing so, the data protection requirements of the GDPR may have to be observed.
2.5 In the case of 'Lifetime', IT-Seal shall decide on the type and scope of the additional training measures. In addition to the phishing simulation, each group of participants will receive additional training at the earliest 2 months after an additional training.
3. Contract period, termination, recommendation
3.1 The contract on which these general terms and conditions are based shall be concluded during the period specified in the offer.
3.2 IT-Seal enables the customer to pause the services of the Phishing Academy for up to 6 months. These breaks can be chosen freely, whereby IT-Seal must be informed at least 4 weeks in advance. Furthermore, the services must always be used for at least 3 months at a time, only after that is the next break possible.
3.3 After expiry of the minimum contract term, both the customer and IT-Seal may duly terminate this contract at any time with one month's notice.
3.4 Both the customer and IT-Seal have the right to terminate the agreement for good cause without notice. An important reason is in particular:
- The serious breach of contractual provisions by a contractual partner, including these GTC;
- the tortious act of a contracting party or the attempt thereof
- the opening of insolvency proceedings on the assets of a contractual partner or the rejection of the corresponding application for opening due to lack of assets
3.5 Any termination must be made in text form. Notices of termination by fax or e-mail shall maintain the text form.
3.6 If an existing customer recommends IT-Seal to a company from his network and an initial order is placed, then up to 4 weeks will be credited to the IT-Seal Academy, depending on the packages booked. For this purpose, the recruited or the advertising customer must inform the IT-Seal Academy that the contact was established via the advertising customer before the recruited customer is commissioned. These credits can be added together. The prerequisite is that the service is already in progress or that at least 6 service months have been booked. The credit note extends the booked service period; no refund is possible.
4. Payment, default
4.1 Unless otherwise agreed in the offer, IT-Seal shall invoice the customer monthly in advance. All invoices from IT-Seal are generally due immediately and payable without deduction.
4.2 IT-Seal shall be entitled to demand advance payments and payments on account in the amount of the performance.
4.3 If, after the conclusion of the contract, a significant deterioration in the financial circumstances of the Customer demonstrably occurs, IT-Seal may demand advance payments or security within a reasonable period of time and refuse performance until the contract has been fulfilled. If the Customer refuses to do so or the deadline expires without result, IT-Seal shall be entitled to withdraw from the contract or to demand compensation for damages due to non-fulfilment.
4.4 If the customer is in default, IT-Seal shall grant the customer a period of 14 days for payment of the still justified outstanding debt. If the customer has not settled the outstanding claim after the deadline has expired, IT-Seal shall be entitled to demand interest from the date in question at a rate of 6 percentage points above the base interest rate as lump sum compensation.
4.5 If the xustomer does not fulfil his service obligations despite a reminder and the setting of a reasonable deadline, IT-Seal also reserves the right to terminate the contract for exceptional reasons. In this case, the xustomer shall be obliged, unless otherwise agreed, to compensate IT-Seal for all activities already carried out on a pro rata basis from the basic price or on the basis of the agreed hourly rates, as well as to reimburse other costs/expenses already incurred in connection with the terminated contract (including any costs of any subcontractors).
5. Further development of products and services
5.1 The implementation, content and technical design, in particular the form and content of the services to be provided with regard to IT security checks and training shall be exclusively at IT-Seal's discretion.
5.2 IT-Seal undertakes to check its own services for the IT security checks and training to be provided at all times for specified standards, completeness and security.
5.3 In this respect, IT-Seal reserves the right to discontinue, restrict, expand, supplement or improve individually offered services at any time, provided that this does not unreasonably alter or restrict the agreed services for the customer.
6. liability, limitation of liability
6.1 IT-Seal shall be liable without limitation for intent and gross negligence.
6.2 In the event of breaches of essential contractual obligations caused by IT-Seal or its legal representatives or vicarious agents within the framework of this contract through slight negligence, IT-Seal's liability to the Customer shall be limited to the foreseeable, direct average damage typical of the contract. In total, liability is limited to a maximum of the respective contract volume per liability case.
6.3 Otherwise liability is excluded.
6.4 If IT-Seal is held liable by a third party (e.g. a user of the customer) due to any effects of the IT security test on the IT system, the customer shall indemnify IT-Seal against any claims, provided that the IT security test was in accordance with the state of the art. The obligation to indemnify refers to all expenses incurred by IT-Seal as a result of a claim by a third party. Otherwise, Section 6.2 shall apply accordingly.
6.5 The above limitations and exclusions of liability shall not apply to claims which have arisen due to malicious behaviour on the part of IT-Seal, nor in the case of liability for guaranteed characteristics, for claims in accordance with the Product Liability Act, nor for damages arising from injury to life, body or health.
6.6 The parties agree that for technical reasons it is not possible to record all reactions of the participants. It may happen that the reaction of a participant is not recognized.
7. Rights of use and copyright
7.1 IT-Seal shall transfer to the customer, upon full payment of the agreed remuneration, the exclusive rights of use to all work results individually produced by IT-Seal for the customer within the framework of this agreement, including all legal positions on drafts and designs, insofar as the transfer is possible under German law or the actual circumstances. The transfer of the rights of use shall be unrestricted in terms of time, place and purpose and in any other way. It includes the right to modify, reproduce and transfer to third parties.
7.2 IT-Seal reserves the right to use the work results referred to in clause 7.1. and in particular the knowledge gained therefrom for its own purposes.
7.3 IT-Seal further reserves the right to restrict the customer's use of the work results referred to in clause 7.1 until the agreed remuneration has been paid in full in such a way that they may not be used by the customer or by third parties. Passing on to third parties is prohibited as long as the remuneration has not been paid.
8. Data protection, secrecy protection
8.1 IT-Seal has taken comprehensive technical and organisational precautions to ensure that personal data and company secrets are treated confidentially and exclusively for the intended purpose. However, the possibility of misuse due to unlawful actions by third parties cannot be completely excluded.
8.2 IT-Seal will only collect, store and process the personal data during the execution of the respective contract if this is necessary for the execution of the respective contract and to the extent permitted by legal regulations or if the express consent of the Customer or the persons concerned has been obtained.
8.3 The parties undertake to maintain secrecy about all business and trade secrets which they have become aware of in the course of the performance of the contract and not to make them accessible to third parties. This does not include information intended for publication or which the other party has agreed to disclose. The obligation to maintain secrecy shall continue to apply beyond the duration of the cooperation.
8.4 The information collected during the provision of services is stored in an abstract form to avoid the identifiability of individual persons. Only results as well as data that do not allow direct conclusions about individuals are transmitted to the customer. The assignment of employees' reactions to the phishing e-mails to their names is carried out by means of pseudonymisation using randomly generated character strings, which do not allow any conclusions to be drawn about individuals. HTTP connections to one of IT-Seal's servers are established to track the reactions of the participants. No confidential data is transferred from the end device.
8.5. IT-Seal wird nach der Leistungserbringung jeglichen Mitarbeiterbezug und die vorab übermittelten Mitarbeiterdaten löschen. Unternehmensbezogene Informationen bleiben anonymisiert gespeichert, um bei eventueller Wiederholung der Akademie oder anderen Produkten einen Vergleich der Ergebnisse zu ermöglichen.
9. Obligations of the customer to cooperate
9.1 All necessary or requested documents and information for the most secure and harmless execution of the security check shall be made available to IT-Seal in full at the start of the project. A responsible contact person will be nominated by the Customer who will be able to answer all questions and make all related decisions.
9.2 The Customer shall ensure, within the scope of its possibilities, that e-mails from IT-Seal are not prevented from being delivered. The customer shall - as far as can reasonably be expected - observe any instructions or advice from IT-Seal in this regard. Furthermore, the Customer shall ensure within the scope of his possibilities that clicks on IT-Seal phishing e-mails are not blocked.
9.3 The customer will only have e-mail accounts subjected to a security check if he is entitled to do so.
9.4 The customer releases his employees to work on the learning content and motivates them accordingly.
10.1 The place of performance for all obligations arising from the contract, including the customer's payment obligations, is IT-Seal's place of business.
10.2 The exclusive local place of jurisdiction for all disputes arising from or in connection with this contract, including any claims in tort, shall be IT-Seal's place of business; however, IT-Seal shall also be entitled to sue the Customer at his place of business.
10.3 If one of the above conditions is invalid, the validity of the remaining conditions remains unaffected. The ineffective clause will then be replaced by mutual agreement by another clause that comes closest to the ineffective clause in terms of its economic effect and intention.
10.4 The parties to the contract have not made any verbal collateral agreements. Changes and additions must be made in writing. This shall also apply to the waiver of the written form.
10.5 The contractual relationship shall be governed solely by the substantive law of the Federal Republic of Germany with the exception of the United Nations Convention on Contracts for the International Sale of Goods (CISG). The law of the Federal Republic of Germany shall - as far as legally possible - remain applicable even if German law refers to the law of another country (exclusion of conflict of laws).