1. Contractual object, scope of application
1.1 IT-Seal GmbH (IT-Seal) offers companies (customers) assessments of the IT security level and training programs for employees on the subject of information security and security culture based on a patented procedure and software developed in-house via web application. The customer intends to use this web application for training the contracted number of employees.
1.2 These general terms and conditions are an integral part of the contract between IT-Seal and the customer and shall apply to all customers with acceptance of the offer or commissioning of the use of services for the assessment of the customer's IT security level, the training of employees and the supply of materials for this by IT-Seal.
1.3 Confirmations of the customer with reference to their own terms and conditions of business and/or purchase are hereby contradicted. Individual and written confirmed agreements remain unaffected by this.
2. Conclusion of contract, scope of services
2.1 The type, content and scope of the services owed by IT-Seal as well as the remuneration to be paid by the Customer shall result from additional contractual agreements. Decisive for this are:
In the case of disagreement, the contractual agreements shall apply in the above order, the totality of which shall be referred to in the general terms and conditions as the "contract".
2.2 The Awareness Academy service for training employees regarding information security is a continuous service, but is also offered with a short duration as part of the "Lite" package.
2.3 IT-Seal does not use malware at any time. The simulation of phishing attacks ends at the latest when macro code has been executed on the subscriber's device. At no time does IT-Seal take measures whereby further code is executed on the device. IT-Seal ensures that the macro code does not pose any risk to the customer's data or device. Only information specified in the HTTP/S protocol, or data sent on the basis of user interaction, is transmitted.
2.4 Subsidiary agreements and other deviations from the general terms and conditions and the contractual documents referred to section 2.1 must be made in a written way.
2.5 IT-Seal shall be entitled to use subcontractors with the express consent of the customer. The customer may only object to the use of a subcontractor for good cause.
2.6 IT-Seal supports the customer in preparing the whitelisting with templates and information texts in the knowledge base. For further questions where an IT-Seal security expert needs to be consulted in addition to the personal Awareness Consultant, IT-Seal provides the first consulting hour free of charge. Additional hours can be requested by the customer as needed. Each additional hour is charged at an hourly rate of 175€ (net).
3.1 The customer receives a simple (non-transferable) right of use for the web application, limited to the term of the contract. A physical transfer of the software does not take place.
3.2 The use of the web application is authorized to the number of participants specified in the contract. For each participant accessing a product, a participant registration must be present.
3.2 Users of the Awareness Manager (dashboard) can be assigned by the customer without any limitation.
3.3 Both users of the dashboard and the names of the participants may be reassigned at any time for implementation within 5 working days. The customer must inform IT-Seal which participants or user of the dashboard are to be deactivated and which new participants or users of the dashboard are to be added.
4. Contract term, extensions, termination
4.1 The service delivery starts with the first supply of content between IT-Seal and the participants.
4.2 The minimum contract term for continuous services is 1 month. In case of using the discount for annual prepayment, the minimum contract term changes to 12 months from the first service supply. The contract term shall be automatically extended by the agreed minimum contract term unless terminated by the customer 30 days prior to the expiry of the minimum contract term.
4.3 Extensions of the number of participants or upgrades of the booked package are possible in text form under specification of the original reference number to the email address upgrade(at)it-seal.de. The customer receives within 5 working days the corresponding implementation of these extensions in his dashboard.
4.4 IT-Seal allows the customer to pause the services of the Awareness Academy Basic, Professional and Premium for up to 6 months for contracts without a minimum contract term (= contracts with monthly termination). Services must be used for at least 3 consecutive months before a break is possible. Breaks can be freely chosen by the customer within this framework, whereby IT-Seal must be informed at least 30 days in advance.
4.5 The first service request by the customer must be made within 6 months after the conclusion of the contract, unless otherwise agreed in writing. In the event of a delay not caused by IT-Seal, the agreed invoice amount for the minimum contract term shall be due in the 7th month after signing of the contract regardless of the start of service supply.
4.6 In the event of a downgrade of the contract, the same deadlines shall apply as in the event of a termination pursuant to 4.2
4.7 Both the customer and IT-Seal have the right to terminate the contract for a important reason without observing a period of notice. An important reason is in particular:
4.8 Any termination must be made written by e-mail to kuendigung(at)it-seal.de. Terminations by fax or e-mail shall comply with the written way.
5. Data privacy and data security
5.1 IT-Seal takes the issues of data privacy and security very seriously. The terms of the contract for order processing apply to all products and services. The data privacy concept and risk assessment can be viewed if required.
5.2 IT-Seal will only collect, store and process the personal data during the execution of the respective contract if it is necessary for the execution of the respective contract and as far as the legal regulations allow it or if there is an explicit consent of the customer or the persons concerned.
5.3 The parties agree to maintain confidentiality with regard to all trade and business secrets of which they become aware in the course of the performance of the contract and not to make them accessible to third parties. Excluded from this is information which is intended for publication or which the respective other party has agreed to pass on. This obligation to maintain secrecy does not expire at any time.
5.4 IT-Seal will delete all reference of the employee and the transmitted data of the employee after the end of the contract.
Company-related information is stored anonymously in order to create a comparison of results in the event of a possible repetition of the Academy or the use of other products.
6. Technical restrictions
The customer is obligated to comply with all technical limitations in a product that allow the customer to use the product in a specific way and not to circumvent them. The customer may download copies of the software or source code of a product only with specific written permission.
7. Changes and availability of the products and services
7.1 The implementation, content and technical design, in particular the scope of the services to be provided regards to the IT security review and training shall be coordinated with the client. They are exclusively at the discretion of IT-Seal within the scope of the execution of the training programs of the Awareness Academy.
7.2 IT-Seal shall be entitled to make reasonable changes and updates to the products and services from time to time.
7.3 The digital services of IT-Seal are provided for access via browser. At least the last 3 program versions of the browsers Microsoft Edge, Mozilla Firefox, Google Chrome are supported.
7.4 In case of exporting the learning modules the SCORM standard is used. The versions Scorm 1.2 or Scorm 2004 Third Edition are supported.
7.5. Service Level Agreement:
IT-Seal provides an availability of at least 99% of the user minutes. In the event that this cannot be guaranteed, IT-Seal offers, at the request of the customer and after approval by IT-Seal, a credit for the lost time of use in subsequent months, based on the following calculation:
User minutes: The total number of minutes on workdays between 7 a.m. and 6 p.m. in a month, multiplied by the total number of users.
Downtimes: Periods of time when participants could not reach valid e-learning content as a server response at the router exit of the respective IT-Seal data center.
Percentage of monthly operating time: The percentage of monthly operating time is calculated with the following formula:
(user minutes – downtime )/user minutes x 100
Where downtime is measured in user minutes, i.e., for each month, downtime is the total of the length of each incident (in minutes) that occurs in that month multiplied by the number of users affected by that incident.
Service credit: Is the percentage of the applicable monthly service charges that will be credited to you, upon approval of the claim by IT-Seal.
Percentage of monthly operating time
< 99 %
< 95 %
< 90 %
7.6 The parties agree that for technical reasons it is not possible to record all reactions of the participants. It may happen that the reaction of a participant is not detected.
8. Payment, delay
8.1 IT-Seal shall invoice monthly in advance unless otherwise agreed in the contract. All invoices from IT-Seal are in principle due immediately and payable without deduction.
8.2 If the customer is in delay, IT-Seal shall grant the customer a period of 14 days to pay the justified outstanding claim. If the customer has not paid the outstanding claim by the deadline, IT-Seal shall be entitled to charge interest from that time onwards at the rate of 9 percentage points above the base interest rate as for claims for remuneration.
8.3 Insofar as the customer does not meet its payment obligation despite a reminder and the setting of a reasonable deadline, IT-Seal reserves the right of extraordinary termination of the contract. In this case, the customer shall be obliged to compensate IT-Seal, unless otherwise agreed, for all activities already performed on a pro rata basis of the total contractual costs of the contract, or on the basis of an hourly rate of 150€/h, as well as to refund any other costs/expenses already incurred in connection with the terminated contract (including any costs of any subcontractors).
9. Liability, limitation of liability
9.1 IT-Seal shall be liable without limitation in accordance with the statutory provisions for damages resulting from injury to life, body or health which is based on an intentional or negligent breach of duty or an intentional or negligent breach of duty of its vicarious agents.
9.2 In addition, IT-Seal's liability towards the customer for breaches of essential contractual obligations caused by slight negligence on the part of its legal representatives or vicarious agents within the scope of this contract shall be limited to the foreseeable, contract-typical, direct damage. In total, the liability is limited to a maximum of the respective contract volume per liability case.
9.3 Otherwise liability is excluded.
9.4 The customer shall indemnify IT-Seal for any claims which a third party associated with the customer, in direct connection with effects of the IT security test on the IT system, attempts to assert against IT-Seal, provided that IT-Seal is not responsible for such effect or the IT security test was state of the art.
9.5 The above limitations of liability and exclusions shall not apply to claims which have arisen due to fraudulent conduct by IT-Seal, as well as in the case of liability for guaranteed characteristics, for claims under the Product Liability Act and damages arising from injury to life, limb or health.
10.1 The place of performance for all obligations arising from the contract, including the customer's payment obligations, is IT-Seal's place of business.
10.2 The exclusive local place of jurisdiction for all disputes arising from or in connection with this contract, including any tort claims, shall be the place of business of IT-Seal; IT-Seal is also entitled to sue the customer at its place of business.
10.3 The contracting parties have not made any verbal collateral agreements. Amendments and supplements to the offer and the GTC must be made in writing. This also applies to the waiver of the written form.
10.4 The contractual relationship shall be governed solely by the substantive law of the Federal Republic of Germany with the exception of the United Nations Convention on Contracts for the International Sale of Goods (CISG). The law of the Federal Republic of Germany shall apply – as far as legally possible – even if German law refers to the law of another country (exclusion of conflict of laws).