Article 1 – Definitions
- Service Provider: Naq Cyber B.V., established in Zoetermeer, Netherlands, Company Registration Number 75310368, or Naq Cyber UK Ltd., established in Leighton Buzzard, UK, Company Registration Number 12714016.
- The counterparty to the Service Provider is referred to in these general terms and conditions as the Client.
- Parties: Service Provider and Client together.
- Agreement: The Service Agreement between the Parties.
- Infringement: A breach of security that accidentally or unlawfully leads to destruction, loss, alteration or unauthorized provision or unauthorized access to transmitted, stored or otherwise processed (personal) data.
Article 2 – Applicability of general terms and conditions
- These terms and conditions apply to all quotations, offers, work, Agreements and deliveries of services or goods by or on behalf of the Service Provider.
- Deviation from these conditions is only possible if the Parties have explicitly agreed in writing.
- The Agreement always contains best efforts obligations for the Service Provider, no obligations with regard to results.
Article 3 – Payment
- For yearly subscriptions, invoices must be paid within 14 days after the invoice date unless the parties have made different arrangements in writing or a different payment term is stated on the invoice. For monthly subscriptions, the Client will set up a direct debit through the payment processor chosen by the Service Provider.
- If the Client does not pay within the agreed period, he will be in default by operation of law, without any warning being required. From that moment, the Service Provider is entitled to suspend the obligations until the Client has fulfilled his payment obligations.
- If the Client fails to do so, the Service Provider will proceed with the collection. The costs with regard to that collection will be borne by the Client. If the Client is in default, he will owe legal (commercial) interest, extrajudicial collection costs and other damage to the Service Provider in addition to the principal sum. The collection costs are calculated on the basis of the Reimbursement for Extrajudicial Collection Costs Decree.
- In the event of liquidation, bankruptcy, seizure or suspension of payment of the Client, the claims of the Service Provider on the Client are immediately claimable.
- If the Client refuses his cooperation in the execution of the assignment by the Service Provider, he is still obliged to pay the agreed price to the Service Provider.
Article 4 – Offers and quotations
- The offers of the Service Provider are valid for a maximum of 1 month, unless another period of acceptance is stated in the offer. If the offer is not accepted within the specified period, the offer will expire.
- Delivery times in quotations are indicative and do not give the Client the right to dissolution or compensation if they are exceeded, unless the parties have explicitly agreed otherwise in writing.
- Offers and quotations do not automatically apply for an extension of the service. Parties must agree explicitly and in writing.
Article 5 – Prices
- The prices stated on the website of the Service Provider are excluding VAT and any other government levies, unless explicitly stated otherwise.
- With regard to any additional service provision next to or instead of the normal subscription and its fees, parties can agree to a fixed price when concluding the Agreement.
- If no fixed price has been agreed, the rate with regard to the additional services can be determined on the basis of the hours actually spent. The rate is calculated according to the Service Provider’s usual hourly rates, valid for the period in which he performs the work, unless a different hourly rate has been agreed upon.
- If no rate has been agreed based on the hours actually spent, a target price will be agreed for the service, whereby the Service Provider is entitled to deviate up to 10% from this. If the target price is more than 10% higher, the Service Provider must inform the Client in good time why a higher price is justified. In that case, the Client has the right to cancel part of the assignment that exceeds the target price plus 10%.
Article 6 – Price indexing
- The prices and hourly rates agreed upon entering into the Agreement are based on the price level applied at that time. The Service Provider has the right to adjust the fees to be charged to the Client annually as of 1 January.
- Adjusted prices, rates and hourly rates are communicated to the Client as soon as possible.
Article 7 – Provision of information by the Client
- Client will provide to the Service Provider all information that is relevant for the execution of the assignment and accepts that if he does not, the Service Provider may not be able to adequately carry out the service.
- The Client is obliged to provide all data and documents that the Service Provider believes are necessary for the correct execution of the assignment, in a timely manner, in the desired form and in the desired manner.
- The Client guarantees the correctness, completeness and reliability of the data and documents made available to the Service Provider, even if they originate from third parties, unless the nature of the assignment dictates otherwise.
- The Client indemnifies the Service Provider against any damage in any form whatsoever arising from non-compliance with the provisions of the first paragraph of this article.
- If and insofar as the Client requests this, the Service Provider returns the relevant documents.
- If the Client does not make the data and documents required by the Service Provider available, or not in time or properly, and the execution of the order is delayed as a result, the resulting additional costs and additional fees will be borne by the Client.
Article 8 – Withdrawal of assignment
- The Client is free to terminate the assignment to the Service Provider via the website, the Naq Portal or in electronically written form, subject to a notice period of one month. This notice period allows the Service Provider to fulfil its obligations under the relevant laws and regulations, including but not limited to, the General Data Protection Regulation.
- If the Client withdraws the assignment, the Client is obliged to pay the fees due and the expenses incurred by the Service Provider until the end of the contract, which will be the last day of the month after the end of the cancellation period. For instance: If Client terminates the Contract on the 24th of May, the contract will end on the 31st of June.
- If the Client terminates the assignment within the first 5 days of the month, the notice period will be presumed to have been given in the last week of the previous month to avoid unreasonable costs or otherwise negative consequences for the Client. For instance: If Client terminates the Contract on the 3rd of May, the contract will end on the 31st of May, not on the 31st of June.
Article 9 – Execution of the Agreement
- The Service Provider implements the Agreement to the best of its knowledge and ability and in accordance with the requirements of good workmanship.
- The Service Provider has the right to have work performed by third parties. The Service Provider will inform the Client if third parties are hired to perform (part of) the work. If third parties have access to personal data for which the Client is responsible, prior permission will be required in accordance with the Data Processing Agreement between the Client and the Service Provider.
- Implementation of the Services as agreed upon between Parties takes place in mutual consultation and after written Agreement and payment of any agreed advance.
- The start date of the service is determined in mutual consultation.
Article 10 – Contract duration
- The Agreement between Client and Service Provider is entered into for an indefinite period of time, unless the nature of the Agreement dictates otherwise or the parties have explicitly agreed otherwise in writing.
Article 11 – Force majeure
- In addition to the provisions related to Force Majeure of Dutch and British contract law, a failure on the part of the Service Provider to fulfil any obligation vis-à-vis the Client cannot be attributed to the Service Provider in the event of a circumstance independent of the will of the Service Provider, as a result of which his obligations towards the Client are wholly or partially prevented or as a result of which the fulfillment of his obligations cannot reasonably be expected from the Service Provider. These circumstances include non-performance by suppliers or other third parties, power failures, computer viruses, strikes, bad weather conditions and work interruptions.
- If a situation as referred to above occurs as a result of which the Service Provider cannot meet its obligations towards the Client, those obligations will be suspended as long as the Service Provider cannot meet its obligations. If the situation referred to in the previous sentence has lasted 30 calendar days, the parties have the right to terminate the Agreement in writing in whole or in part.
- In the case as referred to in the second paragraph of this article, the Service Provider is not obliged to pay compensation for any damage, even if the Service Provider enjoys any benefit as a result of the force majeure situation.
Article 12 – Transfer of rights
Rights of one party to this Agreement cannot be transferred to a third party without the prior written consent of the other party.
Article 13 – Expiry of the claim
Any right to compensation for damage caused by the Service Provider expires in any case 12 months after the event from which the liability arises directly or indirectly.
Article 14 – Assignment, acknowledgement and responsibilities
- The service to which these Terms & Conditions are applicable includes a security testing and monitoring service of the Client’s website(s), (web)applications, network(s) and security- and phishing testing of the Client’s e-mail. The objective of the security monitoring and testing service is to identify and report on security vulnerabilities, to allow the client to close the issues in a planned manner, thus significantly raising the level of their security protection. The Client understands and acknowledges that:
- Cyber security is a continually growing and changing field and that the service performed by the Supplier does not protect Client against every type or form of attack.
- Testing, scanning and/or monitoring of the Client’s website(s), (web)applications, network(s) and email will be done on a best endeavour’s basis and that it is not possible to guarantee that all vulnerabilities will be discovered.
- Security breaches can and frequently do come from internal sources whose access is not a function of system configuration and/or external access security issues.
- The Supplier will:
- Take all reasonable steps to preserve the operational status of tested systems. The operational status of systems cannot be guaranteed in one hundred per cent (100%) of cases in which testing and/or monitoring is carried out.
- Perform tests at its own discretion using appropriate tools and methods.
- Provide a full list of all systems to be tested or monitored prior to performance of any form of testing or monitoring.
- Upon termination of the Service, hand over all materials related to the website, including but not limited to website-assets, log-on credentials, etc. The Supplier guarantees that upon termination of the Service, the Client’s website(s) are fully functioning.
- The Client:
- Hereby grants permission to the Supplier and authorizes the Supplier to perform the work as set out in article 17.2 of this Agreement.
- Will provide the Supplier will all required information prior to any form of security testing or monitoring.
Article 15 – Liability for damage
- The Client is aware that an Infringement may occur during the service period. The Service Provider cannot be held liable for damage as a result of an Infringement.
- Any liability for damage arising from or related to the implementation of an Agreement is always limited to the amount that is paid out in the relevant case by the (professional) liability insurance policy (s) concluded. This amount is increased by the amount of the deductible according to the relevant policy.
- The Service Provider is not liable for damage ensuing from this Agreement, unless the Service Provider caused the damage intentionally or with gross negligence.
- The liability limitation also applies if the Service Provider is held liable for damage that results directly or indirectly from the testing or monitoring as meant in article 17 of this agreement, malfunctioning of the equipment, software, data files, registers or other matters used by the Service Provider in the performance of the assignment.
- The liability of the Service Provider for damage that is the result of intent or deliberate recklessness on the part of the Service Provider, his supervisor or subordinates is not excluded.
Article 16 – Indemnity
The Client indemnifies the Service Provider against all claims from third parties that are related to the services supplied by the Service Provider.
Article 17 – Complaint obligation
- The Client is obliged to report complaints about the work performed to the Service Provider in writing in a timely manner. The complaint contains a description of the shortcoming that is as detailed as possible, so that the Service Provider is able to respond adequately.
- A complaint cannot in any case result in the Service Provider being obliged to perform other work than agreed.
- Client and Service Provider enter into mutual consultation and will, to the best of their ability, solve the problems to which the complaint referred to in this article relates.
Article 18 – Intellectual property
- Unless the Parties have agreed otherwise in writing, the Service Provider retains all absolute intellectual property rights (including copyright, patent law, trademark law, drawing and design right, etc.) on all designs, drawings, writings, media with data or other information, quotations, images, sketches, models, models, etc.
- The aforementioned absolute intellectual property rights may not be copied, shown to third parties and / or made available or used in any other way without written permission from the Service Provider.
- The Client undertakes to maintain the confidentiality of the confidential information made available to him by the Service Provider. Confidential information means that information to which this article relates, as well as general company data. The Client undertakes to impose on its staff and / or third parties involved in the implementation of this Agreement a written obligation of confidentiality regarding the scope of this provision.
Article 19 – Confidentiality
- Each of the parties shall keep the information it receives (in whatever form) from the other party and any other information concerning the other party that it knows or can reasonably suspect is secret or confidential, or information that it may expect that the distribution thereof may cause harm to the other party, and shall take all necessary measures to ensure that its personnel also keep the said information secret.
- The confidentiality obligation mentioned in the first paragraph of this article does not apply to information:
- that at the time the recipient received this information was already public or subsequently became public without a violation by the receiving party of a duty of confidentiality imposed on him;
- of which the receiving party can prove that this information was already in his possession at the time the other party provided it;
- that the receiving party has received from a third party whereby that third party was entitled to provide this information to the receiving party
- that is made public by the receiving party on the basis of a legal obligation.
- The obligation of confidentiality described in this article applies for the duration of this Agreement and for a period of five years after the termination thereof.
Article 20 – Data Processing
- The Service Provider might have access to personal data for which the Client is responsible in the exercise of the service. The Service Provider shall take all necessary organizational and technical security measures to secure this personal data, in accordance with the UK and EU GDPR. To this end, The Service Provider will provide the Client with a Data Processing Agreement upon request.
Article 21 – Applicable law and competent court
1. The law applicable to these terms & conditions are dependent upon the registered location of the Client. If the Client is registered in the UK, British law applies exclusively. If the Client is registered in the Netherlands, Dutch law applies exclusively.
- The judge in the district where Naq Cyber is established and keeps office is exclusively authorized to take cognizance of any disputes between parties, unless the law prescribes otherwise.