GTC

General Terms and Conditions (AGB)

1. scope and validity of the contract

1.1 All orders and agreements are only legally binding if they are confirmed in writing by the Contractor. They shall only apply to the extent of the services specified in the order confirmation. The Client's terms and conditions of purchase are expressly excluded. The Contractor's offers are non-binding.

1.2 These GTC apply to all services in the area of cybersecurity and software development.

2. benefits and obligations to cooperate

2.1 The subject matter of an order may include the following services:

  • Cybersecurity services:
    • Implementation of penetration tests
    • Vulnerability analyses and security checks
    • Incident response and support for security incidents
    • Creation and implementation of IT security concepts
    • Advice on IT security strategies, data protection and compliance
    • Implementation of training and awareness campaigns
    • Managed security services (e.g. monitoring, log management)
  • Software development services:
    • Development of individual software and program adaptations
    • Delivery of standard software and license management
    • Creation of concepts and documentation
    • Integration and interface development
    • Maintenance, further development and support of existing software

2.2 The services shall be provided on the basis of the information and resources provided by the client. The client undertakes to:

  • To provide all necessary documents, access, test environments and data in good time and in full.
  • To ensure the legal admissibility of the content provided (e.g. with regard to data protection, copyright or trademark rights).
  • Ensure the backup of data processed in test environments or productive systems on their own responsibility.

2.3 The following applies to individually created software:

  • The basis of the development is a service description prepared by the contractor and approved in writing by the client. Changes or extensions to this description require a written agreement and may lead to additional costs.
  • After delivery, the program shall be accepted by the client within four weeks. After expiry of this period, the software shall be deemed to have been accepted, provided no significant defects have been reported.
  • Any defects must be documented in writing and in detail. The Contractor shall rectify these within a reasonable period of time.

2.4 The following applies to penetration tests and vulnerability analyses:

  • The client confirms that all systems and applications to be tested have been approved.
  • Test results are treated confidentially and made available exclusively to the client.
  • The responsibility for rectifying identified weaknesses lies with the client, unless the contractor has been commissioned to do so.

2.5 Incident response services shall be provided within the scope of the agreed measures. The client shall ensure that emergency plans are in place and shall assume responsibility for all productive measures.

2.6 Training courses and awareness campaigns are coordinated on an individual basis. The client is responsible for providing the participants and the technical infrastructure.

2.7 If, in the course of providing the service, it is determined that the agreed service is not possible due to technical or legal obstacles, the Contractor shall inform the Client immediately. The Client may adjust the service description. Otherwise, the Contractor shall be entitled to withdraw from the contract.

3. prices and terms of payment

3.1 All prices are quoted in euros excluding VAT. Additional costs (e.g. for travel expenses, test environments or special software) will be charged separately.

3.2 Services shall be invoiced according to actual expenditure, unless a fixed price has been agreed.

3.3 Invoices must be paid within 14 days of receipt without deduction. In the event of late payment, interest on arrears shall be charged in accordance with § 456 UGB (9.2% above the base interest rate).

4. confidentiality and data protection

4.1 The Contractor undertakes to treat all information disclosed in the course of the cooperation as confidential.

4.2 The Client shall ensure that all transmitted data complies with the applicable data protection regulations. The Contractor assumes no liability for data protection violations that are attributable to insufficient cooperation or instructions from the Client.

4.3 The Contractor shall comply with the requirements of the GDPR and shall also oblige its employees to maintain confidentiality and data protection.

5. liability

5.1 The Contractor shall only be liable for damages caused by gross negligence or intent. Liability for loss of profit, loss of data, business interruption or indirect damage is excluded, provided that there are no mandatory statutory provisions to the contrary.

5.2 In the case of penetration tests and vulnerability analyses, the Contractor shall not be liable for damage caused by existing vulnerabilities or security gaps.

5.3 The Contractor's liability shall be limited to the typical, foreseeable damage and shall amount to a maximum of EUR 15,000 per claim.

6 Copyright and use

6.1 After full payment, the Client shall receive a non-exclusive, non-transferable right to use the services provided (e.g. software, reports). All other rights shall remain with the Contractor.

6.2 Work results may not be reproduced, published or passed on to third parties without the Contractor's consent.

7. right of withdrawal

7.1 The Client may withdraw from the contract if the Contractor fails to fulfill essential contractual obligations despite a reasonable grace period.

7.2 Force majeure (e.g. natural disasters, cyber attacks, official orders) shall release the Contractor from the obligation to perform.

8. final provisions

8.1 These GTC are subject to Austrian law. The place of jurisdiction shall be the Contractor's registered office.

8.2 Should individual provisions of these GTC be invalid, this shall not affect the validity of the remaining provisions.