Term of service.

Article 1 - Definitions

1. Service Provider: Naq Cyber ​​B.V., established in Zoetermeer, Netherlands, Company Registration Number 75310368, or Naq Cyber UK Ltd., established in Leighton Buzzard, UK, Company Registration Number 12714016.

2. The counterparty to the Service Provider is referred to in these general terms and conditions as the Client.

3. Parties: Service Provider and Client together.

4. Agreement: The Service Agreement between the Parties.

5. Infringement: A breach of security that accidentally or unlawfully leads to destruction, loss, alteration or unauthorised provision or unauthorised access to transmitted, stored or otherwise processed (personal) data.

6. The Assignment: The Customer receives from the Service Provider the following services in the context of the following performance: Informing and advising on the (status of) (information) security of the website(s) and information systems of the Customer; monitoring and testing the safety and resilience of the website(s) and other information systems owned by the Customer; conducting security tests on the Customer’s website, as well as conducting (phishing) tests on e-mail security of the Customer; providing online training on information and internet security; providing a set of GDPR- and security policy documents to the Customer and being available for response if a breach of information and IT security occurs.

Article 2 - Applicability of general terms and conditions

1. These terms and conditions apply to all quotations, offers, work, Agreements and deliveries of services or goods by or on behalf of the Service Provider.

2. Deviation from these conditions is only possible if the Parties have explicitly agreed in writing.

3. The Agreement always contains best efforts obligations for the Service Provider, no obligations with regard to results. The client is therefore not entitled to compensation if the intended result is not achieved.

Article 3 - Payment

1. For yearly subscriptions, invoices must be paid within 30 days after the invoice date unless the parties have made different arrangements in writing or a different payment term is stated on the invoice. For monthly subscriptions, the Service Provider will set up a direct debit or enable the Client to make a bank transfer.

2. If the Client does not pay within the agreed period, the Client will be in default by operation of law, without any warning being required. From that moment, the Service Provider is entitled to suspend the obligations until the Client has fulfilled his payment obligations.

3. If the Client fails to do so, the Service Provider will proceed with the collection. The costs with regard to that collection will be borne by the Client. If the Client is in default, the Client will owe legal (commercial) interest, extrajudicial collection costs and other damage to the Service Provider in addition to the principal sum. The collection costs are calculated on the basis of the applicable legislation.

4. In the event of liquidation, bankruptcy, seizure or suspension of payment of the Client, the claims of the Service Provider on the Client are immediately claimable.

5. If the Client refuses his cooperation in the execution of the assignment by the Service Provider, the Client is still obliged to pay the agreed price to the Service Provider.

Article 4 - Offers and quotations

1. The offers of the Service Provider are valid for a maximum of 1 month, unless another period of acceptance is stated in the offer. If the offer is not accepted within the specified period, the offer will expire.

2. Delivery times in quotations are indicative and do not give the Client the right to dissolution or compensation if they are exceeded, unless the parties have explicitly agreed otherwise in writing.

3. Offers and quotations do not automatically apply for an extension of the service. Parties must agree explicitly and in writing.

Article 5 - Prices

1. The prices stated on the website of the Service Provider are excluding VAT and any other government levies, unless explicitly stated otherwise.

2. With regard to any additional service provision next to or instead of the normal subscription and its fees, parties can agree to a fixed price when concluding the Agreement.

3. If no fixed price has been agreed, the rate with regard to the additional services can be determined on the basis of the hours actually spent. The rate is calculated according to the Service Provider's usual hourly rates, valid for the period in which the Service Provider performs the work, unless a different hourly rate has been agreed upon.

4. If no rate has been agreed based on the hours actually spent, a target price will be agreed for the service, whereby the Service Provider is entitled to deviate up to 10% from this. If the target price is more than 10% higher, the Service Provider must inform the Client in good time why a higher price is justified. In that case, the Client has the right to cancel part of the assignment that exceeds the target price plus 10%.

Article 6 - Price indexing

1. The prices agreed upon entering into the Agreement are based on the price level applied at that time. The Service Provider has the right to adjust the fees to be charged to the Client annually as of 1 January.

2. Adjusted prices and rates are communicated to the Client as soon as possible.

Article 7 - Provision of information by the Client

1. Client will provide to the Service Provider all information that is relevant for the execution of the assignment and accepts that if the Client does not, the Service Provider may not be able to adequately carry out the service.

2. The Client is obliged to provide all data and documents that the Service Provider believes are necessary for the correct execution of the assignment, in a timely manner, in the desired form and in the desired manner.

3. The Client guarantees the correctness, completeness and reliability of the data and documents made available to the Service Provider, even if they originate from third parties, unless the nature of the assignment dictates otherwise.

4. The Client indemnifies the Service Provider against any damage in any form whatsoever arising from non-compliance with the provisions of the first paragraph of this article.

5. If and insofar as the Client requests this, the Service Provider returns the relevant documents.

6. If the Client does not make the data and documents required by the Service Provider available, or not in time or properly, and the execution of the order is delayed as a result, the resulting additional costs and additional fees will be borne by the Client.

Article 8 - Withdrawal of assignment

1. The Client is free to terminate the assignment to the Service Provider via the website, the Naq Portal or in electronically written form, subject to a notice period of one month. This notice period allows the Service Provider to fulfil its obligations under the relevant laws and regulations, including but not limited to, the General Data Protection Regulation.

2. If the Client withdraws the assignment, the Client is obliged to pay the fees due and the expenses incurred by the Service Provider until the end of the contract, which will be the last day of the month after the end of the cancellation period. For instance: If Client terminates the Contract on the 24th of May, the contract will end on the 31st of June.

3. If the Client terminates the assignment within the first 5 days of the month, the notice period will be presumed to have been given in the last week of the previous month to avoid unreasonable costs or otherwise negative consequences for the Client. For instance: If Client terminates the Contract on the 3rd of May, the contract will end on the 31st of May, not on the 31st of June.

Article 9 - Execution of the Agreement

1. The Service Provider implements the Agreement to the best of its knowledge and ability and in accordance with the requirements of good workmanship.

2. The Service Provider has the right to have work performed by third parties. The Service Provider will inform the Client if third parties are hired to perform (part of) the work. If third parties have access to personal data for which the Client is responsible, prior permission will be required in accordance with the Data Processing Agreement between the Client and the Service Provider.

3. Implementation of the Services as agreed upon between Parties takes place in mutual consultation and after written Agreement and payment of any agreed advance.

4. The start date of the service is determined in mutual consultation.

Article 10 - Contract duration

1. If the Client signs up for a monthly subscription, the Agreement between Client and Service Provider is entered into for an indefinite period of time. The Client is free to terminate the Agreement in accordance with article 8 of this Agreement.

2. If the Client signs up for an annual subscription, the Agreement between Client and Service Provider is entered into for a definite period of time with tacit renewal, unless the nature of the Agreement dictates otherwise or the parties have explicitly agreed otherwise in writing. The exact duration of the contract will be specified in the service contract between the parties.

Article 11 - Force majeure

1. In addition to the provisions related to Force Majeure of Dutch and British contract law, a failure on the part of the Service Provider to fulfil any obligation vis-à-vis the Client cannot be attributed to the Service Provider in the event of a circumstance independent of the will of the Service Provider, as a result of which his obligations towards the Client are wholly or partially prevented or as a result of which the fulfilment of his obligations cannot reasonably be expected from the Service Provider. These circumstances include non-performance by suppliers or other third parties, power failures, computer viruses, strikes, bad weather conditions and work interruptions.

2. If a situation as referred to above occurs as a result of which the Service Provider cannot meet its obligations towards the Client, those obligations will be suspended as long as the Service Provider cannot meet its obligations. If the situation referred to in the previous sentence has lasted 30 calendar days, the parties have the right to terminate the Agreement in writing in whole or in part.

3. In the case as referred to in the second paragraph of this article, the Service Provider is not obliged to pay compensation for any damage, even if the Service Provider enjoys any benefit as a result of the force majeure situation.  

Article 12 - Transfer of rights

Rights of one party to this Agreement cannot be transferred to a third party without the prior written consent of the other party.

Article 13 - Expiry of the claim

Any right to compensation for damage caused by the Service Provider expires in any case 12 months after the event from which the liability arises directly or indirectly.

Artikel 14 - Overdracht, erkenning en verantwoordelijkheden

De dienst waarop deze Algemene Voorwaarden van toepassing zijn, omvat een dienst voor het testen en monitoren van de beveiliging van de website(s), (web)applicaties, netwerk(en) van de Opdrachtgever en het testen van de beveiliging en phishing van de e-mail van de Opdrachtgever. Het doel van de dienst voor beveiligingsmonitoring en -testen is kwetsbaarheden in de beveiliging te identificeren en daarover te rapporteren, zodat de opdrachtgever de problemen planmatig kan aanpakken en zo het niveau van zijn beveiliging aanzienlijk kan verhogen. De Opdrachtgever begrijpt en erkent dat:

  1. Cyber security is a continually growing and changing field and the service performed by the Supplier does not protect Client against every type or form of attack.
  2. Het testen, scannen en/of monitoren van de website(s), (web)applicaties, netwerk(en) en e-mail van de Opdrachtgever gebeurt op een 'best endeavour'-basis en er kan niet worden gegarandeerd dat alle kwetsbaarheden zullen worden ontdekt.
  3. Inbreuken op de beveiliging kunnen en worden vaak veroorzaakt door interne bronnen waarvan de toegang niet afhankelijk is van de systeemconfiguratie en/of beveiligingsproblemen met externe toegang.

De Dienstverlener zal:

  1. Alle redelijke stappen te ondernemen om de operationele status van de geteste systemen te behouden. De operationele status van systemen kan niet worden gegarandeerd in honderd procent (100%) van de gevallen waarin tests en/of monitoring worden uitgevoerd.
  2. naar eigen goeddunken tests uitvoeren met gebruikmaking van passende instrumenten en methoden.
  3. Een volledige lijst van alle systemen die moeten worden getest of bewaakt geven voordat enige vorm van testen of bewaken wordt uitgevoerd.
  4. Bij beëindiging van de Dienst alle materialen met betrekking tot de website overhandigen, inclusief maar niet beperkt tot website-assets, inloggegevens, etc. Dienstverlener garandeert dat bij beëindiging van de Dienst de website(s) van Opdrachtgever volledig functioneel zijn.

De Opdrachtgever:

  1. Hereby grants permission to the Supplier and authorises the Supplier to perform the work as set out in article 1  of these Terms and Conditions.
  2. zal de dienstverlener alle vereiste informatie verstrekken voorafgaand aan enige vorm van beveiligingstests of toezicht.

Article 15 - Liability for damage

  1. De Opdrachtgever is zich ervan bewust dat een Inbreuk kan plaatsvinden tijdens de duur van de dienstverlening. De Dienstverlener kan niet aansprakelijk worden gesteld voor schade als gevolg van een Inbreuk.
  2. Iedere aansprakelijkheid voor schade, voortvloeiend uit of verband houdend met de uitvoering van een Overeenkomst, is steeds beperkt tot het bedrag dat in het desbetreffende geval door de gesloten (beroeps)aansprakelijkheidsverzekering(en) wordt uitbetaald.
  3. The Service Provider is not liable for damage ensuing from this Agreement or its (Advisory) services, unless the Service Provider caused the damage intentionally or with gross negligence.
  4. The liability limitation also applies if the Service Provider is held liable for damage that results directly or indirectly from the testing or monitoring as meant in article 1 of these Terms and Conditions, malfunctioning of the equipment, software, data files, registers or other products, services or matters used by the Service Provider in the performance of the assignment.
  5. De aansprakelijkheid van de Dienstverlener voor schade die het gevolg is van opzet of bewuste roekeloosheid van de Dienstverlener, diens leidinggevende of ondergeschikten, is niet uitgesloten.

Article 16 – Indemnity

The Client indemnifies the Service Provider against all claims from third parties that are related to the services supplied by the Service Provider.

Article 17 - Complaint obligation

1. The Client is obliged to report complaints about the work performed to the Service Provider in writing in a timely manner. The complaint contains a description of the shortcoming that is as detailed as possible, so that the Service Provider is able to respond adequately.

2. A complaint cannot in any case result in the Service Provider being obliged to perform other work than agreed.

3. Client and Service Provider enter into mutual consultation and will, to the best of their ability, solve the problems to which the complaint referred to in this article relates.

Article 18 - Intellectual property

1. Unless the Parties have agreed otherwise in writing, the Service Provider retains all absolute intellectual property rights (including copyright, patent law, trademark law, drawing and design right, etc.) on all designs, drawings, writings, media with data or other information, quotations, images, sketches, models, etc.

2. The aforementioned absolute intellectual property rights may not be copied, shown to third parties and / or made available or used in any other way without written permission from the Service Provider.

3. The Client undertakes to maintain the confidentiality of the confidential information made available to him by the Service Provider. Confidential information means that information to which this article relates, as well as general company data. The Client undertakes to impose on its staff and / or third parties involved in the implementation of this Agreement a written obligation of confidentiality regarding the scope of this provision.

4. If the Client or one of his employees, service providers or natural persons or legal entities otherwise connected to him violates the intellectual property rights of the service provider, a penalty of €/£5,000 shall be payable for each day the violation continues. Claiming the fine does not affect the right of the service provider to claim damages for this violation.

Article 19 - Confidentiality

1. Each of the parties shall keep the information it receives (in whatever form) from the other party and any other information concerning the other party that it knows or can reasonably suspect is secret or confidential, or information that it may expect that the distribution thereof may cause harm to the other party, and shall take all necessary measures to ensure that its personnel also keep the said information secret.

2. The confidentiality obligation mentioned in the first paragraph of this article does not apply to information:

a. that at the time the recipient received this information was already public or subsequently became public without a violation by the receiving party of a duty of confidentiality imposed on him;

b. of which the receiving party can prove that this information was already in his possession at the time the other party provided it;

c. that the receiving party has received from a third party whereby that third party was entitled to provide this information to the receiving party

d. that is made public by the receiving party on the basis of a legal obligation.

3. The obligation of confidentiality described in this article applies for the duration of this Agreement and for a period of five years after the termination thereof.

4. If the Client or any of his employees, service providers or natural persons or legal entities otherwise connected to him violate this confidentiality clause, a penalty of €/£5,000 shall be payable for each day that the violation continues. Claiming the fine does not affect service provider's right to claim damages for this breach.

Article 20 - Data Processing

1. The Service Provider might have access to personal data for which the Client is responsible in the exercise of the service. The Service Provider shall take all necessary organisational and technical security measures to secure this personal data, in accordance with the UK and EU GDPR. To this end, The Service Provider will provide the Client with a Data Processing Agreement upon request.

2. Personal data for which the Client is responsible will be processed by the Service Provider in accordance with the Privacy Policy, available on the Service Provider’s website.

Article 21 - Nullity and voidability of these general conditions

Indien een van de bepalingen van deze algemene voorwaarden nietig of vernietigbaar wordt verklaard, blijft het overige deel van deze algemene voorwaarden van kracht.

In geval van nietigheid van één van de bepalingen van deze algemene voorwaarden zullen partijen overleggen teneinde een geldige bepaling overeen te komen. Deze nieuwe bepaling zal zo dicht mogelijk bij de nietige of vernietigde bepaling liggen.

Article 22 - Dissolution

  1. Indien de dienstverlener de redelijke verwachting heeft dat een van de verplichtingen van de onderliggende overeenkomst niet zal worden nagekomen, heeft de dienstverlener het recht de onderliggende overeenkomst met onmiddellijke ingang te ontbinden.
  2. De Dienstverlener is gerechtigd om zonder voorafgaande ingebrekestelling tot ontbinding over te gaan.

Article 23- Applicable law and competent court

1. The law applicable to these terms & conditions and the service provision by Naq Cyber is dependent upon the registered location of the Client. If the Client is registered in the UK, British law applies exclusively. If the Client is registered in the Netherlands or elsewhere, Dutch law applies exclusively.

2. The judge in the district where Naq Cyber​ is established and keeps office is exclusively authorised to take cognizance of any disputes between parties, unless the law prescribes otherwise.

Book a demo.

Turn compliance and assurance into your competitive advantage.
By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Bedankt! Je inzending is ontvangen!
Oeps! Er ging iets mis bij het verzenden van het formulier.
Naq takes the complexity out of achieving compliance. Join hundreds using Naq to achieve, monitor and manage their data compliance programme, eliminating hundreds of hours of manual work and keeping their data protected.
© Copyright 2023 - Naq Cyber UK Ltd.
© Copyright 2023 - Naq Cyber B.V.
Privacy PolicyCookie PolicyTerms of ServiceResponsible Disclosure
Designed & Developed by 3SIX5 Digital