General Terms and Conditions

These General Terms and Conditions shall apply from 4-1-2022.

0. Definitions

The Contractor is slashsec Red Teaming GmbH, with headquarters at Mariahilfer Straße 114/1/18, 1070 Vienna, Austria.

The Customer of slashsec Red Teaming GmbH is a company within the scope of § 1 Para. 2 Konsumentengesetz (KSchG) (Austrian Consumer Act).

1. General principles/scope

1.1. These General Terms and Conditions shall apply exclusively to all legal transactions between the Customer and the Contractor. The version valid at the time of the conclusion of the agreement shall be authoritative in each case.

1.2. These General Terms and Conditions shall also apply to all future contractual relationships, thus even if not expressly referred to in additional agreements.

1.3. Conflicting General Terms and Conditions of the Customer shall be invalid unless they are expressly accepted by the Contractor in writing.

2. Scope of the consulting commission/representation

2.1. The scope of a concrete consulting commission is contractually agreed in each individual case.

2.2. The Contractor shall be entitled to have the tasks for which it is responsible be performed in whole or in part by third parties.

2.3. The Customer undertakes not to enter into any business relationship whatsoever with persons or companies used by the Contractor for the performance of its contractual obligations during this contractual relationship and until three years have passed after the termination of this contractual relationship. In particular, the Customer shall not commission these persons and companies with same or similar consulting services that are also offered by the Contractor.
‍

3. Customer's duty of disclosure/declaration of completeness

3.1. The Customer shall ensure that the general organizational conditions for the fulfillment of the consulting commission at the respective location agreed upon in the individual agreement permit the work to be carried out as undisturbed as possible and in a manner conducive to the rapid progress of the consulting process.

3.2. The Customer shall ensure that the Contractor is provided with all documents necessary for the fulfillment and execution of the consulting commission in a timely manner, even without the Contractor's special request, and that the Contractor is informed of all processes and circumstances that are of importance for the execution of the consulting commission. This also applies to all documents, processes and circumstances that only become known during the consultant's work.

3.3. The Customer shall ensure that its employees and the employee representation (works council) provided for by law and established, if applicable, are informed by the Contractor even before the Contractor commences its activities.

4. Safeguarding independence

4.1. The Contracting Parties undertake to be loyal to each other.

4.2. The Contracting Parties mutually undertake to take all precautions suitable to prevent the independence of the commissioned third parties and employees of the Contractor from being jeopardized. In particular, the Customer undertakes not to directly commission subcontractors engaged by the Contractor or employees engaged by the Contractor with services that are similar to the services that are the subject matter of the agreement or are related to them.

5. Reporting/reporting obligation

5.1. The Contractor undertakes to report to the Customer on the progress of the respective project upon the Customer's request.

5.2. The Customer receives the final report within a reasonable period of time, i.e., two to four weeks after completion of the commission, depending on the nature of the concrete consulting commission.

5.3. The Contractor shall be free from instructions in the performance of the contracted services and shall act at its own discretion and under its own responsibility. It is not bound to any particular place of work or working hours.

6. Protection of intellectual property

6.1. All rights, in particular, but not exclusively the copyrights to the works created by the Contractor and its employees and commissioned third parties (within the scope of the Urheberrechtsgesetzt (UrhG) (Copyright Act), especially offers, reports, analyses, expert opinions, organizational plans, programs, performance descriptions, drafts, calculations, drawings, data carriers, etc.) shall remain with the Contractor. The works may be used by the Customer during the contractual relationship and after the termination of the contractual relationship exclusively for purposes covered by the agreement. In this regard, the Customer is not entitled to reproduce and/or distribute the work(s) without the Contractor's express consent. Under no circumstances shall an unauthorized reproduction/dissemination of the Work give rise to any liability on the part of the Contractor – in particular, for example, for the correctness of the work – vis-à-vis third parties.

6.2. The Customer's violation of these provisions shall entitle the Contractor to immediately terminate the contractual relationship in question and to assert all claims granted to it by law, in particular for injunctive relief, removal and/or damages.

7. Liability/compensation

7.1. The Contractor shall be liable to the Customer for damages – except for personal injuries – only in case of culpable negligence (intent or gross negligence). The Contractor's liability for damages caused by slight negligence shall be limited to the amount of the order sum of the respective consulting commission. Liability for loss of profit, loss of savings, loss of interest, indirect and consequential damages and non-material damages, as well as damages from third-party claims is excluded in all cases to the extent permitted by law.

7.2. Section 7.1 shall also apply mutatis mutandis to damage attributable to third parties engaged by the Contractor.

7.3. The Customer expressly agrees that, in the course of security consulting services, IT security assessments or similar, the IT systems of the Customer may be intrusively tested. Such checks can lead to system failure and therefore to a loss of the availability and integrity of the target systems. The Customer is aware of the fact that a complete data backup for the entire IT system of the Customer is necessary prior to the provision of services by the Contractor and the Contractor expressly points out this necessity. The performance of the data backup is the sole sphere and responsibility of the Customer and the Contracting Parties expressly agree that a backup of the Customer's data of any kind or a review by the Contractor of any data backup performed is not part of the performance of the respective consulting commission. The Contractor shall not be obliged to refer to or check a data backup again after the order has been placed. The liability of the Contractor for any loss, damage or alteration of data is expressly excluded between the Contracting Parties. The Contractor shall also not be liable for any damage whatsoever to the Customer's IT system which has occurred in the course of the Contractor's provision of services.

7.4. Claims for damages by the Customer may only be asserted in court within six months of knowledge of the damage and the damaging party, but at the latest within three years of the event giving rise to the claim.

7.5. In each case, the Customer must provide evidence that the Contractor is culpable for the damage.

7.6. If the Contractor provides the commissioned service with the assistance of third parties and warranty and/or liability claims arise against these third parties in this context, the Contractor shall assign these claims to the Customer and the Customer shall be obligated to deal directly with these third parties in these cases.

7.7. The Contractor does not guarantee a complete detection of all vulnerabilities in the systems to be tested at any time. The Contractor assumes no liability for identifying existing vulnerabilities.

8. Confidentiality/data protection

8.1. The Contractor undertakes to maintain absolute silence about all business matters coming to its knowledge, in particular business and trade secrets, as well as any information it receives about the nature, scope of operation and practical activities of the Customer.

8.2. Furthermore, the Contractor undertakes to maintain secrecy vis-à-vis third parties with regard to all information and circumstances which it has received in connection with the provision of the service, in particular also with regard to the data of the Customer's customers.

8.3. The Contractor shall be released from the obligation to maintain secrecy with respect to any agents and representatives of which it avails itself. It shall, however, fully transfer the confidentiality obligations according to Section 8 of this agreement to these agents and representatives and shall be liable for culpable breaches of the confidentiality obligations of Section 8 of this agreement by the agents and representatives it commission, as we as for its own culpability. The provisions of Section 7 of this agreement shall apply mutatis mutandis in this case.

8.4. The duty of confidentiality extends indefinitely beyond the end of this contractual relationship. Exceptions exist in the case of legally required statements.

8.5. The Contractor shall be entitled to process personal data entrusted to it in accordance with the commission processing agreement concluded separately between the Customer and the Contractor. The Customer warrants to the Contractor that all necessary measures have been taken for this purpose, in particular those within the meaning of the Data Protection Act, such as declarations of consent by the persons concerned.

9. Fee

9.1. The Contractor shall be entitled to a fee for the services it provides in accordance with the individual contractual agreement between the Customer and the Contractor. The Contractor shall be entitled to submit interim invoices in accordance with the progress of the work and demand payment on account in accordance with this respective progress. The (partial) fee(s) is/are due in each case upon invoicing by the Contractor. The term of payment is 30 days net from the date of invoice.

9.2. The Contractor shall in each case issue an invoice entitling it to input tax deduction with all legally required features.

9.3. Any cash expenses, out-of-pocket expenses, travel expenses, etc. incurred shall be reimbursed separately by the Customer in addition to the agreed fee against invoicing by the Contractor.

9.4. Services rendered shall be invoiced according to actual expenditure. Within the scope of its offer, the Contractor shall only provide a non-binding expense estimate based on the information provided by the Customer. This non-binding expense estimate is expressly not to be understood as a lump sum, unless explicitly agreed otherwise in writing in the individual case.

9.5. The Contractor is entitled to charge in full for projects canceled or postponed by the Customer at short notice (less than 10 working days before the scheduled start of implementation).

9.6. In the event of non-payment of interim invoices, the Contractor shall be released from its obligation to provide further services until full payment is made by the Customer. However, this shall not affect the assertion of further claims resulting from non-payment. Delays in deadlines resulting from the failure to pay interim invoices on time lie exclusively within the sphere of the Customer, and the Customer cannot assert any claims of any kind against the Contractor as a result.

10. Electronic invoicing

10.1. The Contractor is entitled to send invoices to the Customer in electronic form as well. The Customer expressly agrees to the sending of invoices in electronic form by the Contractor.

11. Contractual term

11.1. This agreement ends with the completion of the project.

11.2. Notwithstanding the above, the agreement may be terminated at any time for good cause by either party without notice. In particular, good cause shall be deemed to be:

• if a Contracting Party is in default with its payment obligations arising from this contractual relationship and has been reminded unsuccessfully by setting a grace period of 2 weeks and threatening to terminate the agreement, or
• if a Contracting Party violates essential contractual obligations and/or statutory provisions, which makes it impossible for the other Contracting Party to continue the contractual relationship or the other Contracting Party thereby loses confidence in the Contracting Party violating the provisions of this agreement or statutory provisions, or
• if there are justified doubts regarding the creditworthiness of a Contracting Party in respect of whom insolvency proceedings have not been opened and the Contracting Party fails to make advance payments at the Contractor's request or to provide suitable security prior to the Contractor's performance.

12. Final provisions

12.1. Amendments to the agreement and these GTC must be made in writing; likewise, any waiver of this formal requirement. There are no verbal ancillary agreements.

12.2. This Agreement shall be governed exclusively by Austrian substantive law, excluding the conflict of law rules of private international law and excluding the provisions of the UN Convention on Contracts for the International Sale of Goods. The place of performance shall be the place of the Contractor's professional establishment. The court with subject-matter jurisdiction at the Contractor's place of business shall have exclusive jurisdiction for disputes in connection with the respective agreement.

12.3. The Customer grants the Contractor the right, free of charge and revocable at any time, to use the Customer's company or company logo (trademark) for reference purposes. The revocation of this right must be made in writing (with company signature). If it is not possible to cancel any publications already made for technical and/or practical reasons (e.g., publication already made in print media etc.) after receipt of the notice of cancellation, no claims by the customer may be derived thereof.

12.4. Should individual provisions of the agreement and/or these General Terms and Conditions be or become invalid or unenforceable, this shall not affect the validity of the remaining provisions. In place of the invalid or unenforceable provision, the Contracting Parties shall agree on such valid and enforceable provision that comes as close as possible to the economic purpose pursued by the invalid or unenforceable provision. The same applies to the supplementary interpretation of the agreement.