General Terms and Conditions

Prepared on: 18/04/2023

General Terms and Conditions

Click here to download the General Terms and Conditions in PDF format.

Article 1 Definitions

The singular and plural forms of the definitions in this Article 1 may be used interchangeably without changing their meaning, unless otherwise indicated.

The following definitions apply to the Agreement:

  1. Agreement: any (potential) agreement between MITE3 and the Customer with regard to one or more Services, of which the General Terms and Conditions form an integral part.
  2. Customer: any natural or legal person who makes use of one or more Services in any way.
  3. Data protection law: the General Data Protection Regulation (Regulation (EU) 2016/679) and applicable (local) laws and regulations regarding the processing of personal data. EEA: European Economic Area.
  4. EEA: European Economic Area.
  5. Force majeure: this includes force majeure of suppliers of MITE3, failure to properly fulfill obligations of suppliers prescribed by Customer to MITE3, government measures, (civil) war, mobilization, internal riots, terrorism, pandemics or epidemics, energy and water disruptions, interruption of the Internet, computer network or telecommunications facilities, natural disasters, strikes, lockouts, import and export outages barriers, general transportation problems, workload and business disruptions.
  6. General Terms and Conditions: these general terms and conditions of MITE3.
  7. In Writing / Written: The term In Writing also includes by e-mail or other common electronic medium.
  8. IP-Rights: all present and future intellectual property rights, anywhere in the world, including in any case, copyrights, trademarks, trading names, design rights, image rights, rights to know-how, domain names and trade secrets, and any similar rights under (un)written law, such as rights of slavish imitation and including all claims to, applications for, or subscriptions or registrations of such rights.
  9. MCs: the applicable modules from Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for transfers of personal data to third countries. Module 1 applies in case of two controllers. Module 2 applies in case of a transfer between a controller and processor. The MCs can be found on the following website: https://eur-lex.europa.eu/legal-content/NL/TXT/HTML/?uri=CELEX:32021D0914&from=EN. This website may be changed, moved or deleted and should be consulted regularly by the Customer.
  10. MITE3: Digicy.Cloud B.V. (Chamber of Commerce number 71698892), trading as MITE3 Cybersecurity, located in and with offices at Paxtonstraat 3N, Unit C1997, in Zwolle (8013 RP).
  11. Offer: any offer or quotation relating to Services that MITE3 offers to Customer.
  12. Services: all Services that MITE3 provides, including but not limited to testing and research activities, consultancy activities, cloud services, granting licenses or subscriptions at the request of the Customer and all activities related thereto.
  13. Strip card: a Service where there is an advance payment for a fixed number of working hours that can be consumed in the subsequent period.

Article 2 Applicability and execution

  1. The General Terms and Conditions apply to all Offers, Agreements ensuing therefrom and all other legal acts between MITE3 and the Customer with regard to the Services.
  2. Customer declares to have taken note of and to agree with the General Terms and Conditions.
  3. Activities are only binding if and before they are stated in the Offer.
  4. An Offer is without obligation and valid for 14 days after dispatch, unless otherwise stated in the Offer. MITE3 can never be obliged to accept after this period.
  5. If the Customer does not explicitly agree to the offer, but nevertheless implicitly agrees, or suggests that MITE3 may perform the Services, the Offer will be deemed accepted. This also applies if the Customer requests MITE3 to perform certain activities without waiting for a formal Offer.
  6. MITE3 will make an Offer for additional work upon request.
  7. Customer is obliged to do all that is desirable and necessary to enable correct and timely execution of the Services, including providing data and granting access to all places, services and accounts under Customer’s control.
  8. If the Customer does not reject the delivered Services within 14 days of the date of delivery, the Services are deemed to have been accepted and MITE3 will invoice in accordance with Article 5.

Article 3 Nature of the Agreement

  1. This Agreement is a contract for services within the meaning of Article 7:400 BW ff. The parties expressly declare that neither the Agreement, nor the relationship that arises as a result of the performance of the work by MITE3 in the context of the Agreement or the assignment, constitutes an employment contract within the meaning of Article 7:610 BW ff., nor intends to withhold. Where appropriate, the parties opt for the fictitious employment of home workers or equivalents as referred to in Articles 2b and 2c of the 1965 Wage Tax Implementation Decree and Articles 1 and 5 of the Decree designating cases in which employment relationships are regarded as employment (Decree of 24 December 1986, Stb 1986, 655), and conclude the Agreement for that purpose before payment is made. The Customer will not withhold or pay payroll tax, income-related healthcare contribution and employee insurance premiums on the fees owed under the Agreement.
  2. MITE3 is completely independent when performing the agreed work and organizes the work independently. MITE3 performs the work at its own discretion and without the supervision and direction of the Customer.
  3. MITE3 has the right to have work performed by third parties.
  4. The customer expressly agrees that MITE3 also performs work for other customers.

Article 4 IP-Rights

  1. All IP-Rights to Services, and developed or distributed software and other works, are vested in MITE3 and/or its licensors.
  2. If and insofar as it is necessary for the execution of the Agreement, MITE3 hereby grants the Customer the right to use the results of the Services within its own company and to publish and/or reproduce them in that context. This right of use is perpetual, non-exclusive and non-transferable.
  3. Apart from the right of use from paragraph 2 of this article, the Customer is not permitted to publish, reproduce or use (or cause to be used) the Services in whole or in part without the prior Written permission of MITE3 and/or its licensors. or decompile, causing any direct or indirect damage to or taking unfair advantage of the reputation of the IP-Rights or any other rights of MITE3 and/or its licensors.
  4. The Customer is not permitted to remove or change any indication regarding the confidential nature or IP-Rights from Services, software and other works.
  5. If and insofar as it is necessary for the execution of the Agreement that MITE3 uses software or other works to which the Customer is entitled, the Customer hereby grants MITE3 a right of use for the duration of the Agreement. If Customer is not entitled to necessary software or other works, but has only obtained licenses, Customer guarantees that MITE3 obtains licenses thereon under the same conditions as under which Customer obtained the licenses. If this is not possible, the Customer guarantees that MITE3 can conclude those licenses itself at the expense of the Customer.

Article 5 Compensation

  1. The Customer owes a compensation for all Services to be delivered and delivered, which is stated in the Offer.
  2. Unless otherwise agreed in the Offer, all fees and prices stated are in euros and exclusive of turnover tax and other government-imposed levies.
  3. For Services involving a one-off assignment, the Customer owes 30% at the start of the work and the remainder at the time the work is performed.
  4. The Customer owes 100% no later than 7 days before the start of Services involving a cloud service, license, subscription or other form of recurring service.
  5. All advances are due before the work commences.
  6. The payment term for invoices is 14 days after the date of the invoice, unless otherwise agreed In Writing.
  7. If the Customer does not pay on time, the Customer will be in default by operation of law after this period has expired, without a notice of default being required. In that case, in addition to the amount owed and the commercial interest to be charged on the outstanding invoice amount, the Customer is obliged to pay full compensation for both extrajudicial and judicial collection costs, including the costs for lawyers, bailiffs and collection agencies.
  8. The claim for payment is immediately due and payable if the Customer is declared bankrupt, applies for a moratorium or if assets of the Customer are seized, if the Customer dies, goes into liquidation or is dissolved.
  9. If, on the basis of general or special facts and circumstances, there can be reasonable doubt as to whether the Customer will (be able to) fulfill its payment obligations towards MITE3, MITE3 is entitled to demand security from the Customer before MITE3 continues to fulfill its obligations under the Offer, for example in the form of a suretyship, bank guarantee or a deposit. The amount thereof will not exceed the amount that the Customer will reasonably owe over a period of twelve calendar months, unless otherwise agreed.
  10. For current contracts, MITE3 has the right to adjust the rates annually in January with the inflation adjustment in accordance with the CBS standard. In addition, the rates for current contracts in January may be increased by a maximum of 5% per year.
  11. If reserved availability has been agreed upon between MITE3 and the Customer in the Offer, the Customer owes a fee for the reserved hours.
  12. Unless otherwise agreed, MITE3 limits itself to the maximum number of working hours of 8 hours per person per 24 clock hours.

Article 6 Confidentiality

  1. The parties will treat information that they provide to each other before, during or after the execution of the Agreement as confidential if this information is marked as confidential or if the receiving party knows or should know that the information was intended to be confidential.
  2. The Customer also imposes the confidentiality obligation from paragraph 1 of this article on its employees and on third parties engaged by the Customer for the execution of the Agreement.
  3. MITE3 may use the knowledge it has gained in executing the Agreement for other assignments insofar as this does not conflict with paragraph 1 of this article.
  4. The parties are mutually entitled to place each other’s logo on their websites and in other communications insofar as the expression (a) is limited to the existence of the business relationship between the parties in a positive sense and (b) is not contrary to paragraph 1 of this article.
  5. A written request not to place or remove the logo as described in paragraph 4 of this article will be honored at all times by both parties, insofar as technically feasible.
  6. Customer in this article also includes all companies affiliated with Customer.
  7. The obligation of confidentiality does not apply to:
    1. Information that was already in the public domain prior to the conclusion of the Agreement or that has lawfully entered the public domain afterwards, unless this is the result of one of the parties acting in violation of this article;
    2. Insofar as disclosure is necessary with a view to exercising the rights under the Agreement; and/or
    3. Insofar as disclosure is required by law, government regulation or binding decision of the court or other government body.

Article 7 Force majeure

  1. Neither party is obliged to fulfill any obligation if a party is prevented from doing so as a result of Force Majeure.
  2. If Force Majeure lasts longer than 90 days, each of the parties has the right to dissolve the Agreement In Writing. In that case, what has already been performed on the basis of the Agreement will be settled proportionally, without the parties owing each other compensation for the rest.

Article 8 Liability

  1. Any liability of MITE3 towards the Customer for damage arising from or related to the execution of the Agreement is limited to the amount that is actually paid out in the relevant case under the insurance of MITE3. If and insofar as no payment is made under the aforementioned insurance, any liability is limited to the total amount of the compensation paid by the Customer in the 12 months prior to the event causing the damage (in Euros and excluding VAT) with a maximum of EUR 10,000.
  2. The liability of MITE3 for indirect damage, including lost profit, lost savings, reduced goodwill, damage due to business interruption, and damage as a result of claims from customers of the Customer is excluded. Also excluded is the liability of MITE3 due to mutilation, destruction or loss of files, data, documents or other information carriers of the Customer, or provision of incorrect or incomplete information MITE3.
  3. Any claim for compensation against MITE3 lapses by the mere lapse of 6 months after the claim arose.

Article 9 Indemnification

  1. Customer indemnifies MITE3 for all direct and indirect damage, including full legal costs and other costs, including those related to claims from third parties:
    1. By or in connection with work performed by MITE3 for the benefit of Customer;
    2. By violating or non-compliance with the General Terms and Conditions, including infringement of IP-Rights of third parties, violation of the duty of confidentiality, non-compliance with laws and/or regulations regarding the processing of personal data or computer crime, any claims and/or third party damages otherwise related to or arising from any use of Services by Customer;
    3. By failing to make regular backups; and
    4. Due to security incidents in the future. This indemnity also applies to vulnerabilities that were not detected by MITE3 at the time of the investigation, but that did lead to the security incident.
  2. If and to the extent necessary for the performance of the Agreement, the Customer guarantees that it has obtained explicit permission from third parties who control, are responsible for and/or own (a part of) the (technological) chain. By way of explanation: when, for example, the Customer hosts a website on a third-party environment, the Customer is responsible for arranging the necessary permissions so that MITE3 can carry out lawful (security) investigations.

Article 10 Duration and termination

  1. The Agreement comes into effect from the start date as stated in the Offer or as otherwise agreed In Writing.
  2. If the Agreement has been concluded for a definite period, early termination by the Customer is not possible, unless the Customer pays an amount equal to 30% of the compensation that would be due if there had been no early termination. Unless otherwise agreed In Writing, the Agreement is tacitly extended for 2 months, with a notice period of 2 months for both parties.
  3. If the Agreement has been concluded for an indefinite period of time, both parties may terminate the Agreement with a notice period of 2 months.
  4. In the case of the purchase of a new Strip card following the expired Strip card, the maximum limit of unused strips specified in the Offer will be transferred to the new Strip card without additional costs.
  5. Article 10 paragraphs 1 to 4 do not affect the fact that the Customer has already agreed (a) fixed fees (i.e. fixed prices regardless of the number of hours spent on the assignment) and (b) costs incurred by MITE3, including those for software (licenses) and hardware, is due to MITE3 at all times.
  6. Cancellation must be made In Writing by the last day of the calendar month.
  7. Without prejudice to the right to fulfillment and/or claim for (additional) compensation and in addition to other legal options for dissolution, MITE3 is entitled to dissolve the Agreement with immediate effect (in whole or in part) out of court by means of a Written notice, if one of the the following circumstances arise:
    1. The Customer is granted a (temporary or otherwise) suspension of payments;
    2. The Customer’s bankruptcy is filed;
    3. Customer is declared bankrupt;
    4. The Customer otherwise loses the free disposal of its assets;
    5. The Customer does not provide or does not wish to provide any security in the context of the performance of the Agreement; and/or
    6. The Customer’s business is terminated.
  8. Amounts that MITE3 has invoiced before the dissolution in connection with what it has already properly performed or delivered for the execution of the Agreement, remain due in full and become immediately due and payable at the time of the dissolution.

Article 11 Processing of personal data

  1. Terms such as “controller”, “processor”, “personal data” and “processing” have the meaning given to them in Data Protection Law.
  2. Customer and MITE3 confirm that they are separate controllers with regard to the processing of any personal data in the context of (the execution of) the Agreement.
  3. If and insofar as MITE3 processes personal data for the benefit of the Customer, the Customer qualifies as controller and MITE3 as processor. As a processor, MITE3 will:
    1. Only process personal data on the basis of Written instructions from the Customer.
    2. Take appropriate technical and organizational measures to ensure a risk appropriate security level with regard to personal data.
    3. Only transfer personal data to a country outside the EEA or Switzerland in line with Data Protection Law.
    4. Ensure that persons authorized to process personal data have committed themselves to confidentiality or are bound by a legal obligation of confidentiality.
    5. Subject to an audit at the expense of the Customer no more than once a year, if and insofar as it relates to this Article 11.
    6. Assisting Customer in (i) responding to requests (to exercise rights) from data subjects, (ii) conducting data protection impact assessments and (iii) consulting regulators in advance.
    7. Notify Customer of a personal data breach without undue delay after MITE3 becomes aware of it.
    8. Hereby obtain general permission from Customer to engage sub-processors.
    9. Alle Persoonsgegevens verwijderen of retourneren aan Klant na het einde van de dienstverlening gerelateerd aan de verwerking van persoonsgegevens, tenzij (lokaal) dwingend recht anders bepaalt.
    10. Provide the Customer with information necessary to demonstrate compliance with the obligations arising from Data Protection Law.
    11. Notify Customer as soon as possible if, in the opinion of MITE3, an instruction from Customer is in violation of Data Protection Law.
  4. The Customer guarantees to comply with Data Protection Law with regard to the processing of any personal data in the context of (the execution of) the Agreement.
  5. Customer indemnifies MITE3 against all costs, claims, fines and damages that MITE3 has suffered, suffers or will suffer in connection with Customer’s failure to comply with this Article 11 and/or violation of Data Protection Law.
  6. Any transfer of Customer’s personal data to MITE3, or vice versa, from the EEA or Switzerland to a country outside the EEA or Switzerland is subject to the MCs. The contents of the MCs are hereby considered repeated and inserted. By concluding the Agreement, the parties are deemed to have signed the MCs, the parties agree to the entire contents of the MCs and they will comply with the conditions set out therein. In accordance with the MCs, MITE3 is considered a data exporter, including on behalf of its affiliates, and Customer as a data importer, or vice versa, as applicable. The description of personal data is included in paragraph 8 of this article 11 and in accordance with the appendices of the MCs.
  7. If the Court of Justice of the European Union, (local) regulator or (other) competent government authority determines that the Agreement and/or MCs do not qualify or no longer qualify as a lawful transfer mechanism, the parties will negotiate in good faith an alternative mechanism that is lawful. Without prejudice to the foregoing, and where required, Customer will comply with the conditions arising from judgment of the Court of Justice C-311/18, in particular paragraphs 138 to 145.
  8. Description of the transfer of personal data in accordance with the Appendices of the MCs:
    1. Data subjects: customers, and/or employees of Customer
    2. Purposes of the transfer: implementation of the Agreement
    3. Categories of data: contact information (name, email, address), other (content of documents, e-mail, instant messaging and telephone calls)
    4. Recipients: Customer and MITE3
    5. Sensitive data: none
    6. Data Exporter Data Protection Registration Information: not applicable

Article 12 Lending clause

  1. In the event that the Agreement relates to Services for which MITE3 has lend an employee to the Customer and has placed it under supervision and management, the following lending clauses applies:
    1. The Customer declares to be familiar with the Allocation of Workers by Intermediaries Act (Wet allocatie arbeidskrachten door intermediairs, WAADI) and will ensure that all legal rights and obligations are met during the lending period.
    2. The Customer declares that it is aware of the rights and obligations of the employee of MITE3 arising from the employment contract and that these are not hindered during the lending period of the employee at the Customer.
    3. In the event that the employee enters into an employment contract, assignment agreement or otherwise with the Customer, the Customer will reimburse MITE3 for the reasonably incurred costs for recruitment, selection, training and coaching, set at an amount of € 9,000 (excluding VAT) per employee.

Article 13 Disputes and applicable law

  1. Dutch law applies to the Agreement and everything related thereto.
  2. Disputes with regard to the Agreement and everything related to or arising therefrom will be submitted to the competent court in the district of the District Court of the Northern Netherlands. The parties may jointly choose to settle a dispute by means of arbitration or mediation.

Article 14 Other provisions

  1. If one or more provisions in the General Terms and Conditions are (partially) invalid, the other provisions will remain in full force and effect.
  2. The Customer is only entitled to sell or transfer its rights and obligations under the Agreement to a third party after prior Written permission from MITE3.
  3. The rights granted to MITE3 under the Agreement also apply to the companies affiliated with MITE3, including sister and subsidiary companies.
  4. MITE3 reserves the right to unilaterally change the General Terms and Conditions. If the Customer continues to use the Services after changes to the General Terms and Conditions, he is deemed to have irrevocably accepted these changes to the General Terms and Conditions. The current General Terms and Conditions can be found via the website.
  5. In the event of any conflict between the Offer and the Terms and Conditions, the Offer will prevail. In the event of gaps in the agreements, the General Terms and Conditions apply.
  6. MITE3 is entitled to accept the general terms and conditions and limitations of liability of third parties to be engaged on behalf of the Customer and is entitled to invoke the terms and conditions against the Customer insofar as it concerns the execution of the assignment by third parties.
  7. Failure by a party to exercise any right or to exercise any remedy shall not constitute a waiver of such right or remedy.
  8. General or special terms and conditions of the Customer do not apply to the Agreement.
  9. Provisions that by their nature are intended to continue even after termination of the Agreement, such as provisions regarding the obligation of confidentiality, liability, guarantees, indemnification and IP-Rights, will continue to exist.