Article 1 Definitions
The following definitions apply:
- Account: a personal right of access to a user interface that allows the Client to use the Services (or certain aspects of them).
- General Terms and Conditions: these general terms and conditions.
- Services: products to be provided by GRCguard to the Client pursuant to an Agreement.
- Intellectual Property: all intellectual property and associated rights, including copyrights, database rights, domain name rights, trade name rights, rights to know-how, trade mark rights, design rights, related rights and patent rights.
- Client: any legal entity or natural person acting in the exercise of a profession or business with whom GRCguard concludes an Agreement or to whom it makes an offer. It also means any person who will negotiate or is negotiating with GRCguard in that regard, as well as his or her representative(s), agent(s), assignee(s) and heir(s).
- Materials: all works, such as websites and web and other applications, software, corporate identities, logos, advertisements, drafts, images, texts, documentation, advice, reports and other intellectual creations, and preparatory Material in that regard and files or data carriers (encoded or otherwise) in or on which the Materials are stored.
- GRCguard: GRCguard B.V., a private limited company with its registered office at Ericssonstraat 2 in (5121 ML) Rijen, the Netherlands, and listed in the business register of the Chamber of Commerce under number 80048293.
- Agreement: an agreement (or agreements) between the Client and GRCguard pursuant to which GRCguard provides its Services to the Client, of which these General Terms and Conditions form an inseparable part.
- Written / In Writing: any communication put down on paper or in an email, provided that the sender’s identity and the integrity of the content are sufficiently established.
- Service Level Agreement: an additional agreement between GRCguard and the Client setting out specific arrangements regarding the level of service.
- DAP: a document agreements and procedures (dossier afspraken en procedures) between GRCguard and the Client.
- Website: GRCguard’s website, accessible via the domain https://online.grcguard.com, or subdomains and other domain extensions belonging to GRCguard.
Article 2. Applicability of these General Terms and Conditions
- These General Terms and Conditions apply to all offers issued by and agreements concluded with GRCguard.
- Terms or conditions set by the Client which differ from, or do not appear in, these General Terms and Conditions are only binding on GRCguard if and insofar as they have been negotiated with GRCguard and GRCguard has explicitly accepted them In Writing.
- When concluding an Agreement, the Client acknowledges having read and agreed to the General Terms and Conditions.
- Any general, purchasing or other terms and conditions used by the Client explicitly do not apply.
Article 3. Conclusion of an Agreement
An Agreement between GRCguard and the Client is concluded by the Client accepting an offer from GRCguard.
Quotations are non-binding and valid for 14 days. If a quotation or accompanying letter stipulates a different period of validity, that period will apply.
An Agreement takes effect as soon as GRCguard receives notification from the Client that he/she/it accepts GRCguard’s offer.
If there is any conflict between the provisions of an Agreement, these General Terms and Conditions or any annexes to it, the following order of precedence will apply:
- these General Terms and Conditions;
- the Partner Agreement and underlying sub-Agreement;
- a processing agreement;
- a Service Level Agreement.
These General Terms and Conditions therefore prevail over the Partner Agreement, sub-Agreement, processing agreement and any SLA.
Article 4. Cooperation by the Client
- The Client will do and refrain from doing anything reasonably desirable and necessary to enable GRCguard to perform properly and in a timely manner. In particular, the Client will ensure that he/she/it provides GRCguard, in a timely manner, with all the data which GRCguard indicates are necessary or which the Client should reasonably understand are necessary to perform the Services.
Any period within which GRCguard is required to perform an Agreement will not commence until it has received all the information requested and required.
- The Client acknowledges that GRCguard maintains a strict internal schedule. If GRCguard is unable to carry out work for the Client because the latter is late in providing the necessary information, the Client will not be allocated the work time reserved for him/her/it. GRCguard will only schedule work once the Client provides the requisite information. The Client acknowledges that it may take several weeks for GRCguard to reschedule the time needed to carry out the work in question if the former is late in providing the requisite information.
- The Client is responsible for the use and application of GRCguard’s services within his/her/its organisation and for monitoring security procedures.
- If the Client knows or is able to presume that GRCguard will have to take certain additional measures in order to perform its obligations, then the Client must notify GRCguard of this immediately. This obligation applies, for example, if the Client knows or should be able to foresee an exceptional peak in the demand on GRCguard’s systems which could possibly result in its services being unavailable.
Article 5. Delivery periods
- After the sub-Agreement is concluded, GRCguard will endeavour to implement the SaaS application as soon as possible, with due care and skill, in accordance with the Partner Agreement and the sub-Agreement.
- GRCguard determines its delivery periods to the best of its knowledge. However, they are merely indicative and will not be deemed to constitute deadlines for delivery unless the parties expressly deviate from this provision In Writing.
- If the Client does not reject the result of any work within seven days after it has been delivered, it will be deemed accepted.
Article 6 Account
- GRCguard will provide the Client with access to a support Account. This Account will be accessible by entering identification and verification information (login details).
- After the SaaS environment is delivered and accepted, GRCguard will no longer have logical access to the Client’s environment. The Client may grant GRCguard access for support work. The Client is responsible for user management.
- The Client is also responsible for the use of the Accounts and for ensuring that he/she/it and the individuals to whom he/she/it provides an Account keep the relevant login details confidential. The Client warrants that he/she/it and the individuals to whom he/she/it provides an Account are aware of the rules set out in Article 9 (Use and misuse).
- Any action taken by the Client’s Account or an Account created by the Client will be deemed to have taken place under the Client’s responsibility and at the Client’s own risk. If the Client suspects or reasonably ought to suspect or know that an Account is being misused, he/she/it must report this to GRCguard as soon as possible to enable it to take action.
- The Client and his/her/its employees, if any, must always log in using a secure (non-public) network.
Article 7. Intellectual Property rights
- All Intellectual Property rights to all software and Materials developed or made available by GRCguard under an Agreement are vested exclusively in GRCguard or its licensors.
- Nothing in an Agreement purports to transfer Intellectual Property, either wholly or in part. Intellectual Property rights may only be transferred to the Client if explicitly stated in a quotation or an Agreement.
- The Client only acquires the non-transferable, non-exclusive and non-sublicensable right to use the Intellectual Property to the extent indicated by the Agreement in question.
- GRCguard warrants that it has the rights to make the Services available to the Client.
- The Client warrants that there are no third-party rights that oppose GRCguard storing data or data otherwise being made available to GRCguard. The Client indemnifies GRCguard against any claim based on the allegation that storing the data or their being made available infringes any third-party right.
- If GRCguard provides the Client with third-party Materials that are governed by additional or different terms and conditions of such third parties, then those terms and conditions will apply to the Client, provided that GRCguard has notified the Client of this. The Client accepts such third-party terms and conditions and GRCguard will send them to the Client at his/her/its request.
- The Client may not alter any indication concerning copyrights, trade marks, trade names or other Intellectual Property rights on the Materials or remove them.
- The Client hereby grants GRCguard the right to store or transmit any Materials distributed by the Client through GRCguard’s systems as GRCguard sees fit, but only to the extent reasonably needed for GRCguard to perform the Agreement in question.
- If GRCguard provides certain software “on premises,” then the Client’s right of use is limited to the non-transferable, non-exclusive and non-sublicensable right to load and run the software. Neither the Client nor GRCguard considers it necessary to make a backup copy as referred to in Section 45k of the Dutch Copyright Act (Auteurswet) for the intended use and it is therefore not permitted.
- The Client is not authorised to transfer, rent out or grant limited rights to this software or the storage media containing it (such as hard disks) or to make it available to any third parties in any way whatsoever.
- GRCguard will not disclose the source code of any software developed or licensed by it to the Client.
- The Client accepts this software in the condition it is in at the time of delivery.
Article 8. Availability and support
- GRCguard will endeavour to achieve uninterrupted availability of its systems and networks and access to data stored by it. GRCguard provides guarantees regarding the availability of its systems and networks and access to data in accordance with the SLA.
- GRCguard will make every effort to keep the software and firmware it uses up to date. However, GRCguard is dependent on its supplier(s) in this regard. GRCguard is entitled to refrain from installing certain updates or patches if, in its opinion, that will not facilitate proper delivery of the Service or will not be beneficial to the Client.
- GRCguard is entitled – without prior notice – to temporarily take its system out of operation or restrict its use to the extent reasonably necessary for the maintenance or modification of the system. The Client is not entitled to compensation in such instances.
- GRCguard is entitled at all times to make changes to the systems through which it provides the Services.
- GRCguard will endeavour to provide a reasonable level of support to the Client, in accordance with the SLA.
- If the Client asks GRCguard to provide support in making specific settings or adjustments, or if GRCguard is required to carry out repair work due to user errors, improper use or other causes attributable to the Client, GRCguard may charge its then customary hourly rates.
Article 9. Use and misuse
- If agreed, the Client will comply with the maximum amounts of disk space and data traffic allowed. If the Client exceeds these agreed maxima, or if he/she/it places a strain on GRCguard’s system, GRCguard will be entitled to restrict or suspend access to GRCguard’s system. GRCguard is also entitled to charge the Client for any use beyond these maxima.
- The Client warrants that the Services will not be used for any activities that violate provisions of Dutch law or other applicable laws or regulations. The Client will refrain from making any unauthorised use of the Services and will act and behave in accordance with what GRCguard may be entitled to expect from a prudent user of the Services.
- If, in GRCguard’s opinion, the functioning of its computer systems or network or that/those of third parties and/or their online service provision is/are subject to any nuisance, damage or other hazard, in particular due to DoS or DDoS attacks, poorly secured systems or activities or the presence of viruses, Trojans and similar software, GRCguard will be entitled to take any and all preventive measures it reasonably deems necessary in that regard. GRCguard may recover from the Client any reasonable and necessary costs incurred in this regard if the Client is responsible for the cause of any such problem.
- If GRCguard receives any complaint about a violation of this article by the Client, it will notify the Client of this as soon as possible. The Client will respond as soon as possible, after which GRCguard will decide how to proceed. GRCguard will not notify the Client of any such complaint or violation if it is not authorised to do so under the applicable laws and regulations or any instructions from investigative agencies.
- If GRCguard considers that there has been a violation, it will block access to the Material in question but without permanently removing it (unless this proves technically impossible, in which case GRCguard will make a backup). GRCguard will leave any other Materials intact in this regard. GRCguard will notify the Client of any measures it takes as soon as possible.
- Although GRCguard will endeavour to act as reasonably, diligently and appropriately as possible if it has received any complaints about the Client, it is never liable for compensation of any damage resulting from any actions it takes as referred to in this article.
Article 10. Retention of title
- Any items delivered by GRCguard under an Agreement will remain GRCguard’s property until such time as the Client has properly fulfilled all its payment obligations to GRCguard.
- The Client must do all that can reasonably be expected of him/her/it to secure GRCguard’s property rights.
Article 11. Additional and custom work
- The Client may ask GRCguard to carry out work not covered by the Agreement in question. The Client will reimburse GRCguard for the cost of such work in accordance with the hourly rates then charged by GRCguard. GRCguard is never obliged to comply with a request for additional work. If GRCguard is, however, willing to comply with a Client’s request for additional work, it may attach conditions to that.
- The Client accepts that any delivery dates may be affected by additional work as referred to in the first paragraph of this article. Therefore, if additional work is to be carried out, any agreed delivery periods will be cancelled.
- If GRCguard decides to carry out additional work (as referred to in the first paragraph of this article) free of charge, GRCguard will always maintain its own schedule and determine when such work will be delivered.
- GRCguard’s acceptance of additional work will in no event suspend any payment obligation incumbent on the Client.
- After carrying out any additional work or any parts of it, GRCguard will deliver the result when it meets the specifications or is suitable for use in its professional opinion. The Client must then evaluate and approve or reject the result delivered, In Writing, within one week of GRCguard having delivered it. If the Client does not reject the result delivered within this period, he/she/it will be deemed to have accepted it.
- If the Client rejects all or part of the result delivered, GRCguard will endeavour to eliminate the reason for such rejection as soon as possible by revising the result or explaining why that reason is not valid. The Client will then have one more week to approve or reject the revision or that explanation.
- If the Client then rejects all or part of the result delivered even after it has been revised or explained, GRCguard will be entitled to charge additional costs for all subsequent revisions. If either party indicates that he/she/it does not consider, or no longer considers, further revisions to be useful, both parties will be entitled to terminate the Agreement for the Service in question. In that case, the Client will reimburse all the costs incurred by GRCguard. However, the Client will then not be entitled to use the rejected result in any way whatsoever.
- After the Client accepts the result delivered, GRCguard’s liability for defects in that result will cease to apply in its entirety unless it knew or should have known of the defect when the Client accepted the result delivered. In any case, any liability for defects will expire one year after an Agreement ends for any reason.
Article 12. Prices
- Unless expressly stated otherwise for any particular amount, all prices quoted by GRCguard are in euro, exclusive of sales tax (VAT) and other government levies.
- If a price is based on information provided by the Client and this information turns out to be incorrect, GRCguard is entitled to adjust the price accordingly, even after the Agreement in question has already been concluded.
- If an Agreement is a continuing performance agreement, GRCguard is entitled at any time to alter the prices charged, to take effect 30 days after it has notified the Client electronically of the intended alteration. The Client is entitled to terminate an Agreement in the event of a price increase. If the prices charged are increased by up to 5% or on the basis of Statistics Netherlands’ relevant price index, the Client will not have the option to cancel the Agreement in question.
Article 13. Payment terms
- GRCguard will send the Client an electronic invoice for the amount he/she/it owes and the Client will pay that invoice in euro and on time.
- The Client will inform GRCguard as soon as possible, but in any case within 15 days, if he/she/it believes that an invoice is incorrect. If the Client objects to an invoice or its amount, that will not suspend his/her/its payment obligation.
- Payment of invoices is due 15 days after the invoice date unless the invoice indicates otherwise. If an amount due is not paid, or not paid by its due date, the Client will immediately owe commercial statutory interest on the outstanding amount without any notice of default being required.
- If the Client has not paid the amount then due within 15 days of the date of a payment reminder or notice of default, he/she/it will be in default. The consequences of this will be as follows, apart from those pursuant to the law and case law:
- GRCguard may transfer the claim to a third party. In addition to the amount(s) due, interest accrued on it/them and any reminder fees, the Client will then be liable for the reasonable reimbursement of collection costs.
- After 30 days, GRCguard will be entitled to partially suspend the Services, which will include blocking one or more of their functions.
- If this partial suspension does not result in full payment of the outstanding amounts within thirty working days, GRCguard will be entitled to terminate or fully suspend its performance of the Agreement in question or any part of it not yet performed, without any warning or judicial intervention, until the outstanding amounts, interest etc. have been paid, without being liable for any resulting damage suffered by the Client.
- A claim for payment is immediately due and payable if the Client has been declared bankrupt or insolvent, applies for a suspension of payments or his/her/its assets are subject to a general attachment as well as if the Client goes into liquidation or is dissolved (if the Client is a legal entity).
- Before performing or continuing to perform an Agreement, GRCguard is entitled to require the Client to provide adequate security for the fulfilment of his/her/its payment obligations.
Article 14. Confidentiality and personal data
- The parties will maintain confidentiality with regard to any information they provide to each other prior to, during and following the performance of an Agreement if such information can reasonably be classified as confidential, where it is marked as confidential or where it has explicitly been stated in advance that it is confidential (“Confidential Information”). The parties will also impose this obligation on their employees and any third parties they engage to perform an Agreement.
- This confidentiality obligation does not apply to Confidential Information which:
- is public or is disclosed to the public without the recipient breaching his/her/its obligation of confidentiality;
- a third party lawfully makes available to the recipient without being subject to a confidentiality obligation;
- demonstrably was already lawfully in the possession of the recipient prior to its receipt;
- the other party has classified as non-confidential in a Written Document;
- the recipient discloses to a third party pursuant to a statutory obligation.
- These confidentiality obligations will continue to apply after the Agreement in question ends, for any reason whatsoever, for as long as the party providing the information is reasonably entitled to demand that the information in question be kept confidential.
- If GRCguard’s provision of Services entails the processing of personal data, the Client warrants to GRCguard that such processing will not infringe any third-party rights and is not unlawful within the meaning of applicable privacy laws and regulations.
- The Client bears sole responsibility for complying with applicable privacy laws and regulations and will therefore be considered to be the “controller” in that regard. GRCguard will be considered to be the “processor” for the purposes of the applicable privacy laws and regulations. The Client and GRCguard will conclude a processing agreement.
- If required pursuant to an amendment to the applicable privacy laws and regulations, the parties will make new arrangements in this regard that are in line with such laws and regulations.
Article 15 Liability
- GRCguard’s total liability to the Client for any imputable failure to perform an Agreement or any other obligation, including any unlawful acts committed by GRCguard, its employees or third parties engaged by it, is limited to compensation of direct damage.
- Direct damage is limited to:
(a) reasonable costs incurred to determine the cause and extent of the damage;
(b) reasonable costs incurred to make GRCguard’s defective performance conform to the Agreement in question unless such defective performance is not imputable to GRCguard;
(c) reasonable costs incurred to prevent or mitigate damage to the extent that the Client demonstrates that such costs have mitigated direct damage.
- GRCguard’s liability for any other forms of damage is expressly excluded, subject to the preceding paragraphs.
- GRCguard’s maximum liability is equal to the total amount paid by the Client to GRCguard in the 12 months preceding the date when the harmful event occurred. In no event, however, will the total compensation for direct damage exceed EUR 25,000.
- GRCguard is only liable for an imputable failure to perform an Agreement if the Client gives GRCguard notice of default In Writing, properly and immediately, setting a reasonable deadline for it to remedy the failure and GRCguard is still imputably in breach of its obligations even after that deadline. Any such notice of default must contain as detailed a description of the failure as possible, thus enabling GRCguard to respond adequately.
- Subject to the forfeiture of any right to compensation, the Client must report the damage In Writing to GRCguard as soon as possible, but no later than 14 days after it has occurred.
- The Client indemnifies GRCguard against any third-party claims arising from any breach of an Agreement by the Client.
Article 16. Force majeure
- GRCguard is not obliged to fulfil any obligation if it is prevented from doing so due to force majeure. Force majeure includes at any rate: power failures, failures in telecommunications and other networks, network attacks (such as SYN-flood or DoS/DDoS attacks), civil commotion, pandemics, failures beyond GRCguard’s control, as well as in the event that GRCguard’s own suppliers do not enable it to deliver as a result of which it cannot be reasonably required to perform the Agreement.
- If a situation of force majeure has continued for more than 90 days, the parties will be entitled to terminate the Agreement in question In Writing immediately. Anything already performed under that Agreement will then be settled pro rata without the parties owing each other anything else.
Article 17. Duration and termination
- If an Agreement does not specify its duration, it will be deemed to have been concluded for a minimum of 12 months and it may not be terminated early.
- An Agreement may be terminated In Writing with effect from the end of its duration, subject to a notice period of at least three months.
- In the absence of a Written notice of termination in compliance with the agreed notice period, an Agreement will in every instance be automatically renewed for the original duration.
- GRCguard may immediately suspend or terminate an Agreement In Writing on any one of the following special grounds:
- the Client has defaulted on a material obligation (such as payment);
- the Client violates these General Terms and Conditions;
- the Client has filed for bankruptcy or insolvency;
- the Client has filed for a suspension of payments;
- the Client’s business is to be terminated or liquidated.
- The Client may terminate an Agreement In Writing immediately if GRCguard is declared bankrupt and it is reasonable to expect that GRCguard can or will no longer perform the Agreement.
- If GRCguard suspends performance of its obligations, it will retain its claims by law and under the Agreement in question, including the claim to payment for the Services that have been suspended.
- The Client will be entitled to terminate an Agreement if GRCguard imputably fails to perform its material obligations under it even after the Client has issued it with a proper and as detailed as possible Written notice of default setting a reasonable period for it to remedy the failure.
- If an Agreement is terminated, GRCguard’s claims against the Client will be immediately due and payable and amounts already invoiced for anything performed will remain due without any obligation for such performance to be reversed. A Client may only terminate parts of any Agreement that GRCguard has not yet performed.
Article 18. Exit
- From the time notice to terminate an Agreement has been given until it actually ends, the Client may submit a request to GRCguard for the provision of data or cooperation in the transition of data to another service provider.
- In this article, “data” refers solely to the data placed on GRCguard’s equipment during the term of the Agreement.
- GRCguard will cooperate with this provision or transition of data, against payment of its customary hourly rate, unless that poses a threat to its equipment or data of third parties (other clients) or if it has another legitimate reason to refuse a request as referred to in paragraph 1.
- A provision or transition of data, as referred to in paragraph 1, will be undertaken in accordance with GRCguard’s instructions. If necessary, the Client will provide specific hardware, purchase software licences or perform other acts (including legal acts) to effect a provision or transition of data as referred to in paragraph 1.
Article 19. Amendments
- GRCguard is entitled to unilaterally amend or extend an Agreement (including these General Terms and Conditions), to take effect 30 days after having announced its intention to amend or extend on its Website or having notified the Client of this by electronic means. If the Client does not wish to accept an amendment to an Agreement, he/she/it may discuss this with GRCguard. If they cannot agree, the Client will have the option to terminate the Agreement with effect from the date when the amendment to the Agreement enters into force.
- GRCguard is entitled to make amendments to an Agreement at any time if:
- it needs to do so under any amended laws or regulations;
- such amendments are minor.
- In these instances, the Client will not be entitled to terminate the Agreement early.
Article 20. Final provisions
- Offers issued by GRCguard and Agreements (and their implementation) are governed by Dutch law.
- To the extent not otherwise prescribed by the rules of mandatory law, any and all disputes arising from an offer and/or Agreement will be submitted to the competent Dutch court.
- If any provision of an Agreement is found to be in conflict with mandatory law, that will not affect the validity of the Agreement as a whole. In such a case, the parties will determine (a) new provision(s) by replacing it/them, maintaining the intent of the original Agreement to the extent possible.
- The version of any communication received or stored by GRCguard will be deemed authentic, subject to proof to the contrary to be provided by the Client.
- Each party may only assign his/her/its rights and obligations under an Agreement to a third party with the other party’s prior Written consent in that regard. In derogation from this, GRCguard is always entitled to transfer its rights and obligations under the Agreement to a parent company, subsidiary or sister company and any parties wishing to acquire or merge with GRCguard’s business.
- Articles 7 (Intellectual Property rights), 10 (Retention of title), 14 (Confidentiality and personal data), 15 (Liability) and 16 (Force majeure) will remain in effect after the end of any Agreement.