Article 1. Scope, definitions, and applicability
1.1. These Terms and Conditions apply to all offers, agreements, services, and deliveries of Sectricity BV, including but not limited to penetration testing, red teaming, ethical hacking, consultancy, security awareness services, training sessions, workshops, games, platforms, and subscription-based services.
1.2. For the purposes of these Terms and Conditions, 'Sectricity BV' includes its employees, affiliated experts, independent contractors, and subcontractors engaged by Sectricity BV for the performance of the services.
1.3. Any deviation from these Terms and Conditions shall be valid only if expressly agreed in writing.
1.4. By accepting an offer, agreement, or invoice, the customer acknowledges having read and accepted these Terms and Conditions. The customer's own general or purchase conditions are expressly excluded, even if they state otherwise.
Article 2. Offers and agreement
2.1. All offers are valid for thirty (30) calendar days unless stated otherwise.
2.2. All prices are net prices, exclusive of VAT and any other applicable taxes, duties, or charges, which shall be borne by the customer.
2.3. An agreement is concluded only after written or digital acceptance of the offer by the customer, or by commencement of execution by Sectricity BV.
2.4. An agreement applies exclusively to the scope explicitly described therein and does not imply any obligation for future engagements.
Article 3. Execution, planning, and changes
3.1. Any execution timelines or delivery dates are indicative only and constitute best-effort commitments. Delays do not give rise to termination or compensation.
3.2. Fixed prices apply solely to the services explicitly described in the agreement. Any additional services, scope extensions, or changes requested by the customer shall be considered additional work and invoiced separately.
3.3. Additional work may result from: changes or extensions to the agreed scope; requirements or constraints not clearly communicated at the time of agreement; limitations or deficiencies in third-party systems or services; insufficient cooperation, access, or availability on the part of the customer.
Article 4. Fees, invoicing, and payment
4.1. Invoices are payable by bank transfer to the account indicated on the invoice.
4.2. Unless stated otherwise, invoices are payable within thirty (30) calendar days from the invoice date.
4.3. Any invoice protest must be submitted in writing within eight (8) calendar days of receipt. Failing this, the invoice shall be deemed accepted.
4.4. In case of late or non-payment, Sectricity BV reserves the right to suspend its services without liability.
4.5. Late payments shall, by operation of law and without prior notice, accrue statutory interest. In addition, a fixed compensation of ten percent (10%) of the outstanding amount shall be due, with a minimum of EUR 250.
4.6. Reports, deliverables, licenses, and usage rights remain the property of Sectricity BV until full payment has been received.
Article 5. Cancellation and rescheduling
5.1. For penetration testing, red teaming, training sessions, workshops, awareness activities, and on-site services, the following cancellation conditions apply: cancellation more than twenty (20) calendar days before the scheduled start: no charge; cancellation between ten (10) and twenty (20) calendar days before the scheduled start: fifty percent (50%) of the agreed fee; cancellation less than ten (10) calendar days before the scheduled start: one hundred percent (100%) of the agreed fee.
5.2. These conditions reflect the reservation of specialised resources and capacity. Rescheduling is subject to availability and may be treated as a cancellation.
Article 6. Use of independent contractors and subcontractors
6.1. Sectricity BV is entitled to perform the services, in whole or in part, through qualified employees, independent contractors, or subcontractors.
6.2. Sectricity BV remains the customer's sole contractual counterparty and primary point of contact. The use of such third parties does not create any contractual relationship between the customer and those parties.
6.3. Sectricity BV ensures that any third parties engaged are bound by appropriate confidentiality and professional obligations.
Article 7. Confidentiality
7.1. All information exchanged in the context of an agreement, including reports, findings, presentations, and verbal explanations, shall be treated as strictly confidential.
7.2. Deliverables may only be used internally by the customer and may not be shared with third parties without prior written consent, unless required by law or regulation.
7.3. This confidentiality obligation applies equally to any employees, independent contractors, or subcontractors engaged by Sectricity BV.
Article 8. Intellectual property
8.1. All methodologies, tools, scripts, scenarios, software, games, training materials, and know-how developed or used by Sectricity BV remain its exclusive intellectual property.
8.2. The customer receives a non-exclusive, non-transferable right to use deliverables solely for internal purposes.
Article 9. Use of platforms and infrastructure
9.1. Certain services and applications are hosted on infrastructure managed by Sectricity BV. The customer shall use such services responsibly and in compliance with applicable law.
9.2. Other services, including certain awareness or training platforms, may be delivered via infrastructure operated by third-party providers. Availability, performance, and data processing may therefore partially depend on such external infrastructure.
9.3. Sectricity BV shall not be liable for service interruptions, data loss, or security incidents caused by third-party infrastructure, except in cases of intent or gross negligence.
9.4. The customer shall refrain from unlawful use, abuse, excessive resource consumption, or activities that may compromise the integrity, security, or reputation of Sectricity BV or its services.
Article 10. Penetration testing and ethical hacking
10.1. Penetration testing and ethical hacking services are performed exclusively after explicit written authorization by the customer.
10.2. The customer declares that it is the lawful owner of, or has proper authorization for, all systems and assets included in the scope and indemnifies Sectricity BV against any third-party claims.
10.3. These services constitute an obligation of means, not an obligation of result.
10.4. Sectricity BV shall not be liable for indirect, consequential, financial, or reputational damage, except in cases of intent or gross negligence.
Article 11. Subscriptions and recurring services
11.1. Subscription-based services are provided 'as is' and in accordance with best industry practices.
11.2. Temporary interruptions, maintenance windows, or third-party failures do not entitle the customer to compensation.
11.3. Where third-party licenses are included, the terms and conditions of the relevant third party shall apply.
Article 12. Liability
12.1. Sectricity BV's liability is limited to direct damages and capped at the fees paid for the relevant service during the twelve (12) months preceding the claim, unless mandatory law provides otherwise.
12.2. Participation in physical activities, training sessions, or events takes place at the participant's own risk.
Article 13. Governing law and jurisdiction
13.1. All agreements are governed by Belgian law.
13.2. Any disputes shall fall under the exclusive jurisdiction of the courts of Ghent, Belgium.