General Terms and Conditions

Prepared on: 14/09/2024

General Terms and Conditions

Click here to download the General Terms and Conditions in PDF format.

Article 1 Definitions

Singular and plural forms of the definitions in this Article 1 can be used interchangeably without altering their meaning, unless indicated otherwise.

The following definitions apply to the Agreement:

  1. Offer: any offer or quotation regarding Services that MITE3 proposes to the Client.
  2. General Terms and Conditions: these general terms and conditions of MITE3.
  3. Services: all Services provided by MITE3, including but not limited to testing and research activities, consultancy services, cloud services, training, courses, education, granting of licenses or subscriptions at the request of the Client, and all related activities.
  4. EEA: European Economic Area.
  5. Data Protection Law: the General Data Protection Regulation (Regulation (EU) 2016/679) and applicable (local) legislation regarding the processing of personal data.
  6. IP Rights: all current and future intellectual property rights, anywhere in the world, including but not limited to copyrights, database rights, trademark rights, trade name rights, design rights, portrait rights, rights regarding know-how, domain names, and trade secrets, as well as all similar rights under (un)written law, such as rights regarding slavish imitation, including all claims on, applications for, or registrations of such rights.
  7. Client: any natural or legal person who uses one or more Services in any manner.
  8. MCs: the applicable modules from the Implementing Decision (EU) 2021/914 of 4 June 2021 regarding standard contractual clauses for the transfer of personal data to third countries. Module 1 applies in cases with two data controllers. Module 2 applies in case of transfer between a data controller and processor. The MCs can be found at the following website: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914. This website may be changed, moved, or removed and should be regularly consulted by the Client.
  9. MITE3: MITE3 B.V. (Chamber of Commerce number 71698892), trading as MITE3, MITE3 Cybersecurity and MITE3 Publishing, located and having its office at Paxtonstraat 3N, Unit C1997, in Zwolle (8013 RP).
  10. Agreement: any (potential) agreement between MITE3 and Client regarding one or more Services, of which the General Terms and Conditions form an integral part.
  11. Force Majeure: this includes force majeure of MITE3’s suppliers, failure to properly fulfill obligations by suppliers prescribed by the Client to MITE3, government measures, (civil) war, mobilization, domestic unrest, terrorism, pandemics or epidemics, energy and water disruptions, internet, computer network or telecommunication facilities failures, natural disasters, strikes, lockouts, import and export impediments, general transportation problems, work occupation, and business disruptions.
  12. Party: the Client and MITE3.
  13. Written: the term Written also includes email or other common electronic medium.
  14. Punch Card: a Service involving a prepayment for a fixed number of work hours that can be consumed in the subsequent period.

Article 2 Applicability and execution

  1. The General Terms and Conditions apply to all Offers, resulting Agreements, and all other legal acts between MITE3 and Client regarding the Services.
  2. Client declares to have taken note of and agrees with the General Terms and Conditions.
  3. Activities are only binding if and as they are mentioned in the Offer.
  4. An Offer is non-binding and valid for 14 days after dispatch, unless otherwise indicated in the Offer. MITE3 can never be obligated to accept after this period.
  5. If the Client does not explicitly agree to the Offer but nonetheless consents to it, or gives the impression that MITE3 may perform Services, the Offer is considered accepted. This also applies when the Client requests MITE3 to perform certain activities without waiting for a formal Offer.
  6. MITE3 will provide an Offer for additional work upon request.
  7. Client is obliged to do and refrain from everything that is desirable and necessary to enable a correct and timely execution of the Services, including providing data and granting access to all places, services, and accounts under Client’s management.
  8. If the Client does not reject the delivered Services within 14 days after the date of delivery, the Services are deemed to be accepted, and MITE3 will invoice in accordance with Article 5.

Article 3 Nature of the Agreement

  1. This Agreement is a contract of assignment in the sense of Article 7:400 of the Dutch Civil Code and following. The Parties expressly declare that neither the Agreement nor the relationship resulting from the performance of the work by MITE3 under the Agreement or the assignment constitutes an employment agreement in the sense of Article 7:610 of the Dutch Civil Code and following, nor is intended to. The Parties choose to exclude the fictitious employment relationship of home workers or equivalents as referred to in Articles 2b and 2c of the Implementing Decree on Wage Tax 1965 and Articles 1 and 5 of the Decree designating cases in which employment relationships are considered as employment (Decree of 24 December 1986, Stb. 1986, 655) and conclude the Agreement before payment takes place. The Client shall not withhold or remit wage tax, income-related health care contribution, and employee insurance premiums on the fees due under the Agreement.
    1. MITE3 determines the manner, location, and timing of the agreed activities independently, without instruction, supervision or direction from the Client. Only the agreed-upon results are coordinated in consultation with the Client.
    2. MITE3 uses its own materials and tools, such as laptops, phones, and related software licenses, to perform the work. The use of Client-provided materials and tools is limited to cases where it is strictly necessary and requires prior consent from MITE3. This clause does not apply to Client-provided access accounts for email or document management systems.
    3. MITE3 is entitled to have all or part of the work performed by other employees of MITE3 or by subcontracted third parties, without prior consent from the Client, if necessary for the continuity of the work and if staffing at MITE3 permits. Replacement will occur under the same terms and quality standards as agreed with the Client.
    4. The Client expressly acknowledges that MITE3 may also work for other clients in addition to the work under this Agreement. This is not applicable in cases where MITE3 employees are lended to the Client, as regulated in Article 12 Lending clause.
  2. If the Services provided by MITE3 do not fall under a service agreement as defined by Article 7:400 of the Dutch Civil Code, the other provisions of these General Terms and Conditions shall remain in full force and apply to the specific nature of the agreed services. In such cases, agreements regarding the execution of the work and the results to be achieved will be specifically recorded in an Offer or separate Agreement between the Parties.

Article 4 IP Rights

  1. All IP Rights on Services, and on developed or provided software and other works, rest with MITE3 and/or its licensors.
  2. If and to the extent necessary for the execution of the Agreement, MITE3 hereby grants the Client the right to use the results of the Services within its own enterprise and to make them public and/or reproduce them in that context. This right of use is perpetual, non-exclusive, and non-transferable.
  3. Apart from the right of use referred to in section 2 of this article, the Client is not permitted without prior Written consent of MITE3 and/or its licensors to make the Services wholly or partially public, reproduce, or use in any other way such as modifying or decompiling, thereby causing any direct or indirect damage or unjustified advantage from the reputation of the IP Rights or any other rights of MITE3 and/or its licensors.
  4. The Client is not permitted to remove or alter any indication of the confidential nature or IP Rights from Services, software, and other works.
  5. If and to the extent necessary for the execution of the Agreement that MITE3 uses software or other works for which the Client is the rights holder, the Client hereby grants MITE3 a right of use for the duration of the Agreement. If the Client is not the rights holder of the required software or other works, but has only obtained licenses, the Client guarantees that MITE3 will obtain licenses on the same terms under which the Client obtained the licenses. If this is impossible, the Client guarantees that MITE3 can conclude those licenses itself at the Client’s expense.

Article 5 Compensation

  1. For all Services to be provided and delivered, the Client is obliged to pay a fee stated in the Offer.
  2. Unless otherwise agreed in the Offer, all fees and prices are in euros and exclusive of applicable value-added tax and other government-imposed levies.
  3. For Services involving a one-time assignment, the Client is due 30% at the start of the work and the rest upon completion of the work.
  4. The Client is due 100% no later than 7 days before the start of Services involving a Punch Card, cloud service, license, subscription, software, hardware, training, course, education, or when otherwise stated in the Offer.
  5. All advances are due before work begins.
  6. The payment term for invoices is 14 days from the invoice date, unless agreed otherwise in Writing.
  7. If the Client does not pay on time, the Client is in default by operation of law after the expiration of this period without the need for a notice of default. In that case, in addition to the due amount and the statutory commercial interest on the outstanding invoice amount, the Client is obliged to fully compensate both extrajudicial and judicial collection costs, including the costs for lawyers, bailiffs, and collection agencies.
  8. The claim for payment is immediately due if the Client is declared bankrupt, applies for a suspension of payment, or if a seizure is made on the Client’s assets, the Client dies, goes into liquidation, or is dissolved.
  9. If there is reasonable doubt, based on general or special facts and circumstances, whether the Client will be able to fulfill his payment obligations towards MITE3, MITE3 is entitled to require a security deposit from the Client before further fulfilling its obligations from the Offer, for example, in the form of a guarantee, bank guarantee, or a deposit. The amount thereof will not be higher than the amount that the Client will reasonably owe over a period of twelve calendar months, unless otherwise agreed.
  10. For ongoing assignments, MITE3 has the right to adjust the rates annually in January with the inflation correction according to the CBS standard. Additionally, the rates for ongoing assignments may be increased by a maximum of 5% per year in January.
  11. If a reserved availability between MITE3 and the Client is agreed upon in the Offer, the Client is obliged to pay a fee for the reserved hours.
  12. Unless otherwise agreed, MITE3 limits itself to a maximum of 8 working hours per person per 24-hour period.

Article 6 Confidentiality

  1. The Parties shall treat as confidential the information they provide to each other before, during, or after the execution of the Agreement, when this information is marked as confidential or when the receiving Party knows or should know that the information was intended as confidential.
  2. The Client shall also impose the confidentiality obligation from section 1 of this article on its employees and third parties engaged by the Client for the execution of the Agreement.
  3. MITE3 may use the knowledge it has gained in executing the Agreement for other assignments, as long as this does not conflict with section 1 of this article.
  4. Parties are mutually entitled to place each other’s logo on their websites and in other communication expressions, provided that the expression (a) is limited to the existence of the business relationship between the Parties in a positive sense and (b) does not conflict with section 1 of this article.
  5. Both Parties will honor a written request not to place or remove the logo as described in section 4 of this article at all times, as far as technically feasible.
  6. Under Client in this article also includes all companies affiliated with the Client.
  7. The obligation of confidentiality does not apply to:
    1. Information that was already in the public domain prior to the conclusion of the Agreement or thereafter lawfully came into the public domain, unless this is the result of one of the Parties’ action in violation of this article;
    2. As far as disclosure is necessary in view of the exercise of the rights from the Agreement; and/or
    3. As far as disclosure is mandatory under the law, governmental regulation or binding decision of the court or another government body.

Article 7 Force Majeure

  1. None of the Parties is obliged to fulfill any obligation if they are prevented from doing so due to Force Majeure.
  2. If Force Majeure lasts longer than 90 days, either Party has the right to terminate the Agreement in Writing. In such a case, what has already been performed under the Agreement will be settled pro rata, without the Parties owing each other further compensation.

Article 8 Liability

  1. Any liability of MITE3 towards the Client for damage arising from or related to the execution of the Agreement is limited to the amount that is actually paid out in the respective case under MITE3’s insurance. If no payout occurs under the aforementioned insurance, any liability is limited to the amount of the total fees paid by the Client in the 12 months preceding the damage-causing event (in Euros and excluding VAT) with a maximum of EUR 10,000.
  2. The liability of MITE3 for indirect damage, including but not limited to lost profits, missed savings, reduced goodwill, damage due to business stagnation, and damage resulting from claims of the Client’s customers, is excluded. Also excluded is MITE3’s liability for mutilation, destruction, or loss of files, data, documents, or other carriers of information of the Client, or for providing incorrect or incomplete information by MITE3.
  3. Any claim for damages against MITE3 shall lapse by the mere lapse of 6 months after the claim arises.

Article 8 regulates the responsibilities of MITE3. Suppose MITE3 performs a faulty penetration test for the Client, causing damage. If the Client then wants to hold MITE3 liable, this article regulates that MITE3 is only required to pay compensation up to the amount paid out by its insurance. If the insurance pays nothing, any compensation is limited to the amount the Client has paid MITE3 in the past 12 months, with a maximum of EUR 10,000. MITE3 is not liable for indirect damage, such as lost profits or damage to the Client’s customers.

Article 9 Indemnification

  1. The Client indemnifies MITE3 against all direct and indirect damages, including full legal and other costs, in connection with claims by third parties:
    1. Arising from or related to work performed by MITE3 for the Client;
    2. Due to the violation or non-compliance with the General Terms and Conditions, including infringement of third-party IP Rights, breach of confidentiality, non-compliance with laws and/or regulations regarding the processing of personal data or computer crime, and any claims and/or damage from third parties otherwise related to or arising from any use of Services by the Client;
    3. Due to the failure to regularly make backups; and
    4. Due to future security incidents. This indemnification also applies to vulnerabilities that were not detected by MITE3 at the time of the investigation but led to the security incident.
  2. If and to the extent necessary for the execution of the Agreement, the Client guarantees that it has obtained explicit permission from third parties who have control over, are responsible for, and/or own (a part of) the (technological) chain. For clarification: if, for example, the Client hosts a website in a third party’s environment, the Client is responsible for arranging the necessary permissions so that MITE3 can lawfully conduct (security) research.

Article 9 regulates the responsibilities of the Client. The Client promises to protect MITE3 against damage, including legal costs, that may arise from work performed by MITE3 for the Client. For example, the Client must pay for damages resulting from the breach of the general terms and conditions, infringement on third parties’ rights, or violation of privacy legislation. If other parties file a damage claim against MITE3 due to the work MITE3 performed for the Client, MITE3 can pass this claim to the Client. The Client must handle or pay this claim.

Article 10 Duration and termination

  1. The Agreement comes into effect from the start date mentioned in the Offer or as otherwise agreed in Writing.
  2. If the Agreement is concluded for a fixed term, interim termination by the Parties with a notice period of 2 months is only possible if (a) Parties have agreed to this in the Agreement or (b) (an employee of) MITE3 makes themselves available or lends themselves to the Client to fulfill a specific role. An Agreement that is concluded for a fixed term, can only be extended based on a new Offer.
  3. If the Agreement is concluded for an indefinite period, both Parties may terminate the Agreement with a notice period of 2 months.
  4. If the Agreement pertains to the purchase of a Punch Card, it is stipulated that this Punch Card has a validity period of one year from the date of issuance, unless otherwise agreed upon in the Agreement. The validity period also ends once all available punches have been used, depending on which occurs first. After expiration, any remaining unused punches will automatically expire.
  5. Article 10, sections 1 through 4, do not affect that the Client is at all times indebted to MITE3 (a) already agreed fixed fees (i.e., fixed prices regardless of the number of hours spent on the assignment) and (b) all costs made or to be made by MITE3, including costs owed to third parties, regardless of whether these costs have already been invoiced to the Client or paid by the Client. Examples include costs for software (licenses), subscriptions, and hardware. All costs as referred to in this section 5 are immediately payable, unless the Parties agree on a payment term.
  6. Termination must be done in Writing and take effect on the last day of the calendar month.
  7. Without prejudice to the right to performance and/or claim of (additional) damages and in addition to other legal possibilities for dissolution, MITE3 is entitled to terminate the Agreement with immediate effect (in whole or in part) out of court by means of a Written notification, if one of the following circumstances occurs:
    1. Client is (provisionally) granted suspension of payments;
    2. Bankruptcy of the Client is requested;
    3. Client is declared bankrupt;
    4. Client otherwise loses the free disposal of their assets;
    5. Client does not provide or refuses to provide security in the context of the execution of the Agreement; and/or
    6. The Client’s business is terminated.
  8. Amounts invoiced by MITE3 before the dissolution in connection with what it has already properly performed or delivered under the Agreement remain due unaltered and become immediately payable at the time of dissolution.

Article 11 Processing of Personal Data

  1. Terms such as ‘controller’, ‘processor’, ‘personal data’, and ‘processing’ have the meaning given to them in Data Protection Law.
  2. The Client and MITE3 confirm that they are separate data controllers with respect to the processing of any personal data in the context of (the execution of) the Agreement.
  3. Where and insofar as MITE3 processes personal data on behalf of the Client, the Client qualifies as the data controller and MITE3 as the processor. As a processor, MITE3 will:
    1. Process personal data solely based on Written instructions from the Client.
    2. Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk for personal data.
    3. Transfer personal data only to a country outside the EEA or Switzerland in line with Data Protection Law.
    4. Ensure that persons authorized to process personal data have committed themselves to confidentiality or are under a legal obligation of confidentiality.
    5. Subject itself at the expense of the Client to an audit, no more than once a year, if and to the extent it relates to this Article 11.
    6. Assist the Client with (i) responding to requests (for the exercise of rights) from data subjects, (ii) conducting data protection impact assessments, and (iii) consulting with supervisory authorities in advance.
    7. Notify the Client without undue delay of a personal data breach after becoming aware of it.
    8. Obtain from the Client a general authorization to engage sub-processors.
    9. Delete or return all Personal Data to the Client at the end of the service related to the processing of personal data, unless (local) mandatory law dictates otherwise.
    10. Provide the Client with the information necessary to demonstrate compliance with the obligations arising from Data Protection Law.
    11. Inform the Client as soon as possible if, in MITE3’s opinion, an instruction from the Client is in violation of Data Protection Law.
  4. The Client guarantees compliance with Data Protection Law regarding the processing of any personal data in the context of (the execution of) the Agreement.
  5. The Client indemnifies MITE3 for all costs, claims, fines, and damages that MITE3 has suffered, is suffering, or will suffer in connection with the non-compliance with this Article 11 by the Client and/or breach of Data Protection Law.
  6. Any transfer of personal data from the Client to MITE3, or vice versa, from the EEA or Switzerland to a country outside the EEA or Switzerland is subject to the MCs. The content of the MCs is hereby considered repeated and incorporated. By concluding the Agreement, the Parties are deemed to have signed the MCs, agree with the full content of the MCs, and will comply with the conditions set therein. In accordance with the MCs, MITE3 is considered the data exporter, also on behalf of its affiliated companies, and the Client as the data importer, or vice versa, where applicable. The description of personal data is included in section 8 of this Article 11 and in accordance with the annexes of the MCs.
  7. If the Court of Justice of the European Union, (local) supervisory authority, or (other) competent governmental authority determines that the Agreement and/or MCs do not or no longer qualify as a lawful data transfer mechanism, the Parties will negotiate in good faith about an alternative mechanism that is lawful. Notwithstanding the foregoing, and where required, the Client will comply with the conditions arising from the Court of Justice ruling C-311/18, particularly sections 138 to 145.
  8. Description of the transfer of personal data in accordance with the Annexes of the MCs:
    1. Data subjects: clients, and/or employees of the Client
    2. Purposes of the transfer: execution of the Agreement
    3. Categories of data: contact information (name, email, address), others (contents of documents, email, instant messaging, and phone conversations)
    4. Recipients: Client and MITE3
    5. Sensitive data: none
    6. Information on the data protection registration of the data exporter: not applicable

Article 12 Lending clause

  1. In the event the Agreement relates to Services where MITE3 has seconded an employee to the Client and placed them under supervision and direction, the following lending clause applies:
    1. The Client declares to be aware of the Dutch ‘Wet allocatie arbeidskrachten door intermediairs’ (WAADI) and will ensure compliance with all legal rights and obligations during the secondment period.
    2. The Client declares to be aware of the rights and obligations of MITE3’s employees arising from their employment contract and that these are not hindered during the secondment period of the employee at the Client.
    3. In the event the employee directly enters into an employment contract, a contract for services, or otherwise with the Client, the Client shall reimburse MITE3 the reasonably incurred costs for recruitment, selection, training, and coaching, established at an amount of € 9,000 (excluding VAT) per employee.

Article 13 Disputes and applicable law

  1. Dutch law applies to the Agreement and everything related to it.
  2. Disputes concerning the Agreement and everything related to it or resulting from it shall be submitted to the competent court in the district of North Netherlands. Parties may jointly opt to settle a dispute through arbitration or mediation.

Article 14 Other provisions

  1. If one or more provisions in the General Terms and Conditions are or become (partially) invalid, the remaining provisions remain in full force.
  2. The Client is only entitled to sell or transfer its rights and obligations from the Agreement to a third party after prior Written consent from MITE3.
  3. The rights granted to MITE3 under the Agreement also apply to MITE3’s affiliated companies, including sister and subsidiary companies.
  4. MITE3 reserves the right to unilaterally change the General Terms and Conditions. If the Client continues to use the Services after changes in the General Terms and Conditions, they are deemed to have irrevocably accepted these changes. The current General Terms and Conditions can be found on the website.
  5. In case of contradiction between the Offer and the General Terms and Conditions, the Offer prevails. In the event of gaps in the agreements, the General Terms and Conditions apply.
  6. MITE3 is entitled to accept the general terms and conditions and liability limitations of third parties engaged on behalf of the Client and is entitled to oppose these conditions to the Client as far as the execution of the assignment by third parties is concerned.
  7. The non-exercise of any right or the non-use of any legal remedy by a Party does not imply a waiver of that right or legal remedy.
  8. General or special terms and conditions of the Client do not apply to the Agreement.
  9. Provisions intended to continue after termination of the Agreement, such as provisions regarding confidentiality, liability, warranties, indemnification, and IP Rights, remain in effect.