1. scope of application

1.1. These General Terms and Conditions (GTC) apply to all our business relationships with our customers (hereinafter referred to as “Buyer”). The GTC shall only apply if the Buyer is an entrepreneur within the meaning of Section 14 of the German Civil Code (BGB), a legal entity under public law or a special fund under public law within the meaning of Section 310 I BGB.

1.2. Our General Terms and Conditions of Sale apply exclusively. Deviating, conflicting or supplementary general terms and conditions of the buyer shall only become part of the contract if and insofar as we have expressly agreed to their validity. This requirement of consent shall also apply if the Buyer refers to his General Terms and Conditions of Business in the context of the order and we have not expressly objected to the General Terms and Conditions of Business.

1.3. These General Terms and Conditions of Sale apply to contracts for the sale and provision of technical services (“Goods”). It is irrelevant whether we manufacture the goods ourselves or purchase them from suppliers (§§ 433, 650 BGB). Unless otherwise agreed, the General Terms and Conditions of Sale in the version valid at the time of the Buyer’s order or in the version last communicated to him in text form shall also apply as a framework agreement for similar future contracts, without us as the Seller having to refer to them again on a case-by-case basis.

1.4. Individual agreements made with the Buyer in individual cases (including collateral agreements, supplements and amendments) and information in our order confirmation shall take precedence over these General Terms and Conditions. Subject to proof to the contrary, a written contract or our written confirmation shall be decisive for the content of such agreements.

1.5. Legally relevant declarations and notifications by the Buyer with regard to the contract (e.g. notifications of defects, setting of deadlines, withdrawal or reduction) must be made in writing, i.e. in written and text form (e.g. letter, e-mail, fax). Further statutory formal requirements as well as further evidence (if necessary in case of doubt about the legitimacy of the declaring party) remain unaffected.

1.6. If references are made to the validity of statutory provisions, it should be noted that these are only of clarifying significance. The statutory provisions shall apply – even if no corresponding clarification has been made – to the extent that they are not amended or excluded by the General Terms and Conditions of Sale.

2. offer and conclusion of contract

2.1. Our offers are subject to change and non-binding. This shall also apply if we have provided the Buyer with catalogs, technical documentation (e.g. drawings, plans, calculations, calculations, references to DIN standards) and other product descriptions or documents (including in electronic form). We reserve ownership rights and copyrights to all documents provided to the Buyer in connection with the order placement. These documents may not be made accessible to third parties unless we give the Buyer our express written consent to do so.

2.2. The order of the goods by the buyer is a non-binding contractual offer in accordance with § 145 BGB. In the event that nothing to the contrary results from the order, we shall be entitled to accept this contractual offer within two weeks of its receipt by us.

2.3. The acceptance of the contract offer on the part of the Buyer can be declared either in writing (e.g. by an order confirmation) or by delivery of the goods to the Buyer. In the event that we as the Seller do not accept the Buyer’s offer within the period specified in Section 2.4, any documents sent to the Buyer must be returned to us immediately.

2.4. The scope of services is based on the services listed in the offer. Information Security Experts GmbH reserves the right not to provide services that are not listed or ordered. The following services are offered:

2.4.1. Basic module
2.4.1.1. CISO
A qualified and experienced Chief Information Security Officer who focuses on a small group of customers. Your CISO is available for your needs and in emergencies.

2.4.1.2. ISMS (Information Security Management System)
A fully functional ISMS based on Q.Wiki that is tailored to your company. All contents of the ISMS are the property of Information Security Experts GmbH. The rights to use all content are limited to the term of the contract.

2.4.1.3. Implementation project
Our Information Security Experts team works hand in hand with your departments to implement the new ISMS and all associated changes.

2.4.1.4. Information security Full-managed service
Our experts continuously ensure a high level of information security:
– Identify assets
– Conduct risk analyses
– Define and implement measures
– Support your employees on the path to IS
– Report to management

2.4.1.5. Professional training
We work with you to identify the right employees in your company to certify them as information security officers (ISO) and local information security officers (LISO).

2.4.2. Control modules
2.4.2.1. User awareness module
Together with our partner SoSafe, we offer your employees professional training on information security in accordance with ISO27001.
– Own SoSafe platform
– Support with initial configuration
– Configuration of phishing campaigns
– Continuous evaluation of training campaigns

2.4.2.2. Corporate Monitoring Module
Our experts connect your systems to our SIEM solution to collect your logs centrally. Our powerful SOAR analyzes all data and uses Google Threat Intelligence to detect and prevent potential incidents. The minimum purchase is 2TB per year.
2.4.2.2.1. Full Managed Service:
– Updating the SecOps platform
– Updating playbooks in accordance with ISO27001 or other standard
– Assisting in the processing of alerts
– 8/5 customer support by email and telephone
– Security audits / reviews in accordance with ISO27001 or other standard
– Holiday cover for the security team

2.4.2.2.2. Google SecOps Enterprice (SIEM, SOAR, Threat Intelligence)
– Annual including data volume as specified in the offer (additional volume for 2.40 €/GB PAYG)
– Setup and configuration of the Google SecOps platform
– Setup of customer logins
– Connection of customer systems
– Creation of basic documentation
– Setup of basic automations
– Setup of basic alerts
– Functional tests and acceptance
– Information security tailoring

2.4.2.2.3. Emergency management:
– 24/7 processing of high-priority alerts
– Deputizing for the CISO/ISO positions in an emergency
– Timekeeping and documentation of emergency events
– Forensic backup for official investigations
– Reporting to the BSI within the statutory deadlines

2.4.2.3. Penetration testing module
Our experts carry out penetration tests every year to ensure the security of your infrastructure:
– Scope definition
– Planning and implementation
– Test report
– Action planning
– Action tracking
– Effectiveness testing

2.4.3. Certification modules
The certification modules cover the entire certification process for the desired certificate, label or assessment and can only be booked in combination with the Basic Module. All travel costs are not included and will be charged as agreed in the contract conditions.

2.4.3.1. ISO27001 module
This add-on includes all implementation and maintenance costs for ISO27001 certification by TÜV Süd. We register your company, plan and carry out the audits to guarantee your success:
– Preparation of the company for certification
– Arrangement of the audit dates
– Representation of the company in the audit
– Costs for the certification audit
– Costs for the annual internal audits

2.4.3.2. TISAX module
We register your scope on the ENX platform according to your requirements, arrange the audit dates with TÜV Süd and prepare your departments for the TISAX labels.
– Preparing the company for certification
– Registering and managing the ENX platform
– Arranging the audit dates
– Representing the company in the audit
– Costs for the certification audit
– Conducting the internal audits

2.4.3.3. NIS2 module
In addition to maintaining your ISMS, we will register your company in accordance with the NIS2 directive and create the required reports for the administration portal:
– Registration in the administration portal in accordance with the NIS2 regulation
– Reporting in the administration portal in accordance with the NIS2 regulation

2.4.3.4. DORA module
In addition to our ISO27001-compliant ISMS, we cover the DORA requirements:
– Corporate Monitoring (required)
– Reporting Service
– Compliance Audits

2.5. Information Security Experts GmbH does not guarantee that the services described above will actually lead to certification. The implementation of the necessary measures, at the end of which certification is achieved, is the sole responsibility of the purchaser.

3. prices and payment agreements

3.1. Unless otherwise agreed in writing in individual cases, our current prices at the time of conclusion of the contract shall apply, plus statutory VAT and any expenses, such as hotel accommodation and travel. Unless a fixed price agreement has been made, we reserve the right to make reasonable price changes due to changes in wage, material and distribution costs for deliveries made 3 months or more after conclusion of the contract.

3.2. Payment of the purchase price must be made exclusively to the account specified overleaf. The deduction of a cash discount is only permitted with a special written agreement.

3.3. Unless otherwise agreed, the purchase price shall be due and payable within fourteen days of invoicing and delivery or acceptance of the goods. However, we are entitled at any time, even within the framework of an ongoing business relationship, to make a delivery in whole or in part only against advance payment. We shall declare a corresponding reservation at the latest with the order confirmation.

3.4. The buyer shall be in default if the above payment period expires. During the period of default, interest shall be charged on the purchase price at the applicable statutory default interest rate pursuant to § 288 II BGB (German Civil Code) in the amount of nine percentage points above the respective base interest rate. We reserve the right to assert further claims for damages caused by default. Our claim against merchants for commercial maturity interest in accordance with § 353 HGB remains unaffected.

3.5. If it is foreseeable after conclusion of the contract that our claim to payment of the purchase price is jeopardized due to the Buyer’s inability to pay (e.g. due to an application for the opening of insolvency proceedings), we shall be entitled to refuse performance in accordance with the statutory provisions and, if necessary after setting a deadline, to withdraw from the contract (Section 321 BGB). In the case of contracts for which the manufacture of non-fungible items (custom-made products) is owed, we may declare our withdrawal immediately. The statutory provisions on the dispensability of setting a deadline shall remain unaffected in this respect.

4. rights of retention

The Buyer shall only be entitled to set-off or retention rights in the event that his claim has been legally established or is undisputed and his counterclaim is based on the same contractual relationship. In the event that defects occur within the scope of the delivery, the Buyer’s counter-rights, in particular pursuant to Section 8.6 sentence 2 of these General Terms and Conditions of Sale, shall remain unaffected.

5 Delivery period and delay in delivery

5.1. The delivery period shall be agreed individually or specified by us upon acceptance of the order.

5.2. In the event that we are unable to meet contractually agreed delivery deadlines for reasons for which we are not responsible, we shall inform the Buyer of this circumstance without delay and at the same time inform the Buyer of the expected or new delivery deadline. If a delayed delivery cannot be made due to non-availability of the service even within the newly announced delivery period, we are entitled to withdraw from the contract in whole or in part; we must immediately reimburse any consideration already provided by the buyer (in the form of the purchase price payment). The non-availability of the service is given, for example, if our supplier has not delivered to us on time, if we have concluded a congruent hedging transaction, if there are other disruptions in the supply chain (for example due to force majeure) or if we are not obliged to procure in individual cases.

5.3. Whether we as the seller are in default of delivery shall be determined in accordance with the statutory provisions. However, the prerequisite for a delay in delivery by us as the seller is a reminder from the buyer. In the event of a delay in delivery, the buyer may claim lump-sum compensation for the damage caused by the delay. The liquidated damages shall amount to 0.5% of the net price (delivery value) for each completed calendar week of delay, but shall not exceed a total of 5% of the delivery value of the goods delivered late. We reserve the right to prove that the buyer has suffered no damage or only less damage than the above lump sum.

5.4. The Buyer’s rights pursuant to Section 9 of these General Terms and Conditions of Sale and our statutory rights, in particular in the event of an exclusion of the obligation to perform (e.g. due to impossibility or unreasonableness of performance and/or subsequent performance), shall remain unaffected.

6 Delivery, transfer of risk, acceptance, default of acceptance

6.1. The aforementioned services are provided by Information Security Experts GmbH remotely with appropriate remote access. All on-site services are provided by the buyer, unless otherwise agreed in the contract or subsequently.

7. reservation of title

7.1. We reserve title to the delivered goods until full payment of all our current and future claims arising from the purchase contract and an ongoing business relationship (secured claims).

7.2. Until the secured claims have been paid in full, the goods subject to retention of title may neither be pledged to third parties nor assigned as security. The buyer must inform us immediately in writing in the event that an application is made to open insolvency proceedings or if third parties seize the goods belonging to us (e.g. seizures). If the third party is not in a position to reimburse us for the judicial and extrajudicial costs of an action pursuant to § 771 ZPO, the Buyer shall be liable for the loss incurred by us.

7.3. In the event of breach of contract by the Buyer, in particular in the event of non-payment of the purchase price due, we shall be entitled to withdraw from the contract in accordance with the statutory provisions. In the event that the Buyer fails to pay the purchase price due, we must have set the Buyer a reasonable deadline for payment without success before asserting these rights. This shall only apply if such a deadline is not dispensable according to the statutory provisions.

8. claims for defects of the buyer

8.1. The statutory provisions shall apply to the Buyer’s rights in the event of material defects and defects of title (including incorrect and short delivery as well as improper assembly/installation or defective instructions), unless otherwise specified below. This shall not affect the statutory provisions on the sale of consumer goods (§§ 474 ff. BGB) and the rights of the Buyer arising from separately issued guarantees, in particular from the manufacturer.

8.2. Agreements that we have made with buyers regarding the quality and intended use of the goods (including accessories and instructions) regularly form the basis of our liability for defects under the warranty. A quality agreement includes all product descriptions and manufacturer’s specifications that are the subject of the individual contract or were made public by us (in particular in catalogs or on our Internet homepage) at the time the contract was concluded. In the event that no quality has been agreed, the provisions of § 434 III BGB must be applied to determine whether a defect exists. Against this background, it should be noted that public statements made by the manufacturer in the context of advertising or on the label of the goods take precedence over statements made by other third parties.

8.3. For goods with digital elements or other digital content, please note that we are only obliged to provide and update the digital content if this is expressly stated in a quality agreement in accordance with Section 8.2. We accept no liability for public statements made by the manufacturer or other third parties.

8.4. We shall not be liable for defects which the buyer is aware of or grossly negligently unaware of at the time of conclusion of the contract in accordance with § 442 BGB.

8.5. Claims for defects on the part of the Buyer shall only exist if the Buyer has complied with its statutory inspection and notification obligations (§§ 377, 381 HGB). We must be notified in writing without delay if a defect is discovered during delivery, inspection or at a later date. Obvious defects must be reported in writing within 5 working days of delivery and non-apparent defects within the same period of time from discovery of the defects. In the event that the buyer fails to fulfill or does not fulfill his obligation to properly inspect and report defects, any liability on our part for the defect not reported or not reported on time or not reported properly shall be excluded in accordance with the statutory provisions.

8.6. If the delivered goods are defective, we as the seller shall be entitled to choose whether we provide subsequent performance by remedying the defect (subsequent improvement) or by delivering a defect-free item (subsequent delivery). In the event that the type of subsequent performance chosen by us is unreasonable for the buyer in the individual case, he may refuse it. However, we reserve the right to refuse subsequent performance under the statutory conditions. In addition, we are entitled to make the supplementary performance to be provided by us dependent on the Buyer paying the purchase price due. However, the buyer shall be entitled to retain a reasonable part of the purchase price in proportion to the defect.

8.7. The Buyer shall grant us the necessary time and opportunity for the subsequent performance to be rendered. In particular, the buyer must hand over to us the item for which he has asserted a defect for inspection purposes. In the event that we make a subsequent delivery of a defect-free item, the buyer must return the defective item to us in accordance with the statutory provisions. However, the buyer is not entitled to a claim for return.

8.8. We shall reimburse the expenses which are necessary for inspection purposes and for subsequent performance (transport, labor and material costs as well as any dismantling and installation costs) in accordance with the statutory provisions and these General Terms and Conditions of Sale in the event that a defect is present. However, we may demand reimbursement from the Buyer for costs incurred due to an unjustified request to remedy a defect in the event that the Buyer knew or could have recognized that there was in fact no defect.

8.9. The Buyer shall have the right to remedy the defect himself and to demand reimbursement of the expenses objectively necessary for this if there is an urgent case (e.g. in the event of danger to operational safety or to prevent disproportionate damage). The buyer must inform us immediately in the event of self-performance. In the event that we would be entitled to refuse subsequent performance in accordance with the statutory provisions, the Buyer shall have no right to self-performance.

8.10. In accordance with the statutory provisions, the buyer may withdraw from the purchase contract or reduce the purchase price if a deadline to be set by the buyer for subsequent performance has expired unsuccessfully or is dispensable in accordance with the statutory provisions. In the event of a minor defect, however, the buyer shall not be entitled to withdraw from the contract.

8.11. Claims by the buyer for reimbursement of expenses in accordance with Section 445a I BGB are excluded, unless the last contract in the supply chain is a consumer goods purchase (Sections 478, 474 BGB) or a consumer contract for the provision of digital products (Sections 445c sentence 2, 327 (5), 327u BGB).

8.12. Even in the event of a defect, claims for damages or claims for reimbursement of futile expenses on the part of the Buyer (Section 284 BGB) shall only exist in accordance with Section 9 and Section 10.

9. statute of limitations

9.1. The general limitation period for claims resulting from material defects or defects of title is one year from delivery, in deviation from § 438 I No. 3 BGB. In the event that acceptance has been contractually agreed, the limitation period shall commence upon acceptance.
9.2. The above limitation periods of the law on sales shall also apply to contractual and non-contractual claims for damages of the Buyer which are based on a defect of the goods, unless the application of the regular statutory limitation period pursuant to §§ 195, 199 BGB would lead to a shorter limitation period in individual cases. The Buyer’s claims for damages pursuant to clauses 10.1 and 10.2.1) as well as those pursuant to the Product Liability Act shall become time-barred exclusively in accordance with the statutory limitation periods.

10 Other liability

10.1. Unless otherwise stated in these General Terms and Conditions, we as the seller shall be liable for breaches of contractual and non-contractual obligations in accordance with the statutory provisions.
10.2. Within the scope of fault-based liability, we shall be liable for damages, irrespective of the legal basis, only in the event of intent and gross negligence. In the event of simple negligence, we shall be liable, subject to statutory limitations of liability (e.g. care in our own affairs; insignificant breach of duty), only:
10.2.1. for damages resulting from injury to life, body or health,
10.2.2. for damages resulting from the breach of an essential contractual obligation (obligations whose fulfillment is essential for the proper execution of the contract and on whose compliance the contractual partner relies and may also rely). In this case, however, our liability shall be limited to compensation for foreseeable, typically occurring damage.
10.3. The limitations of liability arising in accordance with clause 10.2 shall also apply to third parties and in the event of breaches of duty by persons whose fault we are responsible for in accordance with statutory provisions. Insofar as a defect has been fraudulently concealed and a guarantee for the quality of the goods has been assumed, the limitations of liability shall not apply. This also applies to claims of the Buyer under the Product Liability Act.
10.4. The Buyer may only withdraw from or terminate the contract due to a breach of duty that does not result from a defect in the event that we as the Seller are responsible for the breach of duty.
10.5. A right of termination of the Buyer (in particular pursuant to Sections 650, 648 BGB) is excluded. In all other respects, the statutory requirements and legal consequences shall apply.

11 Choice of law and place of jurisdiction

11.1. These General Terms and Conditions of Sale and the contractual relationship between us as the Seller and the Buyer shall be governed by the law of the Federal Republic of Germany to the exclusion of international uniform law, in particular the UN Convention on Contracts for the International Sale of Goods.
11.2. If the Buyer is a merchant within the meaning of the German Commercial Code, a legal entity under public law or a special fund under public law, our registered office in Munich shall be the exclusive, and also international, place of jurisdiction for all disputes arising directly or indirectly from the contractual relationship. The same applies if the Buyer is an entrepreneur within the meaning of Section 14 BGB.
11.3. We are also entitled to bring an action at the place of performance of the delivery obligation in accordance with these General Terms and Conditions of Sale or an overriding individual agreement or at the general place of jurisdiction of the Buyer. This shall not affect overriding statutory provisions (exclusive places of jurisdiction).