TERMS OF SERVICE FOR
SECURITY ASSESSMENT SERVICE
PROVIDED BY HIGH-TECH BRIDGE SA
1. Recitals and Scope
High-Tech Bridge SA (hereinafter "HTB") is a Limited Company (Ltd.) registered in the Commercial Register of Geneva under Swiss Federal Identification Number CH-660.3.042.007-9 with VAT number CHE-113.980.579, domiciled at:
The present Terms of Service agreement governs your and/or your company (hereinafter "the Customer") usage of ImmuniWeb® AI for Application Security developed and provided as a service by HTB via ImmuniWeb® Portal (hereinafter "the Portal"), designed to assess application security and to provide the findings with suggested remediations.
By ticking the «I have read and agreed to the Terms of Service & Privacy» check-box during registration on the Portal, you are fully accepting and agreeing without any reservations with the present Terms of Service agreement. The electronic acceptance of the present Terms of Service agreement by the above-mentioned procedure implies that the Customer has carefully read, understood and unconditionally accepted the present agreement. Otherwise, the Customer is kindly requested to leave the Portal.
The present Terms of Service agreement does not govern the relationship between the Customer and Swiss bank "PostFinance AG" that is in charge of credit card and PayPal payments processing on behalf of HTB.
2. ImmuniWeb® AI for Application Security
2.1 Description of ImmuniWeb®
ImmuniWeb® is a globally registered trademark (Trademark Number: 629207; Application Number: 54506/2012) owned by HTB. ImmuniWeb and the underlying technology are entirely developed and supported by HTB, who is its sole owner.
ImmuniWeb is an AI for Application Security designed to provide security assessment service for websites, web services, and web and mobile applications (hereinafter "the Infrastructure"). The purpose of the service is to discover vulnerabilities, weaknesses and misconfigurations of the Infrastructure operated and/or owned by the Customer, and to offer general remediation recommendations guidelines for the issues discovered.
This service is provided to the users who (i) created an account on the Portal via the registration procedure, (ii)obtained account approval via a confirmation email, (iii) confirmed their legitimacy and authorization to perform security testing of the Infrastructure, and (iv) paid for the service according to the procedures outlined below in the agreement. HTB retains the right to deny Security Assessment in case of any reasonable doubts regarding the Customer's legitimacy or authorization to perform such assessment.
To assess the security of the Infrastructure, the Customer shall login to the Portal under its account and create ImmuniWeb Security Assessment project.
ImmuniWeb Continuous Security Assessment projects consist of four consecutive steps:
ImmuniWeb On-Demand Security Assessment project consists of six consecutive steps:
ImmuniWeb MobileSuite Security Assessment project consists of six consecutive steps:
ImmuniWeb Discovery project consists of three consecutive steps:
2.2 ImmuniWeb® On-Demand and MobileSuite Security Assessment Report
Upon completion of an ImmuniWeb® On-Demand or MobileSuite Security Assessment, the assessment report can be viewed and downloaded by the Customer directly from the Portal. The report becomes available within 1 (one) business day after the Security Assessment completion.
The Customer will be able to view and download the report (in HTML or PDF formats) directly from the Portal. The report will stay available on the Portal during the next 90 (ninety) calendar days following the Security Assessment completion, and then will be securely deleted.
The Customer has a possibility to securely delete the report from the Portal at any time before the above-mentioned deadline.
After being deleted, the report cannot be recovered. The Customer is entirely responsible for downloading the report within the aforementioned 90 (ninety) calendar days deadline, as well as for saving the report on a secure local storage.
2.3 ImmuniWeb® Continuous Interactive Dashboard
Within 2 (two) business days after receiving a payment for ImmuniWeb® Continuous subscription, the Customer will be provided with an access to the interactive vulnerability management dashboard designed to manage and monitor the assessment and its results via the Portal.
The data provided to the Customer via the dashboard, including but not limited to assessment results and statuses of detected vulnerabilities, is accessible via the Portal and API functionality during the validity of Customer’s subscription and 6 (six) months after the subscription expiration.
After the above-mentioned 6 (six) months deadline, or upon the Customer’s written demand, the data will be securely deleted. After being deleted the data cannot be recovered.
2.4 ImmuniWeb® Discovery Dashboard
Within 2 (two) days after a start of ImmuniWeb Discovery, discovered applications will appear on the discovery dashboard.
The discovered applications, as well as any applications manually added by the Customer, will remain until the Customer requests to delete its account following the procedure stated herein.
2.5 ImmuniWeb® Security Seal
Some of ImmuniWeb® packages provide the Customer with ImmuniWeb Security Seal designed to confirm the fact and the time of the performed security assessment.
Despite our best efforts to identify as many vulnerabilities as possible within the assessment scope and timeframe, the Seal cannot and does not guarantee that the Infrastructure is 100% secure, unbreakable, or totally vulnerability-free.
2.6 ImmuniWeb® Continuous Notifications
For the Customers of ImmuniWeb® Continuous, instant notification functionality is available to receive alerts about newly-detected vulnerabilities via email or SMS, depending on the ImmuniWeb subscription package.
Despite our best efforts to send the above-mentioned notifications in strict accordance with the Customer’s preferences selected on the Portal, we do not guarantee that they will arrive without delay. HTB declines any responsibility for any delays or omissions.
The SMS notification service is entirely operated and maintained by "Twilio, Inc." (CA), USA. HTB shall never be liable for any problems or damage related to the SMS notification service.
2.7 ImmuniWeb® Scope of Assessment
The scope of the assessment is always defined by the Customer on the first step of the assessment project creation. The Customer is encouraged to provide as much information about the scope as practical under the circumstances. Any omissions may lead to incomplete or inaccurate assessment for which HTB shall not be accountable or liable in any manner.
Within reasonable, the Customer can provide specific requirements for the scope and methodology of testing on the first step of the project creation. HTB will undertake reasonable efforts to follow the instructions and scope defined by the Customer as precisely as practical under the integrity of the circumstances. In case of substantial impossibility to comply with the instructions, HTB may pause the project and communicate the issue to the Customer for resolution.
2.8 ImmuniWeb® Methodology of Testing
HTB’s application security testing methodology is developed and based on its proprietary technology described on the ImmuniWeb® web page.
Except if otherwise requested by the Customer, or required by the circumstances of the assessment, the methodology of testing is compliant and compatible with the latest versions of globally recognized standards, such as OWASP Testing Guide, NIST800-115 (Technical Guide to Information Security Testing and Assessment) and the PCI DSS Penetration Testing Guide. HTB may, however, at its own discretion and without any prior notice reasonably change or amend its methodology of testing if such a change will be beneficial for the Customer under the integrity of circumstances.
HTB makes its best efforts to avoid any security testing or exploitation techniques that may harm, corrupt or destroy Customer’s data or Infrastructure. However, HTB may use intrusive testing and vulnerability exploitation techniques if so is necessary for comprehensive testing and is appropriate under the circumstances. If an unexpected and dangerous event occurs during the assessment, HTB will contact the Customer within the next 15 (fifteen) minutes of the event detection to coordinate further activities.
2.9 ImmuniWeb® Quality Assurance
For the most important and critical processes and activities of the assessment, HTB relies on the four-eyes principle, which involves at least two people controlling each other.
2.10 ImmuniWeb® Customer Support
HTB provides 24/7 online and email support for the Customer.
HTB makes its best possible efforts to respond to normal support tickets within 4 (four) business hours and within 15 (fifteen) minutes to urgent support tickets. Nevertheless, HTB cannot guarantee that a problem will be resolved within the above-mentioned deadline and shall never be liable for any delays and the damage caused by such delays.
Urgent support ticket functionality is available only to the Customers who have already paid for at least one assessment project. Abusive or non-appropriate usage of urgent support tickets by the Customer may lead to temporary or permanent disablement of urgent ticket functionality on the Portal.
HTB makes its best possible efforts to provide reliable, competent and accurate information via Customer Support. However, the Customer shall not solely rely on the information obtained from support to make its decisions. The Customer acknowledges and agrees that any information obtained from support is provided “as is” without any warranty of any kind. HTB shall not be liable for any damages ensued from any actions performed by the Customer based on the information received via support.
2.11 Project Sharing
The Customer may grant any other Portal user with various access permissions to any of its ImmuniWeb® projects. The customer shall take all the necessary precautions and due care when granting such access as the grantee will have limited or even full access to the project.
HTB never intervenes into the project access sharing and declines any responsibility for any incidents causes by any project sharing activities performed by the Customer.
3. ImmuniWeb® Portal
3.1 Registration Procedure
To use ImmuniWeb®, the Customer must be registered and authenticated on the Portal. To obtain an account on the Portal, the Customer shall follow the registration procedure. During the registration, the Customer undertakes to provide HTB with correct, truthful and up-to-date information required by the procedure.
HTB may verify at any time the authenticity and veracity of the information provided by the Customer during the registration. Any accounts with doubtful or dubious information may be temporarily suspended, accounts with deliberately false or fake information may be deleted immediately. Any claims for reimbursement for the projects created under accounts with false or fake information will be refused.
HTB can, at its own discretion, deny the registration to any user at any time without any justification of its decision.
3.2 Identification of the Customer
The Customer should identify himself, or herself, on the Portal with his, or her, email address (login) and password (hereinafter "the Credentials").
HTB draws particular attention of the Customer that the Credentials are strictly personal and non-transferable.
The Customer undertakes to keep his, or her, Credentials strictly confidential. Otherwise, HTB retains the right to block the Customer's account and claim any damage occurred. Any claims for reimbursement for the projects created under accounts shared with third parties will be refused.
3.3 Modification of Customer Account Information
The Customer undertakes to keep its account information up-to-date. To do so, it can modify the information directly on the Portal via profile update function. Accounts with outdated information may be suspended.
3.4 Customer Data and PII Collection, Processing, Retention and Deletion
During the aforementioned registration procedure initiated by the Customer, HTB collects information that is consciously and voluntarily submitted by the Customer (e.g. name, email address, business phone, etc.) for the purpose of using ImmuniWeb®.
The information may contain Personally Identifiable Information (PII) that will be used solely for the purpose of registration and ImmuniWeb usage by the Customer subject to the present agreement.
The information is securely stored in a dedicated data center located in Canada (recognized by the European Commission as a country providing adequate level of data protection alongside with Switzerland) until the Customer requests to delete the account. The data center is owned by Internap Corporation (NASDAQ: INAP) that does not have any access to HTB’s data. The integrity of HTB’s servers are managed and operated by authorized HTB employees only.
The information is stored as long as reasonably required to pursue the initial purpose of the information submission by the Customer.
The Customer can request HTB to delete its account on the Portal by submitting the request via Portal Support. The account and all Customer-related information available, will be securely deleted within 15 (fifteen) business days since the receipt of the request.
Deleted information is not recoverable. Any claims for reimbursement, indemnification or compensation for the projects created under deleted accounts will be refused.
3.5 Portal Availability
Notwithstanding external interruptions beyond HTB's control, the Portal is available 7 days a week, 24 hours a day. In case of reasonable necessity, HTB retains the right to temporary interrupt access to the Portal, at any time, for any period of time and at its own discretion.
3.6 Portal Security
Special attention is given to the security of the Portal. Nevertheless, the Customer recognizes that despite the best efforts undertaken by HTB, including continuous risk assessment, threat and vulnerability monitoring, usage of up-to-date software, system hardening, data encryption and compliance with the latest safety regulations and standards, including ISO 27001, HTB cannot guarantee the absolute security of the Portal.
3.7 Portal Time Zone
The Portal is operating in the Central European Time (CET/CEST) time zone.
HTB takes all appropriate measures not to disturb the availability of the Customer’s Infrastructure, related systems or network equipment during an ImmuniWeb® assessment. Nevertheless, exceptional and unexpected side effects may occur beyond HTB’s control, and HTB shall not be liable or responsible for any interruptions of Customer's operations, or operations of any third parties related to the Customer and concerned by the assessment, that may occur during the assessment. The Customer is advised to create a backup of the tested system and data before starting the assessment.
HTB makes its best efforts to identify all possible vulnerabilities and weaknesses within the scope and during the timeframe of assessment, however HTB does not and cannot guarantee that all the vulnerabilities will be detected, and declines any responsibility for missed, undiscovered or unreported vulnerabilities.
An ImmuniWeb assessment itself is not intended to prevent, eliminate or fix any vulnerabilities or security weaknesses. The assessment purports to identify vulnerabilities and weaknesses within the Infrastructure, and to propose general remediation solutions for them. The Customer bears the sole responsibility for implementing all necessary corrections for the discovered vulnerabilities and weaknesses. The Customer understands that vulnerability remediations, proposed in the report or via the interactive dashboard, consist of general guidelines only, provided “as is” without any warranty of any kind.
ImmuniWeb assessment results reflect the state of security of the Customer's Infrastructure only at the time of the assessment’s execution, and therefore cannot be considered as permanently up-to-date.
The integrity of Portal’s user interface functionality including but not limited to vulnerability management and related features for any types of assessment or discovery projects are provided “as is” without any warranty of any kind.
5. Obligations of the Customer
5.1 Strictly Prohibited Usage
The Customer is strictly prohibited to use ImmuniWeb® to test security of any Infrastructure that does not belong to it and/or for which it does not have an explicit, express and undisputed written authorization from the legitimate Infrastructure owner to perform such testing.
The Customer is not allowed to use ImmuniWeb in countries where the legislation or regulatory rules do not allow or prohibit such usage.
In case of violation of the above-mentioned conditions by the Customer, HTB reserves the right to immediately suspend the Customer's account and refuse any claims for reimbursement, compensation or indemnification for the projects created under this account.
5.2 Confirmation of the Infrastructure Ownership
The Customer unconditionally agrees to use ImmuniWeb® only to assess security of the Infrastructure that belongs to it or for which it has an explicit written authorization from the legitimate Infrastructure owner to do so.
In case of a website security testing, the Customer agrees that an email notification about the assessment may be sent to emails obtained from the website domain WHOIS record, or to the official emails provided directly on the website that the Customer wants to assess.
HTB also reserves the right to contact the Customer and/or its company by telephone and by any other available means in order to verify Customer's identity and legitimacy to perform assessment of the Infrastructure.
5.3 Correctness and Completeness of Technical Information
During the creation of ImmuniWeb® On-Demand, Discovery, MobileSuite or Continuous security assessment projects on the Portal, the Customer is entirely responsible for submitting correct, complete and up-to-date technical information about the Infrastructure (e.g. URL, authentication and other technical information, etc.).
In case of erroneous, outdated or incomplete technical information submitted to the Portal, the Customer will bear the sole responsibility for the error or omission. In this case, HTB does not guarantee accuracy or completeness of the assessment and its results. Any claims for reimbursement in such cases will be refused.
5.4 Non-Resistance to Security Assessment
HTB’s IP addresses from which the assessment will take place will be communicated to the Customer by email (i) 1 (one) day before the assessment start and (ii) just before the start of the assessment for all ImmuniWeb® On-Demand and MobileSuite projects. For ImmuniWeb Continuous projects, the IP addresses are constantly visible on the Portal.
The Customer is required to properly authorize or otherwise whitelist HTB’s IP addresses on its IPS (Intrusion Prevention System), WAF (Web Application Firewall), and any other hardware or software solutions that may partially or entirely block or slow down the assessment and thus influence its completeness and accuracy. Otherwise, accuracy and completeness of the assessment and of its results are not guaranteed by HTB. Any claims for reimbursement in such case will be refused.
The Customer is strongly advised to delete HTB’s IP addresses from any whitelists and revoke any temporary permissions or demo accounts created for the purpose of the assessment once the assessment is successfully finished.
5.5 Availability of the Infrastructure
The Customer is entirely responsible for accessibility and availability of its Infrastructure during the assessment.
If for any reason the Infrastructure will not be fully accessible from any of HTB’s IP addresses during the assessment, the Customer will bear the sole responsibility for incompleteness, inaccuracy or non-delivery of the assessment. Any claims for reimbursement in such case will be refused.
5.6 Obligation to Inform Concerned Third Parties
The Customer must inform and obtain an explicit authorization to perform the assessment from all the third parties (if any) that are directly or indirectly concerned by the assessment.
This obligation particularly applies if the Customer is not the sole owner of the web, database or any other servers or equipment where Customer’s Infrastructure or its data are located. HTB does not bear any responsibility for delays caused by coordination between the Customer and the concerned third parties.
5.7 Obligation to Respect Account Integrity and Confidentiality
The Customer undertakes to take all reasonable measures to protect its, account Credentials from unauthorized third-parties. If the Customer becomes aware of any illegal, unauthorized, unethical or improper usage of its Portal account, it shall immediately inform HTB by writing or another reliable and prompt mean.
The Customer undertakes to be solely responsible and liable to compensate any damages suffered by HTB, its employees or agents in case of breach of this clause.
5.8 Availability for Emergencies
The Customer undertakes to provide a valid email and direct phone number in its profile on the Portal, to be contacted in case of emergency (e.g. unexpected event or breach detection).
Failure to do so absolves HTB from any responsibility and liability in case of unforeseen emergency when interaction with Customer was required to mitigate damages.
6. Measures Against Abuse
In case of any illegal, unethical, improper, unauthorized by the present agreement or performed in a bad faith usage of ImmuniWeb®, the Customer unconditionally agrees to be solely liable and responsible for any damages suffered by HTB including but not limited to direct, incidental and consequential damages and reasonable lawyers’ fees, as well as for any liabilities that HTB could owe to any third parties in the result of such usage by the Customer.
In case of abuse HTB retains the right to:
7. Limited Liability of HTB
7.1 Access to the Portal
HTB makes its best efforts to provide the Customer with an uninterrupted access to the Portal. However, HTB does not guarantee a permanent access and uninterrupted operation of the Portal. HTB cannot be held liable for any interruptions of the Portal’s availability.
7.2 Security Assessment Interruption
HTB retains the right to interrupt the assessment at any time in case of any risk related to the security or stability of the Infrastructure or any of the related system(s), without any obligation to justify such action.
HTB shall not be liable for any direct or indirect damage caused by this kind of interruption. HTB's liability is also excluded in case of interruption of the assessment by HTB due to a Force Majeure.
7.3 Inappropriate Usage by the Customer
HTB shall not bear any responsibility or liability for any damages resulting from any inappropriate, unethical, illegal or abusive usage of ImmuniWeb® by the Customer, particularly for the damage caused by Customer’s breach of the present agreement or of the instructions indicated on the Portal.
7.4 Damage Caused to Third Parties
In no case HTB shall bear responsibility for any direct, incidental or consequential damages caused to any third parties during the execution of the assessment.
In unlikely case, if HTB will be held liable for any damage caused to a third party, the Customer undertakes to entirely indemnify HTB for the amount that HTB may be obliged to pay in relation thereto, as well as to reimburse HTB all the reasonable expenses incurred while defending its interests in courts including but not limited to legal costs and reasonable lawyers’ fees.
7.5 Damage Caused to the Customer
Except for the case of deliberate and willful misconduct, HTB shall not bear any responsibility or liability for any direct, incidental or consequential damages (including but not limited to loss of integrity, availability or accessibility of any data or information, destruction of any information, files, databases or archives, or damage caused to any software or network equipment) incurred by the Customer in relation to any ImmuniWeb® assessment.
By accepting the present agreement, the Customer unconditionally agrees not to undertake, encourage, assists, join or file any legal actions, lawsuits or procedures against HTB, its employees, directors or agents in relation to any ImmuniWeb assessments or related services except for deliberate and willful misconduct by HTB.
7.6 Liability Limit
In any case, HTB's total liability in relation with an ImmuniWeb® assessment is limited to the total net price paid by the Customer for the security assessment in question.
By accepting the present agreement, the Customer unconditionally and without reservation accepts the aforementioned HTB's total liability limit.
7.7 No Liability for Third-Party Solutions
HTB shall not bear any responsibility or liability for any damages caused by any joint solutions, implementations or integrations with any third-party technology solutions, including but not limited to Web Application Firewalls and SIEMs, that are provided "as is" without any warranty of any kind.
8. Payment Conditions
8.1 Price, Currencies and VAT
The price of ImmuniWeb® assessment is fixed in USD (US Dollars) and varies depending on the selected package. The price of a package is always displayed on the Portal on the Payment Step of project creation.
The price of any ImmuniWeb package may be changed at any time at HTB’s own discretion. All projects that were fully prepaid prior to the price change will not be affected by the change.
Payment can be made in US Dollars (USD), Euros (EUR) and Swiss Francs (CHF). When paying in EUR or CHF a currency conversion commission may be applied by your bank and/or by your card processing center.
Online payment processing may increase the price by a commission or a transaction fee charged by the processing company, bank and/or their subsidiaries. HTB has absolutely no relation or influence over these fees and shall never be responsible to reimburse or compensate them.
The prices are indicated without VAT (Value Added Tax). Swiss VAT of 7.7% will be charged if the Customer resides in Switzerland and is not exempted from VAT; or in the exceptional case when the Customer resides abroad but is obliged to pay VAT in Switzerland.
8.2 Online Payment
The entire online payment procedure via credit and debit cards or PayPal is managed and operated by Swiss bank "PostFinance AG" in accordance to their Terms and Conditions.
The entire online payment procedure via crypto-currencies is managed and operated by Lithuanian processing center UAB "Virtualios valiutos" under the brand of “CoinGate” in accordance to their Terms and Conditions.
HTB declines any responsibility and liability for any delay, loss or damages incurred by the Customer in relation to the online payment procedure.
8.3 Terms of Payment for ImmuniWeb® On-Demand, MobileSuite and Discovery
Any ImmuniWeb® On-Demand, or MobileSuite or Discovery assessment project is started only after receiving a full prepayment for package selected by the Customer.
The Customer can either pay online on the Portal, or just generate an invoice on the Portal and make the payment via wire bank transfer. If paid via bank transfer, within the next 5 (five) business days after the receipt of the funds on HTB’s bank account, the Customer will receive a 100% Discount Code that it shall enter on the Payment step of the project and skip the online payment procedure.
The invoice in PDF format becomes available for download on the Portal immediately after successful payment for the On-Demand or MobileSuite assessment. The invoice will be available on the Portal for the next 12 (twelve) months after the payment. After the above-mentioned deadline, the invoice will be automatically deleted without any notification to the Customer. For ImmuniWeb Discovery invoice will be mailed to the Customer upon successful payment.
The Customer is solely responsible for printing and keeping the invoice for administrative and accounting needs and requirements. HTB does not provide any backup or copies of the invoices.
8.4 Terms of Payment for ImmuniWeb® Continuous
ImmuniWeb® Continuous assessment starts in 2 (two) business days upon receipt of a full payment for the entire duration of the service or of the first invoice if the Customer selects a monthly, quarterly or annual billing cycle.
Thirty (30) days before the end of current billing cycle period, an invoice for the next period becomes available on the Portal and shall be entirely paid within the next twenty-nine (29) days. Any overdue payments may lead to monetary penalties and overdue interests in accordance with the Swiss law.
The Customer can select the duration of an ImmuniWeb Continuous subscription on the Portal of one (1) month, six (6) months, one (1) year, two (2) years, or three (3) years, and obtain a corresponding loyalty discount that will be displayed alongside the price. Once selected, the subscription is deemed to be purchased for the selected period of time, and if cancelled before the initially selected period for any reason, the entire amount of the upcoming payments must be paid to HTB without any deduction.
The invoice in PDF format is stored on the Portal during the subscription validity and six (6) months after subscription expiration. After the above-mentioned deadline, the invoice will be automatically deleted without any notification to the Customer.
The Customer is solely responsible for printing and keeping the invoice for administrative and accounting needs and requirements. HTB does not provide any backup or copies of the invoices.
8.5 Payments via Authorized Partners
The Customer may acquire ImmuniWeb® assessment via authorized partners of HTB. In this case, the Customer shall enter a 100% discount code (i.e. license) obtained from the Partner on the project payment step to skip the payment and start the assessment.
8.6 False-Positives Reimbursement
HTB makes its best efforts to assure zero false-positives for every security assessment. In unlikely case if the Customer will find a false-positive (i.e. a reported vulnerability that does not exist and did not exist at the time of the assessment) in the assessment report or on the dashboard, the Customer may claim a reimbursement.
If the false-positive is confirmed and recognized by HTB, the Customer shall receive the amount paid for ImmuniWeb® On-Demand or MobileSuite package purchased by the Customer, or the amount paid for one (1) week of assessment in pro rata for ImmuniWeb Continuous package.
This clause is valid only for the false-positives among security vulnerabilities with the assigned CVSSv3 score and CWE-ID. Under no circumstances this clause is valid for ImmuniWeb Discovery or supplementary services or appendixes, such as Server Software Security Monitor, SSLScan, WebScan, or Trademark Monitor.
8.7 Reimbursement Claims and Limitations
Any reimbursement claims must be made by the Customer via Support within 10 (ten) business days after an incident that triggered the claim has occurred. Any reimbursement claims received after the aforementioned deadline will not be reimbursed.
In case of reimbursement claim approval by HTB, the reimbursement amount corresponding to the gravity and other relevant circumstances of the incident shall be paid to the Customer within the next 30 (thirty) days following the approval. The amount of the reimbursement can never exceed the total amount paid by the Customer for the assessment during which the incident occurred.
9. Confidentiality and Privacy
9.1 Customer Data Protection, Commercial and Business Secrets
When providing its services under to the present agreement, HTB and its employees undertake their best reasonable efforts to handle the information related to, or received from, the Customer in a strictly confidential manner and in compliance with HTB’s ISO 27001 certification, related security policies and procedures.
All customer-related data is accessible only to the authorized HTB’s employees, required to have access this data to perform their direct professional duties. HTB’s employees are internally vetted and required to sign a Non-Disclosure Agreement (NDA) before obtaining an access to any customer-related data. HTB’s technical personnel is required to act in conformity with CREST Code of Conduct for Individuals, assuring confidentially, ethics, honesty and integrity. Regular internal vetting in accordance to CREST guidelines is performed on HTB employees.
HTB undertakes not to disclose, share or transfer any customer-related data (e.g. technical or vulnerability data) to any unauthorized third parties for any purposes, with the only exception when such action is demanded by a valid order of a Swiss court.
Retention of technical data (e.g. vulnerability data) is described in the articles 2.2, 2.3 and 2.4 of the present agreement. Customer account removal described in the article 3.4 of the present agreement implies secure deletion of all the projects created by the Customer and all the related data.
The Customer is solely responsible for using ImmuniWeb in accordance with any concerned third party's right to data protection.
9.2 Customer PII Data Protection
HTB and its employees undertake their best reasonable efforts to protect Customer's PII data in accordance with corporate ISO 27001 certification, related security policies, procedures and applicable law.
PII data collection, processing, retention and removal are performed according to the procedures outlined by the article 3.4 of the present agreement.
HTB’s Data Protection Officer is regularly conducting privacy audits as imposed by applicable law.
10. Intellectual Property
HTB remains the sole owner of names, trademarks, logos, labels and any other distinctive signs that belong to it, as well as of the software, source codes, programming algorithms, design concepts, databases, assessment reports, dashboard interface and all tangible and intangible goods related to ImmuniWeb service.
11. Entire Agreement
The present agreement constitutes the entire agreement between the Customer and HTB with respect to the subject matter thereof and supersedes all and any prior oral and written understandings, promises, arrangements or agreements relating to such subject matter. The Customer hereby agrees that there are no other representations or warranties relating to the subject matter of the present agreement.
If any provision of the present agreement is found to be invalid or unenforceable:
(a) the validity and enforceability of the remaining provisions shall not be affected unless the agreement reasonably fails in its essential purpose; and
(b) such provision shall be replaced by one or more valid and enforceable provisions approximating the original provision as closely as possible.
HTB undertakes not to make modifications of the present Terms of Service agreement that will jeopardize confidentiality or privacy of the Customer except if such modification is required by applicable law or court order. In other cases, when the modifications are performed for a good reason and in good faith, the present agreement can be modified without any prior notification and at any time by HTB at its own discretion.
The new version of the agreement shall be immediately published on the Portal. For any substantial changes, or changes involving Customer’s confidentiality or privacy, the Customer shall receive a prompt notification about such change via email, special message or support ticket on the Portal.
The modified agreement shall be effective only for the projects created after the modification.
The present version of this Terms of Service was last modified on the 3rd of September 2018.
14. Governing Law and Venue
The present Terms of Service agreement applies worldwide and is governed by and construed in accordance with the Swiss law. Application of any international treaties or conventions is excluded.
The Customer irrevocably consents to the jurisdiction and venue of a competent Swiss court in Geneva in connection with any action, suit, proceeding or claim to enforce the provisions of the present agreement, to recover damages for breach of or default under the present agreement, or otherwise arising under or by reason of the present agreement.