General Terms and Conditions
Document validity: from 1. 1. 2025
BOIT Cyber Security s.r.o., ID No.: 17614261, VAT No.: CZ17614261, with registered office at Korunní 2569/108, Prague 10, 101 00, registered in the Commercial Register kept by the Municipal Court in Prague on 6 October 2022, Section C, Insert 373905,
contact e-mail: [email protected], website: https://legacy.boit.cz
Legal notice:
This document may be available in different language versions for information purposes. The Czech version of the General Terms and Conditions is always legally binding and decisive. Translations have been created using automated tools and may contain inaccuracies. In case of conflict, the original shall prevail.
1. Introduction
1.1 These GTC govern the relationship between BOIT Cyber Security s.r.o. (“Provider”) and customers (“Customer”) in the provision of cyber security services.
1.2 Individual contractual arrangements take precedence over the GTC.
2. Scope of services
2.1 Services provided include: penetration tests, vulnerability tests, phishing simulations, training, consulting, etc. Testing is carried out according to OWASP, NIST, MITRE ATT&CK methodologies or by individual agreement.
2.2 The exact scope and term shall be specified in the contract or order.
3. Conclusion of the contract
3.1 The contract can be concluded by: signed contract, confirmed order, email or other demonstrable means.
3.2 The Provider may refuse an order without giving any reason.
4. Obligations of the parties
4.1 Provider:
– perform the services in a professional, timely and diligent manner;
– protect confidential and personal data;
– complies with legal regulations (including GDPR, Act No. 110/2019 Coll. on the processing of personal data);
– in the event of a breach of security or GDPR, inform the Office and the Customer without undue delay, within 72 hours at the latest;
– appoint a Data Protection Officer (DPO) where necessary.
4.2 Customer:
– provide cooperation and truthful information;
– pay the agreed price;
– does not unduly interfere with services during testing.
5. Price and payment terms
5.1 The price is individually agreed or according to the price list.
5.2 Invoices are due within 14 days of issue, unless otherwise agreed.
5.3 In the event of default, the Provider shall be entitled to statutory default interest.
6. Data Protection (GDPR)
6.1 The Provider acts as the controller for the processing of personal data.
6.2 Purposes of processing: performance of contract, compliance with legal obligations, defence of rights and legality.
6.3 Legal grounds: performance of a contract, consent (e.g. marketing), legitimate interest, compliance with the law.
6.4 The Customer has the rights of access, correction, deletion, restriction, portability, objection and revocation of consent.
6.5 The data is not disclosed to third parties, except for processors (external contractors), state and security institutions according to the law.
6.6 The data is stored for the duration of the contract, the time limits for the complaint procedure and according to the archiving.
6.7 Place of processing: the EU, may include providers outside the Czech Republic/EU, with standard contractual clauses.
6.8 For more information, the Customer shall refer to the Privacy Policy, which forms an integral part of the Website and the Contract.
7. Responsibility
7.1 The Provider is liable for damages caused intentionally or by gross negligence, up to a maximum of the agreed price.
7.2 It is not liable for consequential damages, loss of profit or unrealised savings.
7.3 The obligation of confidentiality shall continue for the duration of the performance and 3 years after the termination of the cooperation.
8. Termination of the contract
8.1 The Agreement may be terminated by agreement, termination, resignation for material breach.
8.2 Upon cancellation, the Customer shall be obliged to pay for the services performed up to termination.
9. Testing Conditions
9.1 Tests shall be conducted in an approved manner, including timing, scope, emergency contacts. Testing is conducted in accordance with ethical principles and is recorded in the activity log.
9.2 The Customer is obliged not to check or change the tested environment on the fly.
10. Final provisions
10.1 The Contract is governed by Czech law.
10.2 Jurisdiction is the local and substantive jurisdiction of the courts in the Czech Republic.
10.3 The rights of the consumer shall remain unlimited, unless the law provides for greater protection.
10.4 The Customer confirms his/her acceptance of the GTC before concluding the contract (electronically, by signing).
10.5 The GTC are published at www.legacy.boit.cz, accessible before placing an order. The Provider reserves the right to change the GTC, and the change will be notified by email or posted on the website at least 15 days before the effective date.
12. Marketing communication
12.1 The Provider may send commercial communications to the Customer regarding its own services (e.g. newsletter, invitations to training, information about news in the field of cyber security) if:
– The customer has agreed to it, or
– it is a legitimate interest in an existing business relationship (pursuant to Section 7(3) of Act No. 480/2004 Coll.).
12.2 Each message includes an easy unsubscribe option via a link in the message.
12.3 Personal data is not passed on to third parties for marketing purposes without explicit consent.
13. Withdrawal of consent and exercise of rights
13.1 If the processing of personal data is based on consent (e.g. cookies, marketing), the Customer has the right to withdraw this consent at any time. The withdrawal does not affect the lawfulness of the previous processing.
13.2 Consent may be withdrawn:
– by clicking on the unsubscribe link in the email,
– by changing the cookie settings on the website,
– or by e-mail sent to: [email protected]
13.3 The User/Customer also has the right to:
– access to personal data,
– for rectification, erasure and restriction of processing,
– object to processing,
– and file a complaint with the OOOÚ (www.uoou.cz).
