Terms of Service
1. Scope of Application
These General Terms and Conditions (GTC) govern the business relationship between AYSOLI CyberSecurity Gubser, Mike Gubser, Fürst-Franz-Josef-Strasse 119, 9490 Vaduz, Liechtenstein (hereinafter "Provider"), and the customer (hereinafter "Customer"). By placing a written or electronic order, the Customer acknowledges these GTC as binding. Deviating terms and conditions of the Customer shall apply only if the Provider has expressly agreed to them in writing. These GTC apply exclusively to businesses (B2B). Consumer contracts are excluded.
2. Services and Order Placement
The Provider delivers cybersecurity services, in particular: – Penetration testing and security assessments – Attack Surface & Vulnerability Management – Security consulting, security concepts and policies The exact scope of services, timeline and remuneration are defined in a separate order agreement or written order confirmation. Offers from the Provider are non-binding. An order placed by the Customer is only accepted upon written confirmation by the Provider.
3. Written Authorisation for Security Testing
Prior to conducting penetration tests, vulnerability assessments or any other offensive security testing, explicit written authorisation from the Customer is mandatory. By placing an order, the Customer confirms: – that it is the lawful owner or authorised operator of the systems, networks and applications to be tested, or holds the required authorisation from the owner; – that it is entitled to commission third parties to conduct security testing; – that the agreed scope is complete and accurate. Tests are carried out exclusively within the written scope agreed upon. Scope expansions require the explicit written consent of both parties. The Provider accepts no liability for damages arising from inaccurate or incomplete information provided by the Customer regarding authorisation to test.
4. Customer Obligations
The Customer shall provide all information, access and authorisations necessary for the performance of the services in a timely and complete manner. The Customer is obliged to create complete data backups of all affected systems prior to the commencement of testing. The Provider accepts no responsibility for data loss arising in connection with agreed testing activities. Additional effort caused by delayed, incomplete or incorrect cooperation by the Customer will be invoiced separately on a time-and-materials basis.
5. Confidentiality
Both parties undertake to treat all confidential information obtained during the business relationship – in particular test results, vulnerability reports, system configurations and business data – with strict confidentiality and neither to disclose it to third parties nor to use it for any other purpose. This obligation applies for the duration of the contractual relationship and for 5 years after its termination. Excluded from the confidentiality obligation is information that (a) is or becomes publicly known without either party being responsible, (b) was already known to the receiving party before the commencement of the collaboration, or (c) must be disclosed pursuant to statutory obligations. The Provider is entitled to reference the business relationship as such (customer name, type of service) as a reference, unless the Customer expressly objects.
6. Intellectual Property
All methods, tools, templates and approaches developed by the Provider prior to or independently of the order remain the exclusive property of the Provider. Project-specific work results created in the course of the order (in particular reports, security concepts and recommendations) pass to the ownership of the Customer upon full payment of the agreed remuneration. Tools, scripts and internal testing methodologies of the Provider are excluded and remain with the Provider. The Customer may use work results exclusively for internal purposes. Disclosure to third parties requires the prior written consent of the Provider.
7. Liability
The Provider is liable only for damages caused by gross negligence or wilful misconduct. Any further liability – in particular for slight negligence – is excluded. The Provider's liability is in any case limited to the amount of the net remuneration agreed for the relevant order. Excluded in particular is liability for: – indirect damages, consequential damages and loss of profit; – data loss, provided the Customer has fulfilled its backup obligation pursuant to clause 4; – unavoidable operational disruptions (e.g. temporary system outages) as a direct result of agreed testing activities; – damages caused by third parties acting on the basis of the test results; – events of force majeure. This exclusion does not apply to damages to life, body or health, nor to mandatory statutory liability provisions.
8. Payment Terms
All prices are in Swiss Francs (CHF) plus statutory value-added tax, where applicable. Invoices are due within 14 days of the invoice date without deduction. Default interest of 5% p.a. is payable in the event of late payment. For orders with a total volume exceeding CHF 5,000, the Provider is entitled to request an advance payment of up to 50% prior to commencement of services. The Customer may only offset invoices against undisputed or legally established counterclaims.
9. Changes to Scope
If the Customer wishes to make changes or extensions to the agreed scope of services during the course of an order (scope changes), these must be notified to the Provider in writing. The Provider will review the request and submit an amended offer. Scope changes will only be implemented after written confirmation by both parties. Additional effort resulting from uncoordinated scope changes is at the Customer's expense.
10. Written Form Requirement
Amendments and supplements to these GTC and to the respective order agreement require written form (letter or email). Verbal collateral agreements are not valid.
11. Severability
Should any provision of these GTC be or become wholly or partially invalid or unenforceable, the validity of the remaining provisions shall not be affected. The invalid provision shall be replaced by a valid provision that comes closest to the economic purpose of the invalid provision.
12. Governing Law and Jurisdiction
These GTC and all legal relationships arising therefrom are governed exclusively by the law of the Principality of Liechtenstein, excluding conflict-of-law provisions. The exclusive place of jurisdiction for all disputes arising from or in connection with these GTC is Vaduz, Principality of Liechtenstein.