General Terms and Conditions
1. contract basis
The following General Terms and Conditions (GTC) are, unless expressly agreed otherwise, an integral part of all are an integral part of all present and future contracts with SMB Cybersecurity GmbH, Freiherr-vom-Stein-Straße 7B, 57223 Kreuztal, Amtsgericht Siegen - HRB 13782 - hereinafter referred to as SMB Cybersecurity or «we». «we», with the respective contractual partner ("Client"). The client's own terms and conditions shall only become part of the contract if this has been expressly agreed. SMB Cybersecurity processes the orders placed with it on a orders placed with it on the basis of a service contract.
2. confidentiality
SMB Cybersecurity and the client each undertake to disclose all business secrets of the other party that come to their other party that come to their knowledge in the course of their cooperation with the client with the diligence of a of a prudent businessman and to treat all relevant information and documents confidentially and not to pass them on to third parties. and not to pass them on to third parties. The duty of care and confidentiality shall survive the end of the contract. end of the contract.
3. contract design
All contracts between SMB Cybersecurity and the client concerning the services to be provided by both parties as well as amendments and/or supplements thereto must be made in writing. This shall also apply to any amendment to this written form requirement. In addition, our present General Terms and Conditions shall apply. These Terms and Conditions shall take precedence over any conflicting General Terms and Conditions of the client. The binding period for our offers is 30 calendar days.
4. provision of services
SMB Cybersecurity provides services, in particular software-as-a-service services on a subscription basis (subscriptions) relating to IT security in the form of consulting and managed services and, in particular, carries out so-called penetration tests, for which a so-called DEFENDERBOX is physically provided to the client at the client's location. is made available to the client. The objectives, content, scope and form of the services are defined in detail between the client and SMB Cybersecurity in detail.
SMB Cybersecurity's services include, among other things, auditing the client's IT infrastructure and the identification of potential security vulnerabilities in this IT infrastructure on the basis of one-off or regular so-called «penetration tests» and - if commissioned - further services.
SMB Cybersecurity endeavors to ensure that the provision of its services (hereinafter referred to as «Services» or «Services») will not compromise the Client's systems, but cannot guarantee that all security issues and vulnerabilities will be security issues and vulnerabilities are identified or that the overall security and quality of the Client's IT systems are systems or that the systems will not be damaged. The services do not include a review to detect criminal activity, nor does SMB Cybersecurity identify, fix or SMB Cybersecurity corrects errors or defects in the client's IT systems. The use of the SMB Cybersecurity service does not mean that the Client's IT systems are protected against all forms of attack. are protected.
We will use commercially reasonable efforts to ensure that the Services are continuously accessible and accessible and operational, with the exception of scheduled maintenance periods and in accordance with the service availability service availability terms set out below. The Services may be interrupted due to equipment malfunctions (including the DEFENDERBOX provided without additional compensation), unscheduled maintenance or repairs or due to causes beyond SMB Cybersecurity's control or unforeseeable, be inaccessible or unavailable. Such periods of unavailability, including interruptions or failures of telecommunications or digital transmission links, hostile network attacks, network overloads or other failures shall not be counted as periods of unavailability towards a contractually guaranteed service availability. as times of lack of availability.
4.a Services from third-party providers
Features of our Services and Website may allow you to connect or interact with compatible third-party services, products, technologies, websites and content, technologies, websites and content from third parties or interact with, access and use them. access and use them. SMB Cybersecurity is not responsible for any compatibility issues, errors or bugs in the bugs in the Services caused in whole or in part by Third Party Services or their updates or upgrades; the the Client is responsible for maintaining the Third Party Services and obtaining any licenses and approvals and obtaining licenses and approvals required for the use of third-party services in connection with the Services. with the Services.
4.b Service availability
If our Service Availability falls below 99.0 % in any given month, the Client may, within thirty (30) days after the calendar month in which the service availability fell below the standard, the customer may request a service credit corresponding to the periods of contractually reduced availability. To apply for this the Client must submit a detailed description of the incident in a customer support case. submit. This is the only remedy for non-compliance with our standard for service availability standard; credits are not available for amounts exceeding 100 % of the client's monthly service fee. of the client's monthly service fee. Once validated, the service credit will be applied to the client's next pay period. client's next payment period.
4.c Service availability standard
- Service credit for the month for validated incidents at 99.00 % or more: none
- 98 % to 98.99 %: 10 %
- 95 % to 97.99 %: 25 %
- less than 95 %: 100 %
4.d Feedback and release
We welcome suggestions, comments and feedback on our services and our website by e-mail to info@defenderbox.de. The client grants a non-exclusive, perpetual, irrevocable, royalty-free license to publish its company logo on our website and to use it as a reference. as a reference.
5. license rights
5.a Use of our services
SMB Cybersecurity hereby grants the Client a perpetual, irrevocable license to use Data, reports, analyses or other content resulting from the Client's use of the Services. use of the Services. The Client is not authorized to use the hardware provided (DEFENDERBOX) or the Services for third parties or systems of third parties. Services for third parties or systems of third parties or to grant sublicenses thereto to third parties.
5.b Use of customer data and materials
Client grants SMB Cybersecurity a limited, non-exclusive license to Client's data and materials for the purposes of this Agreement. Client for the purposes of this Agreement. The Client warrants that SMB Cybersecurity's use of such data and of such data and material of the Client by SMB Cybersecurity does not violate any law nor constitute a breach of any agreement between the Client and a third party.
6. responsibility of the client and individual users
The Client is responsible for protecting and securing data and devices used with its IT systems and will respond as if a real IT systems and will react as if a real security intrusion had taken place if activities of the Services as part of the if activities of the Services in the context of the penetration tests in the systems of the Client or in systems that monitor the Client's systems.
6.a Third parties
The client is responsible for third-party fees in connection with the use of the software and the website within the scope of its own hardware and systems. The Client warrants that it has the legal authorization required for the authorization required to carry out the services and in particular the penetration tests.
6.b Authorization for commissioning
The client warrants that it has the right to commission and carry out internal and external penetration tests. have them carried out. The client is responsible for precisely defining the scope of services for both internal and external tests. for both internal and external tests. The client authorizes the employees of SMB Cybersecurity to carry out tests and perform tests and provide customer support on behalf of the Client within the defined scope of services. defined scope of services.
6.c False statements and prohibited uses
The Client undertakes not to provide misleading information and to take reasonable steps to protect its password and login credentials and to notify us immediately, whenever possible, of any unauthorized account use. unauthorized use of the account. He further undertakes to use the services, the website and the support SMB Cybersecurity's employees only for lawful purposes.
6.d Unauthorized use of the account
The Client must not allow anyone to use its account, our Services or the Website to allow any third party to perform reverse engineering, disassembly or similar manipulation or attempt to discover source code, circumvent, modify or tamper with security features or create derivative works of our Services or the Website or do anything else that could jeopardize the security of the Client's account. jeopardize the security of the Client's account. If the Client becomes aware of a breach of security security breach or has reasonable grounds to suspect one, SMB Cybersecurity must be notified immediately and the login data must be changed by the Client.
The Client shall not permit any third party to transfer, sell, rent, lease, share, sublicense, disclose sell, rent, lease, lease, share, sublicense, disclose, publish, assign, market, sell, display, transfer, broadcast or publish, assign, market, sell, display, transfer, broadcast or distribute any security-related security-related features of the Website or the Services Website or features that prevent or restrict the use or copying of any Content. prevent or restrict the use or copying of content; circumvent, disable or otherwise interfere with security or enforce restrictions on the use of the Services or the Website. Knowingly copying, modification, translation, patching, enhancement, alteration, modification or creation of derivative works of the Services Services software or the Website or using any means to access or monitor the Services or the Website without Services or the Website without the prior authorization of SMB Cybersecurity is not permitted. In particular In particular, you may not take any action that imposes an unreasonable burden on SMB Cybersecurity's infrastructure infrastructure, attempt to interfere with the integrity or proper working of our service software or website or related activities, or use our service or website in any in an unlawful manner or for any harmful, irresponsible or improper purpose. The Client shall be liable for the actions of its employees or agents as if they were its own fault.
6.e Export control regulations
The Client and we will comply with all applicable laws, regulations and rules that prohibit or restrict the export of the Services or the Services or the Customer Content and Materials outside the EU and the EEA, and ensure that all necessary export licenses or other regulatory approvals are obtained.
7. subscription contract
7.a Term and extension
The initial term of the Subscription shall commence on the Effective Date and shall be automatically renewed at the end of automatically at the end of each term for the contractually agreed period, in the absence of such an agreement by 3 months unless either party gives the other at least sixty (60) days written notice prior to the end of the respective term. respective term in writing.
7.b Fees and taxes
The client pays the fees for the use of the services monthly, quarterly or annually in advance, as agreed in each case. Unless otherwise stipulated in this contract, all payment obligations are are non-cancelable and amounts paid are non-refundable. At the end of the initial term or prior to renewal renewal, we may change or add fees or charges provided we give you sixty days' written notice. written notice. Our fees are exclusive of all taxes, levies and duties, levied by the tax authorities of the relevant countries, including but not limited to value added, sales, use or withholding taxes, use or withholding tax.
7.c Continued existence
Intellectual property, title, warranties, confidentiality obligations, limitations of liability and all other terms and provisions which by their nature are intended to survive shall survive any termination or expiration of this Agreement.
7.d Termination
Either party may terminate the agreement with immediate effect if there is good cause in the person of the other party which party which makes further cooperation unreasonable and which is not remedied within fourteen (14) days. (14) days. Delay in payment by the Client of more than thirty days shall be deemed to be good cause. reason. You can terminate this agreement by sending us an e-mail to buchhaltung@defenderbox.de with a notice period of 30 days to the end of the quarter.
8. guarantee of SMB cybersecurity
We provide our services with the care of a professional IT company. We guarantee, during the during the term of the contract that the services and the penetration tests are provided in accordance with section 4. Our warranty includes the renewed provision of the defective services free of charge and, in accordance with section 4.b, a a pro rata credit of the fees specified therein, provided that the procedure specified therein is complied with. procedure.
9. limitations of liability
In the event of a breach of material contractual obligations, SMB Cybersecurity's liability in the event of simple negligence shall be negligence is limited to the typically foreseeable damage; otherwise, the total liability of SMB Cybersecurity for all contractual claims is limited to a maximum amount of 100 % of the total total remuneration of SMB Cybersecurity in the last 12 months preceding the damaging event. The aforementioned limitations of liability shall not apply in the event of intent, gross negligence, violations of data protection regulations and not in other cases of mandatory statutory liability.
In order to provide our services, we need to examine, test, scan, analyze, and maintain the client's IT systems hosted in the cloud or hosted in the cloud or by a third party, or the client's IT environment, infiltrate and penetrate them. Client consents to this.
We endeavor to provide our services without adversely affecting the IT systems of our clients. systems. Due to the nature of our services, SMB Cybersecurity cannot guarantee that the services will not have a negative services will not have a negative impact on the client's IT systems.
10. remuneration
SMB Cybersecurity's fees are regulated in each case by a written offer and its acceptance. A daily fee is agreed for consulting and coaching services. A consulting day has a maximum of 8 hours. All services are subject to VAT at the statutory rate. Rights of set-off and retention against due payment claims are excluded.
11. suspension
In the event of late payment by the client, SMB Cybersecurity is entitled to suspend the provision of the services until all payments have been made to us. services until all payments have been made to us.
12. information obligation of the client
The client undertakes to inform SMB Cybersecurity in good time about the type, scope and sequence of the required services and to provide SMB Cybersecurity with all information and documents required for the proper execution of the information and documents required for the proper execution of the order, insofar as these are available to him, in due time and free of charge. The client undertakes to provide SMB Cybersecurity only with working documents approved for publication or reproduction. working documents. The client assures that the works made available by him for the execution of the order works provided by him for the execution of the order are not subject to copyrights and/or other rights. The client shall inform SMB Cybersecurity on an ongoing basis before and during the agreed measures about all circumstances that are of importance for the preparation and execution of the order. A responsible contact person shall be appointed by the named by the client.
13. rights and conditions of use
All rights relating to the DEFENDERBOX, the software used, the documentation and our platform (including all rights contained therein) are and shall remain software, the documentation and our platform (including all rights therein and all derivatives, translations, modifications and and all related derivations, translations, modifications and extensions) shall remain the exclusive property of SMB Cybersecurity. SMB Cybersecurity reserves all rights not expressly granted to the customer. are not expressly granted to the customer.
All rights and claims in relation to suggestions, extension requests, feedback or recommendations on the part of the of the client in this context are the exclusive property of SMB Cybersecurity. Insofar as we individual programming or software development services for the client in individual cases, all existing industrial and intellectual all existing industrial and intellectual property rights, including copyrights and any patent rights. patent rights. This includes all rights to the source code and the object code of the software and the associated algorithms the source code and object code of the software and the associated algorithms, analyses, diagrams, tests, reports and other and intellectual property rights, including copyrights and patent rights. We grant the the client a non-exclusive, worldwide, non-transferable, perpetual right to use such developments within the unlimited right of use within the client's group of companies.
The Client agrees that we may collect and use quantitative data as part of the Services for the purposes of service improvement, industry analysis, benchmarking, analytics and assistance with the use of our applications, we may collect, use and disclose quantitative data disclose the data thereby obtained. All of this data is only disclosed in aggregated and anonymous form and do not allow any conclusions to be drawn about the identity of the client. The client agrees that when using the services, personal data such as name, e-mail address(es) and usage data (e.g. login data, time spent on the platform, user/access data) and IP addresses are processed, which will be used for data backup and technical changes. data backup and for technical changes.
14. statute of limitations
Any contractual claims for damages of the client against SMB Cybersecurity shall become time-barred after one year, if the claim is not based on an intentional or grossly negligent breach of duty, in which case the statutory the statutory limitation period of §§ 195, 199 BGB shall apply.
15. invoicing and payment
Unless otherwise agreed, invoices shall be issued immediately after commissioning or at regular intervals. intervals. Invoices are payable within 14 days without deduction, unless otherwise agreed in the offer or in the individual invoice. no other conditions have been agreed in the offer or in the individual invoice. If the term of payment is exceeded 9 % interest on arrears above the prime rate of the ECB in accordance with § 288 II BGB. The assertion The right to claim further damages caused by default is expressly reserved.
16. data protection
If personal data of the client is processed by SMB Cybersecurity, reference is made to the separately concluded contract concluded between the client and the contractor for the commissioned processing of personal data of personal data in accordance with the EU General Data Protection Regulation (GDPR). In all other respects both parties to comply with data protection regulations and laws.
17. partial invalidity, completeness clause
The invalidity of individual provisions of this contract shall not affect the validity of the remaining provisions. The invalid invalid clause shall be replaced by a valid clause whose economic effect comes closest to that of the invalid clause. comes closest to the invalid clause.
This Agreement contains the entire agreement between the parties with respect to its subject matter and supersedes supersedes all prior oral or written agreements. Neither party may assign its obligations under this obligations under this Agreement to any third party other than an affiliate of the assigning party. is involved.
18 Place of performance, place of jurisdiction
These terms and conditions and their implementation shall be governed exclusively by German law, excluding the conflict of laws and excluding the UN Convention on Contracts for the International Sale of Goods. The place of performance and jurisdiction for all disputes and all claims arising from the contract between the client and SMB Cybersecurity is 57072 Siegen, Germany.
As at 31.08.2025
Supplementary Terms and Conditions for Managed Service Providers (MSP)
1. contract basis
Unless expressly agreed otherwise, the following General Terms and Conditions (GTC) are an integral part of all present and all future contracts with SMB Cybersecurity GmbH, Freiherr-vom-Stein-Straße 7B, 57223 Kreuztal, Amtsgericht Siegen - HRB 13782 - hereinafter referred to as SMB Cybersecurity or «we» with the respective contractual partner («Client»). The client's own terms and conditions shall only become part of the contract if this has been expressly agreed. SMB Cybersecurity processes the orders placed with it on a service contract basis.
2. confidentiality
SMB Cybersecurity and the client each undertake to protect all business secrets of the other party that come to their knowledge in the course of their cooperation with the client with the diligence of a prudent businessman and to treat all relevant information and documents confidentially and not to pass them on to third parties. The duty of care and confidentiality shall survive the end of the contract.
3. contract design
All contracts between SMB Cybersecurity and the client regarding the services to be provided by both parties as well as amendments and/or supplements thereto must be made in writing. This shall also apply to any amendment to this written form requirement. In addition, our present General Terms and Conditions shall apply. These General Terms and Conditions shall take precedence over any conflicting General Terms and Conditions of the client. The binding period for our offers is 30 calendar days.
4. provision of services
SMB Cybersecurity provides services, in particular Software-as-a-Service - services on a subscription basis (subscriptions) relating to IT security in the form of consulting and managed services and in particular carries out so-called penetration tests, for which a so-called DEFENDERBOX is physically made available to the Client at the Client's location. The objectives, content, scope and form of the services are defined in detail between the client and SMB Cybersecurity.
SMB Cybersecurity's services include, among other things, the review of the client's IT infrastructure and the identification of potential security gaps in this IT infrastructure on the basis of one-off or regular penetration tests and - if commissioned - other services.
5. delivery, provision and user assignment
The services of SMB are made available to the MSP and commissioned by the MSP on behalf of a specific end customer. The user or client assignment is made by ordering an instance („DEFENDERBOX“) for the respective end customer. Passing on to unnamed third parties or unauthorized multiple access is prohibited.
SMB reserves the right to regularly check the MSP's compliance with these terms and conditions, in particular with regard to proper user assignment, use of the services and compliance with license conditions. SMB may carry out technical checks or audits for this purpose, provided reasonable notice is given.
All rights to the Defenderbox and the software and hardware used shall remain with SMB. The MSP is granted a non-exclusive, non-transferable license, limited in time to the term of this contract, to use the services of SMB and the Defenderbox in accordance with the restrictions of these terms and conditions and subject to the transfer of our general terms and conditions to its end customers.
6. support structure
The MSP shall provide technical support to its end customers (first-level support). SMB shall provide the MSP with second-level support during normal business hours. SMB shall only provide direct support to the end customer if this has been expressly agreed in writing.
7 Prices, invoicing and payment modalities
The prices for MSP partners are set out in separate partner agreements or price lists.
The MSP is always obliged to pay SMB - regardless of whether and when it receives payments from its end customers. Any dependence of the payment obligation on the payment of the end customer is expressly excluded. The MSP remains the sole party liable to pay SMB.
8 Warranty, liability and indemnification
The MSP shall provide its services with the diligence of a professional IT service provider. The MSP shall indemnify SMB against all third-party claims based on a breach of duty by the MSP towards its end customers, in particular in the event of inadequate information, improper use or unauthorized disclosure. SMB shall not be directly liable to end customers of the MSP.
In no event shall the parties be liable to each other for indirect or consequential damages such as loss of profit or financial loss. The total liability of the parties to each other for all claims arising from this contract is limited to an amount of EUR 250,000. This does not apply to cases of intent, gross negligence and in cases of mandatory statutory liability.
9. breaches of contract and sanctions
In the event of serious violations of these conditions - in particular unauthorized transfer of services, disregard of license requirements or violation of confidentiality - SMB is entitled to temporarily or permanently block affected services or access. In particularly serious cases, SMB is entitled to terminate the partnership extraordinarily with immediate effect. Further claims for damages remain unaffected by this.
10. data protection and AV contracts
The MSP itself is responsible for concluding any data protection agreements with its end customers, in particular within the framework of order processing in accordance with Art. 28 GDPR. An DPA agreement between SMB and the MSP's end customer is not concluded, as the end customer is not a direct contractual partner of SMB.
11 Term and termination
These MSP Terms and Conditions shall apply for the duration of the MSP partnership. Upon termination of the partnership, the MSP is obliged to discontinue the use of SMB services by end customers - if necessary, granting a transition period or migration period to be agreed - unless the end customer continues the contractual relationship with SMB directly.
12. partial invalidity
The invalidity of individual clauses of these General Terms and Conditions shall not affect the validity of the remaining clauses. The invalid clause shall be replaced by a valid clause that comes as close as possible to the economic effect of the invalid clause.
13. place of fulfillment
These terms and conditions and their implementation shall be governed exclusively by German law, excluding the conflict of laws provisions and excluding the UN Convention on Contracts for the International Sale of Goods. The place of performance and jurisdiction for all disputes and all claims arising from the contract between the client and SMB Cybersecurity is the registered office of SMB Cybersecurity.
As of August 31, 2025