SecureIT logo

Terms & Conditions

Download PDF

Terms & Conditions

1. INTRODUCTION

1.1 Binding Agreement. By executing an Order Form, Sales Quote, Proposal, Service Agreement or a Statement of Work (collectively, 'Service Orders') incorporating these Terms and Conditions, Customer agrees to be legally bound by these Terms & Conditions and adhere to all of the following.

1.2 Agreement Structure. These Terms & Conditions govern the relationship between the parties as defined in the derived Service Orders. Service Provider and Customer may hereinafter be referred to individually as a “Party” and collectively as the “Parties”.

1.3 Order of Precedence. In the event of any conflict or inconsistency among documents, the order of precedence shall be:

  1. The applicable Service Order (Order Form, Sales Quote, Proposal, Service Agreement or Statement of Work)
  2. These Terms & Conditions
  3. Applicable Appendices and Schedules
  4. Documentation and other written communications (e.g. emails)

2. DEFINITIONS

Account: Customer’s account for accessing and using the Services.

Additional Services: Any services beyond the initial scope that are specified in a subsequent Service Order

Affiliates: Any entity that directly or indirectly controls, is controlled by, or is under common control with a Party.

Authorized Affiliate: An Affiliate of Customer authorized to use and benefit from the Services as indicated in a Service Order. Authorized Affiliates are not party to these Terms & Conditions, and any actions or omissions of Authorized Affiliates will be deemed actions or omissions of Customer.

Authorized Users: Customer’s employees, consultants, contractors, and Authorized Affiliates who are authorized to use the Services.

Business Day: Monday through Friday, 8:00 am to 5:00 pm GMT, excluding Icelandic public holidays.

Calendar Day: Every consecutive day on the calendar, including holidays and weekends.

Commencement Date: The date when Customer signs the initial Service Order.

Consumer Price Index (CPI): The Consumer Price Index as provided by Statistics Iceland (Hagstofa Íslands).

Customer Data: All data, information, and materials provided by Customer or collected on Customer’s behalf in connection with the Services.

Deliverables: Any tangible or intangible work product, including reports, documentation, software, configurations, and media, delivered under these Terms & Conditions.

Documentation: Technical documentation concerning use of the Services made available by SecureIT.

Effective Date: The Commencement of Service Order where Customer agrees to these Terms & Conditions.

Emergency Maintenance: Unscheduled maintenance required to address material security issues or technical problems that cannot wait until Scheduled Maintenance.

Feedback: All suggestions, recommendations, or improvements provided by Customer regarding the Services or SecureIT’s operations.

Service Order: An executed document specifying the Services, fees, term, and other conditions for a particular engagement.

Personal Data: Data defined as personal data under GDPR and Icelandic data protection laws.

Scheduled Maintenance: Planned periods when Services may be unavailable for improvements, repairs, or maintenance.

SecureIT Data: Account data and data processed or generated by SecureIT outside the Services.

Services: Cybersecurity and IT security services provided by SecureIT as specified in Service Orders, including but not limited to:

  • Penetration testing and other offensive security engagements
  • Cloud, active directory and other vulnerability assessments
  • Attack surface management
  • Digital risk protection, dark web monitoring and cyber threat intelligence
  • Brand protection and takedowns
  • Security audits and compliance assessments
  • Managed security services
  • Incident response and forensic analysis
  • Security consulting and advisory
  • Security awareness training
  • Risk assessments

Term: The duration of these Terms & Conditions as specified in Section 16.

Third-Party Services: Services, software, or products provided by third parties that may be used in connection with the Services.

Work Product: All materials, deliverables, inventions, discoveries, and results developed by SecureIT in performing the Services.

Written Notice: Notice sent in accordance with Section 21.

3. PROVISION OF SERVICES

3.1 Service Delivery. SecureIT will provide the Services in accordance with these Terms & Conditions and applicable Service Orders, provided Customer uses the Services in accordance with these Terms & Conditions.

3.2 Service Standards. SecureIT represents and warrants that:

  • Services will be performed by qualified personnel with appropriate expertise and experience
  • Services will be performed in a professional, competent manner consistent with industry standards
  • Services will perform substantially in accordance with the Documentation
  • Services will comply with applicable laws and regulations
  • SecureIT holds all necessary licenses, permits, and authorizations

3.3 Documentation. SecureIT will supply Documentation to assist Customer in using the Services. Documentation may be updated from time to time.

3.4 Service Level Agreement. SecureIT’s standard SLA shall apply unless Customer has purchased an upgraded level in which case the upgraded level shall apply.

3.5 Personnel and Subcontractors.

  • SecureIT is responsible for the performance of all employees, consultants, and subcontractors
  • SecureIT may engage subcontractors with Customer’s prior written consent (not to be unreasonably withheld)
  • SecureIT remains fully responsible for subcontractor performance
  • All subcontractors will be bound by obligations no less protective than these Terms & Conditions.

3.6 Resources and Facilities. SecureIT shall allocate necessary resources, facilities, equipment, and tools to fulfill its obligations under these Terms & Conditions and derived Service Orders.

3.7 Continuous consultation services. Any unused retainer hours agreed upon in Service Orders will be valid for 3 months. After 3 months the first months unused hours expire and so on.

3.8 Communication and Reporting. SecureIT shall:

  • Promptly notify Customer of any incidents or issues affecting Service delivery
  • Provide regular status updates as specified in Service Orders.
  • Respond to Customer inquiries within timeframes specified in the SLA
  • Comply with reasonable Customer requests within the scope of Services

3.9 Scheduled Maintenance. SecureIT may schedule periods when Services will be unavailable for improvements, repairs, or maintenance. When possible, SecureIT will use commercially reasonable efforts to:

  • Provide advance notice via email (minimum 48 hours for material interruptions)
  • Schedule maintenance during off-peak hours
  • Minimize service disruption

3.10 Emergency Maintenance. SecureIT may perform Emergency Maintenance to address material security issues or technical problems. If possible, SecureIT will:

  • Notify Customer via email at least one (1) hour prior to Emergency Maintenance
  • Promptly notify Customer once Emergency Maintenance begins
  • Provide updates on actions being taken and expected resolution time

3.11 No Infringement. SecureIT warrants that Services and Deliverables will not intentionally infringe third-party intellectual property rights when used in accordance with these Terms & Conditions.

4. USE OF SERVICES

4.1 Permitted Use. Customer and Authorized Users shall use the Services only in accordance with:

  • These Terms & Conditions and applicable Service Orders.
  • Documentation and SecureIT’s policies
  • Applicable laws and regulations

4.2 Customer Responsibilities. Customer agrees to:

  • Provide timely access to systems, networks, applications, and personnel as reasonably required
  • Provide accurate and complete information necessary for Service delivery
  • Designate authorized representatives for approvals and decision-making
  • Maintain backup copies of all systems subject to testing or assessment
  • Review and approve Deliverables within agreed timeframes
  • Implement reasonable security safeguards to prevent unauthorized access
  • Comply with SecureIT’s reasonable security and access requirements

4.3 User Management. Customer is responsible for:

  • Actions of all Authorized Users and their compliance with these Terms & Conditions.
  • Maintaining the security and confidentiality of Account credentials
  • Implementing sufficient safeguards to prevent unauthorized Account access
  • Promptly notifying SecureIT of any unauthorized use or security breach

4.4 Authorization for Testing. For security testing services, Customer specifically authorizes SecureIT to:

  • Conduct security verification activities on designated systems
  • Use network tools and techniques designed to detect vulnerabilities and misconfigurations
  • Access systems and data as necessary to perform Services described in these Terms & Conditions and derived Service Orders, in accordance with accepted best practices, which include guidelines and requirements by PCI, the PTES methodology, OWASP, SANS, ISO and NIST.

Customer represents and warrants that:

  • Customer owns or has proper authorization for all systems to be tested

  • The authorized signatory has authority to grant SecureIT access

  • Customer has created full, verified backups of all systems subject to testing

  • Customer understands that security testing necessarily involves techniques that may affect system availability.

  • The Customer is responsible for obtaining the necessary permission for the work to be carried out from hosting providers and other 3rd parties that may be affected by the work within scope.

  • SecureIT will not be held responsible for any system failures or downtime following systems being tested in any way. The tests may include but are not limited to: port-scanning, vulnerability scanning and active exploitation of vulnerabilities discovered in the Customer’s security posture.

4.5 Prohibited Uses. Customer shall not:

  • Use Services for any unlawful purpose or in violation of these Terms & Conditions
  • Access, store, distribute, or transmit unlawful or harmful material
  • Conduct unauthorized penetration testing or similar activities
  • Sell, rent, lease, license, distribute, publish, or publicly display the Services
  • Modify, duplicate, create derivative works from, or reverse engineer the Services
  • Frame, mirror, republish, disassemble, or decompile any portion of the Services
  • Allow unauthorized third parties to access or use the Services
  • Use Services in any manner that damages, disables, or impairs the Services

4.6 Downloading and Copying. Customer may download and copy reports and data developed based on the Services solely for Customer’s internal business use or as approved by SecureIT.

4.7 Applicable Laws and Licenses. Customer shall:

  • Comply with all applicable laws and regulations
  • Hold all relevant licenses and authorizations required for its operations
  • Obtain all necessary consents and approvals for SecureIT’s Services

5. FREE AND TRIAL SERVICES

5.1 “As Is” Provision. Services designated as trial or free services are provided “AS IS” without warranties of any kind.

5.2 Limited Liability. For trial and free services:

  • SecureIT has no indemnification obligations
  • SecureIT’s aggregate liability is limited to EUR 1,000 (or the minimum amount required by applicable law)
  • All disclaimers and limitations in these Terms & Conditions apply to the maximum extent permitted by law

5.3 No SLA. Service Level Agreements do not apply to trial or free services unless expressly stated in writing.

6. AUTHORIZED AFFILIATES

6.1 Affiliate Use. Customer may allow Authorized Affiliates to use and benefit from the Services if:

  • Specifically provided for in a Service Order.
  • The Authorized Affiliate complies with all terms of these Terms & Conditions
  • Customer remains fully responsible for Authorized Affiliate actions

6.2 Customer Responsibility. Customer is liable for all Authorized Affiliate actions as if they were Customer’s own actions.

6.3 Notices to Affiliates. Any notices to Authorized Affiliates shall be sent to Customer.

7. ADDITIONAL SERVICES

7.1 Requesting Additional Services. Customer may request Additional Services at any time by:

  • Submitting a request to SecureIT in writing (email, Slack, Teams or other agreed upon messaging services are sufficient)
  • Executing a new Service Order for the Additional Services
  • Agreeing to applicable fees and terms

7.2 Bespoke Work. For customized or complex engagements, Parties may execute a Service Order that includes:

  • Detailed scope and specifications
  • Fees, milestones, and payment terms
  • Timelines and dependencies
  • Acceptance criteria
  • Other applicable conditions

8. THIRD-PARTY SERVICES

8.1 Third-Party Terms. Terms governing Third-Party Services, including data processing, are solely between Customer and the Third-Party Service Provider.

8.2 No Warranty. SecureIT does not warrant or support Third-Party Services unless expressly provided otherwise in a Service Order.

8.3 No Liability. SecureIT is not responsible for:

  • Functionality or performance of Third-Party Services
  • Disclosure, modification, or deletion of Customer Data by Third-Party Services
  • Third-party compliance with laws or security standards
  • Third-party business practices or service availability

8.4 Customer Responsibility. Customer is solely responsible for:

  • Selecting appropriate Third-Party Services
  • Reviewing third-party terms and privacy policies
  • Ensuring third-party compliance with Customer’s requirements
  • Managing relationships with Third-Party Service Providers

9. DATA PROTECTION AND SECURITY

9.1 Technical and Organizational Safeguards. SecureIT implements technical and organizational safeguards, as described in Section 28., Data Processing and Security, to ensure appropriate security for Customer Data.

9.2 Privacy and Security Documentation. SecureIT may periodically update the Privacy and Security Documentation but undertakes not to materially reduce the overall level of protection without Customer notice.

9.3 Data Controller and Processor Roles.

  • Unless otherwise specified in a Service Order, Customer is the data controller for Personal Data in Customer Data
  • SecureIT processes such Personal Data as a data processor on Customer’s behalf
  • For SecureIT Data, SecureIT is the data controller

9.4 External Data Sources. SecureIT’s Services may depend on access to data directly from Customer or third parties. SecureIT cannot guarantee the availability, accuracy, or quality of external data sources beyond SecureIT’s control.

10. INTELLECTUAL PROPERTY RIGHTS

10.1 Reservation of Rights. Subject to limited rights expressly granted in these Terms & Conditions, SecureIT reserves all right, title, and interest in:

  • The Services and Documentation
  • SecureIT’s methodologies, tools, frameworks, and processes
  • SecureIT’s pre-existing intellectual property
  • Improvements and enhancements to SecureIT’s intellectual property

No rights are granted to Customer except as expressly set forth in these Terms & Conditions.

10.2 License to Services. Subject to the terms of these Terms & Conditions, SecureIT grants Customer a limited, non-exclusive, non-transferable, non sub-licensable, revocable license during the Term to:

  • Access and use the Services specified in executed Service Orders
  • Copy and use Documentation in connection with permitted use of Services
  • Use Deliverables for Customer’s internal business purposes

10.3 License to Customer Data. Customer grants SecureIT a worldwide, time-limited, non-transferable, revocable license to:

  • Access and use Customer Data solely as necessary to provide the Services
  • Process Customer Data in accordance with Customer’s instructions and these Terms & Conditions
  • Store and transmit Customer Data using secure methods

10.4 Deliverables Ownership. Unless otherwise specified in a Service Order:

  • Reports and Assessments: Customer owns reports, vulnerability assessments, and documentation created specifically for Customer
  • Tools and Methodologies: SecureIT retains ownership of all tools, methodologies, techniques, and processes used to deliver Services
  • Pre-existing IP: Each Party retains ownership of its pre-existing intellectual property
  • Improvements: SecureIT retains rights to improvements or enhancements to its intellectual property, regardless of who initiated or paid for such improvements

10.5 SecureIT owns Future Changes. Any modifications, enhancements, or improvements to the Services will be owned by SecureIT, regardless of who initiated, suggested, or paid for those changes.

10.6 Third-Party Intellectual Property. If SecureIT provides third-party software or tools:

  • Such software remains the property of the third party
  • Customer’s use is subject to applicable third-party licenses
  • SecureIT makes no warranties regarding third-party software

10.7 Restrictions. Customer shall not:

  • Remove or alter proprietary notices on SecureIT’s materials
  • Reverse engineer, decompile, or disassemble SecureIT’s proprietary tools or software or any tools or software owned by a 3rd party, bought through SecureIT
  • Use SecureIT’s intellectual property beyond the scope granted in these Terms & Conditions
  • Create derivative works from SecureIT’s intellectual property without written permission

10.8 Feedback. If Customer provides Feedback to SecureIT:

  • SecureIT and its Affiliates may use Feedback without restriction
  • Customer irrevocably assigns to SecureIT all right, title, and interest in the Feedback
  • SecureIT has no obligation to implement Feedback or provide compensation
  • SecureIT may use Feedback for any purpose, including product development and marketing

10.9 Indemnification by SecureIT. SecureIT shall indemnify, defend, and hold Customer harmless from claims that the Services infringe third-party intellectual property rights, provided:

  • Customer promptly notifies SecureIT of the claim
  • SecureIT has sole control of the defense and settlement
  • Customer cooperates fully in the defense
  • The infringement is not caused by: (i) Customer’s modification of the Services, (ii) use in violation of these Terms & Conditions or Documentation, (iii) combination with non-SecureIT products or services, or (iv) use after SecureIT notified Customer to cease use

Remedies: If Services are held or believed to infringe, SecureIT may at its option:

  1. Obtain the right for Customer to continue using the Services
  2. Modify the Services to be non-infringing
  3. Replace the Services with non-infringing alternatives
  4. Terminate the affected Service Order and refund prepaid fees for unused Services

10.10 Indemnification by Customer. Customer shall indemnify, defend, and hold SecureIT harmless from claims:

  • That Customer Data infringes or misappropriates third-party intellectual property rights
  • Arising from Customer’s use of Services in an unlawful manner or in violation of these Terms & Conditions
  • Resulting from unauthorized modifications or combinations by Customer
  • Related to Customer’s systems, operations, or business activities

11. CONFIDENTIALITY

11.1 Definition of Confidential Information. “Confidential Information” means all non-public information disclosed by a Party (“Disclosing Party”) to the other Party (“Receiving Party”), whether orally or in writing, that is either:

  • Marked as “Confidential” or similar designation, or
  • Reasonably understood to be confidential given the nature of the information or context of disclosure

Confidential Information includes:

  • Customer: Customer Data, business information, technical specifications, system architectures, security configurations, reports.
  • SecureIT: SecureIT Data, these Terms & Conditions and Service Orders (including pricing), security findings and vulnerabilities, methodologies, tools, techniques, business plans, technical information, product plans
  • Both Parties: Marketing plans, financial information, customer lists, business strategies, proprietary processes

11.2 Exclusions. Confidential Information does not include information that:

  • Is or becomes publicly available without breach of these Terms & Conditions
  • Was rightfully known to Receiving Party prior to disclosure without confidentiality obligation
  • Is received from a third party without breach of confidentiality obligation
  • Is independently developed by Receiving Party without use of Confidential Information
  • Must be disclosed by law or regulation (with prompt notice to Disclosing Party if legally permitted)

11.3 Obligations of Receiving Party. Receiving Party shall:

  • Use Confidential Information solely for purposes consistent with these Terms & Conditions
  • Protect Confidential Information using at least the same degree of care as for its own confidential information (but no less than reasonable care)
  • Limit disclosure to employees, agents, contractors, and subcontractors who: (i) have a legitimate need to know, and (ii) are bound by confidentiality obligations no less protective than these Terms & Conditions or professional secrecy requirements
  • Not disclose Confidential Information to third parties without prior written consent
  • Promptly notify Disclosing Party of any unauthorized disclosure or use

11.4 Enhanced Protection for Security Findings. Security vulnerabilities, offensive security test results, audit and assessment findings shall be treated as highly confidential by both Parties. SecureIT shall:

  • Encrypt all reports containing sensitive findings using strong encryption
  • Transmit findings only through secure, encrypted channels
  • Limit distribution to Customer’s authorized personnel specified in the Service Order
  • Not publicly disclose findings without Customer’s express written permission
  • Store findings securely and implement appropriate access controls

11.5 Customer Obligations for Findings. Customer shall:

  • Limit distribution of security findings to personnel with a legitimate need to know
  • Not publicly disclose SecureIT’s methodologies, tools, or techniques
  • Implement reasonable security measures to protect assessment reports
  • Notify SecureIT immediately if findings are disclosed to unauthorized parties

11.6 Compelled Disclosure. If Receiving Party is required by law, regulation, or court order to disclose Confidential Information:

  • Receiving Party shall promptly notify Disclosing Party (unless legally prohibited)
  • Receiving Party shall cooperate with Disclosing Party’s efforts to obtain protective orders
  • Receiving Party shall disclose only the minimum information legally required
  • Receiving Party shall use commercially reasonable efforts to ensure confidential treatment by recipients

11.7 Return or Destruction. Upon termination of these Terms & Conditions or upon request, Receiving Party shall promptly:

  • Return all Confidential Information in tangible form
  • Permanently delete or destroy electronic copies (except as required by law or professional standards)
  • Provide written certification of destruction if requested
  • Retain only copies required by law, regulation, or professional obligations

11.8 Survival. Confidentiality obligations shall survive for five (5) years after termination of the applicable Service Order, except:

  • Trade secrets shall be protected indefinitely
  • Security findings and vulnerability information shall be protected for five (5) years
  • Information required to be kept confidential by law shall be protected accordingly

11.9 Injunctive Relief. Receiving Party acknowledges that breach of this Section may cause irreparable harm for which monetary damages are inadequate. Disclosing Party shall be entitled to seek injunctive relief without posting bond.

12. WARRANTIES AND REPRESENTATIONS

12.1 Mutual Warranties. Each Party represents and warrants that:

  • It has full legal authority to enter into and perform under these Terms & Conditions and the derived Service Orders.
  • Execution and performance do not violate any applicable laws, regulations, or agreements
  • All information provided is accurate, complete, and not misleading

12.2 SecureIT Warranties. SecureIT warrants that:

  • Services will be performed in a professional, workmanlike manner consistent with industry standards
  • Personnel have appropriate qualifications, expertise, and experience
  • Services will substantially conform to specifications in Service Orders and Documentation
  • SecureIT has and will maintain all necessary licenses, permits, certifications, and authorizations
  • Services will not infringe third-party intellectual property rights when used as authorized
  • SecureIT will comply with all applicable laws and regulations

12.3 Customer Warranties. Customer warrants that:

  • It owns or has proper authorization for all systems subject to testing or assessment
  • Authorized signatories have authority to grant SecureIT access rights and permissions
  • All information provided to SecureIT is accurate, complete, and current
  • It has obtained all necessary consents, approvals, and authorizations
  • Its use of Services will comply with all applicable laws

12.4 DISCLAIMER OF IMPLIED WARRANTIES. EXCEPT AS EXPRESSLY PROVIDED IN THESE TERMS & CONDITIONS, NEITHER PARTY MAKES ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE.

EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO:

  • IMPLIED WARRANTIES OF MERCHANTABILITY
  • IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE
  • IMPLIED WARRANTIES OF NON-INFRINGEMENT
  • WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.

12.5 Service Limitations. SecureIT does not warrant that:

  • Services will be uninterrupted, error-free, or completely secure
  • All security vulnerabilities will be identified or detected
  • Implementation of recommendations will prevent all security incidents
  • Third-party products, systems, or services will function as expected
  • Test results will be identical if repeated
  • Services will meet Customer’s specific requirements (unless expressly agreed in a Service Order)
  • Incident Response service is not provided with a 100% guarantee of a response. SecureIT is at liberty to charge a premium of up to 200% of it’s regular hourly rate for Incident response services.

12.6 Security Testing Acknowledgment. Customer acknowledges and agrees that:

  • Security testing carries inherent risks and may affect system availability or functionality
  • Testing techniques may cause temporary performance degradation or system instability
  • No testing methodology can identify all vulnerabilities or security issues
  • SecureIT uses commercially reasonable efforts to minimize impact but cannot guarantee zero disruption
  • SecureIT is not liable for system issues arising from testing conducted within the authorized scope and in accordance with industry standards

12.7 External Data Disclaimer. SecureIT disclaims all warranties regarding external data sources beyond SecureIT’s control, including availability, accuracy, completeness, or timeliness of such data.

13. LIMITATION OF LIABILITY

13.1 Liability Cap. TO THE MAXIMUM EXTENT PERMITTED BY ICELANDIC LAW, WITHOUT PREJUDICE TO PAYMENT OBLIGATIONS UNDER SECTION 14, SECUREIT’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS & CONDITIONS SHALL NOT EXCEED:

-The median monthly amounts paid by Customer for Services over the twelve (12) months immediately preceding the date the claim first arose, multiplied by twelve (12).

13.2 Exclusion of Consequential Damages. NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO:

  • Loss of profits, revenue, business, or opportunities
  • Loss of data or goodwill
  • Cost of substitute services or procurement of replacement goods
  • Business interruption or downtime
  • Reputational harm or damage
  • Loss of customers or contracts
  • Unavailability of Services

THIS EXCLUSION APPLIES REGARDLESS OF WHETHER SUCH DAMAGES WERE FORESEEABLE AND REGARDLESS OF THE LEGAL THEORY (CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE).

13.3 Direct Damages Only. Liability is limited to direct damages actually incurred and reasonably foreseeable. SecureIT is not liable for:

  • Damage caused by Customer’s equipment, systems, software, or configurations
  • Damage resulting from Customer’s failure to implement recommendations or maintain backups
  • Damage caused by unauthorized modifications, integrations, or changes by Customer
  • Damage attributable to third parties, Third-Party Services, or external data sources
  • Damage resulting from actions outside the authorized scope of Services
  • Damage caused by Customer’s violation of these Terms & Conditions or applicable laws
  • Damage resulting from force majeure events

13.4 Claims Timing. Neither Party shall be liable to compensate the other Party unless:

  • The claim is made by Written Notice no later than three (3) calendar months from when the aggrieved Party became aware of the facts giving rise to the claim
  • The claim describes in reasonable detail the nature of the claim and calculation of damages
  • The claiming Party has taken reasonable steps to mitigate damages

13.5 Exceptions to Limitations. The limitations in this Section 13 shall not apply to:

  • Either Party’s indemnification obligations under Section 15
  • Either Party’s breach of confidentiality obligations under Section 11
  • SecureIT’s payment obligations under Section 14
  • Liabilities arising from gross negligence, willful misconduct, or fraud
  • Liabilities that cannot be limited under applicable Icelandic law
  • Death or personal injury caused by negligence

13.6 Risk Allocation. Customer acknowledges that:

  • The fees reflect the allocation of risk set forth in these Terms & Conditions
  • SecureIT would not enter into these Terms & Conditions without these liability limitations
  • These limitations are reasonable given the nature of cybersecurity services
  • Customer has the opportunity to purchase additional insurance if desired

13.7 Essential Basis of Bargain. The Parties expressly agree that the limitations and exclusions of liability in this Section 13 are essential elements of the bargain and that SecureIT would not provide Services without such limitations.

14. FEES AND PAYMENT

14.1 Service Fees. Customer shall pay SecureIT all fees and charges for Services as specified in the applicable Service Orders.

14.2 Currency and Taxes. Unless otherwise stated:

  • Fees are quoted in Icelandic króna (ISK), US Dollars (USD) or Euros (EUR) as specified in the Service Order
  • All fees are exclusive of applicable taxes, duties, and government charges
  • Customer is responsible for all sales, use, value-added, withholding, and other taxes except taxes based on SecureIT’s net income

14.3 Payment Terms. Unless otherwise agreed in a Service Order:

  • Fees shall be paid monthly in advance according to the billing schedule
  • Invoices are payable within twenty-one (21) calendar days of invoice date
  • Payment shall be made via bank transfer to the account and in the currency specified on the invoice
  • All amounts shall be paid without setoff, counterclaim, deduction, or withholding

14.4 Billing Schedule. SecureIT may invoice:

  • Up to 6 months in advance for recurring services, after that the monthly fee is invoiced in advance.
  • Upfront payment and upon completion of milestones for project-based services. The ratio is determined in the applicable Service Orders.
  • According to the payment schedule in the applicable Service Orders.
  • Third party services resold by SecureIT and set up costs related to them are paid upfront, for 12 months at a time, unless otherwise specified in Service Orders. There are no refunds for reseller services and if terminated the Customer will no longer be eligible for the discount provided due to the length of the contract and SecureIT will invoice the difference between the full price and the discounted price. Termination notice for reseller services is 90 days prior to the renewal of agreed upon service period, never shorter then 12 months.
  • In arrears for usage-based or time and materials services
  • In arrears for usage of licenses beyond the previously agreed number of users. Those licenses will be invoiced at full price.

14.5 Invoice Contents. Invoices shall contain:

  • Description of Services or Deliverables provided
  • Applicable fees and charges
  • Invoice date and payment due date
  • Bank account information for payments
  • Tax identification and registration numbers

14.6 Late Payment. If payment is not received by the due date:

  • Interest shall accrue on unpaid amounts at a rate of ten percent (10%) per annum (or the highest rate permitted by Icelandic law, if less), compounded monthly
  • Interest shall be calculated in accordance with Icelandic Law No. 38/2001 on Interest and Indexation
  • SecureIT may suspend or limit access to Customer’s Account and/or Services without liability until payment is received
  • Customer shall reimburse SecureIT for all reasonable collection costs, including attorneys’ fees

14.7 Disputed Invoices. If Customer disputes any invoice amount:

  • Customer shall notify SecureIT in writing within ten (10) calendar days of invoice date
  • The notice shall include detailed basis for the dispute and supporting documentation
  • Customer shall pay all undisputed amounts when due
  • Parties shall meet (virtual meetings acceptable) within thirty (30) days to resolve the dispute
  • If unresolved after thirty (30) days, SecureIT may: (i) suspend Services, (ii) terminate the applicable Service Order in accordance with Section 16.4, or (iii) pursue other remedies

14.8 Expenses. Unless otherwise agreed in writing:

  • Fees exclude travel, accommodation, meals, per diem and other expenses
  • Pre-approved out-of-pocket expenses shall be reimbursed at cost with supporting documentation
  • SecureIT shall obtain Customer approval for individual expenses exceeding 3000 USD
  • Expense reimbursement invoices are payable within twenty-one (21) calendar days

14.9 Price Adjustments. The fees are based upon current economic conditions and do not include inflation beyond the first full calendar year of the applicable Service Order. SecureIT may therefore:

  • On the first anniversary of the applicable Service Order, and on a yearly basis thereafter, increase the fees.

  • Any such adjustments will be based on the percentage change of the CPI for the first 12 months following the Commencement Date of the Service Order, plus an additional three percent (3%)

  • Any price increase from a supplier, where SecureIT acts as a reseller towards the Customer will be reflected in the price payable by the Customer to SecureIT following a 30 day notice from SecureIT to the Customer.

14.10 No Setoff. All amounts payable under any and all Service Orders shall be paid without setoff, counterclaim, or deduction of any kind except as expressly permitted in writing by SecureIT.

15. INDEMNIFICATION

15.1 Indemnification by SecureIT. SecureIT shall indemnify, defend, and hold harmless Customer and its officers, directors, employees, and agents from and against any third-party claims, demands, actions, proceedings, losses, damages, liabilities, and expenses (including reasonable attorneys’ fees) arising from:

  • SecureIT’s material breach of these Terms & Conditions
  • SecureIT’s gross negligence or willful misconduct
  • Claims that Services or Deliverables (when used as authorized) infringe third-party intellectual property rights
  • Violations of law by SecureIT or its personnel in performing Services
  • Unauthorized disclosure of Confidential Information by SecureIT

15.2 Indemnification by Customer. Customer shall indemnify, defend, and hold harmless SecureIT and its officers, directors, employees, and agents from and against any third-party claims, demands, actions, proceedings, losses, damages, liabilities, and expenses (including reasonable attorneys’ fees) arising from:

  • Customer’s breach of these Terms & Conditions
  • Customer’s misuse of Services or Deliverables
  • Claims that Customer Data infringes or misappropriates third-party intellectual property rights
  • SecureIT’s authorized actions within the scope of Services as directed by Customer
  • Customer’s violation of applicable laws or regulations
  • Claims related to Customer’s systems, operations, or business activities
  • Unauthorized access or use of Services by Customer’s personnel or third parties
  • Customer’s use of Services in violation of these Terms & Conditions or Documentation

15.3 Indemnification Procedures. For all indemnification claims:

Notification: The indemnified Party shall:

  • Promptly notify the indemnifying Party in writing of any claim
  • Provide all relevant information and documentation
  • Cooperate fully in the defense of the claim

Control of Defense: The indemnifying Party shall:

  • Assume control of the defense with counsel reasonably acceptable to the indemnified Party
  • Keep the indemnified Party informed of material developments
  • Not settle or compromise the claim in a manner that: (i) admits liability by the indemnified Party, (ii) imposes obligations on the indemnified Party, or (iii) requires payment by the indemnified Party, without the indemnified Party’s prior written consent

Cooperation: The indemnified Party shall:

  • Reasonably cooperate in the defense at the indemnifying Party’s expense
  • Provide access to relevant information and personnel
  • Not settle or compromise the claim without the indemnifying Party’s consent

15.4 Sole Remedy. Section 10.9 (Indemnification by SecureIT for IP infringement) states Customer’s sole and exclusive remedy for intellectual property infringement claims.

16. Terms of Service

16.1 Commencement. These Terms & Conditions shall commence on the effective date of the initial Service Order and shall remain in effect until the last active Service Order has expired or been terminated. Upon the renewal of any Service Order, the then-current version of SecureIT’s Terms & Conditions shall govern.

16.3 Service Order Terms. Individual Service Order shall specify their own term.

16.4 Termination for Cause. Either Party may terminate a Service Order immediately upon Written Notice if:

  • The other Party materially breaches these Terms & Conditions or the terms of any Service Order and fails to cure the breach within thirty (30) calendar days after receipt of written notice specifying the breach
  • The other Party repeatedly breaches these Terms & Conditions or terms of any Service Order even if cured
  • The material breach is incurable by its nature

16.5 Termination for Insolvency. Either Party may terminate Service Orders immediately upon Written Notice if the other Party:

  • Becomes unable to pay its debts as they become due
  • Becomes insolvent or bankrupt
  • Has an order made or resolution passed for administration, winding-up, or dissolution (except for solvent amalgamation or reconstruction)
  • Has an administrative receiver, manager, liquidator, administrator, trustee, or similar officer appointed over all or substantial part of its assets
  • Enters into any composition or arrangement with creditors
  • Experiences anything analogous to the foregoing in any applicable jurisdiction

16.6 Termination for Change of Control. SecureIT may terminate these Terms & Conditions or any Service Order upon thirty (30) calendar days’ Written Notice if Customer undergoes a change of Control that SecureIT reasonably believes would adversely affect SecureIT’s interests or obligations under these Terms & Conditions or any derived Service Orders.

16.7 Termination for Convenience. Either Party may terminate individual Service Orders for convenience by providing ninety (90) calendar days’ Written Notice to the other Party.

16.8 Effect of Termination. Upon termination or expiration of any Service Order:

Payment Obligations:

  • Customer shall pay all fees for Services performed through the termination date
  • Customer shall pay for all Deliverables provided through termination
  • All outstanding invoices become immediately due and payable
  • No refunds for prepaid fees unless termination is due to SecureIT’s material breach

Data and Materials:

  • SecureIT shall provide Customer with technical controls for thirty (30) calendar days to retrieve or delete Customer Data
  • Customer shall return or destroy all SecureIT Confidential Information
  • SecureIT shall return or securely delete Customer Data

Access:

  • Customer’s access to Services shall cease immediately (or as specified in termination notice)
  • All licenses granted under the Service Order terminate
  • Customer shall cease using Services, Documentation, and SecureIT intellectual property

Active Projects:

  • Parties shall cooperate to wind down active projects in an orderly manner
  • Customer may request completion of critical in-progress work at mutually agreed rates
  • SecureIT shall deliver all completed Work Product

16.9 Survival. The following provisions shall survive termination or expiration of Service Orders for the periods specified or indefinitely as appropriate:

  • Section 5 (Free and Trial Services)
  • Section 8.2 (Third-Party Services - No Warranty)
  • Section 10 (Intellectual Property Rights)
  • Section 11 (Confidentiality)
  • Section 12.4 (Disclaimer of Warranties)
  • Section 13 (Limitation of Liability)
  • Section 14 (Fees and Payment)
  • Section 15 (Indemnification)
  • Section 16.8-16.10 (Effect of Termination, Survival, Post-Termination)
  • Section 26 (Miscellaneous)
  • Section 27 (Governing Law and Jurisdiction)
  • Any other provisions that by their nature should survive

16.10 Post-Termination Obligations. After termination:

  • Confidentiality obligations continue per Section 11.8
  • Customer may not use SecureIT’s trademarks, name, or intellectual property
  • Neither Party shall make disparaging statements about the other
  • Parties shall cooperate in good faith to facilitate transition

17. SUSPENSION

17.1 Suspension Rights. SecureIT reserves the right to close, suspend, or limit access (in whole or in part) to Customer’s and/or any Authorized Affiliate’s Account and/or Services if SecureIT reasonably believes:

  • Customer or any Authorized Affiliate is in material breach of these Terms & Conditions or any derived Service Order
  • Customer’s Account is being used for unlawful purposes
  • Customer’s use poses a security risk to SecureIT or other customers
  • Customer has failed to pay undisputed amounts when due
  • Customer is using Services in a manner that violates third-party rights
  • Suspension is required by law or court order

17.2 Notice of Suspension. SecureIT shall provide reasonable advance notice of suspension when practicable, except when:

  • Immediate suspension is necessary to prevent security threats or harm
  • Providing notice would violate law or court order
  • Customer’s breach poses imminent risk

17.3 No Credits During Suspension. Customer shall not be entitled to any service credits, refunds, or SLA compensation during any suspension period resulting from Customer’s breach or actions.

17.4 Fees During Suspension. Customer remains obligated to pay all fees during suspension periods unless the suspension results from SecureIT’s breach.

17.5 Restoring Access. SecureIT will use commercially reasonable efforts to restore access to suspended Account or Services promptly after:

  • Customer has cured the problem giving rise to suspension
  • Customer has provided reasonable assurances that the breach will not recur
  • All past-due amounts have been paid in full
  • Any additional security measures requested by SecureIT have been implemented

17.6 Termination After Suspension. If Customer fails to cure the breach within thirty (30) calendar days of suspension, SecureIT may terminate the Service Order in accordance with Section 16.4.

18. DELAY OR SUSPENSION OF WORK

18.1 Customer-Caused Delays. If Customer’s acts or failure to act cause SecureIT to delay or suspend performance of Services, the Parties shall mutually agree to one of the following remedies:

  • SecureIT will use reasonable efforts to continue performance as practicable under the circumstances and Customer will continue to make all scheduled payments; OR
  • SecureIT will re-assign personnel and extend the work schedule without liability, and Customer will pay all additional costs incurred

18.2 Payment for Suspended Work. Notwithstanding the above, SecureIT shall have the right to invoice Customer for any work performed to the date of suspension.

18.3 Delay Impact. Customer-caused delays may result in:

  • Extended project timelines and delivery dates
  • Additional fees for extended resource allocation
  • Re-scheduling of personnel and resources
  • Increased costs if market rates change during delay period

19. FORCE MAJEURE

19.1 Excused Performance. Neither Party shall be liable for failure or delay in performance due to causes beyond its reasonable control (“Force Majeure Event”), including but not limited to:

  • Acts of God (earthquakes, floods, volcanic eruptions, storms)
  • War, armed conflict, terrorism, or civil unrest
  • Government actions, orders, embargoes, or sanctions
  • Epidemics, pandemics, or quarantines
  • Labor disputes not involving the Party’s own employees
  • Failure of utilities, telecommunications, or internet service providers
  • Cyber attacks, denial of service attacks, or network intrusions (not caused by the Party’s negligence)
  • Fire, explosion, or natural disasters
  • Any other event beyond a Party’s reasonable control

19.2 Notification Requirements. The affected Party shall:

  • Promptly notify the other Party in writing of the Force Majeure Event
  • Describe the nature of the event and expected duration
  • Provide regular updates on status and efforts to mitigate
  • Use commercially reasonable efforts to mitigate the impact
  • Resume performance as soon as reasonably practicable

19.3 Obligations During Force Majeure. During a Force Majeure Event:

  • Affected obligations are suspended for the duration of the event
  • Non-affected obligations continue as normal
  • Payment obligations for Services already performed remain in effect
  • Parties shall work together in good faith to minimize disruption

19.4 Right to Terminate. If a Force Majeure Event continues for more than sixty (60) consecutive calendar days:

  • Either Party may terminate affected Service Orders upon Written Notice without liability
  • Termination does not relieve Customer of payment obligations for Services performed prior to the Force Majeure Event
  • These Terms & Conditions continue in effect unless all Service Orders are terminated or if they have been replaced by a renewed version

19.5 Limitations. Force Majeure provisions do not excuse:

  • Customer’s payment obligations for Services already rendered
  • Breaches that occurred before the Force Majeure Event
  • Failures caused by financial difficulties or inability to pay

20. KNOW YOUR CUSTOMER

20.1 Information Provision. Customer shall, upon SecureIT’s request, promptly provide all relevant information necessary for SecureIT to:

  • Comply with applicable anti-money laundering laws
  • Meet “Know Your Customer” (KYC) requirements
  • Comply with sanctions screening obligations
  • Fulfill regulatory reporting requirements
  • Verify Customer’s identity and authorization

20.2 Required Information. Information may include:

  • Corporate registration documents
  • Ownership and control structure
  • Authorized signatories and their identification
  • Business licenses and permits
  • Financial information as required by law
  • Beneficial ownership information
  • Source of funds documentation

20.3 Updates. Customer shall promptly notify SecureIT of any material changes to the information provided.

20.4 Consequences of Non-Compliance. SecureIT may suspend or terminate Services if Customer fails to provide required information or if SecureIT is legally prohibited from providing Services to Customer.

21. NOTICES

21.1 Method of Giving Notice. All notices under these Terms & Conditions (“Notice”) shall be in writing and delivered:

  • By registered or certified mail with return receipt requested
  • By internationally recognized courier service with tracking
  • By email to the contact addresses specified below

21.2 Notice Addresses. Unless otherwise specified in a Service Order, notices shall be sent to:

To SecureIT:

SecureIT (ITSecurity ehf.)

Attn: Magnús Birgisson

Höfðabakki 9B

110 Reykjavík

Iceland

Email: legal@secureit.is

To Customer:

The dedicated contact in the applicable Service Order.

21.3 Effective Date of Notice. Notices shall be deemed received:

  • If by registered mail or courier: Upon delivery or refusal to accept delivery
  • If by email: On the day of sending if sent during Business Hours; otherwise, on the next Business Day
  • In any case: No later than two (2) Business Days after mailing

21.4 Proof of Notice. Parties should retain:

  • Postal receipts for mailed notices
  • Delivery confirmations for courier notices
  • Delivery receipts or read receipts for email notices

21.5 Change of Address. Either Party may change its notice address by providing Written Notice to the other Party. Changes become effective upon receipt of the notice.

21.6 Notices to Authorized Affiliates. Any notices intended for Authorized Affiliates shall be addressed to Customer at Customer’s notice address.

21.7 Copies. Notices of termination or material breach should be sent via multiple methods to ensure receipt.

22. SUBCONTRACTORS

22.1 Use of Subcontractors. SecureIT can use SecureIT approved subcontractors to carry out any part of the service that is to be provided in accordance with these Terms & Conditions or any derived Service Order.

22.4 Subcontractors. SecureIT shall ensure that all subcontractors maintain insurance coverage appropriate for their role.

23. INDEPENDENT CONTRACTOR

23.1 Relationship. SecureIT is an independent contractor, not an employee, agent, partner, or joint venturer of Customer. Nothing in these Terms & Conditions creates an employment, agency, partnership, or joint venture relationship.

23.2 No Authority. SecureIT has no authority to:

  • Bind Customer to any obligation or agreement
  • Make representations or warranties on Customer’s behalf
  • Incur expenses chargeable to Customer (except as expressly authorized in writing)
  • Act as Customer’s agent in any capacity

23.3 Personnel Control. SecureIT shall:

  • Retain full control and supervision over its personnel
  • Be responsible for all employment-related obligations (salaries, benefits, taxes, insurance, workers’ compensation)
  • Ensure personnel comply with these Terms & Conditions
  • Be responsible for personnel work product and conduct
  • Not represent personnel as Customer employees

23.4 Benefits. SecureIT personnel are not entitled to any employee benefits from Customer, including health insurance, retirement benefits, paid leave, or other benefits.

24. NON-SOLICITATION

24.1 Employee Non-Solicitation. During the term of a Service Order and for 12 months after, neither Party will directly or indirectly solicit, hire, or encourage the resignation of the other Party's personnel who were involved in the Services or had access to Confidential Information.

24.2 Exceptions. This restriction does not apply to: (a) general public job postings not targeted at specific personnel; (b) unsolicited applications; or (c) personnel terminated without cause or whose employment ended at least 6 months prior.

24.3 Customer Non-Solicitation. SecureIT will not, during the Term and for 12 months after, solicit any of Customer's clients introduced through this relationship or compete for business opportunities specifically identified by Customer.

24.4 Remedies. A breach of this section entitles the injured Party to injunctive relief (without bond) and liquidated damages equal to 12 months’ compensation of the solicited person, plus reimbursement for recruitment and transition costs.

24.5 Reasonableness. The Parties acknowledge that the restrictions in this Section are reasonable in scope, duration, and geography given the nature of the Services and relationship.

25. PUBLICATION AND MARKETING

25.1 Mutual Right to Use Names. Parties hereby grant each other the right to use each other’s company name and logo in:

  • Marketing materials (brochures, presentations, case studies)
  • Website client lists or portfolios
  • Proposals and credentials presentations
  • Social media posts (LinkedIn, Twitter, etc.)

Solely to identify: (i) SecureIT as a provider of services to Customer, and (ii) Customer as a customer of SecureIT.

25.2 Restrictions on Use. Such use shall:

  • Be professional and not misleading
  • Comply with each Party’s branding guidelines
  • Not imply endorsement beyond the business relationship
  • Not include confidential information or security findings
  • Cease upon termination of the last Service Order (existing materials may remain)

25.3 Press Releases and Public Announcements. Except for the use of name and logo under Section 25.1, all press releases, public announcements, media interviews, and public relations activities by either Party regarding:

  • These Terms & Conditions or the business relationship
  • Specific projects or engagements
  • Security findings or assessments
  • Case studies with identifying information

Shall be approved in writing by both Parties in advance of publication or release.

25.4 Customer Approval for Case Studies. If SecureIT wishes to publish case studies or detailed project descriptions:

  • SecureIT shall submit the proposed content to Customer for review
  • Customer shall have ten (10) Business Days to approve, request changes, or reject
  • Customer may require anonymization or removal of identifying information
  • Customer’s approval shall not be unreasonably withheld

25.5 Social Media. Parties may:

  • Share general information about the business relationship
  • Congratulate each other on achievements or milestones
  • Repost each other’s public content
  • Tag each other in relevant professional posts

Without prior approval, provided such posts do not disclose Confidential Information or security findings.

25.6 Security Findings Prohibition. Neither Party shall publicly disclose:

  • Specific vulnerabilities identified during assessments
  • Security weaknesses or exploits discovered
  • Details of Customer’s security posture or incidents
  • Technical details that could harm Customer’s security

Without the other Party’s express written permission.

26. MISCELLANEOUS

26.1 Entire Agreement. These Terms & Conditions, together with all executed Service Orders and incorporated Appendices or Documentations, constitute the entire agreement between the Parties regarding the subject matter hereof and supersedes all prior agreements, understandings, negotiations, and communications, whether written or oral.

26.2 Amendments. These Terms & Conditions may be amended only by a written instrument signed by authorized representatives of both Parties. No oral modifications shall be effective.

26.3 Service Order Amendments. Individual Service Orders may be amended by written change orders signed by both Parties.

26.4 Waiver.

  • No delay or failure by either Party to exercise any right, power, or remedy shall constitute a waiver
  • No waiver shall be effective unless in writing and signed by the Party waiving its rights
  • A waiver of one breach does not constitute a waiver of any subsequent breach
  • No waiver under these Terms & Conditions shall be implied from conduct or course of dealing

26.5 Severability. If any provision of these Terms & Conditions is held to be illegal, invalid, or unenforceable:

  • That provision shall be modified to the minimum extent necessary to make it enforceable
  • If modification is not possible, the provision shall be deemed severed from these Terms & Conditions
  • The remaining provisions shall remain in full force and effect
  • The invalidity of any provision shall not affect the validity or enforceability of any other provision

26.6 Third-Party Beneficiaries. These Terms & Conditions are for the sole benefit of the Parties and their permitted successors and assigns. No third party shall have any right to enforce any provision of these Terms & Conditions, except as expressly provided herein.

26.7 Assignment.

  • Neither Party may assign, transfer, or delegate any rights or obligations under these Terms & Conditions without the other Party’s prior written consent (not to be unreasonably withheld)
  • Notwithstanding the foregoing, either Party may assign these Terms & Conditions to: (i) an Affiliate, (ii) a successor in connection with a merger, acquisition, or sale of all or substantially all assets
  • Any attempted assignment in violation of this Section is void
  • These Terms & Conditions shall bind and inure to the benefit of permitted successors and assigns

26.8 No Partnership. Nothing in these Terms & Conditions creates a partnership, joint venture, agency, or employment relationship between the Parties.

26.9 Counterparts. These Terms & Conditions and Service Orders may be executed in counterparts, each of which shall be deemed an original and together shall constitute one instrument.

26.10 Electronic Signatures. Electronic signatures (including Pandadoc, DocuSign, Adobe Sign, or similar) shall have the same force and effect as original signatures.

26.11 Headings. Section headings are for convenience only and shall not affect the interpretation of these Terms & Conditions.

26.12 Language. These Terms & Conditions may be translated into other languages for convenience. In the event of any conflict between language versions, the English version shall prevail.

26.13 Interpretation. In interpreting these Terms & Conditions:

  • References to “including” mean “including without limitation”
  • References to Sections are to sections of these Terms & Conditions unless otherwise stated
  • The singular includes the plural and vice versa
  • References to laws include amendments and successor legislation

26.14 Schedules and Appendices. All Schedules and Appendices referenced in these Terms & Conditions are incorporated by reference and form part of these Terms & Conditions.

26.15 Export Control. Both Parties shall comply with all applicable export control laws and regulations. Neither Party shall export, re-export, or transfer any technical data, software, or products in violation of applicable laws.

26.16 Anti-Corruption. Each Party represents that it has not and will not, directly or indirectly:

  • Pay, offer, or authorize any bribes, kickbacks, or improper payments
  • Violate any anti-corruption laws (including the U.S. Foreign Corrupt Practices Act and UK Bribery Act)
  • Engage in any corrupt business practices

26.17 Survival of Obligations. Any obligation that by its nature should survive termination (including payment, confidentiality, intellectual property, and indemnification) shall survive termination or expiration of these Terms & Conditions.

27. GOVERNING LAW AND JURISDICTION

27.1 Governing Law. These Terms & Conditions and all Service Orders shall be governed by and construed in accordance with the laws of Iceland, without regard to its conflict of law principles.

27.2 Exclusive Jurisdiction. Any dispute, controversy, or claim arising out of or in connection with these Terms & Conditions or Service Orders, or the breach, termination, or invalidity thereof, shall be subject to the exclusive jurisdiction of the District Court of Reykjavík, Iceland (Héraðsdómur Reykjavíkur), with rights of appeal within the Icelandic court system.

27.3 Waiver of Jury Trial. To the extent permitted by law, each Party waives any right to jury trial in any proceeding arising out of or related to these Terms & Conditions.

27.4 Process. Each Party consents to service of process by registered mail to the addresses specified in Section 21 or in the applicable Service Order.

27.5 Injunctive Relief. Notwithstanding the exclusive jurisdiction provision, either Party may seek temporary or preliminary injunctive relief in any court of competent jurisdiction to prevent irreparable harm.

27.6 Costs. The prevailing party in any legal action shall be entitled to recover its reasonable attorneys’ fees and costs.

28. Data Processing & Security

28.1 Roles and Scope. To the extent that SecureIT processes Personal Data on behalf of the Customer in the provision of Services, the parties agree that the Customer is the Data Controller and SecureIT is the Data Processor. SecureIT shall process such data solely for the purpose of delivering the Services described in the Statement of Work (SOW) and in accordance with the Customer’s documented instructions and applicable Data Protection Laws (e.g., GDPR, CCPA).

28.2 Secure Storage & Sub-processing (Tresorit). The Customer acknowledges and authorizes SecureIT to utilize Tresorit, a Swiss-based, ISO 27001-certified cloud storage provider, as a sub-processor for the secure storage and delivery of Service Reports and sensitive deliverables.

28.3 Confidentiality & Security Measures. SecureIT shall ensure that all personnel authorized to process Personal Data are committed to confidentiality. SecureIT maintains appropriate technical and organizational measures, including the use of end-to-end encryption to protect Personal Data against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure.

28.4 Data Return & Deletion. Upon termination of the Services or at the Customer’s specific request, SecureIT shall securely delete or return all Personal Data and Reports stored within its Tresorit workspace, unless applicable law requires continued storage of the data.

28.5 Data Processing Addendum (DPA). If required due to the nature of the work the DPA shall be provided by the Customer, in most cases SecureIT is not processing personal data as defined under GDPR.

29. Agreeing to these Terms & Conditions

By signing a Service Order that implements these Terms & Conditions, each Party acknowledges that it has read, understood, and agrees to be bound by these Terms & Conditions.

Version: 1.0

Last Updated: 13.02.2026