General terms and conditions

Version: v1.10 – 3th of december 2021

1. Validity of the conditions

1.1 These General Terms and Conditions (GTC) apply to all business relationships between zeroBS GmbH (hereinafter referred to as zeroBS) with its customers. Deviating terms and conditions of the customer are not recognised by zeroBS unless we expressly agree to their validity.

1.2 The offer available at zero.bs is exclusively for entrepreneurs and commercial customers.

2. Services of zeroBS GmbH

2.1 zeroBS analyses the customer's information technology architecture on behalf of the customer for potential security deficiencies in attacks via the Internet. zeroBS provides various software systems for this purpose, which simulate known attack paths or otherwise serve to uncover vulnerabilities.

2.2 For access to internet-based services that zeroBS makes available to its customers (e.g. Reconnaissance (e.g. Reconnaissance, parcel shooting range, Luup, stress test platform), the following terms of use apply. zeroBS provides the customer with pro rata capacities on an IT system installed at zeroBS for the purpose of using an application developed by zeroBS. In addition, zeroBS supports the customer with customer support.

The customer receives the non-exclusive right, limited in time to the term of the contract, to access the application via telecommunications and to use the functionalities associated with the application via a browser in accordance with the contract and the respective service description or operating instructions. The customer does not receive any further rights, in particular to the software application itself or the operating software.

In return, zeroBS receives a fee, the amount of which can be seen in the current price list.

2.2.1 During the term of the contract, the scope of use is limited to the times from Monday to Friday between 8:00 and 18:00. For downtimes of more than two hours, the user may request an extension of service in the amount of the downtime incurred. Outside these times, the customer can use the service, as the zeroBS IT systems are in operation 24 hours a day without any claim to availability.

2.2.2 The processing performance of the described application systems is defined in the user documentation, which is constantly updated and forms part of this contract.

2.2.3 The customer is not authorised to use the application beyond the use permitted in accordance with the contract or to have it used by third parties or to make it accessible to third parties, except in the cases expressly regulated in the contract. In particular, the customer is not permitted to reproduce, sell or transfer the software application or parts thereof for a limited period of time, especially not to rent or lend it. Access data and/or passwords provided by zeroBS are to be treated as strictly confidential and only communicated to carefully selected employees, who are also to be obliged to maintain confidentiality.

2.2.4 For each case in which the customer culpably enables the use of a software application by unauthorised third parties, the customer must pay compensation. In the event of misuse of the customer's access data, the customer is rebuttably presumed to be at fault. In the event of access by third parties, the customer must provide zeroBS on request with all information necessary to identify the unauthorised third party and also to make a claim; the obligation to provide information exists regardless of whether the customer is at fault.

2.2.5 The customer is clearly informed that the software applications of zeroBS may only be used on the customer's own infrastructure. The customer shall indemnify zeroBS from all claims of third parties which are based on an illegal use of the software applications by him or which were culpably enabled by him. If the customer recognises or must recognise that such an infringement is imminent, there is an obligation to inform zeroBS immediately.

2.3 The customer is advised that simulated attacks on IT systems may result in temporary disruptions or runtime delays. The individual scenarios and potential consequences are discussed with the customer in advance and confirmed in a mutual security agreement, which must be available before the start of tests with simulated attacks (stress test, pen test, vulnerability scan).

2.4 zeroBS DDoS Stress Test Service guarantees the following response times (Time-To-React): for problems, failures or malfunctions caused by zeroBS's own stress tests: 30 seconds.

2.5 The following limits apply to the zeroBS stress test:

  • 1 Tbs HTTP(S) - traffic/month and package
  • max 1,000,000 HTTP requests/second
  • max 300 GB DDoS volume attacks

2.5.1 zeroBS does not provide hosting or web server services.

2.5.2 zeroBS uses open source tools and supports the FOSS community

3. Customer Obligations

3.1 The customer is responsible for the installation, configuration and operation of the web application tested by zeroBS, the server and the infrastructure. If this or parts of it are hosted by third parties, e.g. service providers, it is the customer's responsibility to inform the service provider and, if necessary, to obtain approval for the tests and measures from zeroBS.

3.2 The customer is responsible for all damage caused by his own mistakes. The customer will take data backup measures that correspond to the state of the art so that all company-important and company-critical data is available as a backup copy.

3.3 The customer guarantees the complete administration, programming, operation and accessibility of his websites, which are necessary for the provision of the zeroBS services during the test periods.

3.4. The customer will provide zeroBS with appropriate support in providing the contractual services. In particular, he will provide him with the necessary information and documents completely and in a timely manner. The customer provides zeroBS with all necessary information about the websites to be tested.

3.5. zeroBS does not check whether the customer is entitled to have the measures and tests commissioned by zeroBS carried out in relation to third parties.

3.6 If zeroBS is used by third parties due to measures and/or tests commissioned by the customer, the customer will indemnify zeroBS from all resulting damages, in particular the costs of appropriate legal advice, defense and prosecution. The customer is not liable if zeroBS is responsible for the damage.

3.7. If necessary, the customer will entrust knowledgeable employees with the cooperation who are authorized to make all necessary or expedient decisions. In particular, a contact person must ensure that there is ongoing monitoring of the IT systems in the customer's company so that an appropriate response can be made in the event of impairments caused by zeroBS measures.

4. Test data

4.1 zeroBS can determine test data as part of a customer order, hold it and use it to create the report.

4.2 At the end of the project, the data collected will be destroyed on request and only the report generated will be delivered to the customer. The end of the test phase will be announced to the customer by zeroBS.

4.3 The customer will not transfer any personal data to zeroBS unless absolutely necessary. Should zeroBS nevertheless have to process personal data as part of the fulfilment of the order, this process is deemed to be order data processing. In this case, the following order data processing agreement applies:

(1) Both parties shall observe the applicable data protection regulations, in particular those valid in Germany, and shall oblige their employees deployed in connection with the contract to maintain data secrecy in accordance with Section 5 BDSG, unless they are already generally obliged to do so.

(2) If the customer collects, processes or uses personal data on facilities provided by zeroBS within the scope of this contract, the customer warrants that he is authorised to do so in accordance with the applicable provisions, in particular those of data protection law, and indemnifies zeroBS against claims by third parties in the event of a breach. This also applies in the event that the customer sends the data to third parties using the services or makes them available for collection.

(3) Insofar as the data to be processed is personal data, this constitutes commissioned data processing (§ 11 BDSG) and zeroBS shall comply with the customer's instructions (e.g. to comply with deletion and blocking obligations). The instructions must be communicated in writing in good time

(4) The zeroBS may award subcontracts, but must impose the obligations corresponding to the prefix (order data management) on the sub-zeroBS.

(5) If the customer authorises third parties to access information stored by the customer on systems relevant to the contract, the customer and the third party authorised by the customer shall also be responsible for this process under data protection law.

(6) The zeroBS shall take the technical and organisational security precautions and measures in accordance with the Annex to Section 9 BDSG.

(7) The customer is generally not authorised to access the premises with the software application, the server and the operating software as well as other

system components of the data centre of zeroBS. This does not affect the access rights of the customer's data protection officer after written notification for the purpose of checking (§ 11 para. 2 BDSG) compliance with the requirements in accordance with the Annex to § 9 BDSG as well as zeroBS's other handling of personal data in the context of operation in accordance with the law and the contract.

4.4 Further use of know-how: The above provisions do not restrict the right of the contracting parties to further use ideas, know-how, concepts and procedures which relate to the contractual services and become general know-how in the course of the co-operation, provided that this does not infringe any property rights or the obligation to maintain confidentiality of confidential information of the other party or a third party.

5. Terms of payment

5.1 For services provided by zeroBS, payment of the zeroBS invoice is due within 7 days (from the date of invoice).

5.2 Payment is due as soon as the customer's order has been accepted by zeroBS through the order confirmation, but not before the customer has received one or more parts of the service.

5.3 SEPA mandate: The customer has the option, as part of an order for recurring partial deliveries for the package or service requested by him, to have the respective amount due for the claim collected from the customer's account by direct debit (direct debit authorisation/SEPA mandate). The "mandate" is the customer's consent to the payee (zeroBS) to collect due receivables by direct debit and the instruction to his payment service provider (paying agent, the customer's bank) to honour the direct debit by debiting his payment account. The direct debit is initiated by zeroBS. The announcement of the direct debit (pre-notification) is made at the latest 3 working days before the direct debit is asserted, usually with the invoice. Collection by zeroBS takes place at the earliest 3 working days after the invoice date. The invoice will be sent to the customer by email to the email address provided by the customer. The customer must ensure that there are sufficient funds in the specified account so that the amounts due can be collected.

5.4 The customer shall receive an invoice or calculation of the agreed and due remuneration in electronic form as a PDF document. If required, the invoice can be sent by post, whereby the postage will be charged separately.

5.5 The following special conditions apply to commissioned and agreed stress tests

  • if the stress test is cancelled by the customer in advance or postponed for more than 2 weeks, the set-up costs/provision costs will be invoiced
  • if the stress test is cancelled by the customer less than 14 days before the agreed date, 25% of the commissioned services will be charged
  • if the stress test is cancelled by the customer less than 7 days before the agreed date, 50% of the commissioned services will be charged
  • if the stress test is cancelled by the customer during the ongoing test operation due to promised but insufficient protection mechanisms, the expenses incurred up to that point can be billed in full and the planned but not implemented expenses can be billed at 50%.

6. Prices

6.1 All prices are exclusive of VAT.

6.1.1 A price list of zeroBS products, services and services, if available, is available on the respective product pages

6.1.2 zeroBS reserves the right to change prices at any time at its own discretion

6.2 All offers are subject to change and we reserve the right to errors and transposed figures

6.3 The prices in the order confirmation for an order shall apply to invoices

6.3 For the processing of orders at weekends or outside business hours may incur separate surcharges.

7 Changes and delays in performance

ZeroBS is not responsible for delays in performance due to force majeure (e.g. strike, lockout, official orders, general disruption of telecommunications, war, civil war, natural disasters, etc.) and due to circumstances within the customer's area of responsibility (e.g. non-timely provision of co-operation services, delays caused by third parties attributable to the customer, etc.) and zeroBS is entitled to postpone the provision of the affected services for the duration of the hindrance. zeroBS will inform the customer promptly of delays in performance due to force majeure.

8 Conclusion of contract

8.1 We reserve the right to make changes to zeroBS products in order to maintain a high standard.

8.2 By ordering a product or service, the customer makes a binding declaration of intent to to purchase the offered service in accordance with the GTC and the points described in the offer and to fulfil the resulting obligations.

8.3 zeroBS is entitled to accept the contractual offer contained in the order within a period of 5 working days after receipt by us. However, we are also entitled to refuse acceptance of the order.

9. Liability

9.1 zeroBS is liable to the customer for damages to the following extent:

  1. Damage resulting from injury to life, body or health if zeroBS is responsible for the breach of duty;

  2. Damage due to the breach of essential contractual obligations on the fulfilment of which the customer could rely, whereby the claim for damages is limited to the foreseeable damage typical for the contract, unless there is intent or gross negligence or liability for bodily injury;

  3. Damage caused by an intentional or grossly negligent breach of duty by zeroBS, whereby liability is limited to the foreseeable, typical damage, provided there is no intent, as well as damage under the Product Liability Act.

Any further liability for damages is excluded.

The above limitations of liability also apply in favour of the employees, organs and vicarious agents of zeroBS and irrespective of the basis of the claim.

10 Amendments to these GTC

10.1 zeroBS reserves the right to make changes to these GTC, e.g. to adapt them to changed legal regulations or to introduce new services.

10.2 The GTC of zeroBS GmbH can be viewed on the website www.zero.bs/agb.

10.3 Existing contracts are processed on the basis of the GTC valid at the time the contract is concluded; new contracts are only accepted on the basis of the GTC valid at that time.

11. Final provisions

11.1 All claims arising from or in connection with this contract shall be governed exclusively by German substantive law to the exclusion of the conflict of laws provisions under international private law and the UN Convention on Contracts for the International Sale of Goods.

11.2 The exclusive place of jurisdiction for all legal disputes arising from or in connection with this contract is the registered office of zeroBS.

11.3 Should individual provisions be or become invalid, void or unenforceable in whole or in part, this shall not affect the validity of the remaining provisions. In such a case, the contracting parties shall replace the wholly or partially invalid and/or void and/or unenforceable provision with an agreement that comes as close as possible to the intended legal and economic purpose of the provision to be replaced. The above provision shall apply accordingly in the event of contractual loopholes.

GTC/Policy Version: v1.10 - 3th of december 2021

en_GBEnglish

Your request

Contact us

I have read the information on data protection and the use of personal data and agree to it