These General Terms and Conditions govern the terms of supply and use of the Service provided by Cyber Guru to the Client.
1. INTRODUCTION AND ANNEXES
The introduction and annexes to these General Terms and Conditions form an integral and substantial part of the same and are expressly acknowledged and accepted by the Parties.
In particular, the following documents are attached to these General Terms and Conditions:
- The Privacy Policy can be consulted at the following link.
- The Appointment as External Data Processor can be consulted at the following link.
2. DEFINITIONS
The terms listed below have the following meaning in these General Terms and Conditions:
- ‘Access’ refers to the authorisation granted by the Company Admin to the User to access the Platform and use the Products. The number of Accesses purchased by the Client is indicated in the Certificate and until they are exhausted, Cyber Guru will authorise the Company Admin to grant Accesses to Users. Access is governed by the General Terms and Conditions.
- ‘Certificate’ refers to the certificate sent by Cyber Guru to the Client containing, in addition to the summary of the Products and the number of Accesses purchased, the link to access the Platform and activate, following the acceptance of the General Terms and Conditions, the Service.
- ‘Client’ refers to the commercial entity (not a consumer) that has accepted the Offer, thereby assuming all the obligations deriving from the supply of the Service provided by Cyber Guru and governed by the General Terms and Conditions.
- Company Admin means, where provided for by the Service, the individual appointed by the Customer and authorized by the latter to access with administrative or supervisory functions, possibly including the management, creation, or revocation of the Accesses of the Users of the same Customer.
- ‘General Terms and Conditions’ refer to the present General Terms and Conditions (hereinafter also referred to as the “Agremment”).
- ‘Cross-selling’ refers to the addition, in the course of the relationship, of a Product (for example, the Phishing Product compared to the original Awareness Product).
- Cyber Guru is a company under Italian law, certified according to ISO/IEC 27001, 27017 and 27018 and ISO 9001, operating in the IT sector that provides commercial operators (not consumers) with the Service and that is the exclusive owner of the Platform and the Products.
- ‘Confidential Information’ refers to all non-public information or material, designated as proprietary and/or confidential, or otherwise reasonably to be understood as confidential (including, but not limited to, all information on the fees and contents of the Products).
- ‘Offer’ refers to the offer to provide the Service accepted by the Client, including the description of the Service with related Products, the economic conditions, the General Terms and Conditions, the duration (including the date of activation of the Service) and the documents in compliance with the legislation on data processing.
- ‘Platform’ refers to the platform/software as a Service (SaaS) through which it is possible to use the Service provided by Cyber Guru.
- ‘Product(s)’ refers to the software solutions offered by Cyber Guru from time to time and available on the website .
- ‘Service’ means the service provided by Cyber Guru in Software as a Service (SaaS) mode, delivered through access to and use of the Platform, including the Products selected by the Customer and the number of Accesses purchased.
- ‘Up-selling’ refers to the increase in the number of Accesses purchased by the Client.
- User refers to the assignee of the Access by the Company Admin.
3. SUBJECT OF THE AGREEMENT
3.1 The relationship between Cyber Guru and the Client has as its object the provision of the Service by Cyber Guru, in accordance with the provisions of the Certificate and these General Terms and Conditions. It is understood that the obligation assumed by Cyber Guru is an obligation of means and not of result.
4. ACCESS TO THE SERVICE (ACCEPTANCE OF THE GENERAL TERMS AND CONDITIONS, COMPANY ADMIN AND USERS)
4.1 To use the Service, the Client shall receive the Certificate from Cyber Guru, which certifies the activation of the Service and contains the applicable General Terms and Conditions. However, access to the Platform and the use of the Service will only be permitted after the Client’s explicit acceptance of the General Terms and Conditions contained in the Certificate. In the event of non-acceptance, access to the Service will remain precluded.
4.2 Following the activation of the Service pursuant to Article 4.1, a user known as the ‘Company Admin’ will be created, and assigned to the Client’s contact person with administrator functions. The ‘Company Admin’, if applicable, will have access to the Platform with administrative privileges, including the ability to create, manage and revoke Users’ access credentials and to manage access to the Products. The Company Admin may also view the data of the Users, including personal data and information relating to the training trend, to the extent necessary to ensure the proper management and maintenance of the Platform and the Products. It is understood that, subject to agreement between Cyber Guru and the Client, an option may be activated that limits the Company Admin’s access to only aggregated or statistical data, by pseudonymising personal data, so as to make it not directly associated with a natural person.
4.3 To access the Platform and the Products, the Company Admin and each User must use an identification code (username) and a personal access key (password) or other secure authentication criteria, such as SSO (Single Sign-On) or two-factor authentication (2FA) systems, if available.
5. DURATION, INTEGRATION AND FUNCTIONALITY OF THE SERVICE, WITHDRAWAL OF THE CLIENT
5.1 The Client may use the Service for the initial duration indicated in the Certificate, on the basis of the agreement signed with the Reseller. At the end of this initial duration, the contractual relationship between the Client and the Reseller, as well as the provision of the Service by Cyber Guru, will be tacitly renewed for a further 12 (twelve) months (hereinafter, each referred to as a ‘Period’), and so on for subsequent Periods, unless terminated by the Client, to be communicated to the Reseller, with a minimum notice of 3 (three) months with respect to the expiry of the current Period.
5.2 During the execution of the Service, the Client may request Up-selling and Cross-selling actions, it being understood that the duration and term of the additional Accesses will be equal to the initial duration and expiry of the Service, including any renewals pursuant to the previous Article 5.1.
5.3 Upon expiry of the supply, the Company Admin and the End Users will no longer be able to use the Service.
5.4 The features of the Service, including response times and troubleshooting procedures, are as follows:
| Category | KPI | Definition | Expected Value |
| SaaS Platform | Uptime | Percentage of time during which the service is available in a calendar month, during working hours (weekdays 09:00 – 18:00, excluding Italian holidays) | >=98% |
| SaaS Platform | RTO (Recovery Time Objective) | Maximum time to restore service in the event of a critical incident | <=6 hours |
| SaaS Platform | RTO (Recovery Time Objective) | Maximum time to restore service in the event of a high incident | <=12 hours |
| SaaS Platform | RTO (Recovery Time Objective) | Maximum time to restore service in the event of a medium incident | <=3 working days |
| SaaS Platform | Scheduled Maintenance | Planned works to ensure the platform is functioning correctly, with advance notice to Clients on a monthly basis. | <=4 interventions per month |
| SaaS Platform | Minimum Notice | Minimum notice to be provided for scheduled maintenance | >=4 working days |
| SaaS Platform | Scheduled Maintenance Time Slot | Defined time period during which maintenance and updates are carried out, aiming to minimise the impact on Client activities | 18:00 – 04:00 |
| Support Service | Response Time | Time from receiving a request to providing an initial response to the Client | 12 working hours |
| Support Service | TARGET Time | Time period during which the customer support service is provided | 09:00 – 18:00 |
5.5 Any operating errors will be classified as follows:
| Severity | Description |
| Critical | Blocking error that makes the entire Service or Modules unusable in a generalised way for all Clients |
| High | Error that impacts a major functionality, inhibiting the execution of a process or a set of minor functionalities |
| Medium | Error that results in the failure to provide a single feature |
| Low | Error that impacts a minor functionality that does not compromise the provision of the Service |
5.6 Operating errors due to the following events are considered exceptional and extraordinary cases and for which Cyber Guru will not be bound to comply with the standard times referred to in the previous Art. 5.4, undertaking exclusively to communicate to the Client, in the shortest possible time, the estimates on the restoration of the Service:
- natural disasters such as earthquakes, floods, hurricanes or other natural disasters that affect the infrastructure of the Service
- external attacks such as DDoS (Distributed Denial of Service)attacks, hacking or other forms of cyber attacks directed at the Platform
- service interruptions by third parties such as external service providers, data centres, or cloud service providers
- force majeure events to be understood as any unforeseen and insurmountable event that goes beyond the reasonable control of Cyber Guru, such as wars, riots, insurrections, civil unrest, acts of terrorism, fires, explosions.
5.7 In any case, for any request for technical support or assistance related to the provision of the Service, the Client can email to contact the dedicated Cyber Guru support team.
6. CUSTOMER WITHDRAWAL
6.1 Without prejudice to the provisions of applicable mandatory legislation, each Party may terminate the Contract with immediate effect, upon written notice, if the other Party engages in conduct attributable to a criminal offense under Legislative Decree 231/2001 or Legislative Decree 159/2011, provided that such conduct has been definitively established by a final judgment.
6.2 The Customer may withdraw from the Contract, exclusively upon written and reasoned notice, only in the following cases:
- substantial changes to the contractual conditions or deterioration of performance attributable to Cyber Guru that significantly and demonstrably affect critical or important outsourced functions, if such changes or deterioration have not been previously approved or accepted by the Customer;
- verification, by means of a written document issued by a competent authority, of serious and irremediable deficiencies in Cyber Guru's ICT risk management, such as to compromise in a concrete and significant manner the availability, integrity, authenticity, or confidentiality of the data or services provided;
- exceptional circumstances that concretely and demonstrably hinder the exercise of supervisory powers by the competent authority solely because of the existing contractual relationship;
- material changes to subcontracts for critical services or unauthorized outsourcing of critical functions, if carried out by Cyber Guru in breach of contractual obligations and despite the Customer's written and reasoned opposition, and only if such changes cause demonstrable serious prejudice to the Customer's activities.
6.3 Except as provided in Article 6.1, before exercising the right of withdrawal under this Article, the Customer shall notify Cyber Guru in writing, in detail and with reasons, of the alleged breach, attaching appropriate supporting documentation, and granting Cyber Guru a period of not less than sixty (60) days to remedy the breach indicated. Withdrawal shall only take effect if Cyber Guru fails to remedy the breach in a verifiable manner within that period and no reasonable alternative solution can be found between the Parties. In the absence of documentation proving the existence of the conditions for withdrawal, the withdrawal shall be considered ineffective.
6.4 In any case, any suspensions, interruptions, or temporary limitations of services necessary for the implementation of security measures, regulatory compliance, legal requirements, or routine or extraordinary maintenance shall in no case constitute grounds for withdrawal under this article.
7. SPECIFIC OBLIGATIONS OF THE CLIENT
7.1 guarantees that the use of the Platform will take place, exclusively in accordance with the provisions of these General Terms and Conditions, under penalty of its obligation to compensate for damages. Therefore, it undertakes, inter alia, to:
- provide all persons authorised (Company Admins and Users) to use the Service through the use of the Platform with the necessary operating instructions, informing them of the provisions of Articles 4.1, 4.2, 4.3, 5.1, 5.3, 7.2, 9.1, 9.5, 10.1, 11.1, 13.5 and 13.6 of the General Terms and Conditions;
- ensure that the aforementioned persons authorised to use the Service, by accessing the Platform, comply with the General Terms and Conditions;
- take responsibility for any violations committed by such authorised persons, promptly informing Cyber Guru of any misuse of the Platform or violation of the obligations undertaken.
7.2 In particular, the Client undertakes and guarantees that the Company Admin and each User shall:
- access the Platform and the Products exclusively in the manner prescribed by Article 4.3 and use them only for the purposes and in compliance with the General Terms and Conditions (by way of example only, and not exhaustively, they must not: modify, distort, block, abnormally burden, interrupt, slow down and/or hinder the normal functioning, in whole or in part, of the Platform or its components, as well as limit its accessibility to other Users; transmit computer viruses or other software/malware or corrupted files and/or similar destructive devices or corrupted data; organise and/or participate or be involved by any means in an attack against the Platform or the servers used by Cyber Guru; exchange spam messages for commercial or personal purposes by interrupting the flow of the conversation with repeated posts of a similar nature; transmit or communicate material or content that may be considered offensive and harmful to the dignity and decorum of persons, such as, by way of example, derogatory, explicit, illicit, threatening and offensive language in any form; improperly use the assistance service offered by Cyber Guru or improperly use functions to request or send untruthful reports to Cyber Guru and its staff/collaborators; pretend to be an employee or representative of Cyber Guru claiming to enjoy authorisation or concessions towards the Platform or Cyber Guru) and the applicable laws;
- keep their credentials strictly confidential, without disclosing them to third parties, taking all necessary measures to prevent unauthorised access to their personal area, including the choice of secure passwords and the regular updating of the same;
- take the appropriate security measures to protect the data of the Users, refraining from using the data of the Users for unauthorised or illicit purposes (valid only for the Company Admin);
- immediately notify Cyber Guru and the Client of any unauthorised use of their credentials, any suspected breach of security, or any attempt to access the Platform without authorisation.
8. CHANGES, MONITORING AND UPDATES TO THE SERVICE
8.1 Cyber Guru reserves the right to carry out security and maintenance activities and interventions on the Platform, including, but not limited to: updates, maintenance, troubleshooting, configuration to optimize the program, system library compatibility checks, detailed log monitoring to detect any anomalies, and security checks. These activities are necessary to keep the Platform secure and functional and may result in the temporary suspension of the Service during the hours included in the scheduled maintenance period and reported in Article 5.4. Furthermore, while Cyber Guru guarantees basic support for the entire duration of the Service, as this is a SaaS platform, in the event of changes or new feature releases, it cannot guarantee the maintenance of the previous version of the Platform.
9. INTELLECTUAL PROPERTY
9.1 The Client acknowledges that everything included in the Service, including, among other things, the Platform and the Products, is the exclusive intellectual property of Cyber Guru and that their use can only and exclusively take place within the limits provided for in the General Terms and Conditions. The Client also acknowledges that Cyber Guru is the exclusive owner of all the object codes and all the source codes of the Platform, as well as of all the elements, components, applications, versions, developments, updates and software connected to or derived from the Platform that determine the originality of the same, waiving any related dispute or related right. Therefore, any form of plagiarism and/or counterfeiting of the Platform, its abusive duplication, including both the unauthorised production of perfect copies of the program concerned, and the creation of programs derived from the development or modification of the original Platform, is prohibited. Likewise, among other things, the Client is strictly prohibited from disassembling, redesigning, reproducing, plagiarising, counterfeiting, altering, copying, exporting, accessing or attempting to access the source code of the Platform, as well as from creating, using and/or distributing ‘auto’, ‘trainer’, ‘script’ or ‘macro’ software programs, or any other ‘cheat’ or ‘hack’ programs or software applications for the Platform. The Reseller is also prohibited from performing any full or partial decompilation (including both decompilation for interoperability purposes and decompilation aimed at resolving software errors), which may be carried out exclusively by Cyber Guru. It follows that, except as expressly provided for in the General Terms and Conditions, Cyber Guru does not grant any other right or title to the Platform and the Products. The techniques, algorithms and procedures contained in the Platform, as well as in the related documentation, are confidential information owned by Cyber Guru and must remain strictly confidential and not disclosed. All trademarks, registered and not related to the Platform, are covered by intellectual property rights.
9.2 The Client authorises Cyber Guru to use its logos and trademarks for the customisation of the Platform used by the Client.
9.3 The use of the Client’s logos and trademarks to promote the services and solutions provided by Cyber Guru is permitted only with the prior written consent of the Client. This authorisation extends to publication on the Cyber Guru institutional website, on social media platforms, during sectoral events and also includes the right to reproduce and/or insert the logo in communication and promotion materials.
9.4 The Client guarantees the full availability and right to use such logos and/or trademarks and/or distinctive signs and undertakes to hold Cyber Guru harmless from any claims arising from any third-party disputes over them.
9.5 With regard to the customization and configuration of the content (including, but not limited to, simulated phishing campaigns or training materials) of the Products carried out directly by the Customer, the latter accepts and acknowledges that:
- it is solely responsible for the use of logos, trademarks, and/or any other distinctive signs of third parties;
- it shall not include third-party intellectual property without their prior written consent;
- it shall not register or use, through the Platform, domain names or other distinctive signs that are identical to, incorporate, or are easily confused with third-party trademarks without their prior written consent;
- in the event of complaints from third parties claiming that the Customer's activities have infringed their intellectual property rights, Cyber Guru shall communicate the Customer's details to such third parties for the resolution of the matter;
- respond promptly to any complaints or reports from third parties, simultaneously notifying Cyber Guru in writing.
10. SUSPENSION OF SERVICE
10.1 If the Client does not comply with even one provision of the General Terms and Conditions (including, inter alia, the provisions of Articles 4, 7, 9 and/or 11), Cyber Guru reserves the right to immediately and temporarily suspend access to the Platform, upon written notice. That said, except as provided in this Article, Cyber Guru may grant the Client a reasonable period of time, not less than 15 days, to remedy the violation. If the Client does not remedy it within the period indicated, Cyber Guru may proceed to the definitive interruption of access to the Platform. In addition, Cyber Guru may suspend the provision of the Service at the request of the person to whom the Client is required – according to the Offer – to pay the fee for the Service, if it is notified of the Client’s failure to comply with the payment obligation. In this case, the suspension may last until the full balance of the amounts due.
10.2 In the event of termination of the contract, the Client will be required to immediately cease using the Platform and, if the Platform has been installed in on-prem mode at the Client’s infrastructure, proceed to its complete uninstallation, returning or destroying any copy in its possession.
11. CONFIDENTIALITY
11.1 Confidential Information. The Parties acknowledge that, in connection with this Agreement and/or the Service/Products/Training Modules, one of the Parties may transmit Confidential Information to the other. For the purposes of this Agreement, the ‘Receiving Party’ is defined as the Party that receives the Confidential Information, while the ‘Disclosing Party’ is defined as the Party that communicates the Confidential Information.
11.2 Obligations. The Receiving Party agrees (i) to protect the Confidential Information from unauthorised disclosure and use, (ii) to use the Confidential Information only for the execution of this Agreement and the exercise of any rights granted under this Agreement, (iii) not to disclose any Confidential Information to persons who are not subject to confidentiality obligations no less restrictive than the requirements of this Article 11 and (iv) not to remove or destroy any proprietary or confidential legend or trademark placed or contained in the Confidential Information. The Receiving Party shall not copy, decode, disassemble, create works from, or decompile prototypes, software or other tangible objects that incorporate the Confidential Information and/or that are provided to it under this Agreement. Confidential Information shall not be reproduced in any form, except as required to achieve the purposes and intent of this Agreement.
11.3 Exclusions. The foregoing confidentiality provisions shall not apply where the Receiving Party can demonstrate that the information or material: (i) was previously known to the Receiving Party at the time of disclosure, free from any obligation to keep it confidential; (ii) was, or subsequently became, in the public domain; (iii) was lawfully acquired from third parties who were not themselves subject to confidentiality agreements with the Disclosing Party. Each Party may also make disclosures only to the extent that this is expressly provided for by law or derives from an order of the Judicial Authority. In this case, the Receiving Party undertakes to promptly notify (for information only) the Disclosing Party.
12. DATA PROCESSING
12.1 With reference to the provisions of EU Regulation 2016/679 (hereinafter ‘GDPR’), the Parties mutually acknowledge that the personal data collected by each in the execution of this Agreement (including personal data relating to the legal representative, contact persons and contact persons) will be processed in compliance with the relevant legislation. In this regard, if the contractual relationship is entered into between Cyber Guru and the Client, the latter declares that it has read the privacy policy drawn up by Cyber Guru itself in accordance with the GDPR, Article 13 (‘).
- The execution of this Agreement involves the processing of personal data relating to employees, collaborators or other subjects identified by the Client. To this end, the Parties acknowledge and declare that: The Client acts as Data Controller, pursuant to Article 4, no. 7 of EU Regulation 2016/679 (‘GDPR’);
- Cyber Guru acts exclusively as Data Processor, pursuant to Article 28 of the GDPR, following the documented instructions of the Data Controller and in accordance with the Data Processor Appointment Agreement, attached to this Agreement or signed separately.
- For certain Products, Cyber Guru may make use of external providers formally designated as Sub-processors pursuant to Article 28(4) of the GDPR.
13. WARRANTY AND EXCLUSIONS OF LIABILITY
13.1 Cyber Guru undertakes to offer the Client the Service in line with the provisions of Article 5.4, issuing only the guarantees provided for in the General Terms and Conditions (expressly excluding the guarantees of merchantability and suitability for a particular purpose), except as provided for by mandatory rules of law.
13.2 Cyber Guru cannot be held liable for any damage (including, among other things, direct or indirect, from loss of data, profits and/or business) caused to the Client and/or the User and/or third parties deriving from:
- Impossibility/discontinuity in accessing or using the Platform due to problems of incompatibility of the same with the hardware, connection and software equipment used by the Client or the end User, due to a lack of priority verification regarding the correct simultaneous operation of the different programs;
- Malfunctions, delays and/or interruptions in the provision of the Service dependent on the use of telephone, electrical and global and national networks, such as, by way of example: failures, overloads, interruptions, as well as force majeure, unforeseen, unforeseeable events and dependent on natural or third-party events, such as: atmospheric events, explosions and unforeseeable hardware failures in general;
- Impossibility of access or malfunction of the Platform for reasons attributable to the Client or the User, such as incorrect use of the Platform or the insertion of the incorrect key and access code, or due to malfunction of the devices used by the Client or the User (PC, modem and other equipment) or, again, due to network malfunction/problems as well as, finally, for any other problem not dependent on the work of Cyber Guru;
- Use of the Service for purposes other than those provided for in the General Terms and Conditions;
- Any violation of Article 7 by the Client, the Company Admin and/or the User;
- Ordinary and/or extraordinary maintenance operations pursuant to Article 8.
13.3 In any case, Cyber Guru’s liability to the Client shall be limited to the amount actually paid by the Client for the provision of the Service.
13.4 Conversely, the Client shall hold Cyber Guru harmless and indemnify it against any detrimental consequence (including compensation for damages) it may suffer as a result of any third-party claim arising from the Client’s breach of one or more obligations it has assumed under the General Terms and Conditions.
13.5 The Customer acknowledges and accepts that, if they purchase or use Cyber Guru Products that integrate generative artificial intelligence technologies (including, but not limited to, ‘Cyber Advisor’ and ‘Chatbot’), the results generated by such tools are probabilistic in nature, may contain errors, may be incomplete, inaccurate or misleading, and in no case constitute professional advice or binding guidance.
The Customer shall be solely and exclusively responsible for verifying, prior to use or sharing, the accuracy, adequacy, reliability and suitability for use of the results generated by such tools, including through human review, indemnifying Cyber Guru from any liability in this regard.
Cyber Guru shall in no event be held liable, in any capacity whatsoever, for decisions, actions or omissions undertaken by the Customer or third parties on the basis of the content generated by the artificial intelligence tools, nor for any direct or indirect damages, losses, costs or expenses, including damages from loss of data, lost profits or business interruptions, which may result therefrom.
13.6 The Customer acknowledges and agrees that, where it purchases or uses Cyber Guru Products that are intended to support the User in identifying potential risks or anomalous behaviors through notices, alerts, or operational suggestions (including, by way of example and not limitation, tools such as ‘Smart Banner’, ‘Cyber Advisor’, or similar functionalities), the indications provided by such tools are of a purely informational and supportive nature. The assessments generated by such Products are based on automatic and/or algorithmic analyses and do not constitute a certain or definitive verification of the reliability, origin, or security of the contents or communications analyzed. It therefore remains the sole responsibility of the User and the Customer to independently verify the legitimacy and correctness of the reported information or emails, as well as to adopt all precautionary and control measures provided for by their internal security procedures, ensuring the full application of control and verification mechanisms carried out by natural persons. Cyber Guru shall in no event be held liable for damages, losses, or consequences arising from an incorrect, incomplete, or failed qualification of contents or communications by such Products, nor for exclusive or improper reliance on the indications provided by them.
14. APPLICABLE LAW AND JURISDICTION
14.1 The General Terms and Conditions are governed by substantive Italian law, to the exclusion of any reference to foreign laws (including those arising from international private law or treaties). The Court of Rome shall have exclusive jurisdiction over any dispute relating, inter alia, to their interpretation, execution, validity and/or termination.
15. MISCELLANEOUS
15.1 Any integration or modification of the General Terms and Conditions (including the related annexes) must be specifically approved in writing by both Parties.
15.2 No term or clause of the General Terms and Conditions shall be deemed waived, and no breach shall be considered permitted, unless such waiver or consent is expressly made in writing.
Automatic Translation Notice
These General Terms and Conditions are drafted in Italian and in English. Both versions are considered official and have equal legal value. Any versions in languages other than Italian and English, made available through automatic translation tools (including those integrated in digital platforms), are not considered official versions and have no legal value. Such translations are provided for informational purposes only.