General Terms and Conditions (“GTC”)

Version: (13th February 2026) Teichmann International (IT Solutions) AG, St. Gallen, Schweiz Dufourstrasse 124, 9000 St. Gallen, Switzerland, info@teichmann-it.com, (hereinafter „DeeplySecure“)

1. Scope

1.1 Scope

These General Terms and Conditions (“GTC”) apply to all offers, contracts and services provided by DeeplySecure to the Customer in the field of cybersecurity training, awareness programmes, workshops, webinars, elearning content, simulations and accompanying consultancy services (together the “Services”), unless expressly agreed otherwise in writing in an individual case.

Even where the provision of the Services is additionally governed by separate terms or agreements, these GTC shall continue to apply on a supplementary basis to the Services relating to the online platform. To the extent that such separate terms or agreements contain provisions that deviate from these GTC, such provisions shall prevail over the provisions of these GTC.

1.2 Incorporation

Upon conclusion of the contract, DeeplySecure draws the Customer’s attention to these GTC. By signing the offer, confirming by email, or using the Services, the Customer confirms that these GTC have been made available to it and that it has been able to take notice of them in a reasonable manner.

1.3 No application of Customer terms

Any general terms and conditions of the Customer (e.g. purchasing terms) shall apply only if DeeplySecure expressly acknowledges their application in writing. Silence or performance of the Services shall not constitute consent.

2. Definitions

2.1 Customer

The contracting party of DeeplySecure (legal entity, publiclaw body, or natural person acting in the exercise of a professional/commercial activity).

2.2 Participants

Employees/representatives of the Customer who receive platform access and/or use digital content via the platform.

2.3 Digital Content

Content/formats made available via the platform, in particular elearning modules, awareness content, learning paths, knowledge content, tests/quizzes and, where applicable, related materials.

2.4 Platform

Learning/administration/reporting environment (SaaS).

2.5 Customer Content

Data/materials provided by the Customer (e.g. policies, internal guidelines, participant lists).

2.6 Confidential Information

Nonpublic information that is designated as confidential or is confidential by its nature.

3. Offer, Contract Formation, Commencement

3.1 Offers

Offers issued by DeeplySecure are nonbinding unless expressly designated as binding.

3.2 Contract formation

A contract is formed by:
a) signing the offer (text form shall suffice unless agreed otherwise), or
b) written confirmation (e.g. email), or
c) commencement of performance by DeeplySecure at the Customer’s request.

3.3 Commencement

The commencement date is as set out in the offer; otherwise it shall be the date of contract confirmation.

4. Scope of Services, Standard of Performance, Delimitation

4.1 Service description

Scope, content, functions, languages, number of users/participants, term, availability and support level shall be determined exclusively by the offer and its appendices.

4.2 Duty of care instead of guarantee of success

DeeplySecure shall provide the Services professionally and with the customary standard of care in the industry. Unless a binding result is expressly warranted in writing, DeeplySecure does not owe any specific outcome, in particular no guarantee of preventing cyber incidents, no certification/compliance guarantee and no absolute freedom from errors.

4.3 No legal/audit undertaking

The Services (including digital content, guidance and “best practices”) do not replace legal advice, external audit/revision or a formal audit. Any “best practices” are of a general nature and must be implemented by the Customer within its specific organisation.

4.4 Use of third parties

DeeplySecure may engage qualified employees and subcontractors to provide the Services, but shall remain the Customer’s contractual counterparty, unless mandatory law provides otherwise.

4.5 Further development

DeeplySecure may update content/functions/methodologies (e.g. due to new threat scenarios), provided that the agreed service quality and the purpose of the Services are not materially impaired.

5. Customer’s Cooperation Obligations

5.1 Information

The Customer shall provide all information and cooperation required for the provision of the Services in good time (in particular target group, prior knowledge, participant lists/user details, technical framework conditions, internal approvals).

5.2 System requirements

The Customer shall ensure that Participants meet the system requirements necessary to use the platform and that internal IT restrictions (firewall, SSO, email gateways, whitelisting) are clarified in good time.

5.3 Delays/additional costs

Delays/additional costs due to missing or late cooperation may lead to rescheduling; any additional effort may be charged on a timeandmaterials basis at the agreed rates.

6. Organisation in Connection with the Platform, Dates, Cancellations

6.1 Confirmation of dates

Dates shall be binding once confirmed in writing.

6.2 Online sessions

The Customer shall ensure suitable end devices, a stable connection and the required access rights. DeeplySecure may specify or agree appropriate tools (e.g. video conferencing).

6.3 Cancellations/postponements by the Customer (liquidated damages)

Unless otherwise stipulated in the offer, the following shall apply to confirmed dates:

• up to 15 calendar days before the date: free of charge,

• 14–8 calendar days: 50% of the fee agreed for the affected date,

• 7–0 calendar days or nonattendance: 100% of the fee agreed for the affected date,
  in each case plus any noncancellable thirdparty/travel costs. The Customer reserves the right to prove that the damage suffered was substantially lower.

6.4 Substitute participants

The Customer may nominate substitute participants, provided this is reasonable from a professional/organisational perspective and compliant with data protection requirements.

6.5 Recordings

Audio/video recordings or screenshots are permitted only with the prior written consent of both parties. The Customer shall ensure that Participants’ personal rights and data protection rights are respected.

7. Simulations, Exercises, SecurityRelevant Demonstrations

7.1 Simulations

Simulations (e.g. phishing simulations, social engineering exercises, tabletop incidents, “red/blue team”style awareness exercises) are owed only if expressly agreed.

7.2 Internal approvals

The Customer is responsible for ensuring all internal and legal prerequisites (in particular employment law requirements, internal instructions, communications to employees, codetermination/consultation rights where applicable).

7.3 No unlawful use

Content/examples/demonstrations must not be used for unlawful acts. The Customer shall ensure that Participants do not conduct unauthorised tests against production systems or thirdparty systems.

7.4 Termination of exercises

DeeplySecure is entitled to terminate or adapt exercises if risks to operations, persons, infrastructure or legal certainty become apparent.

8. Platform and Digital Content

8.1 Access

Platform access requires user accounts. The Customer shall ensure that access is assigned only to authorised persons.

8.2 Due care and security

Access credentials must be treated as confidential; any suspected misuse must be reported to DeeplySecure without undue delay.

8.3 Rules of use

In particular, the following are prohibited:
a) circumventing security measures, penetration testing/scanning of the platform without consent,
b) overload attacks (e.g. DoS), automated mass scraping without approval,
c) uploading/distributing malicious code,
d) unlawful, discriminatory, criminal or personalityinfringing content,
e) use for reletting/resale/sublicensing unless agreed.

8.4 Measures in case of breaches

In the event of breaches, DeeplySecure may temporarily block access, remove content and, in the event of serious or repeated breaches, terminate the contract for good cause.

8.5 Data export and end of contract

The Customer is responsible for saving reports/materials in good time. After the end of the contract, access shall be blocked; Customer Content shall be deleted within a reasonable period, insofar as no statutory retention obligations apply.

9. Remuneration, Expenses, Taxes, Payment Terms

9.1 Prices

Prices are as set out in the offer. All prices are exclusive of VAT unless stated otherwise.

9.2 Expenses

Travel and incidental expenses shall be charged only if agreed or approved by the Customer (e.g. rail/flight, hotel, flatrate expenses).

9.3 Invoicing

DeeplySecure shall invoice in accordance with the offer (e.g. in advance, upon milestones, or monthly).

9.4 Due date

Invoices are payable net within 30 days unless agreed otherwise.

9.5 Default

In the event of late payment, the Customer shall pay default interest and compensate proven loss caused by the default; unless agreed otherwise, default interest shall be 5% p.a. In addition, DeeplySecure may suspend Services until full payment has been received, provided this is proportionate.

9.6 Retention/setoff

The Customer shall have no rights of retention or setoff.

10. Intellectual Property, Rights of Use

10.1 Ownership of materials

All rights in and to digital content, materials, methods, concepts, knowhow and platform components shall remain with DeeplySecure or the respective rightsholders.

10.2 Customer’s right of use

The Customer shall receive a nonexclusive, nontransferable, nonsublicensable right to use for internal purposes within the agreed scope and for the term of the contract.

10.3 No disclosure

Without the written consent of DeeplySecure, materials/content may not be disclosed to third parties, published or used outside the Customer’s organisation (including upload to public systems or thirdparty systems), unless expressly agreed.

10.4 Customer Content

Rights in and to Customer Content remain with the Customer. The Customer grants DeeplySecure a limited right to use Customer Content solely for the purpose of performing the contract.

10.5 Feedback

Voluntary feedback may be used by DeeplySecure to improve quality, provided no Confidential Information is disclosed.

11. Data Protection, Information Security, Processing on Behalf

11.1 Applicable data protection law

The parties shall process personal data in accordance with the Swiss Federal Act on Data Protection (“FADP”) and the EU General Data Protection Regulation (“GDPR”).

11.2 Roles

The Customer is generally the controller; DeeplySecure is the processor insofar as it processes personal data on behalf of the Customer (e.g. participant administration, platform operation, reporting).

11.3 Anonymised/aggregated data

DeeplySecure may use usage data in anonymised or aggregated form for statistics and product improvement, provided that no conclusions can be drawn about identifiable persons.

12. Warranty and Defects

12.1 Notification

The Customer shall notify defects without undue delay in text form and describe the effects as specifically as possible.

12.2 Defects

DeeplySecure shall remedy justified defects within a reasonable period (e.g. correction of content, replacement date pursuant to Clause 6, rectification of platform function errors), at its discretion.

12.3 Exclusion

No warranty applies to disruptions caused by circumstances on the Customer’s side (e.g. infrastructure, misconfiguration, unauthorised use, lack of cooperation).

13. Liability

13.2 Limitation of liability

Insofar as permitted by law, any liability of DeeplySecure for damage caused by slight negligence is excluded.

13.3 Exclusion of indirect damage

Insofar as permitted by law, liability for indirect damage and consequential damage is excluded, in particular loss of profit, business interruption, loss of turnover, loss of goodwill, and pure financial loss.

13.4 Liability cap

Insofar as permitted by law, the total liability of DeeplySecure per event and contract year is limited to the remuneration actually paid by the Customer in the last 12 months prior to the occurrence of the damage for the affected Services; for oneoff Services, it is limited to the remuneration for the affected Service.

13.5 Data backup

The Customer is responsible for appropriate data backups. DeeplySecure shall be liable for loss of data only to the extent that such loss would not have been avoidable even with proper data backups.

14. Force Majeure

14.1 Principle

Neither party shall be liable for delays/nonperformance due to force majeure (e.g. natural events, war, strikes, pandemics, governmental measures, widespread network/power outages).

14.2 Information

The affected party shall inform the other party without undue delay. If force majeure lasts longer than 60 days, either party may terminate the affected part of the Services in writing.

15. Term, Termination, End of Contract

15.1 Term

The term is as set out in the offer.

15.2 Automatic renewal (optional)

Recurring Services shall renew for 12 months if not terminated in writing at least 3 months before expiry.

15.3 Termination for good cause

Either party may terminate with immediate effect for good cause. As a rule, a written notice of default with a reasonable cure period is required, unless continuation is unreasonable.

15.4 Consequences of termination

Upon termination, rights of use shall end; any outstanding remuneration shall remain due.

16. Final Provisions

16.1 Text form

Amendments/supplements must be made in text form (email suffices), unless a stricter form is expressly agreed.

16.2 Assignment

The Customer may assign rights/obligations only with prior written consent. DeeplySecure may assign to affiliated companies or legal successors as part of a restructuring, provided that no material disadvantages arise thereby.

16.3 Severability

If a provision is invalid, the remainder of the contract shall remain valid; the parties shall replace it with a valid provision that comes closest to the economic purpose.

16.4 Governing law

This contract is governed by Swiss law, in particular substantive Swiss law, excluding conflictoflaws rules and the United Nations Convention on Contracts for the International Sale of Goods (CISG) and other international conventions.

16.5 Jurisdiction

The exclusive place of jurisdiction is St. Gallen, Switzerland, insofar as no mandatory jurisdictions prevail. The place of performance is St. Gallen, Switzerland, unless agreed otherwise.