Terms and Conditions

About SecureFirst

SecureFirst ApS (SecureFirst / us / we) aims to assist small and medium-sized enterprises in achieving enhanced IT security.

We offer an online IT security system (the Application) via securefirst.dk, available in a paid FULL version. Additionally, we provide a range of supplementary products and services.

In addition to the Application, we operate securefirst.dk and other websites and online channels (Websites), which provide information and support for current and prospective users of the Application.

Our Application, Websites, and supplementary products/services are offered exclusively to business clients.

Definitions

Application: The SecureFirst IT security system and selected add-on modules.

Usage Data: A type of data generated through the use of the Application. Usage Data includes Customer Data, technical information, and traffic information (operating system, browser type, keyboard language, IP address, and similar), as well as aggregated Customer or user-generated data (session duration, feedback, and similar).

Data Controller: The entity that determines the purposes and means of the processing of Personal Data.

Data Processor: The entity that processes Personal Data on behalf of the Data Controller.

Customer Data: Data belonging to the customer (or their users) that is processed within the Application, such as matching vulnerabilities, responses from IT security assessments, email addresses, names, and other forms of production data and documents.

Personal Data: Any information relating to an identified person, or data that can directly or indirectly identify an individual.

These terms and conditions are valid from January 13, 2025 and supersede all previous versions.

1. Acceptance of Subscription and Terms

1.1. These purchase terms and conditions (hereinafter “Terms”) are accepted upon written or email approval of a submitted offer.

By accepting this, the terms and data processing agreement apply between SecureFirst ApS, CVR number 44238780, Lyskær 3B 2, 2730 Herlev DK-Denmark, hereinafter “SecureFirst”, and you as the customer.

2. Subscription Terms for SecureFirst

2.1. Our Application is offered exclusively to business customers, and our service is therefore business-to-business.

2.2. If you represent a company that becomes our client, you personally warrant that you are legally authorized to accept these terms and conditions on behalf of the company.

2.3. We reserve the right to amend and update these terms and conditions and information regarding rights at any time. The current terms and conditions will always be accessible on our websites. Your continued use of the Application and/or our websites following any modification of these terms shall constitute your acceptance of the revised terms.

3. Use of the Application and Purchase of Additional Products and Services

3.1. We grant you a non-exclusive and time-limited right to use the Application. This right applies exclusively to you and your colleagues, and the Application may not be used by others or for performing data processing or services for others. You warrant and bear full responsibility for those to whom you grant access to the Application or who use your login credentials.

3.2. You may not transfer your subscription to a third party without the express written consent of SecureFirst.

4. Pricing and Payment Terms

4.1. The prices applicable at any given time are specified in the client's most recently submitted offer. Prices are stated exclusive of VAT and in Danish Kroner (DKK). We reserve the right to modify the composition, content, and prices of products and subscriptions with prior notice via email or by posting on our websites.

4.2. Unless otherwise expressly agreed or stipulated in the subscription terms, the subscription fee will be charged in advance for the selected subscription period.

4.3. By entering into a subscription agreement, you agree that payment for the subscription fee, along with any additional services or extended features, must be made in accordance with the agreed payment terms.

Should you utilize additional services or extended features, you agree that these services or features must be paid for separately, in addition to the prevailing subscription fee.

Upon subscription renewal and/or the use of additional services, our commercial partner will issue an invoice for the respective purchase. The invoice will be sent to the email address provided in your account. It will detail the invoiced amount, payment due date, and relevant payment information.

It is your responsibility to ensure that the provided email address is accurate and up-to-date to ensure timely receipt of invoices and payment information. Any questions or discrepancies regarding invoices should be directed to our commercial partner using the contact details provided on the invoice.

We encourage you to thoroughly review the invoice and payment terms. Failure to make payments may result in the suspension or termination of your services in accordance with the applicable terms.

5. Right of Withdrawal

5.1. The application and supplementary products/services are offered exclusively digitally to businesses, and therefore, no 14-day right of withdrawal applies.

6. Minimum Subscription Period

6.1. The subscription is subject to a minimum period of 12 months, commencing at the agreement's inception. Throughout this period, the subscription will remain active unless a valid termination is executed as outlined in section 7 “Termination and Subscription Renewal”.

7. Termination and Subscription Renewal

7.1. The subscription includes a binding period of 12 months. Should the agreement not be terminated with 30 days' notice prior to the end of the current subscription period, it will automatically be extended for an additional 12 months.

Termination must be received no later than 30 days before the expiration of the current subscription period. This ensures that if termination is not provided with timely notice, the agreement will continue for a new 12-month period.

7.2. You may contact info@securefirst.dk at any time to request account deletion. This action will be considered a termination of your subscription.

7.3. Should an account be terminated or deleted during a subscription period, you remain obligated to pay for the Service until the subscription expires. Your obligations under this agreement apply throughout the entire subscription period.

7.4. We reserve the right to terminate the subscription with three months' notice.

7.5. In the event of non-payment, we reserve the right to suspend your account immediately upon the registration of outstanding payment and until payment is received. Please note that the suspension of your account due to non-payment does not absolve you of responsibility for the remaining payments within the current binding period. The agreement remains in effect, and you will continue to be liable for fulfilling payment obligations for the remaining binding period, even if the account is temporarily suspended due to non-payment.

7.6. We reserve the right to terminate the Customer's subscription without notice in the event of the Customer's bankruptcy or insolvency.

7.7. In the event of a material breach of these terms, we may terminate the subscription with immediate effect.

8. Assignment

8.1. We reserve the right to freely transfer our rights and obligations to you to an affiliated company or third party. Furthermore, we are entitled to use sub-processors, including for the storage and processing of data. The list of sub-processors we use for data processing can be found here: securefirst.dk/underdatabehandlere.

9. Customer Data

9.1. As a customer, you are the Data Controller for any Personal Data uploaded and processed within the Application. Furthermore, as a Customer, you own your data within the Application. A data processing agreement has been entered into for these terms, to which reference is made for further conditions regarding the processing of Personal Data. Personal Data for which we are the data controller is processed in accordance with our privacy policy.

9.2. The Application allows you to export data from your dashboards in the user interface, etc. You agree that such export must be completed by you before your paid subscription expires.

9.3. We are entitled to retain Customer Data after termination for the purpose of using it in anonymized form for statistics and analysis of the Application.

9.4. We may use Usage Data to maintain, offer, and develop additional IT security services within the SecureFirst Application, price the Application, and market it in accordance with legislation, provided that the necessary security measures have been implemented. In cases where Personal Data such as email address and IP address are included in this work, we shall anonymize this data. If anonymization is not possible due to technical or practical limitations, we shall implement alternative compensatory security measures to ensure compliance with applicable law.

9.5. We may share Usage Data with other companies within the DDSA Holding group under the same terms and limitations as described in this agreement.

9.6. We may grant third parties and authorities access to Customer Data, however, only in accordance with relevant data protection legislation in connection with court orders, governmental requests, customer bankruptcy, death, or similar circumstances.

9.7. Information derived from aggregated and statistically collected material may, in specific cases, be sold to third parties. Specifically, it should be noted that the data is anonymous, and you will therefore never be identifiable.

10. Customer's Access to Own Data

10.1. You have full access to your own account and data at all times. We retain this data as long as you actively use the Application.

10.2. Customer data is continuously deleted or anonymized upon the conclusion of the purpose for which it was collected.

10.3. Should your account remain inactive for a period of 12 months, your data will be deleted in accordance with applicable data protection legislation.

11. Updates and Operational Stability

11.1. We reserve the right to update and modify the Application. In certain instances, it may be necessary to temporarily suspend access to the Application and our websites during update procedures. While we endeavor to achieve the highest possible operational stability for the Application, we do not provide a guarantee thereof.

12. Customer's Utilization of SecureFirst

12.1. You bear sole responsibility for the content and legality of your data. You are prohibited from transferring or processing malicious code, data, or similar (e.g., viruses) to or via the software, or from utilizing the software for unlawful or malicious purposes.

13. Marketing

SecureFirst is entitled to utilize the Customer as a reference in its marketing efforts, including providing a description of any associated project engagement.

14. Liability

14.1. SecureFirst disclaims all liability pertaining to these terms, services, or the use of the Service, irrespective of whether such liability arises in contract or tort. This disclaimer extends to consequential damages, other indirect losses, and losses resulting from ordinary negligence.

14.2. SecureFirst shall not be held liable for outages or temporary interruptions of the Application, failures in power supply or internet connectivity, system sabotage (including physical damage, computer viruses, and hacking), or any other conditions and circumstances beyond SecureFirst's control. Furthermore, there is no guarantee that downloaded files will be usable on every PC; their utilization will invariably necessitate the user possessing the requisite software to open or read the relevant files.

14.3. Irrespective of the cause, the maximum liability to the customer shall never exceed an amount equivalent to the customer's total annual remuneration paid for the use of the Application.

14.4. The use of the Application, including but not limited to, guides and instructions provided or found online, advice from our employees, suggestions for improvements, and other assistance from SecureFirst and SecureFirst support, as well as any other communication with SecureFirst, is to be considered solely as guidance and is undertaken at your own risk. SecureFirst therefore cannot be held liable for such use. While we endeavor to provide the best possible guidance, errors may occur. You are solely responsible for verifying the accuracy of all information, entries, and similar data.

14.5. Information provided on our website, within our Application, or through our supplementary products/services should not be construed as legal or any other form of professional advice or service. Users are advised to verify all details and consult with a qualified advisor regarding their specific circumstances to obtain tailored guidance before making any decisions.

15. Copyright and Other Intellectual Property Rights

15.1. We retain the copyright and other intellectual property rights to the Application, as well as all material present on our websites and within the Application. Any use thereof requires our explicit written consent.

15.2. No intellectual property rights pertaining to the Application or any other material on the website or within the Application are transferred to the customer.

16. Additional Terms

16.1. For services pertaining to Awareness Training and Phishing, please consult the specific terms and conditions governing these services. These are appended to this agreement under the heading “Terms and Conditions for SecureFirst Awareness Training and Phishing Services”.

17. Force Majeure

17.1. SecureFirst shall not be held liable for any delays or failures in fulfilling its obligations that arise from circumstances beyond SecureFirst’s reasonable control. These circumstances include, but are not limited to, natural disasters, pandemics, war, terrorism, strikes, cyberattacks, supply chain disruptions, or governmental interventions. In such events, SecureFirst will strive to mitigate the consequences for the Customer and restore normal services as expeditiously as possible.

18. Disputes

18.1. Any disputes arising between the customer and SecureFirst shall be resolved under Danish law, with the City Court of Copenhagen designated as the court of first instance.

Terms and Conditions for SecureFirst Awareness Training and Phishing Services

Effective from: 13-01-2025

1. Introduction

These terms and conditions (“Terms”) govern the use of SecureFirst’s Awareness Training and Phishing services (collectively referred to as “the Services”) for business customers. By subscribing to or using the Services, the customer (“Customer”) accepts these Terms.

2. Awareness Training

2.1 Service Description SecureFirst’s Awareness Training is a subscription-based service designed to educate employees on IT security and secure data handling.

The training includes:

• Access to training content: Customers gain access to SecureFirst’s library of courses covering IT security and GDPR-related topics.

• Automated notifications: SecureFirst’s platform sends automated emails to users, including, but not limited to, login credentials, course assignments, and similar communications.

• Support: SecureFirst provides support during onboarding for user setup and course assignment. The Customer is responsible for ongoing user administration.

• Continuous updates: SecureFirst regularly develops and adds new courses to the library, which are automatically assigned to active users unless otherwise agreed.

2.2 Customer's Responsibilities

• The Customer is responsible for ensuring that employees participate in and complete the assigned courses.

• Any requests for customization of course assignments must be communicated during onboarding.

2.3 Disclaimer

• SecureFirst disclaims all liability for results arising from the use of the training material, including employee compliance or learning outcomes.

3. Phishing Services

3.1 Service Description

SecureFirst offers two types of phishing services:

Annual Phishing Subscription:

• Clients receive 12 unique phishing campaigns over a 12-month period.

• Each campaign simulates realistic phishing attempts to help identify and enhance employee awareness.

• Detailed data summarizing campaign results is provided via the SecureFirst platform.​

One-Off Phishing Campaign:

• A single phishing campaign is offered free of charge to prospective or existing clients as a trial.

• The campaign provides a snapshot of employee readiness.

• A follow-up meeting is offered to discuss results and potential improvements.

3.2 Campaign Customization

•    SecureFirst collaborates with the Client to customize phishing campaigns to ensure relevance.

•    Additional fees may apply for multi-language campaigns or highly customized campaigns.

3.3 Disclaimer

•    SecureFirst is not liable for employee actions during phishing simulations or for damages caused by simulated campaigns.

•    The reports and recommendations are advisory and do not substitute for professional IT security consulting.

4. Contract Term and Termination

4.1 Awareness Training

•    The subscription is valid for a minimum of 12 months and automatically renews unless terminated in writing with 30 days' notice prior to the end of the current period.

4.2 Phishing Services

•    Annual Subscription: The agreement runs for 12 months and automatically renews unless terminated in writing with 30 days' notice.

•    One-Off Campaign: No renewal, as the service is performed only once.

4.3 Termination by SecureFirst SecureFirst reserves the right to terminate the agreement with immediate effect if the Client violates our general Terms and Conditions or engages in illegal or malicious activities.

5. Pricing and Payment Terms

5.1 Awareness Training

•    The price is based on the number of users and the agreed-upon subscription terms.

•    Additional fees may apply for customization requests.

5.2 Phishing Services

•    Annual Subscription: The annual subscription covers 12 campaigns. Additional campaigns or multi-language campaigns are subject to further fees.

•    One-Off Campaign: The first campaign is offered free of charge without further purchase obligation.

5.3 Payment Terms

•    All fees are invoiced in advance and must be paid within 14 days, unless otherwise agreed.

•    Non-payment may result in the suspension or termination of the Services.

6. Confidentiality and Data Protection

•    SecureFirst processes all customer data in accordance with applicable data protection laws.

•    The Customer is responsible for the legality and confidentiality of their data.

•    For further details, please refer to SecureFirst's Data Processing Agreement (DPA).

7. Disclaimer and Limitation of Liability

•    SecureFirst provides the Services 'as is' and disclaims all warranties, including fitness for a particular purpose.

•    SecureFirst's liability for any claim is limited to the total fees paid by the Customer in the preceding 12 months.

•    SecureFirst is not liable for indirect or consequential losses, including loss of data or business interruption.

8. Governing Law and Disputes

These Terms are governed by Danish law. Any dispute shall be settled by the City Court of Copenhagen as the court of first instance.

For questions regarding these Terms, please contact SecureFirst at info@securefirst.dk.