Cyber Risk GmbH - Impressum



General Terms and Conditions for all visitors to the Cyber Risk GmbH websites, and all legal transactions made through the Cyber Risk GmbH websites (hereinafter “GTC”).

Updated: December 29, 2023.

Individuals must accept this GTC before visiting the Cyber Risk GmbH websites on their behalf, or acting on behalf of a business entity or another person. In the Cyber Risk GmbH websites individuals can find information, and they can purchase In-House Instructor-Led Training programs, Online Live Training programs, Video-Recorded Training programs, or Distance Learning with Certificate of Completion programs, provided by Cyber Risk GmbH.


Cyber Risk GmbH, some of our clients




Precedence.

In the event of any conflicts between the GTC and the Specific Terms for a specific training program at the Cyber Risk GmbH websites, the Specific Terms will prevail.


Content of this GTC.

Part 1. Definitions.
Part 2. Privacy, Legal and Statement for the visitors of the Cyber Risk GmbH websi tes.
Part 3. General Terms and Conditions for In-House Instructor-Led Training programs provided by Cyber Risk GmbH.
Part 4. General Terms and Conditions for Online Live Training programs provided by Cyber Risk GmbH.
Part 5. General Terms and Conditions for Video-Recorded Training programs provided by Cyber Risk GmbH.
Part 6. General Terms and Conditions for Distance Learning with Certificate of Completion programs, provided by Cyber Risk GmbH.
Part 7. Governing Law, Jurisdiction.



Part 1. Definitions.


“Cyber Risk GmbH” is a company incorporated in Switzerland.
Registered address: Dammstrasse 16, 8810 Horgen, Switzerland.
Company number: CHE-244.099.341.
Cantonal Register of Commerce: Canton of Zürich.
Swiss VAT number: CHE-244.099.341 MWST.
EU VAT number: EU276036462. Cyber Risk GmbH is registered for EU VAT purposes in Germany (Bundeszentralamt für Steuern, One-Stop-Shop, Nicht EU-Regelung) for the sale of services in the EU. Cyber Risk GmbH declares and pays EU VAT in a single electronic quarterly return submitted to Germany, and the German Bundeszentralamt für Steuern forwards the EU VAT due to each member State of the EU.


“Cyber Risk GmbH Training Programs” are training programs developed, updated and provided by Cyber Risk GmbH, and include:
a) In-House Instructor-Led Training programs,
b) Online Live Training programs,
c) Video-Recorded Training programs,
d) Distance Learning with Certificate of Completion programs.


“Parties” are Cyber Risk GmbH and any individual / business entity.

“Party” is Cyber Risk GmbH or any individual / business entity.


“Client” is any individual (aged 18 and over and having the capacity to contract) or business entity, who purchases one or more Cyber Risk GmbH Training Programs.


“Recipient” is any individual who receives one or more Cyber Risk GmbH Training Programs that have been purchased by another individual or business entity on behalf of the Recipient.


“Memorandum of Understanding” is a formal, signed, and legally binding document provided by Cyber Risk GmbH to another Party, that lays out the duties, responsibilities, and commitments of Cyber Risk GmbH, and the all-inclusive cost for the provided services. It may cover the sale of one or more Cyber Risk GmbH Training Programs.


“Contract” is a formal and legally binding document, signed by both Parties, that lays out the duties, responsibilities, and commitments both Parties adhere to. It may cover the sale of one or more Cyber Risk GmbH Training Programs.


“In-House Instructor-Led Training programs” are programs designed or tailored specifically for persons working for a specific company or organization (Board members, risk managers and employees, compliance managers and employees, information security managers and employees, etc.). In all In-House Instructor-Led Training programs an instructor from Cyber Risk GmbH that is approved by the Client travels to the location chosen by the Client and leads the class according to the needs of the Client and the Contract.


“Online Live Training programs” are synchronous (real time, not pre-recorded) training programs that take place in a live virtual meeting room provided with the assistance of platforms like Zoom, Webex, Microsoft Teams etc. In all Online Live Training programs, instructors from Cyber Risk GmbH that are approved by the Client tailor the method of delivery (interactive, non-interactive, etc.) to the needs of the Client, lead the virtual class, and answer questions according to the needs of the Client and the Contract.


“Video-Recorded Training programs” are professional, pre-recorded training programs. Instructors from Cyber Risk GmbH that are approved by the Client tailor the training content according to the needs of the Client and the Contract, and they record the training content in a professional studio. The training material (including any subsequent updates) is licensed by Cyber Risk GmbH to the client for training purposes. The Client may incorporate the recorded videos to their internal learning platform and make them available on-demand. Video-Recorded Training programs include Orientation Video Training and Compliance Video Training programs.


“Distance Learning with Certificate of Completion programs” (hereinafter “distance learning programs”) are asynchronous self-study distance learning programs, provided by Cyber Risk GmbH. Asynchronous programs means that Recipients receive the training material via email, and they have the freedom to study at their own speed, when it is convenient for them.


“Credentials” are the username and the password required for an online exam.


“Confidential Information” is any information provided by one Party to the other in written, graphic, recorded, machine readable or other form, marked as confidential in a Contract. It may include business processes, clients, suppliers, finances and other areas of the other party’s business or products, and the training programs. Confidential Information are not information that can be found in the public domain.


‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


‘Processing’ means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


‘Profiling’ means any form of manual or automated processing of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.


“Cyber Risk GmbH websites” are all websites that belong to Cyber Risk GmbH, and include the following:


a. Sectors and Industries.

1. Cyber Risk GmbH

2. Social Engineering Training

3. Healthcare Cybersecurity

4. Airline Cybersecurity

5. Railway Cybersecurity

6. Maritime Cybersecurity

7. Oil Cybersecurity

8. Electricity Cybersecurity

9. Gas Cybersecurity

10. Hydrogen Cybersecurity

11. Transport Cybersecurity

12. Transport Cybersecurity Toolkit

13. Hotel Cybersecurity

14. Sanctions Risk

15. Travel Security


b. Understanding Cybersecurity.

1. What is Disinformation?

2. What is Steganography?

3. What is Cyberbiosecurity?

4. What is Synthetic Identity Fraud?

5. What is a Romance Scam?

6. What is Cyber Espionage?

7. What is Sexspionage?

8. What is the RESTRICT Act?


c. Understanding Cybersecurity in the European Union.

1. The NIS 2 Directive

2. The European Cyber Resilience Act

3. The Digital Operational Resilience Act (DORA)

4. The Critical Entities Resilience Directive (CER)

5. The Digital Services Act (DSA)

6. The Digital Markets Act (DMA)

7. The European Health Data Space (EHDS)

8. The European Chips Act

9. The European Data Act

10. The European Data Governance Act (DGA)

11. The EU Cyber Solidarity Act

12. The Digital Networks Act (DNA)

13. The Artificial Intelligence Act

14. The Artificial Intelligence Liability Directive

15. The Framework for Artificial Intelligence Cybersecurity Practices (FAICP)

16. The European ePrivacy Regulation

17. The European Digital Identity Regulation

18. The European Media Freedom Act (EMFA)

19. The Corporate Sustainability Due Diligence Directive (CSDDD)

20. The European Cyber Defence Policy

21. The Strategic Compass of the European Union

22. The EU Cyber Diplomacy Toolbox



Part 2. Privacy, Legal and Statement for the visitors of the Cyber Risk GmbH websites.

Data protection.

Individuals must accept this GTC before visiting the Cyber Risk GmbH websites on their behalf, or acting on behalf of a business entity, where they can find information and they can purchase In-House Instructor-Led Training programs, Online Live Training programs, Video-Recorded Training programs, or Distance Learning with Certificate of Completion programs, provided by Cyber Risk GmbH.

The present GTC applies to all visitors to the Cyber Risk GmbH websites, and all legal transactions made through the Cyber Risk GmbH websites.

Compliance with the Swiss Act on Federal Data Protection (nFADP) and the EU General Data Protection Regulation (GDPR) is very important for us.

We follow the “Privacy by Design” principle. We integrate the protection and respect of users' privacy into the very structure of our services.

We also follow the “Privacy by Default” principle. We implement the best possible privacy and security measures by default, without any intervention from users, and we ensure we process data and limit the use or data in accordance with nFADP and GDPR. Only data that is absolutely necessary for a specific purpose is processed, and only after consent from the data subjects.

We only collect personal information that visitors and clients explicitly give us, and we process this information only for the reasons they are collected.

Personal data are:

(a) processed lawfully, fairly and in a transparent manner in relation to the data subject; (‘lawfulness, fairness and transparency’).

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’).

(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; (‘data minimisation’).

(d) accurate and, where necessary, kept up to date; (‘accuracy’).

We do not profile visitors of our web sites. We do not use tracking methods in order to identify visitors. We do not collect personal information of the visitors of our web sites.

When you visit the Cyber Risk GmbH websites, our web hosting company (Hostpoint in Switzerland) may record your visit. We do not receive from Hostpoint any information to identify or profile visitors of our web sites.

The hosting provider (Hostpoint) of our websites automatically collects and stores information in so-called server log files, which your browser automatically transmits. These are in particular:
– Browser type and browser version,
– operating system used,
– Referrer URL,
– Host name of the accessing computer,
– Time of server request.

This data is not received by Cyber Risk GmbH and cannot be assigned to specific persons by Cyber Risk GmbH. This data is not merged with other data sources in Cyber Risk GmbH.

This data collection from Hostpoint is primarily used to evaluate and prevent attempts to attack the websites. In certain situations, hosting providers are legally obliged to be able to provide information about unauthorized access, in order to counteract criminal activities.

Cyber Risk GmbH has implemented reasonable technical and organisational security measures to protect your personal data against unauthorized access, misuse, loss or destruction.

All electronic messages sent to and from Cyber Risk GmbH are automatically stored. They are protected by reasonable technical and organisational measures. All emails are disposed of after the applicable retention period has expired.

We will disclose the information we have received only to governmental agencies or entities, regulatory authorities, or other persons, only for one reason: To comply with applicable laws, regulations, and court orders.


Cookies.

The Cyber Risk GmbH websites do not use cookies to make them more user-friendly, for marketing, or for any other reason, and do not use Google Analytics or similar services.

Users can control the use of cookies. Browsers give the option to restrict cookies or disable them altogether. Please note that disabling cookies does not affect the functionality and user-friendliness of the Cyber Risk GmbH websites.


What should you consider when sending data over the Internet?

The Internet is generally not regarded as a secure environment, and information sent via the Internet (such as to or from the Cyber Risk GmbH websites or via electronic messages) may be accessed by unauthorized third parties, potentially leading to disclosures, changes in content or technical failures.

Even if both sender and receiver are located in the same country, information sent via the Internet may be transmitted across international borders and be forwarded to a country with a lower data protection level than exists in your country of residence.

Ordinary e-mail messages sent over the Internet are neither confidential nor secure. They may be accessible by third parties and may entail a considerable amount of danger and risk including:
(a) lack of confidentiality (e-mails and their attachments can be read and/or monitored without detection);
(b) manipulation or falsification of the sender's address or of the e-mail's (or attachment's) content (e.g. changing the sender's address(es) or details);
(c) system outages and other transmission errors, which can cause e-mails and. their attachments to be delayed, mutilated, misrouted and deleted;
(d) viruses, worms, Trojan horses etc. may be spread undetected by third parties and may cause considerable damage; and
(e) interception by third parties.

Cyber Risk GmbH shall not be liable to you or anybody else for any damages incurred in connection with any messages sent to Cyber Risk GmbH using ordinary E-mail or any other electronic messaging system. If you want more secure communication, please let us know.


How do we deal with information from individuals under the age of 18?

The Cyber Risk GmbH websites do not collect personal data from individuals under the age of 18. Individuals under the age of 18 should receive permission from their parent or legal guardian before providing any personal data to Cyber Risk GmbH on the Cyber Risk GmbH websites.


How can you access or review your personal data?

You may, where permitted by applicable law or regulation:
- check whether we hold your personal data,
- ask us to provide you with a copy of your personal data, or
- require us to correct any of your personal data that is inaccurate.

Should you have a request regarding the processing of your personal data, please send us an email, or a letter to the following address:

Cyber Risk GmbH
Dammstrasse 16,
8810 Horgen
Switzerland
Phone: +41 79 505 89 60
Email: george.lekatis@cyber-risk-gmbh.com
Web: www.cyber-risk-gmbh.com


Information requests.

If, under Article 8 of the Federal Act on Data Protection ("FADP"), you wish to request information as to whether Cyber Risk GmbH processes your personal data, please send a written request to the following address:
Cyber Risk GmbH
Dammstrasse 16,
8810 Horgen
Switzerland
Phone: +41 79 505 89 60
Email: george.lekatis@cyber-risk-gmbh.com
Web: www.cyber-risk-gmbh.com


Statement.

By accessing the Cyber Risk GmbH websites, you accept this Statement ("Statement"). If you do not agree to this Statement, please do not visit the Cyber Risk GmbH websites. The terms of this Statement are subject to any additional terms of disclaimers or other contractual terms you have entered into with Cyber Risk GmbH such as client privacy statements or notices, non-disclosure or confidentiality agreements, and any applicable mandatory laws and regulations.

All information and materials published, distributed or otherwise made available on the Cyber Risk GmbH websites are provided for informational purposes, for your non-commercial, personal use only. No information or materials published on the Cyber Risk GmbH websites constitutes an investment, legal or tax advice.

Cyber Risk GmbH does not represent that any product or service is suitable for any specific visitor, firm or organization. No decisions should be made solely based on the contents or information found on the Cyber Risk GmbH websites.

When making a decision for a specific person, firm or organization, you should seek the advice of professional and legal advisors and qualified experts.

Cyber Risk GmbH accepts no responsibility for the correctness, accuracy, timeliness, reliability or completeness of the information provided in the Cyber Risk GmbH websites.

Liability claims against Cyber Risk GmbH relating to material or non-material damage caused by the use or non-use of the information provided or by the use of incorrect or incomplete information have no legal basis as a result of this Statement. If you do not accept this statement, please do not visit the Cyber Risk GmbH websites.

Cyber Risk GmbH reserves the right to change, to supplement, and to delete temporarily or permanently any parts of the pages of the Cyber Risk GmbH websites or any offers without separate announcement.

Direct or indirect references to third-party websites and hyperlinks to third-party websites are outside of our area of responsibility. Cyber Risk GmbH is in no way responsible for any content on or interaction with third-party websites. The access and use of such websites is at the user's own risk.

To the fullest extent permitted by law, in no event shall Cyber Risk GmbH or our affiliates, or any of our directors, employees, contractors, service providers or agents have any liability whatsoever to any person for any direct or indirect loss, liability, cost, claim, expense or damage of any kind, whether in contract or in tort, including negligence, or otherwise, arising out of or related to the use of all or part of the Cyber Risk GmbH websites, or any links to third party websites.

You are solely responsible for acquiring and maintaining such electronic devices and equipment that can handle and will allow you to access and use the Cyber Risk GmbH websites and for taking adequate and appropriate data security measures in accordance with good industry practice to protect yourself against fraud or cyber-attacks on a continuous basis (e.g. by using the most recent browser versions, and installing recommended security patches and up-to-date anti-virus programs and firewalls).

Cyber Risk GmbH specifically disclaims all liability for any tampering with any user's computer system by unauthorized parties, or for losses or liabilities suffered by any user arising from viruses or attacks by hackers.

In no event will Cyber Risk GmbH or our affiliates, or any of our officers, directors, employees, contractors, service providers or agents be liable for any incidental, special, punitive or consequential damages howsoever caused arising out of the use of the Cyber Risk GmbH websites, its content, or the inability to use the Cyber Risk GmbH websites.

This statement applies to any and all damages or injury, including those caused by any failure of performance, error, omission, interruption, deletion, defect, delay in operation or transmission, computer virus, communication line failure, theft, destruction, or unauthorized access, whether for breach of contract, tortious behavior, negligence or under any other cause of action.


Copyright.

The copyright and any other rights relating to texts, illustrations, photos or any other files on the site are the exclusive property of Cyber Risk GmbH or the mentioned owners. For the reproduction of any elements, written consent of the copyright holder must be obtained in advance. If Cyber Risk GmbH unwittingly affects the rights of others, the relevant content shall be amended immediately after it becomes known.


Photo credit.

Own pictures, and pictures purchased from Dreamstime @dreamstime.com


Note.

If sections or individual terms of the GTC are decided by the courts or authorities as not legal or correct, the content or validity of the other parts remain uninfluenced by this fact.



Part 3. General Terms and Conditions for In-House Instructor-Led Training programs provided by Cyber Risk GmbH.

Cost, Terms and Conditions, Cancellation Policy.

Unless otherwise agreed, the training services shall be provided at a fixed price, plus VAT and reasonable expenses that will be pre-approved by the Client.

The Client will be provided with timesheets and breakdowns of time spent and expenses.

Payments shall only be made against an invoice.

The copyright and all intellectual property rights relating to the training material are solely owned by and hereby reserved to Cyber Risk GmbH. Under no circumstances may the whole or any part of the training material be produced or copied in any form or by any means or translated into another language without the prior written permission of Cyber Risk GmbH.

Placing the material (including any and all derivative works) on a marketplace and sharing the material (including any and all derivative works) with any third party outside the Client company or organisation is strictly forbidden.

Cyber Risk GmbH expressly disclaims all warranties, either expressed or implied, including any implied warranty of fitness for a particular purpose, and neither assumes nor authorizes any other person to assume for it any liability in connection with the information or training programs provided.

Cyber Risk GmbH, its directors, managers, employees, or contractors shall not be held liable for any direct or indirect damages resulting from the use of any training material. By agreeing to this license agreement, the client agrees to indemnify, defend, and hold harmless Cyber Risk GmbH from and against all claims.

The training program is not legal advice for a specific legal entity. Although it is tailored to each client, it is still of a general nature only and is not intended to address the specific circumstances of any particular individual or entity. It should not be relied on in the particular context of enforcement or similar regulatory action. It does not prejudge the position that the relevant authorities might decide to take on the same matters if developments, including Court rulings, were to lead it to revise some of the views expressed in the program.

50% of the cost of each training program (including 50% of the total estimated expenses) is billable in advance and is payable at least 45 days prior to the course delivery date. The remaining 50% of the cost (including the remaining expenses) is due up to 30 days after the last day of the training.

Cancellation from the client less than 45 days before the scheduled start date will be subject to a cancellation fee of 50% of the cost of the training program.

Cancellation from the client 46 days or more before the scheduled start date will be subject to a cancellation fee of 20% of the cost of the training program.

Force Majeure: Neither the client nor Cyber Risk GmbH shall be liable to any penalty should courses be delayed or cancelled due to war, fire, strike lock-out, industrial action, accident / illness of the instructor, civil disturbance, or any other cause whatsoever beyond their control.

In the unlikely event of a cancellation by Cyber Risk GmbH, any payment made for the cancelled class will be fully refunded. The client understands and agrees that Cyber Risk GmbH shall not, in any way, be held responsible for any costs, including loss of airfare or other transportation costs, hotel expenses or other damages, which the client may suffer if Cyber Risk GmbH cancels a class.

Cyber Risk GmbH processes and stores data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint (the servers are in the interxion data center in Zurich, the data is saved exclusively in Switzerland, and support, development and administration activities are also based entirely in Switzerland).

Cyber Risk GmbH is willing to sign a confidentiality or nondisclosure agreement, shall maintain confidential information in trust and confidence, and shall not disclose or use confidential information for any unauthorized purpose. Cyber Risk GmbH may use confidential information of the client only to the extent required to accomplish the purposes of the training program.

Cyber Risk GmbH will neither take any photos of the audience, nor publish any names, photos, or details of the training agreement on social media, web sites or catalogs, for marketing or for any other purpose.

Any controversy in relation to the terms of this agreement shall be governed and interpreted in accordance with the law of the Canton of Zürich, Switzerland.



Part 4. General Terms and Conditions for Online Live Training programs provided by Cyber Risk GmbH.

Cost, Terms and Conditions, Cancellation Policy.

Unless otherwise agreed, the training services shall be provided at a fixed price, plus VAT and reasonable expenses that will be pre-approved by the Client.

Payments shall only be made against an invoice.

The copyright and all intellectual property rights relating to the training material are solely owned by and hereby reserved to Cyber Risk GmbH. Under no circumstances may the whole or any part of the training material be produced or copied in any form or by any means or translated into another language without the prior written permission of Cyber Risk GmbH.

Placing the material (including any and all derivative works) on a marketplace and sharing the material (including any and all derivative works) with any third party outside the client company or organisation is strictly forbidden.

Cyber Risk GmbH expressly disclaims all warranties, either expressed or implied, including any implied warranty of fitness for a particular purpose, and neither assumes nor authorizes any other person to assume for it any liability in connection with the information or training programs provided.

Cyber Risk GmbH, its directors, managers, employees, or contractors shall not be held liable for any direct or indirect damages resulting from the use of any training material. By agreeing to this license agreement, the client agrees to indemnify, defend, and hold harmless Cyber Risk GmbH from and against all claims.

The training program is not legal advice for a specific legal entity. Although it is tailored to each client, it is still of a general nature only and is not intended to address the specific circumstances of any particular individual or entity. It should not be relied on in the particular context of enforcement or similar regulatory action. It does not prejudge the position that the relevant authorities might decide to take on the same matters if developments, including Court rulings, were to lead it to revise some of the views expressed in the program.

50% of the cost of each training program (including 50% of the total estimated expenses) is billable in advance and is payable at least 45 days prior to the course delivery date. The remaining 50% of the cost (including the remaining expenses) is due up to 30 days after the last day of the training.

Cancellation from the client less than 45 days before the scheduled start date will be subject to a cancellation fee of 50% of the cost of the training program.

Cancellation from the client 46 days or more before the scheduled start date will be subject to a cancellation fee of 20% of the cost of the training program.

Force Majeure: Neither the client nor Cyber Risk GmbH shall be liable to any penalty should courses be delayed or cancelled due to war, fire, strike lock-out, industrial action, accident / illness of the instructor, civil disturbance, or any other cause whatsoever beyond their control.

In the unlikely event of a cancellation by Cyber Risk GmbH, any payment made for the cancelled class will be fully refunded. The client understands and agrees that Cyber Risk GmbH shall not, in any way, be held responsible for any costs, including loss of airfare or other transportation costs, hotel expenses or other damages, which the client may suffer if Cyber Risk GmbH cancels a class.

Cyber Risk GmbH processes and stores data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint (the servers are in the interxion data center in Zurich, the data is saved exclusively in Switzerland, and support, development and administration activities are also based entirely in Switzerland).

Cyber Risk GmbH is willing to sign a confidentiality or nondisclosure agreement, shall maintain confidential information in trust and confidence, and shall not disclose or use confidential information for any unauthorized purpose. Cyber Risk GmbH may use confidential information of the client only to the extent required to accomplish the purposes of the training program.

Cyber Risk GmbH will neither take any photos of the audience, nor publish any names, photos, or details of the training agreement on social media, web sites or catalogs, for marketing or for any other purpose.

Any controversy in relation to the terms of this agreement shall be governed and interpreted in accordance with the law of the Canton of Zürich, Switzerland.



Part 5. General Terms and Conditions for Video-Recorded Training programs provided by Cyber Risk GmbH.

Cost, Terms and Conditions, Cancellation Policy.

Unless otherwise agreed, the training services shall be provided at a fixed price, plus VAT. It will be pre-approved by the Client.

Payments shall only be made against an invoice.

The copyright and all intellectual property rights relating to the training material are solely owned by and hereby reserved to Cyber Risk GmbH. Under no circumstances may the whole or any part of the training material be produced or copied in any form or by any means or translated into another language without the prior written permission of Cyber Risk GmbH.

The training material, including any subsequent updates, is licensed by Cyber Risk GmbH to the purchasers ("clients") for training purposes only. The clients are provided with non-exclusive rights to use the training material to educate their company's or their organisation's employees.

Placing the material (including any and all derivative works) on a marketplace and sharing the material (including any and all derivative works) with any third party outside the client company or organisation is strictly forbidden. The owner of the training material remains Cyber Risk GmbH.

The clients have the right to translate and/or overwrite the subtitles of the video-recorded training in the language(s) they deem necessary. Cyber Risk is not responsible legally, or otherwise, for any modifications made on the video recordings after their delivery to the client.

Cyber Risk GmbH expressly disclaims all warranties, either expressed or implied, including any implied warranty of fitness for a particular purpose, and neither assumes nor authorizes any other person to assume for it any liability in connection with the information or training programs provided.

Cyber Risk GmbH, its directors, managers, employees, or contractors shall not be held liable for any direct or indirect damages resulting from the use of any training material. By agreeing to this license agreement, the client agrees to indemnify, defend, and hold harmless Cyber Risk GmbH from and against all claims.

The training program is not legal advice for a specific legal entity. Although it is tailored to each client, it is still of a general nature only and is not intended to address the specific circumstances of any particular individual or entity. It should not be relied on in the particular context of enforcement or similar regulatory action. It does not prejudge the position that the relevant authorities might decide to take on the same matters if developments, including Court rulings, were to lead it to revise some of the views expressed in the program.

The client is responsible for the storage and distribution of the video-recorded training files.

A down payment of 50% of the total payment is due at least 45 days before the date that the training material must be delivered to the client. The remaining 50% of the total payment will be paid within 30 days after the delivery of the training material to the client.

Cancellation from the client less than 45 days before the scheduled start date will be subject to a cancellation fee of 50% of the cost of the training program.

Cancellation from the client 46 days or more before the scheduled start date will be subject to a cancellation fee of 20% of the cost of the training program.

Force Majeure: Neither the client nor Cyber Risk GmbH shall be liable to any penalty should courses be delayed or cancelled due to war, fire, strike lock-out, industrial action, accident / illness of the instructor, civil disturbance, or any other cause whatsoever beyond their control.

In the unlikely event of a cancellation by Cyber Risk GmbH, any payment made for the cancelled video-recorded class will be fully refunded.

Cyber Risk GmbH processes and stores data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint (the servers are in the interxion data center in Zurich, the data is saved exclusively in Switzerland, and support, development and administration activities are also based entirely in Switzerland).

Cyber Risk GmbH is willing to sign a confidentiality or nondisclosure agreement, shall maintain confidential information in trust and confidence, and shall not disclose or use confidential information for any unauthorized purpose. Cyber Risk GmbH may use confidential information of the client only to the extent required to accomplish the purposes of the training program.

Any controversy in relation to the terms of this agreement shall be governed and interpreted in accordance with the law of the Canton of Zürich, Switzerland.



Part 6. General Terms and Conditions for Distance Learning with Certificate of Completion, provided by Cyber Risk GmbH.

Each Distance Learning with Certificate of Completion program (hereinafter referred to as “distance learning program”) is provided at a fixed price, that includes VAT. There is no additional cost, now or in the future, for each program.

Each distance learning program consists of:

a. The official presentations, sent via email,

b. Up to 3 online exams, important for the measurement of the training effectiveness,

c. The certificate of completion.

Clients must carefully read the “What is included in the program” section at the registration page (the web page where they can make the payment), where they can find all information for each distance learning program.

Clients can purchase each distance learning program with a card, QR payment, or PayPal. Cyber Risk GmbH has no access to the financial information of Clients (card numbers, bank accounts, or other confidential information related to a payment). Only the Payment Service Providers (Banks, Payrexx, PayPal etc.) have access to financial information.

Cyber Risk GmbH will ask all Clients or Recipients of the distance learning programs two questions:

a. Which is your full name, as it will appear on the certificate?

b. Which is your email address?

The answers to these questions, provided directly by Clients or Recipients (collectively “Personal Information”) will be kept by Cyber Risk GmbH in compliance with the Swiss Act on Federal Data Protection (nFADP) and the EU General Data Protection Regulation (GDPR).

After the payment, Clients will receive information from the Payment Service Providers (Payrexx, PayPal etc.). “Payment completed” means that the Payment Service Providers have received all the necessary information to process the transaction. “Payment cleared” means that the Payment Service Providers have received the funds. Cleared funds are money that has been fully transferred from one account to another.

Cyber Risk GmbH will send the training programs via email up to 24 hours after it has been informed by the Payment Service Providers that the transaction is completed. Clients must check the spam folder of their email client too, as emails with attachments are often landed in the spam folder.

Clients have the option to ask for a full refund up to 60 days after the payment. If they do not want one of the distance learning programs for any reason, Clients must only send an email with title “Please refund the payment”, and Cyber Risk GmbH will refund the payment, no questions asked.

Clients must study their program, and when they are ready for the online exam, they must send an email to Cyber Risk GmbH, to receive their credentials. Credentials are the username and the password required for the online exam. Clients are responsible for maintaining the secrecy and security of their Credentials, and they must not disclose them to any third party. If the Credentials are compromised, Clients must notify Cyber Risk GmbH via email as soon as possible.

Only when Clients pass the exam, they will receive the certificate of completion, according to the terms at the registration page of the program.

Clients can take the exam online from their home or office, in all countries. It is an open book exam. Risk and compliance management is something Clients must understand and learn, not memorize. Clients must acquire knowledge and skills, not commit something to memory.

Clients will be given 90 minutes to complete a 35-question exam. They must score 70% or higher. The exam contains only questions that have been clearly answered in the official presentations.

All exam questions are multiple-choice, composed of two parts:

a. A stem (a question asked, or an incomplete statement to be completed).

b. Four possible responses.

TIME LIMIT - This exam has a 90-minute time limit. You must complete this exam within this time limit, otherwise the result will be marked as an unsuccessful attempt.

BACK BUTTON - When taking this exam you are NOT permitted to move backwards to review/change prior answers. Your browser back button will refresh the current page instead of moving backward.

RESTART/RESUME – You CANNOT stop and then resume the exam. If you stop taking this exam by closing your browser, your answers will be lost, and the result will be marked as an unsuccessful attempt.

SKIP - You CANNOT skip answering questions while taking this exam. You must answer all the questions in the order the questions are presented.


Additional Terms and Conditions for Distance Learning with Certificate of Completion programs.

The copyright and all intellectual property rights relating to the training material are solely owned by and hereby reserved to Cyber Risk GmbH. Under no circumstances may the whole or any part of the training material be produced or copied in any form or by any means or translated into another language without the prior written permission of Cyber Risk GmbH.

Placing the material (including any and all derivative works) on a marketplace and sharing the material (including any and all derivative works) with any third party outside the client company or organisation is strictly forbidden.

Cyber Risk GmbH expressly disclaims all warranties, either expressed or implied, including any implied warranty of fitness for a particular purpose, and neither assumes nor authorizes any other person to assume for it any liability in connection with the information or training programs provided.

Cyber Risk GmbH, its directors, managers, employees, or contractors shall not be held liable for any direct or indirect damages resulting from the use of any training material. By agreeing to this license agreement, the client agrees to indemnify, defend, and hold harmless Cyber Risk GmbH from and against all claims.

The training program is not legal advice for a specific legal entity. Although it is tailored to each client, it is still of a general nature only and is not intended to address the specific circumstances of any particular individual or entity. It should not be relied on in the particular context of enforcement or similar regulatory action. It does not prejudge the position that the relevant authorities might decide to take on the same matters if developments, including Court rulings, were to lead it to revise some of the views expressed in the program.

Cyber Risk GmbH processes and stores data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint (the servers are in the interxion data center in Zurich, the data is saved exclusively in Switzerland, and support, development and administration activities are also based entirely in Switzerland).

Cyber Risk GmbH is willing to sign a confidentiality or nondisclosure agreement, shall maintain confidential information in trust and confidence, and shall not disclose or use confidential information for any unauthorized purpose. Cyber Risk GmbH may use confidential information of the client only to the extent required to accomplish the purposes of the training program.

Cyber Risk GmbH will not publish any names, photos, or details of the Client on social media, web sites or catalogs, for marketing or for any other purpose. Cyber Risk GmbH will only post information on social media, if it is invited by the Client to do so.

Clients and Recipients may not, and may not attempt to, directly or indirectly: (a) transfer, sublicense, loan, sell, assign, lease, rent, act as a service bureau, distribute or grant rights to the training material to any person or legal entity. (b) remove, obscure, or alter any notice of any Trademark, or other intellectual property or proprietary right appearing on or contained within the training material. (c) modify, alter, tamper with, repair, or otherwise create derivative works of any training material without written permission from Cyber Risk GmbH. All rights granted to Clients are conditional on their continued compliance with this GTC and will immediately and automatically terminate if they do not comply with any term or condition of this GTC.


Precedence.

In the event of any conflicts between the GTC and the Specific Terms for a specific training program at the Cyber Risk GmbH websites, the Specific Terms will prevail.


Amendments.

Cyber Risk GmbH reserves the right to change these GTC at any time. The modifications will become effective upon posting them to the Cyber Risk GmbH websites and will only apply to training programs sold after the modification.



Part 7. Governing Law, Jurisdiction.

Any controversy in relation to the terms of this GTC shall be governed, interpreted and construed in accordance with the laws of Switzerland. The Parties shall endeavor to settle any dispute by amicable arrangement. In the event of continuing disagreement, the Parties shall refer the dispute to the courts of the Canton of Zürich in Switzerland.

If sections or individual terms of the GTC are decided by the courts or authorities as not legal or correct, the content or validity of the other parts remain uninfluenced by this fact.