Terms and conditions

Definitions

“Cyber Risk GmbH” is a company incorporated in Switzerland.
Registered company name: Cyber Risk GmbH.
Registered address: Dammstrasse 16, 8810 Horgen, Switzerland.
Company number: CHE-244.099.341.
Cantonal Register of Commerce: Canton of Zürich.
Swiss VAT number: CHE-244.099.341 MWST.
EU VAT number: EU276036462. Cyber Risk GmbH is registered for EU VAT purposes in Germany (Bundeszentralamt für Steuern, Dienstsitz Saarlouis, Referat St III 4, One-Stop-Shop, Ludwig-Karl-Balzer-Allee 2, 66740 Saarlouis - Verfahren One-Stop-Shop, Nicht EU-Regelung) for the sale of services in the EU. The VAT One Stop Shop (OSS) simplifies VAT obligations for non-EU businesses selling goods and services cross border to final consumers in the EU. Cyber Risk GmbH declares and pays EU VAT in a single electronic quarterly return submitted to Germany, and the German Bundeszentralamt für Steuern futher forwards the EU VAT due to each member State of the EU.

“Cyber Risk GmbH Training Programs” are training programs developed, updated and provided by Cyber Risk GmbH, and include:
a) In-House Instructor-Led Training programs,
b) Online Live Training programs,
c) Video-Recorded Training programs,
d) Distance Learning with Certificate of Completion programs.

“Parties” are Cyber Risk GmbH and any individual / business entity.

“Party” is Cyber Risk GmbH or any individual / business entity.

“Client” is any individual (aged 18 and over and having the capacity to contract) or business entity, who purchases one or more Cyber Risk GmbH Training Programs.

“Recipient” is any individual who receives one or more Cyber Risk GmbH Training Programs that have been purchased by another individual or business entity on behalf of the Recipient.

“Memorandum of Understanding” is a formal, signed, and legally binding document provided by Cyber Risk GmbH to another Party, that lays out the duties, responsibilities, and commitments of Cyber Risk GmbH, and the all-inclusive cost for the provided services. It may cover the sale of one or more Cyber Risk GmbH Training Programs.

“Contract” is a formal and legally binding document, signed by both Parties, that lays out the duties, responsibilities, and commitments both Parties adhere to. It may cover the sale of one or more Cyber Risk GmbH Training Programs.

“In-House Instructor-Led Training programs” are programs designed or tailored specifically for persons working for a specific company or organization (Board members, risk managers and employees, compliance managers and employees, information security managers and employees, etc.). In all In-House Instructor-Led Training programs an instructor from Cyber Risk GmbH that is approved by the Client travels to the location chosen by the Client and leads the class according to the needs of the Client and the Contract.

“Online Live Training programs” are synchronous (real time, not pre-recorded) training programs that take place in a live virtual meeting room provided with the assistance of platforms like Zoom, Webex, Microsoft Teams etc. In all Online Live Training programs, instructors from Cyber Risk GmbH that are approved by the Client tailor the method of delivery (interactive, non-interactive, etc.) to the needs of the Client, lead the virtual class, and answer questions according to the needs of the Client and the Contract.

“Video-Recorded Training programs” are professional, pre-recorded training programs. Instructors from Cyber Risk GmbH that are approved by the Client tailor the training content according to the needs of the Client and the Contract, and they record the training content in a professional studio. The training material (including any subsequent updates) is licensed by Cyber Risk GmbH to the client for training purposes. The Client may incorporate the recorded videos to their internal learning platform and make them available on-demand. Video-Recorded Training programs include Orientation Video Training and Compliance Video Training programs.

“Distance Learning with Certificate of Completion programs” (hereinafter “distance learning programs”) are asynchronous self-study distance learning programs, provided by Cyber Risk GmbH. Asynchronous programs means that Recipients receive the training material via email, and they have the freedom to study at their own speed, when it is convenient for them.

“Credentials” are the username and the password required for an online exam.

“Confidential Information” is any information provided by one Party to the other in written, graphic, recorded, machine readable or other form, marked as confidential in a Contract. It may include business processes, clients, suppliers, finances and other areas of the other party’s business or products, and the training programs. Confidential Information are not information that can be found in the public domain.

“Cyber Risk GmbH websites” are all websites that belong to Cyber Risk GmbH, and include the following:

a. Sectors and Industries.

1. Cyber Risk GmbH

2. Social Engineering Training

3. Healthcare Cybersecurity

4. Airline Cybersecurity

5. Railway Cybersecurity

6. Maritime Cybersecurity

7. Transport Cybersecurity

8. Transport Cybersecurity Toolkit

9. Hotel Cybersecurity

10. Sanctions Risk

11. Travel Security

b. Understanding Cybersecurity.

1. What is Disinformation?

2. What is Steganography?

3. What is Cyberbiosecurity?

4. What is Synthetic Identity Fraud?

5. What is a Romance Scam?

6. What is Cyber Espionage?

7. What is Sexspionage?

c. Understanding Cybersecurity in the European Union.

1. The NIS 2 Directive

2. The European Cyber Resilience Act

3. The Digital Operational Resilience Act (DORA)

4. The Critical Entities Resilience Directive (CER)

5. The Digital Services Act (DSA)

6. The Digital Markets Act (DMA)

7. The European Health Data Space (EHDS)

8. The European Chips Act

9. The European Data Act

10. European Data Governance Act (DGA)

11. The Artificial Intelligence Act

12. The European ePrivacy Regulation

13. The European Cyber Defence Policy

14. The Strategic Compass of the European Union

15. The EU Cyber Diplomacy Toolbox

General Terms and Conditions for In-House Instructor-Led Training programs provided by Cyber Risk GmbH.

Cost, Terms and Conditions, Cancellation Policy.

Unless otherwise agreed, the training services shall be provided at a fixed price, plus VAT and reasonable expenses that will be pre-approved by the Client.

The Client will be provided with timesheets and breakdowns of time spent and expenses.

Payments shall only be made against an invoice.

The copyright and all intellectual property rights relating to the training material are solely owned by and hereby reserved to Cyber Risk GmbH. Under no circumstances may the whole or any part of the training material be produced or copied in any form or by any means or translated into another language without the prior written permission of Cyber Risk GmbH.

Placing the material (including any and all derivative works) on a marketplace and sharing the material (including any and all derivative works) with any third party outside the Client company or organisation is strictly forbidden.

Cyber Risk GmbH expressly disclaims all warranties, either expressed or implied, including any implied warranty of fitness for a particular purpose, and neither assumes nor authorizes any other person to assume for it any liability in connection with the information or training programs provided.

Cyber Risk GmbH, its directors, managers, employees, or contractors shall not be held liable for any direct or indirect damages resulting from the use of any training material. By agreeing to this license agreement, the client agrees to indemnify, defend, and hold harmless Cyber Risk GmbH from and against all claims.

The training program is not legal advice for a specific legal entity. Although it is tailored to each client, it is still of a general nature only and is not intended to address the specific circumstances of any particular individual or entity. It should not be relied on in the particular context of enforcement or similar regulatory action. It does not prejudge the position that the relevant authorities might decide to take on the same matters if developments, including Court rulings, were to lead it to revise some of the views expressed in the program.

50% of the cost of each training program (including 50% of the total estimated expenses) is billable in advance and is payable at least 45 days prior to the course delivery date. The remaining 50% of the cost (including the remaining expenses) is due up to 30 days after the last day of the training.

Cancellation from the client less than 45 days before the scheduled start date will be subject to a cancellation fee of 50% of the cost of the training program.

Cancellation from the client 46 days or more before the scheduled start date will be subject to a cancellation fee of 20% of the cost of the training program.

Force Majeure: Neither the client nor Cyber Risk GmbH shall be liable to any penalty should courses be delayed or cancelled due to war, fire, strike lock-out, industrial action, accident / illness of the instructor, civil disturbance, or any other cause whatsoever beyond their control.

In the unlikely event of a cancellation by Cyber Risk GmbH, any payment made for the cancelled class will be fully refunded. The client understands and agrees that Cyber Risk GmbH shall not, in any way, be held responsible for any costs, including loss of airfare or other transportation costs, hotel expenses or other damages, which the client may suffer if Cyber Risk GmbH cancels a class.

Cyber Risk GmbH processes and stores data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint (the servers are in the interxion data center in Zurich, the data is saved exclusively in Switzerland, and support, development and administration activities are also based entirely in Switzerland).

Cyber Risk GmbH is willing to sign a confidentiality or nondisclosure agreement, shall maintain confidential information in trust and confidence, and shall not disclose or use confidential information for any unauthorized purpose. Cyber Risk GmbH may use confidential information of the client only to the extent required to accomplish the purposes of the training program.

Cyber Risk GmbH will neither take any photos of the audience, nor publish any names, photos, or details of the training agreement on social media, web sites or catalogs, for marketing or for any other purpose.

Any controversy in relation to the terms of this agreement shall be governed and interpreted in accordance with the law of the Canton of Zürich, Switzerland.

General Terms and Conditions for Online Live Training programs provided by Cyber Risk GmbH.

Cost, Terms and Conditions, Cancellation Policy.

Unless otherwise agreed, the training services shall be provided at a fixed price, plus VAT and reasonable expenses that will be pre-approved by the Client.

Payments shall only be made against an invoice.

Placing the material (including any and all derivative works) on a marketplace and sharing the material (including any and all derivative works) with any third party outside the client company or organisation is strictly forbidden.

Cancellation from the client less than 45 days before the scheduled start date will be subject to a cancellation fee of 50% of the cost of the training program.

Cancellation from the client 46 days or more before the scheduled start date will be subject to a cancellation fee of 20% of the cost of the training program.

Any controversy in relation to the terms of this agreement shall be governed and interpreted in accordance with the law of the Canton of Zürich, Switzerland.

General Terms and Conditions for Video-Recorded Training programs provided by Cyber Risk GmbH.

Cost, Terms and Conditions, Cancellation Policy.

Unless otherwise agreed, the training services shall be provided at a fixed price, plus VAT. It will be pre-approved by the Client.

Payments shall only be made against an invoice.

The training material, including any subsequent updates, is licensed by Cyber Risk GmbH to the purchasers ("clients") for training purposes only. The clients are provided with non-exclusive rights to use the training material to educate their company's or their organisation's employees.

Placing the material (including any and all derivative works) on a marketplace and sharing the material (including any and all derivative works) with any third party outside the client company or organisation is strictly forbidden. The owner of the training material remains Cyber Risk GmbH.

The clients have the right to translate and/or overwrite the subtitles of the video-recorded training in the language(s) they deem necessary. Cyber Risk is not responsible legally, or otherwise, for any modifications made on the video recordings after their delivery to the client.

The client is responsible for the storage and distribution of the video-recorded training files.

A down payment of 50% of the total payment is due at least 45 days before the date that the training material must be delivered to the client. The remaining 50% of the total payment will be paid within 30 days after the delivery of the training material to the client.

Cancellation from the client less than 45 days before the scheduled start date will be subject to a cancellation fee of 50% of the cost of the training program.

Cancellation from the client 46 days or more before the scheduled start date will be subject to a cancellation fee of 20% of the cost of the training program.

In the unlikely event of a cancellation by Cyber Risk GmbH, any payment made for the cancelled video-recorded class will be fully refunded.

Any controversy in relation to the terms of this agreement shall be governed and interpreted in accordance with the law of the Canton of Zürich, Switzerland.

General Terms and Conditions for Distance Learning with Certificate of Completion, provided by Cyber Risk GmbH.

Each Distance Learning with Certificate of Completion program (hereinafter referred to as “distance learning program”) is provided at a fixed price, that includes VAT. There is no additional cost, now or in the future, for each program.

Each distance learning program consists of:

a. The official presentations, sent via email,

b. Up to 3 online exams, important for the measurement of the training effectiveness,

c. The certificate of completion (sent with registered mail with tracking number).

Clients must carefully read the “What is included in the program” section at the registration page (the web page where they can make the payment), where they can find all information for each distance learning program.

Clients can purchase each distance learning program with a card, QR payment, or PayPal. Cyber Risk GmbH has no access to the financial information of Clients (card numbers, bank accounts, or other confidential information related to a payment). Only the Payment Service Providers (Payrexx, PayPal etc.) have access to financial information.

Cyber Risk GmbH will ask all Clients or Recipients of the distance learning programs three questions:

a. Which is your full name, as it will appear on the certificate?

b. Which is your email address?

c. Which is your full mail address? (Where do you want to receive your certificate via registered mail with tracking number?).

Cyber Risk GmbH needs the full name of the recipient, the official street name in full, the house number, the city/town, the county, the postcode/zip code, the state, and the country.

The answers to these questions, provided directly by Clients or Recipients (collectively “Personal Information”) will be kept by Cyber Risk GmbH in compliance with the Swiss Act on Federal Data Protection (nFADP) and the EU General Data Protection Regulation (GDPR).

After the payment, Clients will receive information from the Payment Service Providers (Payrexx, PayPal etc.). “Payment completed” means that the Payment Service Providers have received all the necessary information to process the transaction. “Payment cleared” means that the Payment Service Providers have received the funds. Cleared funds are money that has been fully transferred from one account to another.

Cyber Risk GmbH will send the training programs via email up to 24 hours after it has been informed by the Payment Service Providers that the transaction is completed. Clients must check the spam folder of their email client too, as emails with attachments are often landed in the spam folder.

Clients have the option to ask for a full refund up to 60 days after the payment. If they do not want one of the distance learning programs for any reason, Clients must only send an email with title “Please refund the payment”, and Cyber Risk GmbH will refund the payment, no questions asked.

Clients must study their program, and when they are ready for the online exam, they must send an email to Cyber Risk GmbH, to receive their credentials. Credentials are the username and the password required for the online exam. Clients are responsible for maintaining the secrecy and security of their Credentials, and they must not disclose them to any third party. If the Credentials are compromised, Clients must notify Cyber Risk GmbH via email as soon as possible.

Only when Clients pass the exam, they will receive a printed and stamped Certificate of Completion from Cyber Risk GmbH, via registered mail with tracking number, according to the terms at the registration page of the program.

Clients can take the exam online from their home or office, in all countries. It is an open book exam. Risk and compliance management is something Clients must understand and learn, not memorize. Clients must acquire knowledge and skills, not commit something to memory.

Clients will be given 90 minutes to complete a 35-question exam. They must score 70% or higher. The exam contains only questions that have been clearly answered in the official presentations.

All exam questions are multiple-choice, composed of two parts:

a. A stem (a question asked, or an incomplete statement to be completed).

b. Four possible responses.

TIME LIMIT - This exam has a 90-minute time limit. You must complete this exam within this time limit, otherwise the result will be marked as an unsuccessful attempt.

BACK BUTTON - When taking this exam you are NOT permitted to move backwards to review/change prior answers. Your browser back button will refresh the current page instead of moving backward.

RESTART/RESUME – You CANNOT stop and then resume the exam. If you stop taking this exam by closing your browser, your answers will be lost, and the result will be marked as an unsuccessful attempt.

SKIP - You CANNOT skip answering questions while taking this exam. You must answer all the questions in the order the questions are presented.

What is included in each program:

A. The official presentations. The presentations are effective and appropriate to study online or offline. Busy professionals have full control over their own learning and are able to study at their own speed. They are able to move faster through areas of the course they feel comfortable with, but slower through those that they need a little more time on.

B. Up to 3 online exam attempts per year. Candidates must pass only one exam. If they fail, they must study the official presentations and retake the exam. Candidates are entitled to 3 exam attempts every year.

If candidates do not achieve a passing score on the exam the first time, they can retake the exam a second time. If they do not achieve a passing score the second time, they can retake the exam a third time. If candidates do not achieve a passing score the third time, they must wait at least one year before retaking the exam. There is no additional cost for any additional exam attempts.

C. The certificate of completion. Processing and posting via registered mail with tracking number. Certificates are usually dispatched every 10 weeks.

Additional Terms and Conditions for Distance Learning with Certificate of Completion programs.

Placing the material (including any and all derivative works) on a marketplace and sharing the material (including any and all derivative works) with any third party outside the client company or organisation is strictly forbidden.

Cyber Risk GmbH will not publish any names, photos, or details of the Client on social media, web sites or catalogs, for marketing or for any other purpose. Cyber Risk GmbH will only post information on social media, if it is invited by the Client to do so.

Clients and Recipients may not, and may not attempt to, directly or indirectly: (a) transfer, sublicense, loan, sell, assign, lease, rent, act as a service bureau, distribute or grant rights to the training material to any person or legal entity. (b) remove, obscure, or alter any notice of any Trademark, or other intellectual property or proprietary right appearing on or contained within the training material. (c) modify, alter, tamper with, repair, or otherwise create derivative works of any training material without written permission from Cyber Risk GmbH. All rights granted to Clients are conditional on their continued compliance with this GTC and will immediately and automatically terminate if they do not comply with any term or condition of this GTC.

Precedence.

In the event of any conflicts between the GTC and the Specific Terms for a specific training program at the Cyber Risk GmbH websites, the Specific Terms will prevail.

Amendments.

Cyber Risk GmbH reserves the right to change these GTC at any time. The modifications will become effective upon posting them to the Cyber Risk GmbH websites and will only apply to training programs sold after the modification.

The version of the GTC valid at the time of any order placement by any Client continues to apply after any change and can not be changed unilaterally by Cyber Risk GmbH for the respective orders.

Governing Law, Jurisdiction.

Any controversy in relation to the terms of this GTC shall be governed, interpreted and construed in accordance with the laws of Switzerland. The Parties shall endeavor to settle any dispute by amicable arrangement. In the event of continuing disagreement, the Parties shall refer the dispute to the courts of the Canton of Zürich in Switzerland.

If sections or individual terms of the GTC are decided by the courts or authorities as not legal or correct, the content or validity of the other parts remain uninfluenced by this fact.