GENERAL TERMS OF SERVICE

CYBRON platform

The present General Terms of Service (hereinafter, the “Terms”) govern access to and use of the CYBRON platform and of the services offered by helmon S.r.l., with registered office in Via dell’Arte 25, Rome, VAT No. 17723211003 (hereinafter, the “Company”). Use of the platform implies acceptance of these Terms and of the service sheets and economic conditions published on the platform, which form an integral part hereof. In the event of specific agreements with the Customer, these must be made in writing and will constitute an addendum to these Terms.

  1. 1. Purpose
    1. 1.1 The Company provides, through CYBRON, its online platform (the “Platform”) for cybersecurity services (hereinafter, the “Services”) to business customers (“Customers”), divided in particular into the following services:
      1. a. Preliminary external scan of the cybersecurity posture: for a preliminary assessment of the security of the Customer’s IT infrastructure;
      2. b. Paid services: additional cybersecurity services (including but not limited to monitoring, vulnerability assessment, response to cybersecurity incidents), described in the specific service sheets, purchasable on the Platform;
      3. c. Insurance services: additional, paid insurance services aimed at covering residual cybersecurity risk (including but not limited to damage to the Customer’s IT system; damage connected to business interruption caused by violations of the cybersecurity of the Customer’s IT system; damage unintentionally caused to third parties as a result of a cyberattack suffered by the Customer).
    2. 1.2 The Services are governed by these Terms and by the individual service sheets, which describe their contents, delivery methods and service levels (SLA). In the event of a conflict between the provisions of the individual service sheets and these Terms, the provisions of the service sheets shall prevail.
    3. 1.3 All Services also include the creation of a folder accessible from the Customer’s account, in which the results of the activities carried out, the proposed corrective actions and operational guidelines are collected and explained in simple terms (“Service Folder”), as well as the support of our staff for understanding the contents of the Service Folder, as indicated in the relevant service sheet. All materials, reports and results contained in the Service Folder are deemed to be provided to the Customer and may not be transmitted by the Customer to third parties without the Company’s prior written authorisation.
    4. 1.4 The Customer undertakes to use the Services exclusively for lawful purposes, without infringing the rights of third parties, and assumes all liability in this respect.
  2. 2. Registration to the Platform
    1. 2.1 In order to access the Platform and the Services, the Customer must create an account by providing accurate, complete and up-to-date information.
    2. 2.2 Registration to the Platform may take place independently or by explicit invitation from another company (“Other Company”) which has an existing relationship with helmon under a separate contract and with which the Customer has already defined and active contractual arrangements. In this regard, the Customer expressly acknowledges and accepts that the general and non-specific results of OSINT scans and other activities carried out by helmon in the context of the service will be accessible not only by helmon, but also by the presenting Other Company. This sharing is aimed at the execution of the service and will take place in full compliance with the applicable legislation on personal data protection.
    3. 2.3 The Customer is responsible for the security of its access credentials and for all activities carried out through its account.
    4. 2.4 The Company reserves the right to suspend or close the Customer’s account in the event of a breach of these Terms.
  3. 3. Sales conditions
    1. 3.1 helmon offers cybersecurity services, including software, OSINT scans and specialised consultancy. The details of each service are described in the relevant product sheets.
    2. 3.2 All prices shown and visible in the customer page – service catalogue / selected services – are net of VAT. In the Cart section, prices are shown including VAT.
    3. 3.3 Payments may be made by credit/debit card or bank transfer. Any shipping costs or fees will be indicated separately.
    4. 3.4 Digital services will be activated immediately after payment is confirmed.
    5. 3.5 The Customer has the right to withdraw from the contract within 14 days from the date of purchase, without giving any reason. To exercise the right of withdrawal, the Customer must send a written communication to prontocyber.plus@pecimprese.it. Withdrawal entails the discontinuation of the service (if already implemented) and a refund within 14 days from receipt of the withdrawal notice.
    6. 3.6 After-sales support is provided via the following email address: support@helmon.com.
    7. 3.7 helmon guarantees the compliance of the services offered with applicable regulations. helmon’s liability is limited to direct damages and does not extend to indirect or consequential damages. For technical or commercial support, the Customer may contact customer service at customerservice@helmon.com.
  4. 4. Service delivery methods
    1. 4.1 The Services are provided directly by the Company or through authorised suppliers/subcontractors, after activation of the ticket relating to the purchased Service and acceptance of the relevant waiver.
    2. 4.2 The Company guarantees that its suppliers comply with quality standards equivalent to its own.
    3. 4.3 The Services will be made available according to the methods and timelines indicated in the individual service sheets.
  5. 5. Paid services and payment terms
    1. 5.1 Paid Services can be purchased on the Platform through advance payment. Prices are indicated in Euro and, unless otherwise stated, are exclusive of VAT.
    2. 5.2 Invoices will be sent after the purchase of the Service to the email address used for the order summary, containing, by way of example: services purchased; price including taxes; service activation terms.
    3. 5.3 In the event that, for any reason, payment of the price is not valid or is revoked or cancelled by the Customer, or is not executed, confirmed or credited in favour of the Company, the latter reserves the right to suspend and/or immediately interrupt the activation and/or provision of the Service if already activated. With regard to insurance services, the premium must be paid according to the timeframes and methods indicated in Article 1901 of the Italian Civil Code, failing which the coverage will be ineffective.
  6. 6. Preliminary external scan of the cybersecurity posture
    1. 6.1 The Platform offers, free of charge, a Preliminary External Scan Service aimed at providing an initial assessment of the level of exposure and vulnerability of the Customer’s external IT infrastructure. This service is based on a non-intrusive and non-invasive analysis methodology, relying exclusively on publicly accessible information sources (Open Source Intelligence – OSINT), and does not involve any active interaction with or compromise of the Customer’s systems. The Preliminary Scan is for indicative and informational purposes only and does not constitute an exhaustive or certified evaluation of the Customer’s security posture. The results must be interpreted with caution and within the broader context of the Customer’s cybersecurity risk management activities.
    2. 6.2 The Company does not guarantee that the Preliminary Scan will detect all vulnerabilities present in the Customer’s infrastructure, nor that the results are complete, up to date or error-free. In any event, the Company declines any liability for direct, indirect, consequential or incidental damages arising from the use of the service, from misinterpretation of the results, or from any decision made by the Customer on the basis of such results.
  7. 7. Service level agreement (SLA)
    1. 7.1 For each paid Service, the Company guarantees the service levels (SLA) defined in the corresponding service sheet, which sets out measurable metrics such as uptime, responsiveness and related responsibilities.
    2. 7.2 In the event of non-compliance with the SLAs, the Customer will be entitled to the remedies indicated in the applicable service sheet, such as discounts or corrective actions.
    3. 7.3 Any service disruptions must be promptly reported by the Customer through the channel indicated in the service sheet.
  8. 8. Subscription services
    1. 8.1 helmon’s subscription Services consist of annual, ongoing support, as specified in the relevant service sheets.
    2. 8.2 These Services are subject to automatic annual renewal, unless cancelled by the Customer with at least 30 days’ notice, to be sent by registered letter with return receipt to helmon S.r.l., Via dell’Arte 25, Rome, or by certified email to prontocyber.plus@pecimprese.it.
  9. 9. Intellectual property and software licence
    1. 9.1 All intellectual property rights relating to the Platform, software, trademarks, logos, contents and documentation provided by the Company remain the exclusive property of the Company or its licensors.
    2. 9.2 The Company grants the Customer a non-exclusive, non-transferable and revocable licence to access and use the Platform and software solely for the provision of the Services purchased.
    3. 9.3 The Customer is prohibited from copying, modifying, distributing, decompiling or carrying out reverse engineering activities on the software or any component of the Platform.
    4. 9.4 The Customer declares and warrants that it owns the information system with respect to which the Service will be provided, or that it is authorised to instruct the Company to perform the purchased Service.
    5. 9.5 In the case of licences supplied by third-party providers through the Company, the Customer acknowledges having accepted the terms of such licences and undertakes to use the purchased services in accordance with those terms and exclusively for its own use.
  10. 10. Limitations of liability
    1. 10.1 The Company does not guarantee absolute immunity from cyberattacks, but undertakes to provide Services in line with industry standards.
    2. 10.2 The Company shall not be liable for any direct damages or losses arising from the unavailability of the Platform or the impossibility of accessing the Services in the following cases:
      1. a) scheduled interruptions for ordinary or extraordinary maintenance activities, communicated to the Customer in advance where reasonably possible;
      2. b) force majeure events, including, by way of example but not limited to, natural disasters, cyberattacks, failures of technological infrastructures or other circumstances not attributable to the Company;
      3. c) malfunctions or interruptions of the Customer’s internet connection;
      4. d) problems, errors or incompatibilities of the Customer’s information system, hardware or software;
      5. d) actions or omissions of the Customer or third parties impacting the proper provision of the Services.
    3. 10.3 In the above cases, the Company undertakes to restore the operation of the Platform or the provision of the Services as soon as possible, without this giving rise to any obligation to pay compensation or indemnity to the Customer.
    4. 10.4 It is understood that the Company’s total liability for any breaches or direct damages attributable to it will in any event be limited to the amount actually paid by the Customer for the purchased or renewed Service affected by the damaging event. Any other compensation or indemnity to the Customer for any damage is excluded.
    5. 10.5 The Company shall in no event be liable for:
      1. a)indirect, incidental or consequential damages;
      2. b)loss of data or loss of profit;
      3. c)improper use of the Platform or the Services by the Customer;
      4. d)damages resulting from the provision by the Customer of incorrect data or from the failure to implement the instructions provided in the service sheet (e.g. failure to disable firewalls before a vulnerability test);
      5. e)any damage to persons or property resulting from any act or omission by the Customer or its employees or collaborators;
      6. f)any damage, interruption, malfunction, defect, breach or unauthorised intrusion into the Customer’s or third parties’ IT system directly or indirectly caused by the performance of the Service purchased by the Customer, except in cases of wilful misconduct or gross negligence by the Company.
    6. 10.6 The Company does not carry out any specific backup of the data, information or contents processed on behalf of the Customer through the Service, with the exception of backups that the Company, for its own precaution, periodically performs in order to restore the Service if necessary. The Company does not provide any guarantee regarding the storage and availability of such data, unless the Customer activates a specific backup Service.
    7. 10.7 The Company shall not in any way be liable for damages suffered by the Customer or third parties, directly or indirectly, as a result of the use of the Service.
    8. 10.8 The Company assumes an obligation of means and not of result; it does not guarantee that the purchased Services are suitable for the Customer’s purposes or needs, nor that the Customer’s equipment, software or applications are compatible with the Service, as such verification is the sole responsibility of the Customer.
  11. 11. Indemnification
    1. 11.1 The Customer undertakes to indemnify and hold harmless the Company, its directors, employees, collaborators, suppliers and subcontractors from any liability, loss, damage, cost or expense (including reasonable legal fees) arising from:
      1. a)improper use of the Platform or the Services by the Customer or by third parties authorised by the Customer;
      2. b)the Customer’s breach of these Terms, of applicable laws or of third-party rights, including intellectual property rights;
      3. c)any claim or demand by third parties who have relied on the material contained in the Service Folder;
      4. d)any claim, action or demand brought by third parties in relation to activities carried out by the Customer using the Services of the Platform or falling within the scenarios referred to in Article 9.5 letters d) and e).
    2. 11.2 The Company reserves the right to defend itself in any proceedings in which the Customer is required to provide indemnification, choosing its own legal counsel and managing the dispute as it deems appropriate, after informing the Customer. In such cases, the Customer undertakes to cooperate and provide all information useful for the defence.
  12. Processing of personal dataThe Company will process the personal data of the Customer and, where applicable, of its suppliers or technical contacts, in compliance with Regulation (EU) 2016/679 (“GDPR”), with applicable national legislation and with its Privacy Policy, available in the dedicated section of the Platform.
    1. 12. Processing of personal data
      With regard to the personal data provided by the Customer during registration, account activation, user environment configuration and use of the Platform, the Company acts as Data Controller within the meaning of Article 4(7) of the GDPR.
      With regard, instead, to the personal data that may be contained in the systems, infrastructures or digital environments of the Customer (or of its suppliers), to which the Company may have access in the context of the provision of the Services, the Company will act as Data Processor within the meaning of Article 28 of the GDPR, on the basis of a specific data processing agreement (DPA) to be entered into separately where required.
    2. 12.2 Purposes and methods of processing
      The data will be processed for purposes strictly connected to the provision, management and improvement of the Services offered by the Platform, to the administrative management of contractual relationships, as well as to compliance with applicable legal obligations (including those relating to cybersecurity and risk management).
      Processing will be carried out manually and/or by automated means, using IT and telematic tools, and adopting technical and organisational measures appropriate to ensure a level of security in line with Article 32 of the GDPR.
    3. 12.3 Sub-processors and data transfers
      The Company may use external providers (sub-processors), duly appointed pursuant to Article 28 GDPR, for the provision of specific services, who will act on the basis of documented and binding instructions. The updated list of main sub-processors is available upon the Customer’s request.
      Where data must be transferred outside the European Economic Area (EEA), such transfer will take place in compliance with the safeguards provided for in Chapter V of the GDPR, including the standard contractual clauses adopted by the European Commission.
    4. 12.4 Data retention and account management
      The Customer’s account will remain active until a deactivation request is made by the Customer, to be submitted through the features available on the Platform or by writing to: privacy@helmon.com. The Company reserves the right to deactivate accounts that have been inactive for more than 12 months, after prior notice.
      Data will be retained for as long as necessary to achieve the purposes for which they were collected and, in any event, in accordance with the retention periods set out in the applicable legislation on record-keeping, contractual liability and cybersecurity.
    5. 12.5 In the event of account closure:
      1. a. the account will no longer be accessible to the Customer;
      2. b. after the account is closed, the data and all documents contained in the Service Folder will no longer be available to the Customer;
      3. c. the data associated with the account will be retained by the Company for a maximum period of 12 months following closure, exclusively for the purposes indicated in the privacy notice, including legal compliance, management of any disputes or other legitimate interests.
    6. 12.6 Once the 12-month period has elapsed, the data will be deleted, unless their further retention is required by law or necessary for the protection of the Company’s rights.
    7. 12.7 For further details on the processing of personal data, please refer to the privacy notice available on the Company’s website www.helmon.com.
  13. 13. Appointment as data processor
    1. 13.1 (Appointment) The Customer appoints the Company as Data Processor (or sub-processor with respect to data of third parties where the Customer itself acts as Data Processor for such data) for the processing of personal data carried out by the Company in the performance of the Service.
    2. 13.2 (Duration) The appointment as Data Processor (or sub-processor) and the commitments set out herein have the same duration as the Service. The appointment and this document will automatically cease to be effective in the event of termination, withdrawal or loss of effectiveness of the contract. In the event of tacit renewal of the Service, this appointment will be deemed automatically renewed for a period equal to the contractual term.
    3. 13.3 (Data processed) The Services provided by the Company, in line with the technical specifications of the Service, allow the Customer to process data in the ways and for the purposes it determines. The scope of the appointment of the Company is limited solely to the processing of personal data to which the Company has access in the performance of the Service.
    4. 13.4 (Obligations and rights) By virtue of this appointment, the Company is authorised to process personal data only to the extent and within the limits necessary to perform the activities entrusted to it. The Company will carry out processing activities in compliance with the GDPR and, in particular, undertakes to:
      1. a) process personal data exclusively for the purpose of providing the Service purchased by the Customer;
      2. b) ensure that persons authorised to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality, and have been instructed with regard to the processing activities assigned to them;
      3. c) adopt, pursuant to Article 32 of Regulation (EU) 2016/679, the technical measures indicated in the service sheets and the organisational security measures appropriate to the processing; and make available to the Customer all information necessary to demonstrate compliance with the obligations set out herein, allowing the review and verification activities that the Customer may decide to undertake at its own expense, subject to agreement on the timing and methods of such verifications; and
      4. d) at the Customer’s request, delete or return to the Customer any copies of personal data once the Service has been completed.
    5. 13.5 (Sub-processors) By assigning the engagement, the Customer authorises the Company to use its own sub-processors, including third-party providers, for the provision of the Services (support, maintenance, provision of additional services, network providers and electronic communication services), who, in performing such activities, may have access to the personal data for which the Customer is controller or processor.
      The Company guarantees that sub-processors have been appointed in writing and that such appointment provides that: a) the sub-processor will have access to the Customer’s data only to the extent required to fulfil the obligations delegated to it for the provision of the Service; b) the sub-processor will assume the obligations set out in Article 28 of Regulation (EU) 2016/679; c) the Company remains liable to the Customer for all obligations undertaken.
      The Company undertakes to keep an up-to-date list of such third parties and documentation evidencing the obligations assumed by them in relation to the data protection requirements set out herein, where they process data in the context of the chosen Service.
    6. 13.6 (Breaches) Should events occur that involve a breach of the data processed by the Company in the provision of the Services, the Company will notify the Customer in writing within 48 hours of the event, providing all information in its possession at the time of notification.
  14. 14. Confidentiality
    1. 14.1 The Company undertakes to keep confidential all commercial and technical information acquired in the course of providing the Services, except where disclosure is required by law or by competent authorities.
    2. 14.2 The Customer undertakes not to disclose to third parties data, materials, documents, software, technical specifications, know-how, source code, methods, procedures, test results, reports, analyses and any other information that is provided or made available by the Company to the Customer or that the Customer acquires while using the Services. The Customer shall take all necessary measures to ensure that such information is not disclosed to third parties.
  15. 15. Term and termination
    1. 15.1 These Terms remain valid and effective for the duration of the Service, unless the contractual relationship is terminated in the event of withdrawal or termination as provided for herein. Even in the event of termination of the contractual relationship, the provisions of Articles 8, 9.3, 10, 11, 13 and 16 shall remain in force after such date.
    2. 15.2 The Customer may cease using the Services at any time, it being understood that it will not be entitled to any refunds or credits in respect of paid Services not used.
    3. 15.3 The Company reserves the right to suspend the provision of the Services or the Customer’s account in the event of breaches of these Terms and, in the event of breaches of the provisions of Articles 2 (Registration to the Platform) and 9 (Intellectual property and software licence), to terminate the contract pursuant to Article 1456 of the Italian Civil Code by written notice, without prejudice in any case to the right to recourse and compensation for damages suffered.
    4. 15.4 The Company reserves the right to withdraw from the contract at any time by giving written notice to the Customer, effective from the moment the notice is received by the Customer.
  16. 16. Assignment of the contract
    1. 16.1 The Customer may not assign, in whole or in part, the contract to third parties, nor subcontract or make the purchased Services available to third parties in any capacity, without the Company’s prior written consent.
    2. 16.2 The Customer hereby gives its consent to the Company’s right to assign the contract, or its rights or obligations, in whole or in part, to third parties.
  17. 17. Governing law and jurisdiction
    1. 17.1 These Terms are governed by Italian law.
    2. 17.2 Any dispute relating to the interpretation, performance or validity of these Terms shall first be submitted to an attempt at amicable settlement through recourse to an alternative dispute resolution (ADR) body. If this procedure is unsuccessful, the Court of Rome shall have exclusive jurisdiction.
  18. 18. Specific approval pursuant to Articles 1341 and 1342 of the Italian Civil Code
    1. 18.1 Pursuant to and for the purposes of Articles 1341 and 1342 of the Italian Civil Code, the Customer, by ticking the specific check-box in the registration form, expressly approves the following provisions: Article 7.2 (Automatic annual renewal); Article 10 (Limitations of liability); Article 11 (Indemnification); Article 15 (Term and termination); Article 16 (Assignment of the contract); Article 17 (Governing law and jurisdiction).

Last update: 05/11/2025