Terms and Conditions

STANDARD TERMS AND CONDITIONS

UPDATED 21st JANUARY 2023

PARADOXINFOSEC

Company Registration IČO: 54654475, VAT Number: SK2121759651, Slovak Republic (Slovensko)

THE SERVICE AND PARADOXINFOSEC’S OBLIGATIONS

  1. Paradoxinfosec shall provide the agreed Services with reasonable skill and care.
  2. Paradoxinfosec shall use commercially reasonable endeavours to make the Portal available to the Client 24 hours a day, seven days a week. However, the Client acknowledges that Paradoxinfosec cannot guarantee availability of the Portal.
  3. Paradoxinfosec shall:
  4. conduct Penetration Testing during Normal Testing Hours; 0900 to 1800 GMT, each Business Day (Monday to Friday inclusive except for bank/public holidays), except by agreement in writing with the Client. Paradoxinfosec may charge a surcharge for conducting testing outside Normal Testing Hours;
  5. conduct vulnerability scanning(performed by Scan) any time from 00:00 to 23:59, 7 days a week. The Scan will typically take place at the same time on the Client subscription interval (daily, weekly, quarterly) as the first Scan was initiated.
  6. Paradoxinfosec shall retest any Penetration Testing issues without additional charge during the testing round and for the duration of the Aftercare Period (7 days unless otherwise agreed by the Parties in writing).
  7. For a period of 60 days following the Aftercare Period, the Client may book retesting via the Portal, which shall be charged for accordingly.
  8. Paradoxinfosec shall not accept requests for retesting after 60 days following the Aftercare Period but the Client may book a new test or test round via the Portal, which shall be charged for accordingly.
  9. during Penetration Testing, immediately notify the Client via the Portal, of any critical vulnerability that exposes a Target to an immediate risk of compromise, or which exposes the Client to immediate risk of reputational, financial or operational loss;
  10. provide the Client with an estimate of any reasonable expenses that will be incurred prior to commencing any on-site testing or any other testing likely to incur expenses;
  11. keep logs of actions taken and in line with its data retention procedure, these shall be retained along with all other Client files, for six years and then destroyed; and
  12. store all Client data within a secure data centre in the United Kingdom or European Union member state which complies with ISO 9001, ISO 27001 and ISO 27018 standards. All Client data will be encrypted at rest using industry standard encryption algorithms.
  13. Paradoxinfosec shall not:
  14. test any Targets without prior authorisation in Portal from the Client
  15. conduct any intentional Denial of Service (DoS) testing at any time.
  16. The Client may choose to stop testing at any time via the Portal and Paradoxinfosec will endeavor to cease testing as soon as practically possible.
  17. The Client acknowledges that:
  18. Paradoxinfosec may provide the Client with an estimate of how many hours it will take to test a Target prior to testing commencing, but estimates are not guaranteed delivery times. Testing may require more hours which the Client will need to purchase at the Rates in the Portal; and
  19. Paradoxinfosec shall only identify vulnerabilities that are already known at the date on which any tests are carried out, and which are capable of being exposed by the range of testing tools and methodologies deployed by Paradoxinfosec. The Client accepts that it is in the nature of IT penetration testing activities that there may be vulnerabilities which will be uncovered in the future or by the use of alternative tools and attack methodologies, none of which could normally be identified at the time of testing, and therefore agree that it shall not, now or in the future, hold Paradoxinfosec liable for such vulnerabilities or for not identifying them.
  20. Paradoxinfosec warrants that it has and will maintain all necessary licenses, consents, and permissions necessary for the performance of its obligations under this Agreement.
  21. Paradoxinfosec does not warrant that:
  22. the Client’s use of the Services will be uninterrupted or error-free; or
  23. that the Services and/or the information obtained by the Client through the Services will meet the Client’s requirements.
  24. Paradoxinfosec is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Client acknowledges that the Services and Documents may be subject to limitations, delays and other problems inherent in the use of such communications facilities.


SCAN BY PARADOXINFOSEC

  1. Scan is an asset discovery, vulnerability management and vulnerability scanning service provided as is by Paradoxinfosec to the Client. Since vulnerability scanning is a subset of the activities which take place during penetration testing; the terms set out in all sections of this agreement also apply to automated vulnerability scans performed on the Client targets by Paradoxinfosec Scan. Paradoxinfosec makes further provision for the following:
  2. The Client hereby grants Paradoxinfosec the right to perform vulnerability scanning against any target marked by the Client as ‘enabled’ for scanning by Scan (using the ‘Target Management’ interface).
  3. Vulnerability scanning performed by Scan can take place at any time, 7 days a week. The Scan will typically take place at the same time on the Client subscription interval (daily, weekly, quarterly) as the first Scan was initiated. ‘On-demand’ scanning, initiated by the Client, will take place as soon as reasonably possible, using the on-demand feature on the Scan interface.
  4. the Client assumes responsibility for the accuracy of the Targets provided to Scan for vulnerability scanning. The Client shall ensure the targets provided to Scan (even those identified by Paradoxinfosec’s enumeration tools) are the property of the Client, or that the Client has written consent to permit Paradoxinfosec to commence vulnerability scanning of the Targets.
  5. The Client accepts any liability that may arise from the vulnerability scanning of targets provided which are not the property of the Client, or that the Client did not have written consent to commence vulnerability scanning on.


RADAR BY PARADOXINFOSEC

  1. Radar is an open source intelligence gathering, active and passive scanning service provided as is by Paradoxinfosec to the Client.
  2. Radar searches various databases of Open Source data, as well as carrying out passive checks on Client assets to identify potential threats to the Client.
  3. A ‘threat’ in this instance is defined as a piece of information which, in the opinion of Paradoxinfosec’s in-house experts, could be used to potentially cause harm or to form the basis of an attack against the Client organisation.
  4. Searches of the data are made on the Targets enabled by the Client. The initial target created is the Client domain which is inferred from the Client user’s email address suffix.
  5. Paradoxinfosec has no control over the data in 3rd party data stores, and cannot remove items such as client credentials from these data stores.
  6. The Client accepts that Paradoxinfosec may present information (such as historical passwords) which the Client is already aware of.
  7. Paradoxinfosec makes recommendations in relation to any finding that Radar identifies. These recommendations are for guidance only, and the Client should exercise judgement and caution in relation to applying each recommendation to the unique requirements of the Client’s organisation.
  8. The Client assumes responsibility for the outcome of any recommendation which the Client chooses to apply, in relation to Radar findings.
  9. The Client hereby grants Paradoxinfosec the right to perform active scanning against any Target marked by the Client as ‘enabled’ for scanning by Radar (using the ‘Target Management’ interface).


CLIENT OBLIGATIONS

  1. The Client grants to Paradoxinfosec the right to perform IT penetration testing activities, vulnerability scanning or any other security assessment related activities against Targets. Paradoxinfosec shall not be held responsible or liable for any incorrectly entered Target information.
  2. The Client will:
  3. cooperate with Paradoxinfosec as necessary under this Agreement including provided all necessary information to allow Paradoxinfosec to provide the Services including the Client Data, security accessing information;
  4. carry out all Client responsibilities set out in this Agreement in a timely and efficient manner. In the event of delays caused by the Client, Paradoxinfosec may adjust any agreed timetable or delivery schedule as reasonably required by Paradoxinfosec;
  5. except as otherwise expressly provided in this Agreement, solely responsible for procuring, maintaining and securing its network connections and telecommunications links from its systems to Paradoxinfosec’s data centers, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Client’s network connections or telecommunications links or caused by the internet.
  6. The Client shall:
  7. use all reasonable endeavors to prevent any unauthorised access to, or use of, the Services. In the event of any such unauthorised access or use, immediately notify Paradoxinfosec on becoming aware of such unauthorised access or use;
  8. ensure that, where it is aware that or suspects that its own network and systems have been compromised (including any attack on its systems such as a denial of service attack or ransomware), it shall notify Paradoxinfosec immediately;
  9. identify and disclose to Paradoxinfosec any third parties that may conceivably be affected by Paradoxinfosec’s Services, and any damages and/or loss of service caused by the Client’s failure to identify and/or disclose such third parties shall remain the sole responsibility and liability of the Client. The Client therefore indemnifies Paradoxinfosec against all costs or damages howsoever arising from such activities;
  10. ensure that Targets are the property of the Client or shall be fully responsible for obtaining written consent to test the Targets from the legal owner prior to authorising such Targets for testing;
  11. immediately notify Paradoxinfosec in the case of any unexpected event or out-of-scope problem which may impact Paradoxinfosec or the delivery of the Services;
  12. ensure that each User shall keep a secure and confidential password for their use of the Portal and that such password shall be changed no less frequently than every 90 days.
  13. Failure to notify Paradoxinfosec of events mentioned in Clause 26 shall be considered a material breach of this Agreement.
  14. Where Paradoxinfosec has been notified of any of the events under Clause 26 above, Paradoxinfosec shall be entitled to temporarily suspend the Services, without liability to the Client, until Paradoxinfosec is satisfied that it is able to provide the Services to the Client without the risk that:
  15. the Services may be accessed by an unauthorised person; or
  16. that Paradoxinfosec’s own network and systems could be compromised.
  17. The Client shall have sole responsibility for:
  18. procuring and maintaining its network connections and telecommunications links from its Targets on Paradoxinfosec’s testing devices, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Client’s network connections or telecommunications links or caused by the internet;
  19. the adequate protection and backup of data and/or equipment used in connection with this IT penetration testing and will not make a claim against Paradoxinfosec for lost data, re-run time, inaccurate output, work delays or lost profits resulting from the Services; and
  20. the legality, reliability, integrity, accuracy and quality of all such Client Data which is not Personal Data.

FEES AND PAYMENT

  1. Paradoxinfosec may unilaterally change its Penetration Testing hourly fee or Scan subscription rates but must inform the Client at least 30 calendar days in advance of the provision of Services. If the Client does not agree to pay the revised fee each Party will be entitled to terminate the Agreement.
  2. Paradoxinfosec shall invoice the Client for hours booked for Penetration Testing on completion of the Services. Where there are hours unused, these will remain as a credit on the Client’s Portal for 12 months from the date of purchase. Unused hours cannot be refunded as cash.
  3. The Client shall pay each invoice within 14 days after the date of such invoice, either by BACS or by debit or credit card.
  4. The Client may purchase additional testing hours at any time via the Portal. Payment can be made electronically or it can be added to the next invoice.
  5. Paradoxinfosec may provide the Client with an estimate of how many hours it will take to complete Penetration Testing against a Target prior to testing commencing, however it is understood by the client that estimates are just that, they are not guaranteed delivery times. Penetration Testing may require more hours which the Client will have to purchase at the standard hourly rate.
  6. In cases where the Client has Penetration Testing hours remaining, the Client may use them to complete Penetration Testing on another Target.
  7. Once the Client has used all the Penetration Testing hours they have purchased no future Penetration Tests can be scheduled until more testing hours are purchased.
  8. If Paradoxinfosec has not received payment within 14 days after the due date specified on the invoice, it shall be under no obligation to provide any Services while the invoice remains unpaid and reserves the right to charge interest on the overdue amounts at a rate of 4% above the base rate of the Bank of England from the due date until the date of payment.
  9. Paradoxinfosec may, without liability to the Client, disable the Client’s passwords, accounts and access to all or part of the Services for the period of time where any unpaid invoices remain unpaid.
  10. Unless specified by Paradoxinfosec, prices and charges are exclusive of VAT.
  11. For subscription services where payment is required (such as Scan), the Client’s first payment will be made prior to the commencement of the subscription, with the Subscription Period commencing immediately once payment is made.
  12. Any subscription fee will be the fee advised to the client on the Portal.
  13. Any subsequent subscription fee will be billed prior to the commencement of the next Subscription Period (or the nearest date possible) as the first subscription fee.
  14. Any subscription fee will be billed before each Subscription Period in perpetuity until such time as the Client cancels the subscription.
  15. Paradoxinfosec reserves the right to unilaterally modify any subscription, provided 30 calendar days notice is given to the Client.
  16. The Client may cancel the subscription at any time using the functionality provided in the Portal.
  17. When a subscription is cancelled, Paradoxinfosec will continue to provide the services until the end of the current Subscription Period. The subscription fee for the remaining Subscription Period cannot be refunded as cash.


INTELLECTUAL PROPERTY RIGHTS

  1. The Client acknowledges and agrees that Paradoxinfosec and/or its licensors own all intellectual property rights in the Services and the Documents. Except as expressly stated in this Agreement, this Agreement does not grant the Client any rights to, under or in, any patents, copyright, database right, trade secrets, trade names, trade marks (whether registered or unregistered), or any other rights or licenses in respect of the Services or the Documents.
  2. Paradoxinfosec confirms that it has all the rights in relation to the Services and the Documents that are necessary to grant all the rights it purports to grant under, and in accordance with, the terms of this Agreement.
  3. Paradoxinfosec acknowledges and agrees that the Client and/or its licensors own all intellectual property rights in the Client Data. Except as expressly stated in this Agreement, this Agreement does not grant the Client any rights to, under or in, any patents or copyright, database right, trade secrets, trade names, trade makes (whether registered or unregistered), or any other rights or licenses in respect of the Client’s intellectual property rights.
  4. The Client provides Paradoxinfosec with permission to use the Client’s trade mark or trade name on its website or on any marketing materials.
  5. The Client shall not (except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties and except to the extent expressly permitted under this Agreement:
  6. attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Portal as part of the Service in any form or media or by any means;
  7. attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Portal;
  8. access all of any part of the Portal in order to build a product or service which competes with the Portal;
  9. use the Portal to provide services to third parties;
  10. license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Portal available to any third party;
  11. attempt to obtain, or assist third parties in obtaining, access to the Portal, other than as provided under this Agreement.


DATA PROTECTION

  1. The parties agree to comply with their obligations under the Data Protection Laws. This is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the Data Protection Laws.
  2. The parties agree to comply with all applicable data protection and privacy legislation in force in the United Kingdom including (i) the GDPR to the extent that it forms local laws arising from Section 3 of the European Union (Withdrawal Act) 2018 (UK GDPR); (ii) the General Data Protection Regulation ((EU) 2016/679) (GDPR); (iii) the Data Protection Act 2018; (iv) the Privacy and Electronic Communications Regulations 2003 (SI 2003 No. 2426) as amended and any amendments to these laws as updated from time to time; and the guidance and codes of practice issued by the Information Commissioner or other relevant data protection or supervisory authority.r


CONFIDENTIALITY

  1. Each party agrees that, they will not at any time disclose to any person any Confidential Information belonging to the other party except as permitted by clause 57.
  2. The Client acknowledges that details of the Services constitute Paradoxinfosec’s Confidential Information.
  3. Paradoxinfosec acknowledges that the Client Data is the Confidential Information of the Client.
  4. Each party may disclose the other party’s Confidential Information:
  5. to those of its employees, officers, representatives or advisers who need to know such information for the purposes of exercising the party’s rights or carrying out its obligations under or in connection with this Agreement. Each party will ensure that its employees, officers, representatives or advisers to whom it discloses the other party’s Confidential Information are aware of that party’s obligations under these Confidentiality clauses (54-58); and
  6. as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.
  7. No party will use any other party’s Confidential Information for any purpose other than to exercise its rights and perform its obligations under or in connection with this Agreement.
  8. Without prejudice to any other rights or remedies the parties may have, each party acknowledges and agrees that damages alone would not be an adequate remedy for breach of its obligations under Confidentiality clauses (54-58) Accordingly, the other party shall be entitled, without proof of special damages, to the remedies of injunction, specific performance or other equitable relief for any threatened or actual breach of Confidentiality clauses (54-58).


INDEMNITIES

  1. The Client shall defend, indemnify and hold harmless Paradoxinfosec (including its officers, directors and employees) against claims, actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal and other professional fees):
  2. arising out of or in connection with the Client’s use of the Services;
  3. arising out of or in connection with the Client’s breach of its obligations, representations or warranties under this Agreement; and/or
  4. for infringement of any Intellectual Property Right or right of confidentiality arising out of Paradoxinfosec’s provision of the Services,
  5. Each provided that:
  6. the Client is given prompt notice of any such claim;
  7. Paradoxinfosec provides reasonable cooperation to the Client in the defence and settlement of such claim, at the Client’s expense; and
  8. the Client is given sole authority to defend or settle the claim.


LIMITATION OF LIABILITY AND INDEMNITY

  1. Except as expressly and specifically provided in this Agreement:
  2. the Client assumes sole responsibility for results obtained from the use of the Services by the Client, and for conclusions drawn from such use. Paradoxinfosec shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to Paradoxinfosec by the Client in connection with the Services, or any actions taken by Paradoxinfosec at the Client’s direction;
  3. all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this Agreement; and
  4. the Services are provided to the Client on an “as is” basis.
  5. In no event shall Paradoxinfosec, its employees, agents and subcontractors be liable to the Client to the extent that an alleged infringement is based on:
  6. a modification of the Services or Documents by anyone other than Paradoxinfosec; or
  7. the Client’s use of the Services or Documents in a manner contrary to the instructions given to the Client by Paradoxinfosec; or
  8. the Client’s use of the Services or Documents after notice of the alleged or actual infringement from Paradoxinfosec or any appropriate authority.
  9. Paradoxinfosec shall have no liability either:
  10. to the extent Paradoxinfosec cannot perform its obligations under this Agreement by reason of any failure, outage or interruption in any third party services required in connection with the Services (provided Paradoxinfosec has exercised reasonable due diligence in procuring such third party services); or
  11. in respect of any breach of this Agreement in relation to any matter which is wholly or primarily within the control of any provider of such third party services.
  12. Neither party excludes nor limits any liability for:
  13. personal injury (including sickness and death) to the extent that such injury results from the negligence or wilful default of a party or its employees;
  14. fraud or fraudulent misrepresentation; or
  15. any other liability to the extent it cannot be excluded or limited by law.
  16. In addition to Clause 62 and Clause 63, the Supplier shall not be liable for whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for:
  17. any special, indirect or consequential loss, costs, damages, charges or expenses however arising under this Agreement;
  18. any loss of profits, loss of business, depletion of goodwill and/or similar losses;
  19. loss or corruption of data or information;
  20. pure economic loss; or
  21. anticipated savings.
  22. Paradoxinfosec’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of this Agreement shall be limited to an amount equal to the total Fees paid or payable by the Client to Paradoxinfosec during the 12 months immediately preceding the date on which the claim arose.


GENERAL TERMS

  1. Force majeure: Paradoxinfosec shall have no liability to the Client under this Agreement if it is prevented from or delayed in performing its obligations under this Agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lockouts or other industrial disputes (whether involving the workforce of Paradoxinfosec or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or subcontractors, provided that the Client is notified of such an event and its expected duration.
  2. Costs: Each party is responsible for its legal and other costs in relation to the preparation and performance of this Agreement.
  3. Relationship of the parties: The parties are independent businesses and not partners, principal and agent, or employer and employee, or in any other relationship of trust to each other.
  4. Third party rights: For the purposes of the Contracts (Rights of Third Parties) Act 1999, this Agreement is not intended to and does not give any person who is not a party to it any right to enforce any of its provisions. However, this does not affect any rights or remedy of such a person that exists or is available apart from that Act.
  5. Assignment: The Client shall not, without the prior written consent of Paradoxinfosec, assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement. Paradoxinfosec may at any time assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement. This Agreement shall be binding upon and ensure to the benefit of the respective parties and their respective personal representatives, successors and permitted assigns.
  6. Entire Agreement: This Agreement contains the whole agreement between the parties relating to its subject matter and supersedes any prior agreements, representations or understandings between them unless expressly incorporated by reference in this agreement. Each party acknowledges that it has not relied on, and will have no remedy in respect of, any representation (whether innocent or negligent) made but not expressly embodied in this agreement. Nothing in this clause limits or excludes any liability for fraud or fraudulent misrepresentation.
  7. Severability: If any clause in this Agreement (or part thereof) is or becomes illegal, invalid or unenforceable under applicable law, but would be legal, valid and enforceable if the clause or some part of it was deleted or modified (or the duration of the relevant clause reduced), the relevant clause (or part thereof) will apply with such deletion or modification as may be required to make it legal, valid and enforceable, and the parties will promptly and in good faith seek to negotiate a replacement provision consistent with the original intent of this agreement as soon as possible.
  8. Waiver: No delay, act or omission by either party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
  9. Notices : Any notice required or permitted to be given hereunder shall be in writing, addressed to the relevant party as set out in the Terms Agreed Between The Parties.
  10. No partnership or agency : Nothing in this Agreement is intended to or shall operate to create a partnership between the parties, or authorise either party to act as agent for the other, and neither party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).
  11. Governing law and jurisdiction: This Agreement is governed by the law of England and Wales. All disputes under this agreement will be subject to the exclusive jurisdiction of the courts of England and Wales.


DEFINITIONS AND INTERPRETATION

Agreement – the Paradoxinfosec Terms and Conditions.

Aftercare Period – 7 days unless otherwise agreed by the Parties in writing.

Business Day – a day, other than a Saturday, Sunday or public holiday in England, when the banks in London are open for business.

Confidential Information – all data or information (whether technical, commercial, financial or of any other type) in any form acquired under, arising from or in connection with, this Agreement and any information used in or relating to the business of Paradoxinfosec (including information relating to Paradoxinfosec’s products (bought, manufactured, produced, distributed or sold), services (bought or supplied), operations, processes, formulae, methods, plans, strategy, product information, know-how, design rights, trade secrets, market opportunities, Client lists, commercial relationships, marketing, sales materials and general business affairs), and which are for the time being confidential to Paradoxinfosec.

Client – entity or person accepting this agreement.

Client Data – the data inputted by the Client (including their affiliates, employees, directors) into the Portal or otherwise provided to Paradoxinfosec as part of the Client’s use of Services.

Client Personal Data – the personal data processed by Paradoxinfosec on behalf of the Client.

Data Protection Laws – all applicable data protection and privacy legislation in force in the United Kingdom including (i) the GDPR to the extent that it forms local laws arising from Section 3 of the European Union (Withdrawal Act) 2018 (UK GDPR); (ii) the General Data Protection Regulation ((EU) 2016/679) (GDPR); (iii) the Data Protection Act 2018; (iv) the Privacy and Electronic Communications Regulations 2003 (SI 2003 No. 2426) as amended and any amendments to these laws as updated from time to time; and the guidance and codes of practice issued by the Information Commissioner or other relevant data protection or supervisory authority.

Fees – the fees listed in the Portal.

Intellectual Property Rights – copyright, patents, rights in confidential information, know-how, trade secrets, trademarks, trade names, design right, get-up, database rights, chip topography rights, mask works, utility models, domain names, rights in computer software and all similar rights of whatever nature and, in each case:

  • whether registered or not;
  • including any applications to protect or register such rights;
  • including all renewals and extensions of such rights or applications;
  • whether vested, contingent or future; and wherever existing.

Normal Testing Hours – 0900 to 1800 GMT each Business Day.

Penetration Testing – the penetration testing security testing and/or consultancy services provided by Paradoxinfosec to the Client as agreed between the parties in writing or through the Portal from time to time during the term of this Agreement. This may include but not limited to;

  • Infrastructure Penetration Testing (External & Internal)
  • Web Application Penetration Testing
  • Mobile Application Penetration Testing
  • Cloud Audits and Penetration Testing
  • Social Engineering and Physical Penetration Testing
  • Phishing Simulations

Personal Data Breach a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Client Personal Data.

Services – the security testing and/or consultancy services provided by Paradoxinfosec to the Client as agreed between the parties in writing or through the Portal from time to time during the term of this Agreement.

Subscription Period – the period of time selected by the Client when subscribing to subscription services where payment is required (such as Scan), typically annually or monthly.

Services Start Date – the start date for the Services as agreed between the parties in writing or through the Portal from time to time.

Target – an element of the Client’s IT infrastructure approved by a Portal User .

User – individual who is authorised to use the Portal

END OF DOCUMENT