Terms of Use and Sale

1.Publisher identification and contact

Publisher: CYBEX-ASSISTANCE SAS, a simplified joint-stock company registered with the Bordeaux Trade and Companies Register under number 848 560 694, whose registered office is located at Hangar 15, Now Coworking, Quai des Chartrons, 33000 Bordeaux, France.

Share capital: €100,000.00

VAT number: FR29848560694

General contact: contact@cybex-assistance.com — +33 (0)1 85 60 30 30.

Hosting provider for the platform and website: OVH

The SILMA platform is accessible at https://silma.cybex-assistance.com/ or at any other address communicated by CYBEX-ASSISTANCE.

2.Definitions

• Administrator: User with administration rights over the Customer Account.
• Customer: legal entity or professional contracting with CYBEX-ASSISTANCE to access SILMA and/or order Services.
• Account: secure access space allowing the Customer and its Users to use SILMA.
• Content: means any information, data, elements and/or media of any nature whatsoever, in any format, intended to be implemented, distributed or communicated on the Tool in any manner whatsoever.
• Contract: the contractual whole composed, where applicable, of the quote, purchase order, specific contract, appendices, DPA, these Terms and service documents.
• Customer Data: data, information, files, reports, parameters, technical scopes, domains, IP addresses, questionnaire responses and content entered or imported into SILMA by the Customer or on its behalf.
• Advantage Points: free promotional benefits possibly granted by CYBEX-ASSISTANCE, without autonomous monetary value.
• Report: document or output generated by SILMA or by CYBEX-ASSISTANCE from a Service.
• Services: means all services provided by Cybex-assistance to Users by means of the Tools, such as, without limitation, the consultation of various information, the downloading of content, contact with Cybex-assistance via forms and the follow-up of the business relationship with Cybex-assistance. In particular cyber maturity, external exposure, internal surface, EDR/XDR supervision, data leak, Sherlock assistant, compliance, financial risk, reports and dashboards.
• SILMA or Platform: software solution published or operated by CYBEX-ASSISTANCE allowing cybersecurity indicators and services to be centralized, managed and monitored.
• User: natural person authorized by the Customer to access SILMA.

3.Purpose and scope

These general terms of use and sale define the conditions of access to SILMA, use of the Platform, ordering of the Services and handling of claims.

SILMA is a platform that supports the management of cyber resilience. It provides indicators, scores, dashboards, reports and recommendations intended to facilitate the understanding and prioritization of cybersecurity actions.

SILMA constitutes neither an emergency incident response service, nor an official security certification, nor a guarantee of the absence of vulnerability, incident, loss or insurance coverage.

Unless otherwise agreed in writing, the Platform is reserved for professional Customers acting for the purposes of their business.

4.Acceptance, enforceability and contractual hierarchy

Access to SILMA or use of a Service implies unreserved acceptance of these Terms by the Customer and its authorized Users.

When the Customer accepts a quote, purchase order or specific contract, these documents prevail over the Terms in case of contradiction.

The following hierarchy applies, unless otherwise stipulated: specific contract or special conditions, personal data processing appendix, quote or purchase order, these Terms, functional documentation.

The Customer ensures that all its Users comply with these Terms. Any action carried out from an Account is deemed to be performed by the Customer, unless proven otherwise.

5.Access conditions and Account management

The Customer warrants that the information provided to CYBEX-ASSISTANCE is accurate, complete and up to date, in particular its identity, its SIREN/SIRET, its contact details, its technical scope and its authorized Users.

Each User must have a personal login. Credentials are strictly personal, confidential and must not be shared.

CYBEX-ASSISTANCE may require the activation of multi-factor authentication, in particular for administrator or partner Accounts.

The Customer is responsible for managing its authorizations, revoking the access of persons who have left its organization and protecting its workstations, browsers, systems and passwords.

Any suspicion of compromise, unauthorized access or fraudulent use must be reported without delay via SILMA support or to contact@cybex-assistance.com.

6.Compliant use of SILMA

The Customer and Users refrain from any use of SILMA contrary to the law, the rights of third parties, public order, these Terms or the purpose of the Platform.

In particular, it is prohibited:

• To use SILMA to attack, disrupt, circumvent or compromise third-party systems;
• To import illegal, malicious, defamatory, infringing, secret or unauthorized content;
• To carry out reverse engineering, mass extraction, scraping, reproduction or technical circumvention of the Platform;
• To create an Account with a usurped identity, SIREN/SIRET or professional capacity;
• To use SILMA reports, scores or recommendations in a misleading manner or out of context.

CYBEX-ASSISTANCE may suspend access, refuse an order, block a scope or delete content in case of security risk, illegal use, fraud, non-payment or infringement of third-party rights. Where the situation allows, the Customer is informed of the reasons for the measure.

7.Authorizations relating to cyber scopes

Before any activation of a Service involving a scan, supervision, surface analysis, signal collection, agent installation, API connection or processing of technical data, the Customer warrants that it holds all necessary rights, authorizations and permissions.

The Customer is solely responsible for the accuracy of the scope provided: domains, IP addresses, assets, Endpoints, tenants, cloud environments, organizations, portfolios, suppliers, users and contacts.

Any active analysis of a third-party system not controlled by the Customer is prohibited without prior authorization from the relevant holder. Passive analyses or those based on publicly accessible data may only be carried out within a lawful, proportionate framework that complies with the purpose of the Service.

CYBEX-ASSISTANCE may request any proof of authorization and refuse or interrupt a Service if the scope appears contentious, disproportionate, dangerous or non-compliant.

8.Nature of the Services and functional limits

SILMA Services may include, depending on the Contract: maturity questionnaires, external exposure scans, internal surface scans or analyses, EDR/XDR supervision, data leak monitoring, compliance mapping, Sherlock assistant, threat intelligence, reporting, scoring and financial quantification of risk.

The results provided are decision-support aids. They may contain false positives, false negatives, errors, coverage limits, synchronization lags or dependencies on third-party APIs and sources.

Recommendations must be assessed by the Customer in light of its context, architecture, regulatory obligations and business priorities.

The Services do not replace a certifying regulatory audit, an accreditation, an official qualification, legal advice, a judicial expert assessment, a complete forensic analysis or an insurer’s decision.

9.SILMA Score, reports and validity period of the Services

The SILMA score is a synthetic indicator intended to facilitate the management and monitoring of a cybersecurity posture. The calculation methods, sources, weightings and thresholds may evolve in order to improve the relevance of the Platform.

Each Report or Service may be assigned a validity period. Upon expiry, the Report may remain viewable for historical purposes, but the expired Service no longer influences the active score, unless otherwise stipulated in the Contract.

Indicative durations appear in Appendix 1. They may be modified by special conditions, the quote or the Service datasheet.

The Customer must not present an expired score, report or indicator as current.

10.Orders, quotes and activation of the Services

The Services may be ordered via the Platform, by quote, purchase order, specific contract or any other process accepted by CYBEX-ASSISTANCE.

An order is deemed firm only after validation by CYBEX-ASSISTANCE and, where prior payment is required, after effective collection of the sums due.

CYBEX-ASSISTANCE may refuse or suspend an order in case of non-payment, incomplete information, doubt about the scope, legal risk or security risk.

Execution times are indicative unless a specific written commitment is made. They may depend on the information provided by the Customer, the availability of third-party APIs, maintenance, volume and the complexity of the scope.

11.Prices, invoicing and payment

Prices are stated in euros excluding tax, unless otherwise indicated. Applicable VAT and taxes are added in accordance with the regulations in force.

Unless otherwise agreed in special conditions, Services ordered via the Platform are payable by bank transfer to CYBEX-ASSISTANCE SAS before activation. Bank details are communicated to the Customer at the time of the order or on the invoice.

Where CYBEX-ASSISTANCE grants payment on term, invoices are payable within the period indicated on the invoice or quote. Failing that, the period is thirty days from the invoice issue date.

In case of late payment between professionals, late-payment penalties are due as of right, without prior reminder, at the rate indicated on the invoice or, failing that, at a rate equal to three times the legal interest rate. A fixed recovery-cost indemnity of 40 euros is also due, without prejudice to additional compensation on proof if the costs incurred are higher.

Any non-payment may result in the suspension of access, Service activations, reports or ongoing processing, without prejudice to the sums remaining due.

12.Advantage Points

Advantage Points, where they exist, are free commercial benefits, non-assignable, non-refundable and without autonomous monetary value. They may give access to a discount or a promotional activation according to the rules displayed on SILMA.

In case of fraud, abuse, manifest error, non-payment, termination for fault or breach of these Terms, CYBEX-ASSISTANCE may cancel the relevant Credits or Points and suspend the associated Services.

13.Right of withdrawal

As SILMA is reserved for professional Customers acting for the purposes of their business, the right of withdrawal under the French Consumer Code is not intended to apply.

If, by exception, an order were concluded with a consumer or within a framework subject to consumer law, the pre-contractual information, the right of withdrawal, its exceptions and the standard form would be communicated separately before the order. The immediate performance of a Service before the end of the withdrawal period could only take place after express request and, where the law so requires, express waiver of the right of withdrawal.

14.Support, maintenance and availability

Technical support is accessible via the ticket tool integrated in SILMA or via the contact details communicated by CYBEX-ASSISTANCE.

Unless a specific commitment is made, support is available on business days, excluding French public holidays, from 8:00am to 12:00pm and from 1:00pm to 5:00pm, Paris time.

CYBEX-ASSISTANCE implements reasonable means to keep SILMA accessible and functional. The Platform may nevertheless be unavailable due to maintenance, updates, evolutions, incidents, security, network constraints, hosting provider, third-party suppliers or force majeure.

Planned maintenance operations are, where possible, notified in advance. Urgent security maintenance may take place without notice.

15.Third-party services, APIs and supplier dependencies

Certain Services rely on third-party publishers, solutions, APIs, databases, cloud providers, hosting providers or partners, in particular for EDR/XDR, external posture, compliance, threat intelligence or leak detection.

The Customer acknowledges that the availability, accuracy, scope, timing and features of these third-party services may affect SILMA results.

Where third-party conditions apply, the Customer undertakes to comply with them insofar as they are communicated to it or applicable to its use.

CYBEX-ASSISTANCE may replace a third-party supplier with an equivalent solution, provided this does not substantially degrade the contractual Service.

16.Sherlock AI assistant

Sherlock is an assistant that helps to understand and explain cyber topics. Its responses are generated automatically and may be incomplete, imprecise or unsuited to the Customer’s context.

Sherlock’s responses do not constitute legal advice, certifying expertise, a mandatory operational instruction, an insurance decision or a judicial expert opinion.

The Customer must not enter into Sherlock any secrets, passwords, health data, sensitive data, classified information, unnecessary personal data or information belonging to third parties without authorization.

Any operational decision taken on the basis of a Sherlock response must be validated by a competent person.

17.Intellectual property

SILMA, its interfaces, code, databases, algorithms, scoring methods, trademarks, logos, texts, graphics, documentation, report templates and visual elements remain the property of CYBEX-ASSISTANCE or its licensors.

Subject to payment of the sums due, CYBEX-ASSISTANCE grants the Customer a personal, non-exclusive, non-assignable and non-transferable right to use SILMA for the duration of the Contract and for its internal needs or those expressly provided for in the Contract.

The Customer retains ownership of its Customer Data. It grants CYBEX-ASSISTANCE the right to use, host, process, display, analyze and restore it for the purposes of performing the Services, security, support, evidence and improvement of the Platform, in compliance with the Contract and applicable regulations.

Feedback, suggestions or improvement requests submitted by the Customer may be used freely by CYBEX-ASSISTANCE to improve SILMA, without obligation of remuneration, subject to not disclosing the Customer’s confidential information.

18.Confidentiality

Each Party undertakes to preserve the confidentiality of non-public information received from the other Party in the context of SILMA, in particular technical, commercial, financial, organizational information, reports, scores, vulnerabilities, incidents, security data and cyber scopes.

This obligation does not apply to information that is public, already lawfully known, received from an authorized third party, independently developed, or whose disclosure is required by law, an authority or a court decision.

Confidentiality obligations survive for five years after the end of the Contract, or longer where the nature of the information or the law requires.

19.Personal data

CYBEX-ASSISTANCE and the Customer undertake to comply with the applicable regulations on the protection of personal data, in particular the GDPR and the French Data Protection Act (loi Informatique et Libertés).

Depending on the processing, CYBEX-ASSISTANCE may act as data controller, in particular for commercial and administrative management, invoicing, Platform security, support and prospecting, or as a processor when it processes personal data on behalf of the Customer within the framework of the Services.

Information relating to the processing carried out by CYBEX-ASSISTANCE as data controller must appear in a separate privacy policy, accessible from SILMA.

Where CYBEX-ASSISTANCE acts as a processor, the Parties must conclude a personal data processing appendix compliant with article 28 of the GDPR, specifying in particular the subject matter, duration, nature, purposes, categories of data, data subjects, documented instructions, security, sub-processors, assistance, restitution and deletion of data.

The Customer undertakes not to import into SILMA any sensitive data, health data, criminal data, third-party trade secrets or unnecessary personal data, except with prior written agreement and an appropriate processing framework.

20.Security and incident notification

CYBEX-ASSISTANCE implements reasonable technical and organizational measures to protect SILMA, taking into account the nature of the Services, the state of the art, the risks, the sensitivity of the data and the available means.

The Customer remains responsible for the security of its environments, accounts, networks, workstations, agents, connectors, access rights, backups and configurations.

In case of a security incident significantly affecting the Platform or the Customer Data, CYBEX-ASSISTANCE informs the Customer within the best reasonable timeframe, subject to the requirements of investigation, security, confidentiality and legal obligations.

Where an incident constitutes a personal data breach within the meaning of the GDPR and CYBEX-ASSISTANCE acts as a processor, the notification arrangements are those provided for in the personal data processing appendix.

21.Cookies and trackers

SILMA and the associated website may use cookies and trackers necessary for operation, security, authentication, audience measurement, experience improvement or optional features.

Trackers that are not strictly necessary are subject to prior consent where the regulations require it. The user must be able to accept, refuse and withdraw their consent just as easily.

A separate cookie policy must present the categories of cookies, purposes, durations, publishers, legal bases and consent management arrangements.

22.Liability

Each Party is liable for direct damages caused to the other Party by a faulty non-performance of its contractual obligations, under the conditions of ordinary law.

Except in cases of gross negligence, wilful misconduct, infringement of intellectual property rights, breach of confidentiality, failure to meet payment obligations or any mandatory provision to the contrary, the total cumulative liability of CYBEX-ASSISTANCE under the Contract is limited to the amount excluding tax actually paid by the Customer for the relevant Services during the twelve months preceding the triggering event.

CYBEX-ASSISTANCE cannot be held liable for indirect damages, loss of operations, loss of revenue, loss of margin, loss of opportunity, damage to image, loss of data not attributable to CYBEX-ASSISTANCE, reconstitution costs, an insurer’s decision, a third party’s decision or the consequences of a misinterpretation of SILMA results.

CYBEX-ASSISTANCE does not guarantee that SILMA will detect all vulnerabilities, all leaks, all threats, all incidents or all non-compliances.

The Customer is responsible for the decisions made on the basis of SILMA reports, scores, alerts and recommendations, as well as for the effective implementation of remediation measures.

23.Suspension and termination

The Contract takes effect from the acceptance of these Terms, the opening of the Account, the signing of the quote or any other applicable contractual document.

The Customer may request the closure of its Account according to the arrangements provided for in SILMA or in writing, subject to payment of the sums due and ongoing commitments.

CYBEX-ASSISTANCE may suspend or terminate all or part of the access in case of serious breach, non-payment, fraud, illegal use, security risk, infringement of third-party rights or non-compliance with these Terms.

Except in cases of emergency, security, fraud or serious fault, CYBEX-ASSISTANCE sends the Customer a prior notice allowing it to remedy the breach within a reasonable period.

At the end of the Contract, access may be deactivated. The Customer must request the export of its Reports and Customer Data before the end date or within thirty days following the end, unless otherwise stipulated. CYBEX-ASSISTANCE may then delete or archive the data according to its legal, evidentiary, accounting, security and GDPR obligations.

24.Claims

Any claim may be addressed via SILMA support, by email to contact@cybex-assistance.com or by post to the registered office of CYBEX-ASSISTANCE.

The claim must allow identification of the Customer, the relevant User, the Service, the order, the date, the scope and the factual elements necessary for processing.

CYBEX-ASSISTANCE endeavours to respond within a reasonable period, without this period constituting a performance commitment unless specifically agreed.

25.Mediation and amicable settlement

For professional Customers, the Parties endeavour to amicably resolve any dispute relating to the interpretation, performance or termination of the Contract.

The Parties may agree to resort to conventional mediation or any amicable method of dispute resolution before any legal action, without prejudice to emergency, protective or recovery proceedings.

Competent mediator: see the list of mediators attached to the Bordeaux Court of Appeal: https://www.cours-appel.justice.fr/bordeaux/mediateurs-de-justice

26.Force majeure

No Party may be held liable for a failure due to a force majeure event within the meaning of article 1218 of the French Civil Code and French case law.

The following are in particular likely to constitute cases of force majeure, subject to the legal conditions: natural disasters, conflicts, external strikes, massive network or energy failure, acts of public authority, major unavailability of a critical supplier, large-scale external cyberattack not attributable to the affected Party.

The affected Party informs the other Party within the best reasonable timeframe and takes the necessary measures to limit the effects of the event.

27.Amendment of the Terms and evolution of SILMA

CYBEX-ASSISTANCE may evolve SILMA, its features, its calculation methods, its interfaces, its Services, its suppliers and these Terms.

Substantial amendments to the Terms are brought to the Customer’s attention by any appropriate means, in particular email, notification in SILMA or publication on the website.

The amendments enter into force on the indicated date. If the Customer refuses a substantial amendment that significantly degrades its rights, it may terminate the relevant Service under the conditions provided for in the Contract.

The applicable versions may be archived by CYBEX-ASSISTANCE for evidentiary purposes.

28.Applicable law and competent jurisdiction

These Terms and the Contract are subject to French law.

For professional Customers, any dispute relating to the validity, interpretation, performance or termination of these Terms or the Contract shall fall within the exclusive jurisdiction of the Bordeaux Commercial Court, including in cases of multiple defendants, warranty claims, summary proceedings, applications or protective proceedings.

This clause applies subject to any mandatory provisions to the contrary.

29.Contractual language

The contractual language is French. Any translation is provided for information purposes. In case of contradiction between a French version and a translation, the French version prevails, unless otherwise agreed in writing.