Terms of Service
QONTROL
Preamble
These terms of service (the "ToS") apply to all products and services sold to all of its clients (the "Client(s)") by Articule, a simplified joint-stock company (société par actions simplifiée), registered with the Paris Trade and Companies Registry under number 843 409 954 and having its registered office at 231 Rue Saint-Honoré, 75001 Paris ("QONTROL").
QONTROL provides access to a SaaS (Software as a Service) platform via the website https://www.qontrol.io (the "Platform"), in order to assist the Client in deploying and monitoring its cybersecurity strategy, as well as connecting with partners (collectively the "Services").
Access to the Platform is granted through a Subscription and after acceptance of the ToS and the acceptable use policy (the "AUP"), which the Client acknowledges and accepts.
Having assessed the appropriateness of using such services, the Client has contacted QONTROL in order to benefit from the Services, as presented on the Platform, and governed by the ToS. The Client acknowledges having received all necessary information from QONTROL to accurately assess its own needs and has ensured that QONTROL's Services are suited to its requirements.
1. Definitions
| Term | Definition |
|---|---|
| Agreement | Means the entire contractual framework consisting of the ToS, the AUP, invoices, the DPA where applicable, and any annexes thereto. |
| Consultant | Means an information systems security officer (CISO or MSP acting in that capacity) who has either (i) subscribed to a Subscription in order to provide services to their own clients, or (ii) assists Clients, other than Consultants, who have subscribed to a Subscription. |
| Client | Means any professional within the meaning of the preliminary article of the French Consumer Code, whether a natural or legal person (through its representative), who purchases a module, subscribes to a Subscription or a Trial Period, and accepts the ToS and AUP. |
| Assessment | Means the identification of control points and the analysis performed. |
| Hosting | Means the hosting of the Platform on external servers. |
| Credentials | Means the access codes and password of an End User enabling access to the Services. |
| Trial Period | Means the option for QONTROL to offer, at its discretion, a free discovery period of the Platform and its Services, for a duration indicated at registration, to prospects who must accept the ToS and AUP. |
| Subscription | Means the Client's subscription to the Services for a specified duration and according to the terms presented on the Platform and confirmed by invoice. |
| End User(s) | Means any natural person, whether an employee, corporate officer, or collaborator of the Client, authorized under these ToS to use the Services within the scope of the Subscription taken out by the Client, by means of Credentials. |
2. Scope and purpose of the ToS
The ToS and the AUP govern the entire relationship between QONTROL and the Client, within the limits of the Services subscribed to. They are therefore not intended to govern the relationship between the Consultant and its own client whom it assists on the Platform, where applicable.
The ToS, AUP, and invoices constitute the entire agreement between the parties, thereby excluding the application of the Client's general purchasing terms and/or purchase orders.
The ToS set out the conditions for the provision of the Services by QONTROL to the Client in consideration for the Client's payment of the agreed price and compliance with the limits of use of the Services.
3. Effective date — Duration
The ToS shall enter into force on the date the Client subscribes to the Subscription and thereby accepts them.
By default, and unless otherwise specified at the time of subscription, the Subscription shall be for a period of one (1) month, tacitly renewable for successive periods of one (1) month.
The Client may also commit to longer periods, tacitly renewable under the conditions that may be offered by QONTROL.
4. Description of Subscriptions and Services
4.1 Subscriptions
QONTROL offers several Subscription plans providing access to varying levels of Services. Details of the various Subscriptions are available at https://www.qontrol.io.
4.2 Services
QONTROL offers several cybersecurity-related Services and provides the Client with a Platform accessible via QONTROL's remote servers, requiring an Internet connection.
This section describes the main Services offered by QONTROL, which are further detailed at https://www.qontrol.io.
The Services are constantly being improved and may evolve. QONTROL shall inform the Client by email, by notification on the Platform, through updates to the product documentation, and/or via an alert on the Client's and End Users' accounts of:
- any material change to the Services;
- any material new feature that may either be offered at an additional cost or integrated during the Subscription at no additional cost, at QONTROL's discretion.
5. Conditions for subscribing to the Services
5.1 Subscription process
Prior to any subscription, the Client may either view online materials presenting the Platform and the Services, or contact QONTROL for information and/or a demonstration of the Platform presenting all associated Services.
The Client subscribes to a Subscription by accepting these ToS and the AUP at Section 3 by ticking a checkbox.
The ToS and AUP are enforceable against the Client, who acknowledges having read and expressly accepted them without reservation before validating the subscription to the Subscription.
5.2 Access to the Platform
Access to the Platform ("Access") consists of Credentials and a means of identification.
The Client shall be held responsible for any loss, theft, misappropriation, or unauthorized use of the Credentials by an End User and the consequences thereof, including non-compliant use of the Services.
Where the Client is not a Consultant, the Client shall not grant access to the Platform, directly or indirectly, to any third party not part of its staff.
Access credentials are strictly personal and confidential. The Client undertakes to maintain their security and confidentiality and to impose the same obligations on End Users whose Access the Client has created.
Any Access made using the Client's (or End Users') Credentials shall be deemed to have been made by the Client. The Client must inform QONTROL without delay if it becomes aware that its Access has been used without its knowledge. The Client acknowledges QONTROL's right to take all appropriate measures in such cases, including the right to suspend Access.
6. Referral to third-party professionals
QONTROL may offer to connect Clients with cybersecurity professionals. Where a Client decides to implement an action outside the scope of the Platform's activities, whether on its own initiative or on the advice of its Consultant (such as penetration testing, incident investigation and response, or commercial contract audits), QONTROL shall use its best efforts to connect the Client with suitable professionals, through the Consultant if so requested.
The services or actions performed by professionals thus introduced to the Client are not included in the Services provided by QONTROL, are therefore not covered by these ToS, and depend on an independent commercial relationship between the professional and the Client, in which QONTROL acts solely as an intermediary.
7. "Qontrol Consultant" certification training
Consultants may complete a "Qontrol Consultant" certification training program enabling them to be certified for a period of one (1) year as a recognized QONTROL user. Details about the "Qontrol Consultant" certification training are available at https://www.qontrol.io.
This training is conducted over a half-day and concludes with an assessment, following which QONTROL shall determine, at its sole discretion and in accordance with industry standards, whether the conditions for the Consultant's certification have been met.
8. Right of use and intellectual property
QONTROL provides, among other things, a database protectable as such by intellectual property rights under Articles L.112-1 et seq. and L.341-1 et seq. of the French Intellectual Property Code. Only the rights specifically mentioned in the ToS are granted to the Client and the End User. In particular, QONTROL holds intellectual property rights over the Platform as a database, over the code, algorithms, updates, and related documentation.
The graphical elements, trademarks, the Platform, and associated documentation, also protectable under applicable French intellectual property laws, remain the property of QONTROL and may not be reproduced, represented, or have data extracted in whole or in part and/or transferred to another medium. The use of robots or software to extract, monitor, or copy without the prior written authorization of QONTROL is prohibited.
Access to the Platform and the Services confers only a non-exclusive, non-transferable license of use to the Client, who is responsible for End Users, as described in the ToS, solely during the validity of the Subscription.
QONTROL specifically grants the Consultant the right to sublicense to its own clients under the same conditions as set forth in this section.
Documents uploaded by the Client and the End User remain the property of the Client. QONTROL has only the right to use uploaded documents in order to deliver the associated Services.
QONTROL and the Client are each the sole and exclusive owners of the rights to their respective names, trademarks, and logos. No Party shall issue a press release without the approval of the other Parties.
9. Security
QONTROL implements the security measures necessary to enable the Client to navigate the Platform, as well as all technical means, in accordance with the state of the art, necessary to ensure the security of and access to the Platform.
The servers hosting the Services are located within the European Union.
QONTROL implements appropriate physical, technical, IT, cryptographic, and organizational measures to ensure the security and confidentiality of the Platform, the Services, and all data contained therein.
QONTROL reserves the right to immediately suspend access to the Services without notice in the event of force majeure, attempted intrusion, or breach of the Platform's security.
10. Artificial intelligence
10.1 AI features
The Application may integrate features using artificial intelligence technologies (hereinafter the "AI Features"). These AI Features can be enabled and disabled by the Client in the Application settings. When disabled, no Client data is transmitted to artificial intelligence providers.
10.2 Nature of results
The results produced by the AI Features are provided for informational purposes only and do not in any way constitute professional advice on cybersecurity, compliance, or risk management. The Client is solely responsible for the interpretation and use of the results produced by the AI Features.
10.3 Liability
QONTROL does not guarantee the accuracy, completeness, or relevance of the results produced by the AI Features. QONTROL's liability in respect of the AI Features is subject to the same limitations as those set out in Section 14.
10.4 Personal data
The processing of Personal Data in connection with the AI Features is described in the Personal Data Protection Policy and governed by the DPA where applicable.
11. Technical support
QONTROL may provide the Client with a support and assistance service, covering all Client questions relating to the use of the Platform. The terms of this support (including pricing) are described on the Platform.
Any issue related to Internet access or the configuration of the Client's equipment is not covered by Client support.
The contact details for technical support are available in the Client's account area on the Platform.
QONTROL shall use its best efforts to identify and correct Platform anomalies and to ensure the availability of the Platform.
During maintenance periods, the Platform and the Services in general shall not be accessible. QONTROL shall use its best efforts to minimize the duration of these maintenance periods and, where possible, to schedule them between 6:00 PM and 6:00 AM (French time).
12. Pricing, billing, and payment
12.1 Pricing
Prices are those displayed on the Platform at the time of subscription and are stated in euros, exclusive of taxes. QONTROL reserves the right to revise Subscription pricing. The new pricing shall take effect on the anniversary date of the Subscription. QONTROL undertakes to inform the Client at least thirty (30) calendar days before the new pricing takes effect, by email.
In the absence of objection from the Client, the new pricing shall be deemed accepted by the Client. In the event of refusal of the new pricing, the Subscription shall terminate automatically, without further formality, at its expiry date.
12.2 Billing and payment
Billing and payment terms are specified at the time of subscription and confirmed by invoice. Payment is made at the time of subscription or renewal of the Subscription. In the case of annual payment, any invoice shall be payable by the Client in full within fifteen (15) days of its dispatch to the Client.
The Client may request monthly payment of the annual Subscription. QONTROL is free to accept or refuse, and to set conditions for such payment (automatic debit, for example). In such case, any invoice shall be payable by the Client in full on the anniversary date of the subscription on a monthly basis.
Where applicable, the direct debit is carried out by a third-party banking services company, which alone retains the Client's banking details for this purpose. QONTROL does not store any banking details.
12.3 Late payment
Any amount not paid by the due date shall automatically and without prior formal notice give rise to late payment penalties equal to the rate applied by the European Central Bank to its most recent refinancing operation, plus 10 percentage points (pursuant to Article L. 441-10 of the French Commercial Code). Late payment penalties are payable without a reminder being necessary. In addition, a fixed compensation for recovery costs of a minimum of 40 euros is due by professional debtors in the event of late payment (Article D. 441-5 of the French Commercial Code).
Furthermore, in the event of non-payment of invoices by the due date, QONTROL shall have the right to automatically suspend the Access of the Client and all End Users linked to the Subscription to the Platform and the Services until full payment of the amounts due.
13. Termination
13.1 Termination by the Client
The Client may terminate the Subscription at any time before the expiry of the current Subscription period, by email to billing@qontrol.io or through the Client's account area on the Platform.
Any termination request from the Client shall be confirmed by email from QONTROL. Termination shall only take effect from the expiry date of the Subscription.
13.2 Financial consequences
In the event of termination of the Subscription before the scheduled term at the Client's initiative, or at QONTROL's initiative due to the Client's misconduct, regardless of the cause, the remaining fees shall become immediately due and payable by the Client as soon as possible and no later than fifteen (15) days after termination.
13.3 End of Subscription
At the end of the Subscription, for whatever reason, the Client must cease all use of the Platform's Services upon expiry of the Subscription. QONTROL shall not retain any documents uploaded by the End User on the Platform beyond a period of six (6) months from the end of the Subscription, and it is the Client's responsibility to retrieve uploaded and generated documents prior to the effective end date of the Subscription.
The processing of Personal Data upon expiry of the Subscription is governed by the provisions of the Personal Data Protection Policy and, where applicable, the DPA.
14. Liability
QONTROL undertakes to exercise all reasonably possible care in the performance of the Services, in accordance with the state of the art and technology. QONTROL is subject to an obligation of means for all Services.
The Client is solely responsible for its use of the Platform and the interpretations it makes of the Services enabled by the Platform. The Client is also responsible for the use made by End Users of the Platform and the Services. QONTROL cannot be held liable for any error, omission, or consequences of use of the Platform.
The use and operation of the Services by the Client are therefore carried out under the Client's sole responsibility and at the Client's own risk.
Under no circumstances shall QONTROL be liable for damages of any kind that may be caused by the information present on the Platform.
Subject to the foregoing, QONTROL's liability is limited to direct damages caused by a breach on its part. QONTROL shall in no event be liable for indirect or unforeseeable damages or damages that may result from the Client's use of the Platform. By express agreement between the Parties, indirect damage shall include, but not be limited to, any financial or commercial loss, business interruption, loss of profits, loss of business, loss of data, loss of information, loss of customers, damage to image or reputation, as well as any action brought by a third party against the Client.
In any event, should QONTROL's liability be established for direct damages suffered by the Client, the Client's right to compensation per contractual year shall be limited, all causes and damages combined, cumulatively, to the amount of the last twelve (12) months of Subscription received by QONTROL.
Where the Consultant has subscribed to the Subscription in order to provide services to its clients, the Consultant alone is responsible for any damages to its clients. QONTROL shall under no circumstances be liable for damages caused to the Consultant's client.
Furthermore, QONTROL's liability cannot be established if the Client has not itself complied with all of its obligations as set forth herein, or in the event of error or negligence on the part of the Client, one of its employees, or a third party appointed by the Client, as well as in the event of non-compliance with QONTROL's instructions by the Client, its employees, or said third party.
15. Personal data
QONTROL undertakes to comply with applicable personal data protection regulations, including French Law No. 78-17 of January 6, 1978, on Information Technology, Data Files and Civil Liberties, and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
These ToS are supplemented by the "Personal Data Protection Policy" detailing the rights of data subjects, QONTROL's obligations, and all information relating to the processing of personal data, available on the Personal Data Protection Policy page.
Where QONTROL processes Personal Data on behalf of the Client as a data processor within the meaning of the GDPR, the terms of such processing are governed by a Data Processing Agreement (DPA), available on the Data Processing Agreement (DPA) page.
16. Confidentiality
Unless expressly agreed otherwise in writing, the parties agree that all information and documents transmitted in connection with the Services are confidential ("Confidential Information"). The disclosure of any Confidential Information by the receiving party shall require the prior written authorization of the disclosing party. However, each party may disclose Confidential Information to its employees who have a reasonable need to know such Confidential Information and are bound by a confidentiality obligation. Each party shall be responsible for any breach of this clause by its employees.
The party receiving Confidential Information undertakes not to disclose it without the prior agreement of the other party, for a period of 10 (ten) years from the end of the Agreement.
The receiving party shall be released from any confidentiality obligation with respect to any information (i) that is in the public domain or generally accessible to the public, or (ii) that was known or communicated to the receiving party previously, without a confidentiality obligation, or (iii) that was lawfully obtained by the receiving party from a third party not bound by an obligation to the disclosing party, or (iv) that the receiving party is required to disclose by law or by court order, provided that the receiving party promptly notifies the disclosing party of such disclosure.
17. Miscellaneous provisions
17.1 References
Unless the other party has given prior, express, and written refusal, each party authorizes the other to use its corporate name and logo as a commercial reference, as well as in its presentations, client files, case studies, and other information or promotional materials.
17.2 Partial invalidity
If one or more terms, articles, or provisions of the ToS should, for any reason, be held invalid, illegal, or unenforceable, the validity, legality, or enforceability of any other term, article, or provision shall not be affected. The term, article, or provision held invalid, illegal, or unenforceable shall be modified and interpreted so as to best achieve the objective of the clause or part of the clause, to the extent permitted by law or the applicable court decision.
18. Force majeure
Neither party shall be held liable for the non-performance or delay in the performance of any of its obligations if such non-performance or delay results from force majeure within the meaning of Article 1218 of the French Civil Code.
The party affected by a case of force majeure shall inform the other party as soon as possible. The obligations of the parties shall be suspended for the duration of the force majeure event.
If the force majeure event continues for more than three (3) months, either party may terminate the Subscription as of right, by written notice to the other party, without compensation on either side.
19. Governing law and jurisdiction
The ToS are governed by French law, to the exclusion of conflict of laws rules.
The parties shall endeavor to resolve amicably any dispute of any nature, as well as any dispute relating to the formation or performance of the Services or the ToS.
Any dispute of any nature, as well as any dispute relating to the formation or performance of the Services or the ToS, shall be submitted to the competent court in Paris. This attribution of jurisdiction shall apply even in the event of summary proceedings, incidental claims, plurality of defendants, or warranty claims, and regardless of the method of payment.