1. Parties
These Terms of Service (ToS) govern the contractual relationship between cyway GmbH (hereinafter the “Provider”) and their customers (hereinafter the “Customer”), jointly referred to as “Parties”.
2. Definitions
i. Service: Refers to software (SaaS) services as well as to professional services, such as advisory, consulting, managed services, implementation support, or other services. Services can both be packaged, as well as custom scoped.
ii. Subscription Services: Refers to services that are rendered on a continuous basis. They are marked with the word “subscription” or by having a start date but no end date in the Service Order.
iii. Service Description: The document outlining the scope of service, including deliverables.
iv. Terms of Service: This document, outlining provisions governing all services rendered.
v. Service Order: Documentation of Customer’s procurement of Services.
3. Service Ordering
i. Services can be ordered through a valid Service Order, whether executed in writing, submitted digitally, or placed through an approved customer portal.
ii. Additional services can be ordered at any time by any written means, including email acknowledgement, according to the terms detailed in the Service Order, subject to availability and acceptance of the Provider.
iii. In case that a previous service contract has already ended at the time of ordering additional services, the current Service Description, ToS, and GTC are equally considered accepted also for a new order.
4. Service Provisioning
i. Following acceptance of a valid Service Order referencing these Terms of Service, the Provider will provision access to relevant SaaS Services and prepare any applicable environments. Provisioning includes account creation, configuration of service parameters, and delivery of administrative credentials as required.
ii. Custom Services, such as security assessments and checkpoints, need to be scheduled at least 30 days in advance.
iii. For other Services, scheduling, resource allocation, and confirmation of scope and prerequisites can occur based on timelines agreed upon in the Service Order, but must always be completed before the specified service start date.
iv. The Customer agrees to provide necessary information, access, and cooperation to enable timely provisioning.
5. Service Delivery
i. Once provisioned, the Provider will deliver Services in accordance with the Service Description.
ii. The Provider continuously develops Services and regularly performs updates and upgrades. The Customer is informed about new capabilities as they become available.
iii. Professional Services are delivered per the mutually agreed scope, timeline, and milestones as defined in the Service Order and/or the Service Description.
iv. Services deliverables are deemed accepted unless the Customer objects in writing within 10 days of delivery or service end date.
v. In case of deficient service delivery, the Provider will take economically reasonable corrective actions, including identifying root causes, implementing fixes, and informing the Customer. These actions constitute the sole remedy unless otherwise agreed.
vi. The Customer must ensure availability of key personnel and timely approvals to facilitate efficient delivery.
6. Third-party Services, Integrations and Subcontractors
i. The Provider may leverage third parties to deliver services, such as Microsoft Azure for Datacenter hosting. The security of such systems is assessed by the Provider prior to integration and is made transparent to the Customer where relevant for regulatory compliance reasons, such as GDPR, upon request.
ii. The Provider may employ AI models for operations, analysis and reporting. Data fed into AI is pseudonymized or covered by appropriate processor agreements. No personal data is used without explicit DPA annex.
iii. The Provider may hire or enlist subcontractors/third parties to fulfill contractual services. Subcontractors will not have access to Customer data unless explicitly agreed with the Customer in writing. Upon request, the Provider shall inform the Customer about any subcontractors used. The Provider is not liable for failures or damages arising from third parties. The Provider will take measures to control access and quality in any event.
7. Fees and Payment
i. The Customer agrees to pay fees as specified in service orders or statements of work (SOW). Fees are payable in advance. Fees for unused, unscheduled, or otherwise expired services, apply regardless of usage.
ii. Expenses and fees accrued in course of delivering services to the Customer may be reclaimed by the Provider unless explicitly stated otherwise in the Service Order.
iii. In case of delayed payment, the Provider may block access to services. After 30 days or two warnings, the Provider may fully deprovision services, including potential irrevocable deletion of data, without releasing the Customer from any obligations to fulfil all contracted provisions. Costs incurred to restore service after payment resolution are entirely borne by the Customer.
8. Service Duration and Termination
i. The service contract begins with the Customer’s Service Order and ends with the delivery of items agreed upon in the Service Order or Service Description, or at the end date specified in the Service Order.
ii. Subscription services automatically renew for one billing period at the renewal date, 30 days prior to expiry. A billing period typically amounts to one year, unless stated otherwise in the Service Order. No explicit notification to or confirmation by the Customer is required for renewal.
iii. Upon termination or expiry, the Provider may block the Customer’s access and deprovision services, including irrevocable deletion of data.
iv. Termination must be made in writing and confirmed by Provider. A 30-day notice is required, effective from the next billing period. Unused services within the current billing period are not refundable and are invoiced fully.
v. Both parties may terminate the contract with immediate effect for good cause. Good cause for immediate termination of the contract is given in particular if the other party significantly violates the terms or contractual provisions, has become bankrupt or respective proceedings have been initiated, or has failed to provide payment for more than 30 days after having been reminded.
9. Customer Data
i. In accordance with EU/GDPR and based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the Swiss Confederation (Data Protection Act, DSG), every person has the right to protection of their privacy and protection against misuse of their personal data. The Provider complies with these provisions.
ii. Highest security standards are applied to safeguard sensitive customer data from leakage or corruption. Sensitive data is hosted in Microsoft Datacenters in EU/Switzerland, encrypted at rest and in transit, and segmented between customers. The Provider implements technical and organizational measures to protect data, including MFA, conditional access policies, and least privilege access.
iii. The Provider shall provide the Customer with an appropriate storage space for storing data.
iv. The Customer undertakes not to store any content on the storage space whose provision, publication or use violate applicable law or agreements with third parties.
v. The Customer is responsible for retaining data from services after their termination or expiry. The Provider is not obligated to store or make accessible data beyond the scope of service.
10. Intellectual Property and Rights of Use
i. The Customer receives a limited, non-exclusive, non-transferable license to use the services procured for the duration defined in the Service Order.
ii. All intellectual property rights to software, websites, and services remain the sole property of the Provider.
iii. Deliverable outcomes from services may be used solely for the Clients own direct business purposes and may not be redistributed. The Provider retains rights to all deliverables and grants the Customer a perpetual internal-use license. Customer owned data and IP remains with the Customer.
iv. The Customer is not permitted to duplicate or edit, reverse-engineer or otherwise tamper with services, other than expressly stated in the service description.
11. Confidentiality
i. The parties acknowledge that, based on their mutual business relations, they may have access to confidential information belonging to the other party. Confidential information includes software, the terms and conditions and contents of contracts, any technical documentation, specifications or other information relating to services, suppliers and business methods originating from the Provider. Each party agrees not to disclose any information of the other party to third parties or to use such information in any other context than the contractual context without the prior written consent of the other party, during the term of the contractual relationship and for three years thereafter.
ii. Ideas, concepts, information and techniques which were already known to the other party at the time of the establishment of the contractual relationship or which became known to the other party from a third party are excluded from the obligation of secrecy.
12. Referencing
i. Unless otherwise agreed, the Provider may include the Customer’s name and logo in a reference list or general promotional context.
13. Warranty and Liability
i. The Provider warrants the functionality and operational readiness of services in accordance with the service description and within SLA, where contractually defined.
ii. The Provider continuously monitors the core functionality of services and undertakes to eliminate and mitigate critical software errors.
iii. The Customer undertakes to indemnify the Provider against all claims related to content created, transmitted or stored by the Customer and to cover all cost incurred by the Provider to protect against such.
iv. For services with deliverable outcomes, the Provider’s liability ends with the acceptance of deliverables by the Customer.
v. The Provider is not liable for any indirect or consequential damages.
vi. In all cases, regardless of the basis of liability, any aggregated Provider liability is limited to the amount of the service fees in the last twelve months before the damage occurred.
vii. Neither party is liable for effects caused by events beyond reasonable control (Force Majeure).
14. Service Interruptions
Provider proactively performs patching, changes and general maintenance on Services to maintain high security standards. Such actions may result in temporary Service interruptions. Service availability for Customer is maximized and significant maintenance windows are announced ahead of time.
15. Changes to the Terms of Service
Provider reserves the right to modify these Terms or Services by publishing an updated version of this document under https://cyway.one/termsofservice. Customer is notified of such changes automatically if registered for notifications. Changes become binding unless Customer objects within 30 days of publication or notification.
16. Assignment
The Customer may not assign or transfer rights or obligations to other parties without Provider’s written consent.
17. Governing Law
These Terms and all legal relations between the two parties are governed by Swiss law. Exclusive jurisdiction is Zurich, Switzerland.
18. Precedence of Terms
In the event of any conflict or inconsistency between these Terms of Service and other contractual documents, included but not limited to General Terms and Conditions, these Terms of Service shall prevail.
19. Severability
Invalid provisions do not affect the validity of remaining terms. Both parties agree to negotiate replacement terms for potentially invalid provisions in good faith.