Legal

Terms of Service

Last updated: March 2026

These terms govern the provision of cybersecurity compliance services by Certyn Ltd ("we", "our", "us") to you ("the Client"). By engaging our services, you agree to be bound by these terms. Please read them carefully before proceeding.

This document is a template and should be reviewed by a qualified solicitor before use. It is provided as a starting point and may not cover all legal requirements specific to your business circumstances.

01 Definitions

In these terms, the following definitions apply:

"Services" means the cybersecurity compliance assessment, remediation, certification assistance, training, and related consulting services as described in any proposal or statement of work
"Deliverables" means any reports, documents, policies, or other materials produced by us as part of the Services
"Confidential Information" means any information disclosed by either party that is marked as confidential or would reasonably be understood to be confidential
"Engagement" means the specific scope of work agreed between us, as set out in a proposal, email confirmation, or statement of work

02 Scope of Services

We provide cybersecurity compliance consulting services, including but not limited to readiness assessments, gap analysis, remediation guidance, policy drafting, certification support, and staff awareness training.

The specific scope, timeline, and deliverables for each engagement will be agreed in writing before work begins, typically in the form of a proposal or statement of work.

Any work requested outside the agreed scope will be quoted separately and requires written agreement from both parties before proceeding.

03 Client Responsibilities

To enable us to deliver our services effectively, you agree to:

Provide timely access to relevant systems, personnel, and documentation as reasonably requested
Designate a primary point of contact for the duration of the engagement
Provide accurate and complete information about your IT environment and business operations
Respond to requests for information within a reasonable timeframe
Implement recommended changes in a timely manner where certification deadlines are at stake

Delays caused by the Client in providing access or information may affect project timelines and are not the responsibility of Certyn.

04 Fees and Payment

Fees for our services will be set out in the relevant proposal or statement of work. Unless otherwise agreed:

Fixed-fee engagements are invoiced 50% upon commencement and 50% upon completion
Retainer services are invoiced monthly in advance
Ad hoc or day-rate work is invoiced monthly in arrears
All invoices are payable within 30 days of the invoice date
All fees are quoted exclusive of VAT, which will be added where applicable

Late payments may incur interest at 8% above the Bank of England base rate, in accordance with the Late Payment of Commercial Debts (Interest) Act 1998.

05 Intellectual Property

Upon full payment of all fees, the Client will own all Deliverables produced specifically for them as part of the engagement.

We retain ownership of all pre-existing materials, frameworks, templates, and methodologies used in the delivery of our services. The Client is granted a non-exclusive, non-transferable licence to use such materials for their internal business purposes only.

We reserve the right to reference the Client as a customer in marketing materials, unless the Client requests otherwise in writing.

06 Confidentiality

Both parties agree to keep all Confidential Information strictly confidential and to use it solely for the purposes of the engagement. This obligation continues for a period of 3 years after the end of the engagement.

Confidential Information does not include information that is publicly available, already known by the receiving party, independently developed, or required to be disclosed by law.

We take the security of client data seriously and apply appropriate technical and organisational measures to protect all information shared with us during the course of our work.

07 Limitation of Liability

Our services are advisory in nature. While we exercise reasonable skill and care in delivering our services, we cannot guarantee that your organisation will pass the Cyber Essentials certification assessment, as the final decision rests with the certifying body.

Our total liability under or in connection with any engagement shall not exceed the total fees paid by the Client for that engagement.

We shall not be liable for any indirect, consequential, or special losses, including but not limited to loss of profit, loss of business, loss of data, or reputational damage, howsoever arising.

Nothing in these terms excludes or limits liability for death or personal injury caused by negligence, fraud, or any liability that cannot be excluded by law.

08 Data Protection

Both parties agree to comply with all applicable data protection legislation, including the UK GDPR and the Data Protection Act 2018.

Where we process personal data on behalf of the Client, we will do so only in accordance with the Client's instructions and will enter into a separate data processing agreement where required.

Full details of how we handle personal data are set out in our Privacy Policy.

09 Term and Termination

Each engagement begins on the date agreed in the relevant proposal and continues until the Services are completed, unless terminated earlier.

Either party may terminate an engagement by giving 14 days' written notice to the other party
Either party may terminate immediately if the other party commits a material breach that is not remedied within 14 days of written notice
Upon termination, the Client shall pay for all Services delivered up to the date of termination

Termination does not affect any rights or obligations that have accrued before the termination date, including payment obligations and confidentiality provisions.

10 Force Majeure

Neither party shall be liable for any failure or delay in performing their obligations where such failure or delay results from circumstances beyond the reasonable control of that party, including but not limited to natural disasters, pandemics, government actions, or failures of telecommunications networks.

11 Dispute Resolution

In the event of any dispute arising from these terms or any engagement, the parties agree to attempt to resolve the matter through good faith negotiation in the first instance. If the dispute cannot be resolved within 30 days, either party may pursue resolution through the courts.

12 Governing Law

These terms shall be governed by and construed in accordance with the laws of England and Wales. Both parties submit to the exclusive jurisdiction of the courts of England and Wales.

13 General

These terms, together with any proposal or statement of work, constitute the entire agreement between the parties
No amendment to these terms shall be effective unless agreed in writing by both parties
If any provision of these terms is found to be invalid or unenforceable, the remaining provisions shall continue in full force and effect
A failure by either party to exercise any right under these terms does not constitute a waiver of that right
These terms do not create any partnership, agency, or joint venture between the parties

14 Contact

For questions about these terms, contact us at:

Certyn Ltd

Email: hello@certyn.co.uk

Address: [Your registered business address]