TRINITY LABS S.R.L.S.
These General Terms and Conditions govern the contractual relationships between Trinity Labs S.r.l.s., with registered office at Piazza IV Novembre 4, 20124 Milan (MI), Tax Code and VAT No. 14167650960 (hereinafter "Trinity Labs") and the Client, in relation to the provision of services and products in the fields of cybersecurity, data protection, and IT security management, as specified in the contractual proposal and any attached technical documents.
Trinity Labs undertakes to provide the Client with services falling into the following categories:
The technical specifications of the services will be detailed in the contractual documents signed from time to time.
The Client undertakes, for the entire duration of the contract and for 24 months following its termination, not to directly or indirectly offer employment to personnel made available by Trinity Labs, nor to collaborators or consultants indicated by the latter.
In case of violation, a penalty equal to twelve (12) monthly payments of the daily cost of the resource, multiplied by 22 days, will be due. This clause also applies in the case of proposals mediated by third-party companies (art. 1382 c.c.).
3.1 The Client undertakes to pay Trinity Labs the agreed fees, within the times and methods indicated in the accepted commercial offer.
3.2 Pursuant to art. 1462 c.c., the Client may not raise exceptions or disputes before fully fulfilling the payment obligation.
3.3 In case of delay or non-payment, Trinity Labs may suspend the provision of services without further notice (art. 1460 c.c.).
The Client may withdraw from the contract by written communication with the following notice periods:
In the absence of timely termination, the contract will automatically renew for the same duration.
The Client authorizes Trinity Labs to carry out the planned activities, declaring full availability and legitimate ownership of the environments, systems, and data subject to intervention. The Client indemnifies Trinity Labs from any liability for direct or indirect damages resulting from non-compliant environments or those not fully under its control (art. 1229 c.c.).
For the resale of hardware and software, Trinity Labs acts as a commercial intermediary without assuming responsibility for defects, flaws, or malfunctions attributable to the vendor (arts. 1470 et seq. c.c.).
7.1 CISO as a Service / Fractional CISO / vCISO: Temporary staffing for Security Manager or CISO. Termination: 3-6 months. Prohibition of hiring with penalty.
7.2 DPO Service: Temporary staffing for Data Protection Officer. Termination: 6 months. Obligation to maintain the distinction between DPO and Controller roles.
7.3 ISO 27001, ISO 22301, SOC 2 Projects: Completion upon audit confirmation. Obligation of the Client to set the date and actively collaborate.
7.4 Assessment & Compliance: No guarantee of full compliance. Prohibition of hiring with penalty.
7.5 Professional Services: Termination for three-year contracts: 6 months. Obligation of the Client to keep systems updated.
7.6 Vulnerability Assessment & Penetration Test: Termination: 6 months for continuous contracts. Prohibition of hiring with penalty.
7.7 Incident Response: On-call service. Increased rates for nights/holidays. Non-payment = immediate termination.
7.8 Cybersecurity Awareness & Simulated Phishing: Termination: 3 months. Immediate suspension in case of insolvency.
7.9 Hardware & Software Resale: Termination for multi-year contracts: 6 months.
8.1 For training and phishing simulation services, the Client must ensure the integrity and availability of email addresses and whitelist the IPs provided by Trinity Labs.
8.2 For support, monitoring, and maintenance services, the Client must keep the technologies under its responsibility active and updated.
10.1 Trinity Labs, as Data Controller pursuant to EU Regulation 2016/679 (GDPR) and applicable national legislation, guarantees that personal data will be processed in compliance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality.
10.2 The Client, as Data Controller or Joint Controller of the data processed during the provision of services, undertakes to:
10.3 Trinity Labs undertakes to process personal data exclusively for purposes related to the execution of the contract and to comply with regulatory obligations.
10.4 The Parties acknowledge that they have mutually adopted appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as required by arts. 32 et seq. GDPR.
10.5 Trinity Labs assumes no responsibility for unlawful processing resulting from information, data, or materials provided by the Client without a legitimate legal basis.
This contract is governed by Italian law. For any disputes, the Court of Milan will have exclusive jurisdiction (arts. 1341 and 1342 c.c.).
9.1 The invalidity of a single clause does not invalidate the entire contract.
9.2 Contractual amendments will only be valid if formalized in writing.
There is no spoon.
P.IVA 14167650960 | PEC: trinitylabs@pec.it
Trinity Labs s.r.l.s. All Right Reserved