Terms of Service

General Terms and Conditions of Purchase

Our Services

1. AGREEMENT

1.1 Agreement Definition

The "Agreement" means:

  • The applicable purchase order issued by Bastion Technology
  • These General Terms and Conditions of Purchase
  • Any additional written agreements, such as a master agreement, statement of work, or letter agreement, signed by Bastion Technology and the Supplier

This is the exclusive agreement between the Supplier and Bastion Technology concerning the goods/services provided by the Supplier. By providing Deliverables to Bastion Technology, the Supplier agrees to be bound by the Agreement. The terms "Party" or "Parties" refer to either the Supplier or Bastion Technology.

1.2 Agreement Precedence

In case of a conflict between the terms of the Agreement, the following precedence applies:

  1. The applicable purchase order issued by Bastion Technology
  2. Any Additional Agreements
  3. These General Terms

1.3 Affiliate Definition

"Affiliate" means any entity controlled by or under common control with Bastion Technology, where "control" refers to the ability to direct management and policies through ownership, contract, or otherwise.

2. PERFORMANCE/WARRANTIES

The Supplier warrants that the Deliverables will be free from defects in material and workmanship and will conform to the Agreement's specifications. If any Deliverable fails to meet specifications, the Supplier will correct the deficiency at its cost within 10 days of receiving written notice. If not corrected within this period, Bastion Technology may require a full refund or replacement/re-performance at no charge. All Deliverables are subject to Bastion Technology's inspection and acceptance.

3. DELIVERY

Prices are based on delivery at the location specified by Bastion Technology, with Supplier responsible for duties, tariffs, freight, and other related costs. Title and risk of loss remain with the Supplier until the goods are delivered, inspected, and accepted by Bastion Technology. Supplier must replace goods lost or damaged in transit at no additional charge within 3 business days. Timely delivery is critical, and failure to deliver on time may result in termination of the Agreement.

4. PAYMENT, INVOICING, AUDIT, AND TAXES

4.1 Pricing

Prices exclude VAT or similar taxes and will be in the currency of the Bastion Technology entity in the Agreement.

4.2 Invoicing

The Supplier can invoice Bastion Technology after delivery, including appropriate documentation. Invoices should be submitted by email in a non-manipulable format. All invoices must comply with Bastion Technology's invoicing guidelines.

4.3 Payment Terms

Bastion Technology will pay valid invoices within 45 days, but payment does not constitute acceptance of the Deliverables.

4.4 Payment Disputes

Bastion Technology may delay or offset payments if there is a dispute or money owed by the Supplier.

4.5 Audit Rights

Bastion Technology may audit Supplier's records related to the Agreement for up to 3 years after the Agreement ends.

4.6 Tax Compliance

Applicable taxes will be billed separately. Bastion Technology will pay applicable taxes excluding those based solely on Supplier's income or property. The Parties will cooperate to minimize taxes where legally permissible.

4.7 Tax Evasion Prevention

Both Parties maintain policies to prevent tax evasion and agree to notify each other of any breaches. A breach may be considered a material breach under the Termination section.

5. REMEDIES

If a Deliverable infringes any third-party rights, Supplier will, at Bastion Technology's option and expense:

  • Obtain the necessary rights for Bastion Technology to use the Deliverable
  • Modify the Deliverable to make it non-infringing
  • Replace the Deliverable with a non-infringing one
  • Accept the return of the Deliverable and refund any amount paid

6. COMPLIANCE WITH LAWS

6.1 Legal Compliance

Supplier represents that it complies with all laws applicable to its performance under the Agreement, including:

  • Anti-corruption laws
  • Data privacy regulations (e.g., GDPR)
  • Trade Control Laws
  • Labor laws
  • Environmental laws

Supplier will not provide Deliverables that violate any such laws.

6.2 Export Controls

Unless otherwise agreed, Supplier will not provide Deliverables requiring an export license or government authorization. Supplier will provide Bastion Technology with export control classification information upon request.

6.3 Legal Violations

Supplier will notify Bastion Technology of any legal violations in its performance of the Agreement and will indemnify Bastion Technology for such violations.

7. LIABILITY AND INSURANCE

7.1 Liability Limitations

Bastion Technology will not be liable for lost revenues, profits, or any indirect, consequential, or punitive damages. Bastion Technology's total liability will not exceed the total price paid under the Agreement.

7.2 Insurance Requirements

Supplier will maintain appropriate insurance, including coverage for:

  • Business liability
  • Workers' compensation
  • Professional liability
  • Cyber liability (if accessing personal data)

7.3 Proportionate Liability

Proportionate liability legislation is excluded for all rights, obligations, and liabilities under this Agreement.

8. TERMINATION

Bastion Technology may terminate the Agreement for convenience at any time, with written notice to Supplier, without obligation for early termination fees or additional charges.

9. CONFIDENTIALITY AND PUBLICITY

9.1 Confidentiality Obligations

Supplier will keep the Agreement, Bastion Technology data, and other confidential information secret, ensuring its Personnel comply with confidentiality obligations. Supplier will not reference the Agreement or use Bastion Technology's name without prior consent.

9.2 Use of Confidential Information

Confidential information will be used solely for performing obligations under the Agreement.

9.3 Return of Information

Upon expiration or termination, or at Bastion Technology's request, Supplier will return or delete all confidential information and data.

10. ASSIGNMENT AND SUBCONTRACTING

10.1 Independent Contractor Status

Supplier is an independent contractor. No joint venture or employment relationship is created by the Agreement. Bastion Technology will not be liable for Supplier's Personnel.

10.2 Assignment Restrictions

Supplier will not assign or subcontract the Agreement without prior written consent from Bastion Technology but will remain responsible for any acts of subcontractors.

10.3 Bastion Technology Assignment Rights

Bastion Technology may assign its rights to any Affiliate, with prior consent from Supplier.

11. SUPPLIER STANDARDS OF CONDUCT

Supplier will adhere to ethical standards and report unlawful, unethical, or fraudulent conduct, consistent with Bastion Technology's Supplier Standards of Conduct.

12. GOVERNING LAW AND DISPUTES

12.1 Dispute Resolution

The Parties will attempt to resolve disputes confidentially and escalate to higher management before legal action.

12.2 Governing Law

The Agreement will be governed by the laws of the country where the Bastion Technology entity is located, with exclusive jurisdiction in its courts. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

13. GENERAL

13.1 Rights and Communications

A delay or failure to exercise rights will not waive them. An email will be considered a valid written communication.

13.2 Severability

If any part of the Agreement is invalid, the rest remains enforceable.

13.3 Modifications

Any changes to the Agreement must be made in writing, signed by both parties. Online terms or counteroffers will not apply.

13.4 Survival

Provisions that naturally survive termination or expiration, such as those related to compliance, liability, confidentiality, and governing law, will remain in effect.

14. DATA PROTECTION AND SECURITY

14.1 Data Protection Requirements

Supplier will, at all times:

  • Comply with applicable laws
  • Cooperate with Bastion Technology to ensure compliance with laws, including GDPR
  • Ensure the accuracy and currency of Bastion Technology's Personal Data
  • Assist with compliance efforts, including GDPR Articles 32-36
  • Not retain Personal Data longer than necessary
  • Ensure sub-processors are bound by equivalent data protection obligations

14.2 Security Incidents

"Security Incident" means a known or suspected accidental or unauthorized loss, acquisition, disclosure, access, use, or compromise of Bastion Technology Data. Supplier will implement reasonable security measures and notify Bastion Technology of any Security Incident within 48 hours.

14.3 Investigations

Supplier will notify Bastion Technology promptly in writing of any investigation, litigation, or dispute concerning Supplier's or its subcontractors' information security or privacy practices.

14.4 Data Transfers

Supplier will not transfer Bastion Technology's Personal Data originating from the EEA, UK, or Switzerland to jurisdictions outside of approved jurisdictions without entering into legally valid data transfer mechanisms.

15. INFORMATION SECURITY

15.1 Industry Standards

Supplier will implement security measures that comply with industry standards, ensuring the security, integrity, and confidentiality of Bastion Technology Data.

15.2 Illicit Code

Deliverables will be free of any harmful code (e.g., viruses, malware, backdoors) that may damage or disrupt Deliverables or associated equipment.

15.3 Software Security

Supplier will inventory and assess all software components for security defects or vulnerabilities, promptly notify Bastion Technology of any issues, and remediate them.

15.4 Security Assessment

Supplier will correct security deficiencies, allow security assessments, and address high or medium-rated security issues within agreed timeframes.

15.5 Application Security

Supplier will adhere to secure application development policies and ensure qualified personnel perform development, testing, and deployment activities.

15.6-15.8 Security Testing

Supplier will conduct regular vulnerability scanning, security assessments, and penetration testing, addressing high-risk findings within 30 days.

15.10-15.15 Security Controls

Supplier will implement and maintain:

  • Strong password management
  • Cryptographic controls
  • Secure data disposal
  • Operations security
  • Encrypted data transfer and storage
  • Workstation encryption