Terms and Conditions of Service Use

Any offer accepted directly or through our partners implies acceptance of the terms and conditions detailed below. The general terms and conditions will apply to all service sales by SC BRAINCAP S.R.L. to the Client. If you do not accept the terms and conditions outlined in this document, do not use our services. 

The general terms and conditions are considered accepted by the client either directly or by placing an order through our partners. Thus, by entering into legal relations with our partners following the confirmation of the order by SC BRAINCAP S.R.L., these will represent the service contract governing the contractual relationship between the parties. 

In accordance with legal provisions, we inform you that you will lose the right of withdrawal after the full execution of the contract by SC BRAINCAP S.R.L.

Terms:

  • Client: The natural or legal person who places an order for services directly or through Partners.
  • Partner: The legal entity that intermediates a service of SC BRAINCAP SRL to the client.
  • Provider: SC BRAINCAP SRL, registered at the Trade Register under no. J40/11790/2008, CUI: RO24163684, with its headquarters in Bucharest, Bd. Dimitrie Pompeiu no. 5-7, Hermes Campus 1, building B, 2nd floor, room 221, sector 2.
  • Services: Any services offered by SC BRAINCAP SRL to the Client directly or through a Partner.
  • Order: The agreement between SC BRAINCAP SRL and the Client/Partner through which SC BRAINCAP SRL undertakes to deliver the services, and the Client to pay for them.
  • Contract: An Order confirmed by SC BRAINCAP SRL.

Details regarding the characteristics of services or products can be provided by phone or email upon request.

Services Offered:

  • VPS (Virtual Private Server) hosting services
  • Dedicated server rental services
  • Server colocation services
  • IT consulting and support services
  • Server administration services
  • IT equipment sales

By confirming an Order with SC BRAINCAP SRL, the Client agrees to the Terms and Conditions of SC BRAINCAP SRL. The acceptance of the order by SC BRAINCAP SRL is considered complete upon confirmation via email. Any order not confirmed by SC BRAINCAP SRL will not be considered a Contract.

Pricing:

  • The prices offered and accepted represent the monthly subscription for the client/partner.
  • Prices are calculated FRANCO BENEFICIARY and are valid for a contractual period of 12 or 24 months from the signing of the contract.
  • VAT in force at the time of invoicing will be added to the prices in the offer.
  • Prices in RON are calculated by multiplying with the official BNR exchange rate of the currency in which the offer was made.
  • Any changes in Romanian legislation (customs duties, excise taxes, taxes, etc.) after the date of the offer will automatically lead to its recalculation.

Payment Method:

  • Payment by bank transfer (payment order)

  • Payment by payment order is made only based on the invoice issued by SC BRAINCAP SRL, sent by email to the Client/Partner.

  • Order processing and service delivery will be carried out after payment confirmation, in the following account:

    Company name: SC BRAINCAP SRL Bank account: RO50RZBR0000060026249148, opened at Raiffeisen Bank SA Unique registration code: RO24163684

Regardless of the currency you have in your account, transactions are made in RON, at your bank's exchange rate.

Service Suspension for Non-payment:

  • SC BRAINCAP SRL has the right to suspend any service provided after 15 days from the due date of payment if it has not been made.

Right of Withdrawal:

  • Each of the services offered benefits from a 14-day full refund guarantee if you exercise your right of withdrawal from the contract, without giving any reason. We inform you that you will lose the right of withdrawal after the contract is executed by SC BRAINCAP SRL, except for VPS services, for which you can exercise the right of withdrawal even after the service execution, within 14 days.
  • The withdrawal period expires 14 days from the day of the order launch or payment.
  • To exercise the right of withdrawal, you must inform us of your decision to withdraw from this contract using an unequivocal statement, for example, a letter sent by mail to the registered office address or email to support@braincap.ro.
  • To meet the withdrawal deadline, it is sufficient to send your communication regarding the exercise of the right of withdrawal before the withdrawal period expires.
  • If you withdraw, we will reimburse any amount received from you, no later than 14 days from the date we are informed of your decision to withdraw from this contract. We will make this reimbursement using the same payment method used for the initial transaction unless you have expressly agreed otherwise; in any case, you will not incur any fees as a result of such reimbursement.
  • The right of withdrawal cannot be exercised after the provision of services, except for VPS services, for which you can exercise the right of withdrawal even after service execution, within 14 days.

Termination:

  • At the client's request, a service contract concluded with SC BRAINCAP SRL can be terminated with a prior notice of 30 days. Termination requests will not be accepted as long as the account has outstanding payments. Termination requests will be communicated in writing, not by phone, tickets, or live chat, etc.
  • If the client requests the termination of the contract (except for the right of withdrawal) without any fault of SC BRAINCAP SRL, the annual price paid in advance by the Client for the entire year will not be refunded, the difference being retained by SC BRAINCAP SRL as damages, considering that the Client benefited from a discount for making the advance payment.
  • SC BRAINCAP SRL or the client can terminate the agreement (without prejudicing other rights) if one of the involved parties significantly breaches the agreement (including but not limited to a breach of the Acceptable Use Policy by the client).

Technical Details of Offered Services:

  • Uptime (Service Availability): SC BRAINCAP SRL guarantees an uptime of 99.5%. The uptime of our servers is defined by OS reports and our monitoring system, so it may differ from the uptime reported by other monitoring systems.
  • Data Access: Data will be accessible anytime and anywhere by the client through an encrypted virtual private network and a secure two-step authentication system.
  • Technologies Used: The hosting space supports technology: Linux Ubuntu, Windows Server, Microsoft SQL Server, IIS, .net core.
  • Data Replication: Data replication in the disaster recovery center is done every 15 minutes with the possibility of second-level restoration for up to 2 days back.
  • Backup: The use of services is entirely the responsibility of the clients. SC BRAINCAP SRL can provide backup services according to the agreement. However, please note that backups cannot be entirely verified to confirm each file or directory. SC BRAINCAP SRL is not responsible for the loss of files and/or information.
    • Virtual Machines will perform daily backups for all stored information, retention is 14 days, and the backup window is between 1AM-5AM.
  • Fast Data Access: Client applications will be hosted on Virtual Machines, with the cluster server infrastructure providing quick access to the client's site or applications.
  • Access Acceleration: Website access acceleration is done with external resources through Caching, TCP Compression, and SSL offload.
  • SSL Certificate: The digital SSL certificate for a hosted domain will have a validity of 2 years and is free.
  • DDoS Protection: DDoS protection will be limited to 1GB. DDoS protection is a system that offers protection against a cyber attack of the denial-of-service type.
  • VPS Monitoring: The cloud and virtualization system will be proactively and continuously monitored by BRAINCAP SRL employees. This is an automated system that checks the proper functioning of the servers and their balancing to avoid overloading.
  • Proactive Vulnerability Scanning: Constant proactive scanning of vulnerabilities to prevent cyber attacks.
  • Patch Management: Automated weekly patch management takes place every Friday between 2AM-5AM. Patch management includes fixing security vulnerabilities and other bugs or improving the functionality, usability, or performance of a program. Patches are periodically provided by software vendors for operating system and application updates.
  • Updates: Continuous updates will be performed on the protection systems, and the system is periodically trained to eliminate new vulnerabilities that may appear online. Resources expressed in GB will be allocated according to the agreement.
  • VPS Services: The offered VPS services include subsequent technical assistance according to the agreement.
  • Use of SC BRAINCAP SRL Services: The services offered by SC BRAINCAP SRL will only be used for lawful and moral purposes, any activities that may be considered illegal are strictly prohibited. Bulk email transmission, sending messages to a large number of email addresses can be done using our servers or other servers to promote any site hosted on our servers, only in compliance with the applicable legislation. Any complaint received in this regard will be immediately forwarded to the client to resolve the issue between the two involved parties (client and the person who submitted the complaint), but SC BRAINCAP SRL may directly suspend or delete the provided service depending on the extent and seriousness of the complaint.
    • All services provided by SC BRAINCAP SRL are used and managed by the client, and the use of these services is entirely the responsibility of the client. SC BRAINCAP SRL does not have or has limited access to the information or activities that take place and is not responsible for non-compliance with applicable legal provisions.
    • SC BRAINCAP SRL complies with legal provisions and will respond to any complaint from prejudiced persons or institutions/authorities or organizations, complaints that create at least a reasonable appearance of legality.

Use of Resources:

  • Accounts that harm our servers will receive a notification to resolve the issue within 3 days, as long as the damage is not severe. Otherwise, those accounts may be suspended until the situation is resolved. If the client fails to address the notified issues within 3 days from the notification date, SC BRAINCAP SRL may, at its absolute discretion, terminate the contract.

SC BRAINCAP SRL Liability for Your Loss or Damage:

  • Regardless of whether you are a consumer or a professional:
    • We do not exclude or limit our liability where it would be unlawful to do so. This includes liability for death or personal injury caused by our negligence or the negligence of our employees, agents, or subcontractors, as well as fraud.
  • If you are a professional:
    • We will not be liable to you for any loss or damage, whether in contract or tort (including negligence), even if foreseeable, arising under or in connection with:
      • use of or inability to use our site; or
      • use of or reliance on any content displayed on our site.
    • In particular, we will not be liable for:
      • loss of profits, sales, business, or revenue;
      • business interruption;
      • loss of anticipated savings;
      • loss of business opportunity, goodwill, or reputation; or
      • any indirect or consequential loss or damage.

WE ARE NOT RESPONSIBLE FOR VIRUSES AND YOU MUST NOT INTRODUCE THEM:

  • You are responsible for configuring your information technology, computer programs, and platform to access our site/platform. You should use your own virus protection software.
  • You must not misuse our site by knowingly introducing viruses, trojans, worms, logic bombs, or other material that is malicious or technologically harmful. You must not attempt to gain unauthorized access to our site, the server on which our site is stored, or any server, computer, or database connected to our site. You must not attack our site via a DDoS attack. By breaching this provision, you would commit a criminal offense. We will report any such breach to the relevant law enforcement authorities and we will cooperate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use our site will cease immediately.

Client Responsibilities:

  • The client is responsible for updating the contact information and billing details mentioned in their account. SC BRAINCAP SRL has no responsibility for damages resulting from the client's failure to make the necessary updates.
  • The client is responsible for maintaining the security conditions of usernames, passwords, and other sensitive information. If there is any doubt in this regard, the client should modify or request modification of the authentication data by contacting the support team.
  • SC BRAINCAP SRL will not be liable for damages caused by the temporary unavailability of our servers, regardless of the reason causing this. This provision also includes damages resulting from data deterioration or loss.

Rules Regarding Links to Our Site:

  • You may link to our homepage, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it.
  • You must not establish a link in such a way as to suggest any form of association, approval, or endorsement on our part where none exists.
  • You must not establish a link to our site in any website that is not owned by you.
  • Our site must not be framed on any other site, nor may you create a link to any part of our site other than the homepage.
  • We reserve the right to withdraw linking permission without notice.

Force Majeure:

  • Neither party will be liable for non-performance of its contractual obligations if such non-performance is due to a force majeure event, in accordance with the applicable legislation.

Applicable Law - Jurisdiction:

  • The contract is subject to Romanian law. Any disputes arising between SC BRAINCAP SRL and the Client will be resolved amicably, and if this is not possible, the disputes will be resolved by the competent Romanian courts in Bucharest.

Intellectual Property Rights:

  • All materials integrated into this site are the intellectual property of SC BRAINCAP SRL. These materials may not be copied or reproduced. However, complete pages of the site may be printed if they are intended for personal use only.

Final Provisions:

  • In addition to the terms and conditions displayed above, SC BRAINCAP SRL, depending on the service purchased by the Client, may conclude additional service provision contracts, in which case the conditions thus established will be valid between the parties. Therefore, the Terms and Conditions represent a general framework contract that may subsequently be modified by the agreement of the parties through the signing of additional contracts or annexes.
  • SC BRAINCAP SRL reserves the right to modify its policy and terms of service use without prior notice.

Technical and Organizational Measures:

  1. Organizational Protection Measures:
  • Security Management:
    • Security Policies and Procedures: The data controller must draft a security policy regarding the processing of personal data.
    • Roles and Responsibilities:
      • Roles and responsibilities related to the processing of personal data are clearly established and distributed according to the security policy.
      • During internal reorganizations or terminations and job changes, the revocation of rights and responsibilities through the respective handover procedures is clearly defined.
    • Access Control Policy: Specific access control rights are allocated to each role involved in personal data processing as necessary.
    • Resource/Asset Management: The data controller has a register of IT resources used for personal data processing (hardware, software, and network). A specific person is responsible for maintaining and updating the register (e.g., IT officer).
    • Change Management: The data controller ensures that all IT system changes are recorded and monitored by a specific person (e.g., Security or IT officer). Regular monitoring of this process takes place.
  • Incident Response and Business Continuity:
    • Incident Management/Personal Data Breach:
      • An incident response plan with detailed procedures is established to ensure an efficient and organized response to incidents related to personal data.
      • The data controller will promptly report to the Data Controller any security incident that has led to the loss, misuse, or unauthorized acquisition of any personal data.
    • Business Continuity: The data controller establishes the main procedures and controls to be followed to ensure the necessary level of continuity and availability of the IT system for personal data processing (in case of incidents/personal data security breaches).
  • Human Resources:
    • Staff Confidentiality: The data controller ensures that all employees understand their responsibilities and obligations related to personal data processing. Roles and responsibilities are clearly communicated during the hiring and/or initiation process.
    • Training: The data controller ensures that all employees are appropriately informed about IT system security controls related to their daily activities. Employees involved in personal data processing are also appropriately informed about relevant data protection requirements and legal obligations through regular information campaigns.
  1. Technical Protection Measures:
  • Access Control and Authentication:
    • An access control system applicable to all users accessing the IT system is implemented. The system allows the creation, approval, review, and deletion of user accounts.
    • The use of common user accounts is avoided. Where this is necessary, it is ensured that all users of the common account have the same roles and responsibilities.
    • When granting access or assigning user roles, the "need-to-know" principle is observed to limit the number of users who have access to personal data only to those who need it to fulfill the data processing purposes.
    • If authentication mechanisms are based on passwords, the data controller requires the password to be at least eight characters long and conform to strong password control parameters, including length, character complexity, and non-repeatability.
    • Authentication information (such as user ID and password) will never be transmitted without network protection.
  • Logging and Monitoring:
    • Logging files are enabled for each system/application used for personal data processing. These include all types of data access (viewing, modification, deletion).
  • Data Security at Rest:
    • Server/Database Security:
      • Database and application servers are configured to run using a separate account with minimum access privileges for proper operation.
      • Databases and application servers process only the personal data necessary for processing purposes.
    • Workstation Security:
      • Users cannot disable or bypass security settings.
      • Antivirus applications and detection signatures are regularly configured.
      • Users do not have privileges to install or disable unauthorized software applications.
      • The system has a session timeout period when the user has been inactive for a certain period.
      • Critical security updates released by the operating system developer are installed regularly.
  • Network/Communication Security:
    • Whenever access is made via the Internet, communication is encrypted through cryptographic protocols.
    • Traffic to and from the IT system is monitored and controlled by intrusion protection and detection systems.
  • Backups:
    • Backup and data archiving procedures are clearly defined, documented, and linked to roles and responsibilities.
    • Backups receive an adequate level of physical and environmental protection, consistent with the standards applied to source data.
    • Backup execution is monitored to ensure completeness.
  • Mobile/Portable Device Management:
    • Procedures for managing mobile and portable devices are clearly defined and documented, establishing clear rules for their proper use.
    • Mobile devices accessing the IT system are registered and authorized in advance.
  • Application Lifecycle Security:
    • During the development lifecycle, the best and most advanced security practices and standards are followed, or well-regarded development standards are applied.
  • Data Deletion/Destruction:
    • Software-based overwriting will be performed on media before disposal. In cases where this is not possible (CDs, DVDs, etc.), physical destruction will be performed.
    • Paper and portable media used for storing personal data are destroyed.
  • Physical Security:
    • The physical perimeter of the IT system infrastructure is not accessible to unauthorized personnel. Appropriate technical measures (e.g., an intrusion detection system, chip card turnstile, single-person access security system, locking system) or organizational measures (e.g., security personnel) will be implemented to protect secure areas and access points against unauthorized access.