General Terms and Conditions (GTC)

1.1. Definitions. "Software/Service": the B OnSite SaaS; "Client": who signs the Master License Agreement; "User": a natural person authorized by the Client; "Subscription": service access associated with the chosen package and module configuration, involving periodic fee payment; "Turnover Day": the start day of the billing cycle; "SLA": Chapter 5 of these GTC; "GDPR": Regulation (EU) 2016/679.

1.2. Personal and Material Scope. The GTC applies to all Clients and covers the entire modular service range of B OnSite.

1.3. Establishment of Legal Relationship. The legal relationship is established upon the signing of the Master License Agreement by both parties and the payment of the first fee installment as due, or if the provision of the license to the client precedes the foregoing, then upon the provision of entitlements.

1.4. Prerequisites. The Client ensures the devices and stable internet connection necessary for proper use; on-premise or hybrid components, integrations, and custom developments are subject to separate quotation and agreement.

2.1. B OnSite is a cloud-based, multi-tenant architecture, modular digital operations management service, activated with the modules selected by the Client.

2.2. The Service Provider grants a non-exclusive, non-transferable right of use to the Software solely for the Client's internal business purposes. The source code, database schemas, interfaces, and know-how are the intellectual property of the Service Provider.

2.3. The hosting and operation of the Software take place in a data center designated by the Service Provider; operation of on-premise components is not part of the subscription.

3.1. Subscription Package Options: Basic, Standard, Premium, Custom

3.2. Subscription Period Options: Monthly, Semi-Annual, Annual, Custom

3.4. Detailed technical descriptions of modules and the integration compatibility list are available on the Service Provider's documentation portal (www.bonsite.hu); custom requests qualify as additional services.

4.1. Fees and Scheduling. Fees are listed in the price quote accepted by the Client or in the Master License Agreement, payable in advance for the chosen period (monthly/semi-annual/annual).

4.2. Indexation. The Service Provider may automatically adjust fees annually by the rate of the consumer price index of the previous year published by the KSH (Hungarian Central Statistical Office).

4.3. Currency/Exchange Rate. Invoicing is in HUF; in case of foreign currency-based calculation, the MNB (Central Bank of Hungary) mid-rate prevails; exchange rate changes may be passed on to the Client.

4.4. Annual Fee Correction: The Service Provider is entitled to adjust license and service fees annually by the rate of the annual consumer price index (inflation) published by the KSH regarding the calendar year preceding the subject year. The Service Provider is further entitled to apply fee modifications based on changes in the scope of service, operating costs, or third-party infrastructure fees; in such cases, the Client will be notified in writing at least 30 days prior to the effective date of the modification. The fee correction applies automatically and does not constitute an amendment to the contract.

4.5. Billing and Communication. Electronic invoice; notifications via e-mail or client portal.

4.6. Delay and Costs. In case of delay, default interest according to Section 6:155 of the Civil Code, as well as collection and administrative flat-rate costs may be enforced.

4.7/a Late Payment Fee: If the Client fails to settle the invoice within 15 days following the payment deadline (grace period), the Service Provider is entitled to charge a late payment surcharge equivalent to 33% of the relevant monthly subscription fee. This fee is charged in addition to the statutory default interest defined in point 4.5, and aims to compensate for administrative and operational excess costs resulting from the delay.

4.7. Non-Payment Protocol (3–7–30). (a) 3 days delay: suspension (restriction of access); (b) 7 days delay: shutdown (temporary termination of service); (c) 30 days delay: termination of contractual relationship and data/account deletion according to 8.4.

4.8. Exclusion of Payment Retention. The Client's payment obligation is independent of error reporting or ongoing administration.

5.1. Availability. The Service Provider's target is 99.5% availability on a monthly level, excluding planned maintenance windows.

5.2. Incident Management (Reaction Times): P1 Critical 2 hours | P2 High 4 hours | P3 Medium 12 hours | P4 Low 24 hours (business hours: Mon–Fri 08:00–16:00 CET; P1–P2 reportable 24/7). Qualification of cases is the task of the Service Provider's IT team based on thorough investigation of the error/report. The Service Provider reserves the right to reclassify with justification.

5.3. Maintenance. Once a month, with at least 24 hours prior notice; urgent security intervention may be performed without prior notice.

5.4. Service Credit (Exclusive Remedy). In case of proven failure to meet the SLA target, the Service Provider – at its own discretion – provides credit or applies restorative measures; the credit is capped at 10% of the affected month's subscription fee and excludes any further compensation claims.

5.5. Client Cooperation. The Client is obliged to provide information, access, and reproduction steps necessary for error reporting.

6.1. Lawful Use. Any use of the Software for unlawful purposes is prohibited, including unsolicited messages, malicious codes, access circumvention, and denial-of-service attacks.

6.2. Access. The Client is responsible for assigning and revoking user permissions and for protecting authentication credentials.

6.3. Infrastructure. The Client ensures compatible client devices and continuous internet access.

6.4. Data Quality. The Client is exclusively responsible for the legality, accuracy, and completeness of the data recorded/transferred by them.

6.5. Testing/Pen-test. External security testing may be performed with the Service Provider's prior written permission, in an agreed time window.

7.1. IP Rights. The Software, documentation, manuals, screenshots, APIs, and interfaces are the exclusive intellectual property of the Service Provider.

7.2. Prohibited: reverse engineering, modification, copying, sublicensing, leasing of source code, or sharing access with third parties.

7.3. Open Source Components. The Software may contain OSS components; their licenses take precedence regarding the specific component.

7.4. Usage Data. The Service Provider is entitled to collect telemetry and usage data for service development and quality assurance purposes, with anonymization of personal data.

8.1. Suspension and Shutdown. In case of delay according to 4.6, the Service Provider is entitled to suspend and then shut down the service.

8.2. Immediate Termination (by Service Provider). In case of serious breach of contract, unauthorized use, information security risk, export control or sanctions exposure, the Service Provider may terminate the legal relationship with immediate effect via justified legal statement.

8.3. Ordinary Termination (by Client). The Client may terminate the subscription via ordinary termination effective at the end of the billing cycle, in writing, at any time (fees for commenced periods are non-refundable).

8.4. Data Return and Deletion. Upon termination of the legal relationship, the Client may request a machine-readable export of their data within 30 days of termination. On the 30th day, the Service Provider permanently deletes the Client's data and account, destroying them according to backup rotation.

8.5. Retention and Proof. The Service Provider logs the deletion and – at the Client's request – certifies it.

9.1. Warranty. The Service Provider warrants the proper usability of the Software; errors of third-party systems, network outages, Client-side infrastructure, and data quality issues do not constitute defective performance by the Service Provider.

9.2. Limitation of Damages. The Service Provider's aggregate liability for damages – on any legal ground – is limited to the amount of the subscription fee for the last month of the affected period.

9.3. Exclusions. Not compensable: lost profit, indirect/consequential damage, third-party claims, damage resulting from data loss, damage resulting from lack of data protection legal basis, force majeure.

9.4. Damage Prevention and Cooperation. The Client is obliged to act according to the rules of damage mitigation and to cooperate in troubleshooting.

10.1. Roles. The Client is the data controller, the Service Provider is the data processor.

10.2. Instruction and Purpose Limitation. The Service Provider processes personal data solely based on the Client's written instructions, within the scope necessary for operating the subscribed modules.

10.3. Security (GDPR 32). TLS 1.2+ in transit, AES-256 at rest, access logging, permission segmentation, daily encrypted backups, regular vulnerability management.

10.4. Incident Management. Notification to the Client within 72 hours of detection regarding the nature, impact, and measures taken concerning the incident.

10.5. Support of Data Subject Rights. Following Client's provision, the Service Provider cooperates reasonably; target time: 5 working days.

10.6. Sub-processors. The Service Provider is entitled to involve sub-processors with identical commitments; notifies 15 days in advance, Client may comment within 10 days.

10.7. Data Location and Transfer. Primarily processing within EEA; transfer outside EEA solely with guarantees according to GDPR Articles 44–49 (e.g., SCC, EU–USA Data Privacy Framework).

10.8. Data Return/Deletion. According to 8.4; limited retention is possible in case of legal obligation, this is documented by the Service Provider.

10.9. Audit. The Client is entitled to initiate an audit – with reasonable prior consultation, once a year; the audit must not disturb the service; the Service Provider may prove compliance with certificates and reports (e.g., ISO/IEC 27001:2022); Client bears the costs of the audit.

The Service Provider organizes its activities along ISO 9001, ISO 14001, and ISO/IEC 27001:2022 requirements; certificates and scopes can be presented at the Client's request.

12.1. Modification of GTC. The Service Provider is entitled to unilaterally modify the GTC (e.g., legal change, security/operational reason, function expansion). The Client receives notification of the modification at least 15 days in advance via e-mail or on the client portal. The Client is entitled to terminate the contract via ordinary termination until the modification enters into force; otherwise, the modification shall be considered accepted.

12.2. Notifications. Written notification qualifies as: company-signed postal item, document delivered by courier, and electronic message sent to the Client's official e-mail address specified in the contract.

12.3. Presumption of Delivery. In case of "not sought/refused/moved", it qualifies as delivered on the 5th working day following the second postal delivery attempt; in case of e-mail, it shall be considered delivered at the time of sending.

13.1. Use of Subcontractor. The Service Provider is entitled to use the contribution of a subcontractor; it is liable for their activities as if it had acted itself.

13.2. Force Majeure. In case of an unavoidable circumstance beyond reasonable control (e.g., widespread network outage, natural event, regulatory ban), liability is excluded, performance deadlines are extended proportionally.

13.3. Legal Compliance. The Client complies with relevant labor law, occupational safety, data protection, and industry regulations; the Software does not constitute legal compliance advice.

14.1. The Service Provider is not liable for availability or changes of any third-party systems (e.g., SPICA, Hikvision, HR system); in case of incompatibility, operational/technical solution is subject to separate agreement.

14.2. API quotas and throttling rules apply; overuse is subject to surcharge.

The Client warrants that it is not a prohibited or sanctioned entity; the service may not be used for purposes violating export control or sanction bans. Violation of this is cause for immediate termination.

Hungarian law governs the contract. Parties settle their disputes primarily amicably; in case of failure – depending on value limit – the court competent according to the Service Provider's registered office has exclusive jurisdiction.

17.1. Completeness. The Master License Agreement and these GTC together constitute the entire agreement of the Parties; they override all prior declarations.

17.2. Precedence. In case of discrepancy, the Master License Agreement takes precedence; regarding fees, modules, and SLA parameters, the currently effective GTC configuration prevails.

17.3. Partial Invalidity. Invalidity of any provision does not affect the validity of the rest of the GTC; parties replace the invalid provision with a rule most equivalent to its purpose.