Terms of cooperation with MIBCON a.s.

General Terms and Conditions

MIBCON a.s.

Version till May 19 2026

Download as PDF

---

Version since May 20 2026:

1. Introductory Provisions

These General Terms and Conditions are issued in accordance with Section 1751 of Act No. 89/2012 Coll., the Civil Code, as amended, and govern certain rights and obligations binding on MIBCON a.s., ID No.: 278 92 743, with its registered office at Tomíčkova 2427/2, 148 00 Prague 4, registered in the Commercial Register maintained by the Municipal Court in Prague, Section B, File No. 11831, and its contractual partners – persons with whom Mibcon has entered into a contractual relationship.

These General Terms and Conditions govern all contractual relationships between Mibcon and the partner to the extent and in the areas specified herein. In all other respects, the contractual relationships between Mibcon and its partner are governed by the terms agreed upon within the framework of such contractual relationship or by applicable laws. The partner expresses its consent to the Terms and their content at the moment the contractual relationship between Mibcon and the partner is validly concluded; at this moment, the partner also confirms that it has familiarized itself with the currently valid version of the Terms, unless otherwise agreed between the contracting parties.

2. Basic Definitions

“Terms” refer to these General Terms and Conditions, the current (valid and effective) version of which is always publicly available at the web address www.mibcon.cz/vop.

“Mibcon” means MIBCON a.s., ID No.: 278 92 743, with its registered office at Tomíčkova 2427/2, 148 00 Prague 4, registered in the Commercial Register maintained by the Municipal Court in Prague, Section B, File No. 11831.

“Partner” means a natural or legal person engaged in business, between whom and Mibcon a contractual relationship has been established for the purpose of conducting business activities under the agreed terms and conditions and in accordance with these Terms.

“Contracting Parties” are Mibcon and the Partner.

“Contractual Relationship” and/or “Agreement” refers to a relationship established on the basis of an agreement concluded between Mibcon and the Partner (typically in written form, including electronic form), in which both Contracting Parties have agreed upon the general and/or specific terms and conditions of their business cooperation. The Contractual Relationship between the Contracting Parties may also be established by Mibcon sending an order to the Partner and the Partner’s subsequent written acceptance (acceptance) by the Partner, provided that the order and its acceptance (separately and/or in conjunction with the relevant framework agreement concluded between Mibcon and the Partner) contain all the essential elements of the relevant type of contract. The Contractual Relationship includes all other and/or supplementary agreements and/or conditions that become part of it after the conclusion of the relevant Agreement.

„Civil Code“ refers to Act No. 89/2012 Coll., the Civil Code, as amended. 

3. Confidentiality Obligation and Protection of Confidential Information

3.1 The following information is considered confidential 

a) all information that one of the Contracting Parties receives, learns, and/or obtains in connection with the performance of the subject matter of any of the Agreements and/or the conclusion of any of the Agreements, in any form, including the content of inquiries, offers, and orders made within the framework of the Contractual Relationship, 

b) the trade secrets of each Contracting Party within the meaning of Section 504 of the Civil Code, in particular information concerning Mibcon’s equipment, processes, and know-how, as well as Mibcon’s operations and facilities, any information concerning Mibcon’s suppliers on the one hand and Mibcon’s customers and clients (hereinafter referred to as the “Customer”) on the other hand, any information of a commercial, organizational, personnel, technical, and economic nature concerning Mibcon, information regarding Mibcon’s strategies, plans, and prices, and 

c) the content of the Agreement

(collectively hereinafter referred to as “Confidential Information”).

Information that has become publicly available (other than as a direct or indirect consequence of any breach and/or misconduct by either Party) and may be obtained by anyone without the need to exert significant effort shall not be considered Confidential Information; in particular, the following shall not be considered Confidential Information (i) information that a Contracting Party itself discloses or causes to become publicly available, (ii) information that is generally known, (iii) information provided to the Contracting Party’s advisors who are bound by appropriate confidentiality obligations, (iv) information provided to authorities and courts, if required by applicable laws.

3.2 Each Contracting Party is obligated to keep the other Contracting Party’s Confidential Information confidential and to ensure that such Confidential Information is protected with the due care of a prudent businessperson and, beyond that, with the same care and security measures which this Contracting Party applies and/or would apply and/or should apply in protecting its own trade secrets and its own Confidential Information. A Contracting Party is obligated to use the other Contracting Party’s Confidential Information solely in connection with the performance of the subject matter of the relevant Agreement, solely in accordance with the purpose for which it was provided by the other Contracting Party, and the Contracting Party is further obligated not to disclose or make available the other Party’s Confidential Information to any third party without the prior, express, and written consent of this Contracting Party to any third party, with the exception of other companies within the Mibcon Group and/or other contractual Partners of Mibcon to whom Mibcon is authorized to disclose and provide the Contracting Partner’s Confidential Information in justified cases. 

3.3 The Partner is obligated to ensure compliance with and to extend its obligations arising from the confidentiality and protection of Confidential Information set forth herein to the same extent to its employees and/or subcontractors (subcontractors) and/or any other third party in a legal relationship with the Contracting Partner, provided that such persons are authorized to perform the relevant Agreement and/or any related activities, or have access to Mibcon’s Confidential Information (collectively hereinafter referred to as “Affected Persons”). The Partner (whose obligations under the preceding sentence apply) is liable to Mibcon for any breach of the obligations to protect Mibcon’s Confidential Information by and/or with the contribution of and/or involving the Affected Persons as described in the preceding sentence, and Mibcon is entitled to assert its claims directly against the Partner. A breach of the confidentiality obligation (any obligation set forth in this section of the Terms) the Partner shall therefore also include any instances where this obligation is breached and/or any of the Affected Persons to whom the Partner has provided Confidential Information to Mibcon and/or who is involved in the performance of the Agreement in any way participates in such breach. Upon Mibcon’s request, the Partner is also obligated to demonstrate that the Affected Persons have been duly bound by confidentiality obligations on its part.

3.4 The Partner is authorized to disclose Confidential Information to Mibcon only under the conditions set forth below and to the extent necessary as determined by:

a) any final and enforceable court decision requiring the disclosure of Confidential Information and/or

b) generally binding legal regulations from which the obligation to disclose Confidential Information arises.

3.5 In the event that the Partner is required to disclose Confidential Information in accordance with the preceding paragraph, the Partner undertakes (to the extent permitted by generally applicable laws) to inform Mibcon in advance of all circumstances and the scope of the Confidential Information to be disclosed, and to discuss with Mibcon possible measures aimed at preventing such disclosure or, where possible, limiting the scope of such disclosure.

3.6 In each individual case of a breach of the confidentiality obligation by the Partner (i.e., any of the obligations arising from this Article of the Terms and/or the relevant Agreement), Mibcon shall be entitled to a contractual penalty of CZK 250,000 for each individual breach and CZK 500,000 CZK for each individual breach, if the breach of the confidentiality obligation relates to a trade secret, unless otherwise agreed in the relevant Agreement. 

3.7 The obligation to maintain confidentiality and protect Confidential Information in the context of cooperation with Mibcon shall continue for 3 years after the termination of cooperation between Mibcon and the Partner and for 3 years after the termination of the obligation under the Agreement.

3.8 The obligations to protect Confidential Information set forth herein apply to the same extent and under the same conditions to all cooperation between the Contracting Parties. If, nevertheless, the scope or nature of the Parties’ cooperation requires an adjustment or extension of the Confidential Information protection regime, the Parties undertake to ensure, without delay, an appropriate level of protection for the other Contracting Party’s Confidential Information (beyond the obligations set forth in these Terms).

3.9 All information provided by Mibcon to the Partner is governed by the MIBCON Information Classification Policy. Information that is not expressly designated with a classification level is automatically considered “Confidential” Mibcon information, which may be shared only for the purpose of fulfilling the delivery/performance of the Agreement. The Partner shall protect all information provided by Mibcon in accordance with its designation and shall use it exclusively for the purposes of performing the Agreement. The Partner undertakes to implement appropriate technical and organizational measures to protect against unauthorized access, loss, or misuse of such information. The Partner is obligated to inform Mibcon without delay of any unauthorized access to Mibcon’s assets.

4. Non-Competition and Non-Solicitation Obligations

4.1 Each Party voluntarily agrees not to:

a) contacting the other Party’s customers (including Mibcon’s Customers) in any manner without the prior written consent of the other Party for the purpose of fulfilling the subject matter of the Agreement or any part thereof;

b) contacting, in violation of applicable law, employees in an employment relationship with the other Party or persons in another similar contractual relationship with the other Party, in any manner, for the purpose of recruiting them for employment.

4.2 In each individual case of a breach of the above non-competition and non-solicitation obligation by one Contracting Party, the aggrieved Contracting Party shall be entitled to a contractual penalty in the amount of: 

a) CZK 1,000,000 if the Contracting Party that breached this obligation is a natural person and/or a natural person engaged in business;

b) CZK 3,000,000 if the Contracting Party that breached this obligation is a legal entity.

4.3 The non-competition obligation and the prohibition on solicitation shall apply to both Contracting Parties in connection with and for the duration of each concluded Agreement, and simultaneously for a period of 1 year following the expiration of such Agreement.

5. Protection of Intellectual Property Rights

5.1 Development.

5.1.1. Given that the performance under the Agreement also includes performance which, within the meaning of Act No. 121/2000 Coll., on Copyright, on Rights Related to Copyright, and on Amendments to Certain Acts (the Copyright Act), as amended (hereinafter the “Copyright Act”), may meet the criteria of a copyrighted work or be considered a copyrighted work within the meaning of the Copyright Act or another intellectual property right (hereinafter referred to as “Copyrighted Works”), all rights to such Copyrighted Works, including any documents or materials comprising, capturing, or relating to the performance under the Agreement, shall be exercised by Mibcon to the maximum extent permitted by law as of the moment of their creation. If this is not possible, the right to exercise economic copyrights (hereinafter the“Assignment of Rights”) or, if the Assignment of Rights is not possible, a license or sublicense (hereinafter the “License”) is granted, assigned, or brokered (hereinafter the “Granting”) under the terms agreed upon further in this section of the Terms.

5.1.2 With respect to all Copyrighted Works created for the Partner as works made for hire pursuant to Section 58(1) or (7) of the Copyright Act, the Partner assigns to Mibcon the right to exercise economic copyrights to such Copyrighted Works, effective as of Article 5.1.9 of these Terms. Mibcon may further assign this right. To the maximum extent permitted by applicable and effective laws, the Partner represents and warrants that its employees or contractors waive all (current and future) moral rights or any other similar rights that may arise for them in accordance with such laws and in any other jurisdictions in connection with any works created in the course of employment that are part of intellectual property rights (now or in the future).

5.1.3 The Partner is obligated to refrain from any use of the Copyrighted Works to which rights have been Assigned pursuant to the preceding paragraph or for which a License has been granted to the extent that such License was granted, except for use necessary to fulfill obligations under the Agreement.

5.1.4 From the effective date of the Assignment of Rights or the Grant of a License to the Copyrighted Work pursuant to Section 5.1.9 of these Terms, Mibcon is entitled to use such Copyrighted Work for any purpose and to the extent it deems necessary, appropriate, or reasonable. For the avoidance of doubt, this means that Mibcon is entitled to use the Copyrighted Work in an unlimited quantitative and territorial scope, by all possible means, and with a time scope limited only by the duration of the economic copyrights to such Copyrighted Work, unless otherwise specified below.

5.1.5 Mibcon is entitled, without the need for any further consent from the Partner, to grant a sublicense to a third party for the use of the Copyrighted Work or to assign its right to use the Copyrighted Work to a third party.

5.1.6 The Assignment of Rights or License includes Mibcon’s unrestricted right to make any modifications, adaptations, or changes to the Copyrighted Work forming part of the performance under the Agreement and, at its discretion, to intervene in it, incorporate it into other Copyrighted Works, include it in collective works or databases, etc., including through third parties.

5.1.7 The license to the Copyrighted Work is granted on a non-exclusive basis. Mibcon is under no obligation to exercise the License.

5.1.8 In the case of computer programs, the Assignment of Rights or License applies to the same extent to the Copyrighted Work in both machine code and source code, as well as to conceptual preparatory materials, including any future versions of computer programs provided by the provider under the Agreement. Mibcon has the right to receive the source code of the Copyrighted Work, as well as other parts of the provided software that are not Copyrighted Works. The Assignment of Rights or License also includes the right to changes made to the configuration or settings of computer programs and their transfer under similar conditions as in Article 5.1.5 .

5.1.9 The Assignment of Rights takes effect or the License comes into existence at the moment of transfer of the part of the Agreement’s performance containing the relevant Copyrighted Work to Mibcon; until then, Mibcon is entitled to use the Copyrighted Work to the extent and in the manner reasonably necessary.

5.1.10 The Assignment of Rights or Grant of License may not be terminated by the Partner.

5.1.11 For the avoidance of all doubt, the Contracting Parties expressly declare that if, in the course of performing the Agreement, a co-authored work arises from the activities of the Contracting Parties and unless the Contracting Parties expressly agree otherwise, it shall be deemed that, at the time of the creation of such a co-authored work, the Partner has assigned to Mibcon the right to exercise the economic copyrights to the co-authored work and has granted Mibcon consent to any modification or other intervention in the co-authored work. Remuneration for performance pursuant to of the Agreement is determined with due regard to this provision, and the Partner shall not acquire any new claims to remuneration in the event of the creation of a co-authored work.

5.1.12 Ownership of all intellectual property rights delivered to the Partner for the purposes of performing the Agreement by or on behalf of Mibcon belongs to Mibcon.

5.1.13 The Partner undertakes not to support, maintain, or enable any claims regarding the infringement of any moral or similar rights. In cases where the waiver of moral rights and other similar rights is not permissible under applicable law, the Partner hereby grants Mibcon a transferable consent to use the intellectual property rights and to exercise such rights in their entirety.

5.1.14 The Partner is obligated to act in such a way as to secure the Assignment of Rights or Grant of License to the Copyrighted Work pursuant to the Agreement and the Terms, including the right to grant sublicenses and related rights, without prejudice to the rights of third parties, including any subject matter protected by third-party rights that the Partner intends to use or make available during the performance of the Agreement, with the exception of those items for which Mibcon is to obtain the necessary rights.Notwithstanding the foregoing, the Partner is in any case obligated to obtain Mibcon’s written consent prior to using any item protected by any third-party rights. The Partner is also obligated to ensure that no third-party rights prevent Mibcon from exercising the intellectual property rights granted in accordance with this Article V.

5.1.15 The Partner declares that it is authorized to exercise, in its own name and on its own behalf, the property rights of authors to the Copyrighted Works that will form part of the performance under the Agreement, or that it has the consent of all relevant third parties to the Assignment of Rights or Grant of License to the Copyrighted Works pursuant to this Article; this declaration also includes rights that will arise upon the creation of the Copyrighted Work. The Partner is liable for any breach of its obligations under this Article.

5.2 Succession.
Rights acquired in connection with the performance of the Agreement shall also pass to any legal successor of Mibcon. Any change in the identity of the Partner (e.g., legal succession) shall not affect the authorizations granted under the Agreement by the Partner to Mibcon.

5.3 Cooperation.
Upon Mibcon’s request, the Partner is required to disclose the list of persons involved in the performance of the Agreement. The Partner is required to ensure that the persons involved in the performance of the Agreement cooperate to the extent necessary for the Partner to fulfill its obligations under the Agreement and the Terms. If it becomes apparent that the Copyrighted Work is encumbered by the rights of a third party—i.e., a person whose involvement in the performance of the Agreement was not previously disclosed to Mibcon or for whom the Partner failed to secure adequate cooperation—the Partner shall be liable for all resulting damages and is obligated to settle any claims by third parties at its own expense.

5.4 Source code
5.4.1 The Partner is obligated, no later than at the time of delivery of a part of the performance under the Agreement, to provide Mibcon with the source code for each individual such performance that is a computer program and that is provided to Mibcon pursuant to the performance of the Agreement. The source code must be executable in Mibcon’s environment and must allow verification that it is complete and in the correct version, i.e., allowing for compilation, installation, execution, and verification of functionality, including detailed source code documentation, based on which a typical qualified IT specialist will be able to understand all functions and internal relationships of the software and modify it. The source code will be delivered to Mibcon by the Partner in a suitable manner mutually agreed upon.

5.4.2 The Partner’s obligation set forth in Article 5.4.1 shall apply mutatis mutandis to any corrections, changes, additions, upgrades, or updates to the source code of individual parts of the performance that occur during the performance of the Agreement. Documentation of changes to the source code must contain a detailed description and commentary on each modification to the source code.

5.4.3 The Partner is obligated to provide Mibcon with the documented source code or documented change to the source code no later than on the day of delivery and acceptance of the relevant performance under the Agreement. In the event of early termination of the Agreement, the Partner is obligated to provide Mibcon with the current documented source codes and conceptual preparatory materials for all components of the performance so that Mibcon holds the source code for at least the version of the performance current at that time.

6. Liability for Damages

6.1 The Partner is obligated to use its best efforts to prevent damages (the occurrence of any harm) and to minimize any harm already incurred, whether on the part of Mibcon and/or its Customers and/or any third parties. To this end, the Partner shall exercise all due diligence, care, and expertise with which it enters into the Contractual Relationship with Mibcon.

6.2 The Partner shall be fully liable to Mibcon for any damage caused to Mibcon and/or third parties in the performance of the Agreement (and these Terms), including any fines imposed by public authorities and/or costs incurred by Mibcon in securing legal services. The Partner is obligated to compensate Mibcon for any damage caused by a breach of its obligations under applicable laws and/or the Agreement and/or these Terms, in the full amount (including both pecuniary and non-pecuniary damage) that was caused. This obligation to compensate for damage applies to damage that the Partner (directly and/or through its employees and/or through any third parties) causes to Mibcon, as well as any damage the Partner causes to a Mibcon employee and/or another third party, provided that such damage is claimed from Mibcon and/or Mibcon is obligated to pay for it. The Partner shall be fully liable to Mibcon for factual defects in the performance of the Agreement and the Terms and for legal defects in the rights and authorizations provided, including a breach of the obligation to secure all necessary authorizations to enable Mibcon to fully exercise its rights and enjoy the benefits of the Agreement (including any version, part, or element thereof) provided in the manner governed by the Agreement and the Terms, including the right to make changes or other modifications, even through third parties. The Partner declares that it is aware of its liability for factual and legal defects in the performance of the Agreement (or any part thereof).

6.3 The Partner agrees to provide Mibcon with all necessary cooperation to enforce (including asserting and protecting) or defend Mibcon’s rights to the deliverables created under the Agreement and/or the Terms, including intellectual property rights, against third parties, without any claim to additional compensation. The Partner undertakes, without undue delay and at its own expense, to secure the cooperation of the authors and creators who participated in the relevant performance under the Agreement and/or the Terms, if necessary to defend or enforce Mibcon’s rights pursuant to this paragraph.

6.4 If the Partner engages a third party (representative and/or employee and/or assistant, etc.) to perform the Agreement, the Partner shall compensate for any damage caused by such third party in full, as if the Partner had caused it itself.

6.5 The Partner may be released from the obligation to compensate for damage only if it proves that an extraordinary, unforeseeable, and insurmountable obstacle, arising independently of its will, prevented it from fulfilling its obligations under these Terms and/or the Agreement, and that such obstacle could not have been averted even with the exercise of all due professional care.

6.6 Damages caused to Mibcon and/or a third party shall be compensated in cash.

6.7 The fact that Mibcon and/or a person who is the Customer has approved and accepted any partial performance under the Agreement in no way limits the Partner’s liability for the proper performance of the entire Agreement and does not give rise to any liability on the part of Mibcon in this regard. Regardless of the moment of transfer of ownership of the performance under the Agreement, liability for the performance and its protection, together with the risk of its loss and/or damage or any other harm, shall pass from the Partner to Mibcon only upon the signing of the relevant handover protocol confirming Mibcon’s acceptance of the entire performance. The Partner is obligated to provide performance under the Agreement in a quality corresponding to the relevant legal regulations, Mibcon’s or the Customer’s instructions, and the agreed terms and conditions.

6.8 The Partner provides Mibcon with a warranty for the performance of the Agreement, specifically regarding the preservation of the agreed-upon characteristics and functionality of such performance free from defects, their compliance with the requirements of the Agreement and/or the Terms, the requirements set forth in legal regulations and relevant standards applicable to the performance of the Agreement, and for their usability in accordance with the purpose specified in the Agreement and the Terms. 

6.9 The warranty period is 12 months and begins on the date of acceptance of the performance under the Agreement and/or a separately identifiable part of such performance. Defects in the performance shall be remedied by the Partner free of charge within the period specified by Mibcon according to the severity of the defect, specifically within a maximum of 1 business day (in the case of a critical defect that completely or partially prevents the use of the performance), within 10 business days (in the case of a material defect that significantly impedes the use of the performance), and within 30 business days (in the case of other defects), unless the Contracting Parties agree otherwise. The warranty period is suspended from the date of Mibcon’s notification of the defect. After the defect is remedied, the warranty period for the repaired performance under the Agreement is extended by the duration of the defect. 

6.10 In the event that the Partner breaches its obligation to perform in accordance with the Agreement and/or the Terms, with the exception of breaches for which a contractual penalty has been agreed, the Partner shall be obligated to provide Mibcon with a reasonable discount in the amount of the demonstrable costs incurred by Mibcon in remedying the defect in the performance in question. 

6.11 In the event that the Partner breaches its obligations under the Agreement and/or the Terms, particularly if, as a result of a defect in the performance of the Agreement, any third party asserts a valid claim against Mibcon, the Partner is obligated, in particular, to provide Mibcon with all possible cooperation and to immediately remedy the defect in the performance of the Agreement and/or to provide Mibcon with full cooperation in communicating with such third party. 

6.12 No claim by Mibcon for compensation for damages under these Terms and/or the Contractual Relationship shall be affected by the Partner’s payment of a contractual penalty, and the contractual penalty paid shall not be offset against the amount of such compensation.

6.13 Contractual penalties claimed under the Agreement and/or these Terms are due within 30 days from the date the entitled Party sends a demand for payment to the other Party. Payment of the contractual penalty does not extinguish the obligation secured by the contractual penalty, in particular the Partner’s obligation to secure the appropriate rights, authorizations, and consents to the full extent required by the Agreement and/or these Terms. 

7. Cybersecurity

7.1 The Partner undertakes to fulfill all obligations arising from the laws of the Czech Republic and the European Union in the field of cybersecurity, in particular (but not exclusively) Act No. 264/2025 Coll., on Cybersecurity, as amended, and EU legislation, in the manner and to the extent that such obligations are binding on Mibcon. The Partner hereby expressly undertakes to comply with its aforementioned obligations, always taking into account the content of the Agreement and the performance provided by the Partner under this Agreement. This provision does not affect the Partner’s other obligations arising from legal regulations, binding security standards, and norms in the field of cybersecurity, in particular the requirements set by the National Cyber and Information Security Agency (NÚKIB).

7.2 The Partner undertakes to implement, maintain, and regularly evaluate appropriate technical and organizational measures to protect data, information, systems, services, equipment, accounts, access, and other resources related to the performance of the Agreement. These measures must correspond to the nature of the performance, the level of risk, and the significance of the protected assets, and must reasonably ensure, in particular:

a) the confidentiality, integrity, availability, and resilience of information, systems, and services,

b) management of access permissions and authentication,

c) protection of accounts, access credentials, and authentication methods,

d) management of vulnerabilities, updates, and security patches,

e) change management, backup, and recovery, where relevant given the nature of the service,

f) recording, reporting, and resolution of security events and incidents,

g) appropriate training or instruction for persons involved in the performance of the Agreement.

7.3 The Partner is obligated to notify Mibcon without undue delay, no later than 24 hours after discovery, of any security event, security incident, or reasonable suspicion thereof, if such an event may impact the performance of the Agreement, data, information, systems, services, equipment, accounts, or access of Mibcon or its Customer. The notification shall be sent to the email address it@mibcon.cz ; the Partner is also required to provide at least a description of the situation, the preliminary scope of the impact, measures taken or proposed, and the contact person responsible for resolving the situation.

7.4 The Partner is obligated to provide Mibcon, without undue delay, with all reasonable cooperation necessary for the investigation, mitigation, remediation, and documentation of a security event or incident pursuant to Article 7.4, including the provision of relevant information and records to the extent appropriate to the performance in question.

7.5 The Partner undertakes to grant Mibcon, or the relevant government authorities, access to documentation in the areas specified in Article 7.2 (a) through (g), in particular to the complete records specified in subparagraph (f), to the extent necessary for the fulfillment of legal obligations.

7.6 If Mibcon identifies deficiencies in the Partner’s performance of its obligations under this Article, the Partner is obligated to take appropriate corrective measures without undue delay and, upon request, submit a corrective action plan including deadlines for their implementation.

7.7 If the Partner fails to remedy the identified deficiencies even within a reasonable period set by Mibcon, Mibcon is entitled to reasonably restrict or suspend acceptance of the relevant performance until the deficiencies are remedied; this does not affect Mibcon’s other rights under the Agreement, these Terms, or applicable laws.

7.8 The Partner also undertakes to ensure that its employees and/or subcontractors and/or other persons involved in the performance of the Agreement are regularly trained regarding the obligations set forth in this article of the Terms. The Partner undertakes to ensure that these persons comply with the aforementioned standards throughout the term of the Agreement, to the same extent and at the same level as the Partner. In the event that subcontractors are used to perform the Agreement, the Partner is obligated to ensure that these persons commit in writing to comply with these obligations.

7.9 The Partner is further obligated, with a view to ensuring the level of cybersecurity and full data protection required by Mibcon/ the Customer, to enable Mibcon full control and access to the Partner’s own equipment used in the performance of the Agreement or, if this is not technically or legally possible, the Partner undertakes to use exclusively the equipment provided by Mibcon for this purpose in the performance of the Agreement.

7.10 A breach of the obligations under this Article shall be considered a material breach of the Agreement if the Partner fails to remedy the breach within a reasonable period provided by Mibcon, or if the breach is particularly serious in nature or impact.

7.11 In any event, a breach by the Partner of any of the above cybersecurity obligations shall entitle Mibcon to a contractual penalty in the amount of: 

a) CZK 500,000 if the Contracting Party that breached this obligation is a natural person and/or a natural person engaged in business;

b) CZK 1,000,000 if the Contracting Party that breached this obligation is a legal entity.

8. Risk Management System

8.1 The Partner is obligated to manage risks related to the performance of the Agreement in a manner commensurate with the nature, scope, and significance of the services provided. The minimum scope of the obligation that the Partner is required to fulfill, regardless of any other provision of these Terms, is as follows:

a) conduct risk management (identification, assessment, mitigation) and an annual review;

b) implement access controls, strong authentication rules, and encryption of data at rest and in transit;

c) ensure change and version control, patch management, backup, and recovery;

d) provide training to all persons involved in the performance of the Agreement at least once a year;

e) maintains records of incidents, non-conformities, and corrective actions (CAPA);

f) ensures BCM/DR commensurate with the services provided under the Agreement (a continuity and recovery plan tested at least once a year);

g) manages the supply chain (selection, evaluation, contractual obligations regarding ISO/ISMS).

8.2 If the Partner has implemented an information security management system, a quality management system, a business continuity management system, or another similar system appropriate to the nature of the services, the Partner is obligated to maintain it for the duration of the Agreement to the extent relevant to the services provided to Mibcon.

8.3 If the Partner holds certification under ISO/IEC 27001, ISO 9001, ISO 22301, TISAX, or other similar or industry-relevant certification, it shall provide evidence of this to Mibcon upon request by submitting a current certificate or other appropriate documentation. If the Partner is not certified, this does not affect its obligation to demonstrate to Mibcon, upon request, that it has implemented appropriate technical and organizational measures commensurate with the nature of the services.

8.4 The Partner is obligated to notify Mibcon without undue delay of any significant change that may affect the security, availability, or proper performance of the Agreement, in particular:

a) a serious security or operational non-compliance,

b) a material change in security measures relevant to the performance provided,

c) a material change in the involvement of subcontractors, operational infrastructure, hosting model, or data location, if it may affect the performance of the Agreement or the security of Mibcon’s or its Customer’s data,

d) the suspension, expiration, or non-renewal of relevant certification, if the Partner has declared such certification to Mibcon,

e) a change in the Partner’s control, ownership of essential assets, or authority to dispose of assets used to perform the Agreement, if such a change may have a significant impact on security or the proper performance of the Agreement.

8.5 The Partner undertakes to allow Mibcon, or the relevant government authorities, access to documentation in the areas specified in Article 8.1 -8.3.

8.6 If Mibcon identifies deficiencies in the Partner’s performance of its obligations under this Article, the Partner is obligated to take appropriate corrective measures without undue delay and, upon request, submit a corrective action plan including deadlines for their implementation.

8.7 If the Partner fails to remedy the identified deficiencies even within a reasonable period set by Mibcon, Mibcon is entitled to reasonably restrict or suspend acceptance of the affected performance until the deficiencies are remedied; this does not affect the Partner’s other rights under the Agreement, these Terms, or applicable laws.

9. Other Security Obligations of the Partner

9.1 The Partner is obligated to use the data, information, access, accounts, devices, and other resources made available to it by Mibcon or its Customer exclusively for the purposes of performing the Agreement and only to the extent necessary for the proper fulfillment of its obligations.

9.2 The Partner shall ensure that access to data, information, systems, and services related to the performance of the Agreement is limited to persons who actually need such access to fulfill their work or contractual obligations, and only to the extent commensurate with their role.

9.3 The Partner is obligated to ensure that the equipment, accounts, accesses, means of communication, and other technical resources used for the performance of the Agreement meet reasonable security requirements commensurate with the nature of the performance and the level of risk. In particular, the Partner is obligated to ensure adequate protection of these resources against unauthorized access, misuse, loss, compromise, malicious code, and known vulnerabilities. Upon Mibcon’s request, the Partner shall provide evidence of compliance with these requirements and allow Mibcon to reasonably verify them to the extent related to the performance of the Agreement.

9.4 The Partner is obligated to protect access credentials, authentication methods, certificates, tokens, and other means enabling access to the systems, data, or services of Mibcon or its Customer. The Partner must not share these means with unauthorized persons, use them for purposes other than those agreed upon, or store or transfer them in a manner that could lead to their misuse.

9.5 The Partner is obligated to comply with Mibcon’s security and organizational requirements, with which the Partner has been demonstrably familiarized and which relate to the specific performance of the Agreement.

9.6 The Partner is obligated to inform Mibcon in a reasonable timeframe of any intended change that may affect the security, availability, or manner of performance of the Agreement, particularly regarding changes to the tools, equipment, infrastructure, access regime, data location, subcontractors, or persons involved in the performance.

9.7 Upon termination of the Agreement or at Mibcon’s request, the Partner is obligated to transfer to Mibcon the data and other deliverables generated during the performance of the Agreement in an agreed-upon or commonly used format and subsequently handle them in accordance with the Agreement, these Terms, and Mibcon’s instructions, in particular to securely delete them if required to do so.

9.8 The Partner is obligated to maintain and retain reasonable records of security-related facts pertaining to the performance of the Agreement, to the extent necessary to demonstrate proper fulfillment of its obligations, to address incidents, or to protect Mibcon’s legitimate interests.

9.9 If, in light of the nature of the performance, the significance of the service provided, legal requirements, or the Customer’s requirements, the Partner is designated by Mibcon as a significant or otherwise security-critical provider, the Partner is required to provide Mibcon with reasonable cooperation in assessing and managing the risks of the provider relationship, in demonstrating compliance, and in fulfilling related regulatory or Customer requirements.

10. Special Obligations of the Partner

Cloud Technologies

10.1 If the Partner provides services in a cloud or similar remote operating model, the Partner is obligated to ensure that Mibcon has, for the duration of the Agreement and after its termination, the reasonable ability to:

a) obtain its data, configurations, and outputs related to the performance of the Agreement without undue delay and in a commonly used format,

b) receive reasonable information about the security and operational model of the services provided, if relevant to the performance of the Agreement,

c) be informed of significant operational or security incidents and outages affecting the performance of the Agreement,

d) be informed of significant changes to subcontractors, hosting, operational infrastructure, or data location, if such changes may impact the performance of the Agreement or the security of Mibcon’s or its Customer’s data,

e) to be informed, to the extent permitted by law, of any request by a public authority or foreign authority for access to or disclosure of Mibcon’s or its Customer’s data, provided such request relates to the performance of the Agreement,

f) ensure the termination of the service, migration, transfer of data, and secure deletion of data in a manner that does not result in an unreasonable restriction on the availability, integrity, or confidentiality of Mibcon’s or its Customer’s data.

AI Technology

10.2 If the Partner uses artificial intelligence-based tools in the performance of the Agreement, the Partner undertakes to:

a) use them only to the extent consistent with the nature of the performance, applicable laws, these Terms, and its internal security policies,

b) not to input Mibcon’s data, its Customer’s data, personal data, confidential information, or trade secrets into such tools, unless expressly permitted by the Agreement or the tool is operated in an appropriately secure mode that prevents unauthorized access to or use of such data for other purposes,

c) ensure professional human review (“human-in-the-loop”) of the outputs before submitting them to Mibcon,

d) upon request, inform Mibcon of the AI tools used in the performance of the Agreement,

e) ensure that the use of AI tools does not result in a violation of third-party rights or a threat to the security of Mibcon’s environment or that of its Customer,

f) not to use AI tools to replace the Partner’s professional responsibility for the accuracy, completeness, security, and legal validity of the delivered work,

g) not to use AI tools or other unauthorized external tools directly on the production environment, production databases, or other sensitive systems of Mibcon or its Customer,

h) when using SAP AI tools at Mibcon, comply with the SAP AI Terms, as currently amended at https://www.sap.com/about/trust-center/agreements/cloud/cloud-services.html?sort=latest_desc&tag=agreements%3Ageneral-terms-and-conditions%2Fai&tag=language%3Aenglish

provided that the use of AI tools does not entitle the Customer to a change (reduction) in the agreed price of performance under the Agreement.

ESG

10.3 The Partner acknowledges that Mibcon takes a responsible approach to environmental protection into account when selecting, evaluating, and managing its business partners. Mibcon places particular emphasis on optimizing energy consumption, waste sorting, and the use of sustainable resources, i.e., reducing its carbon footprint. The Partner undertakes to perform the Agreement in a manner appropriate to the nature of the performance so as not to unnecessarily increase the negative environmental impacts of its activities.

10.4 The Partner undertakes to comply with the content of the document: ESG and CSR Politics

CSR

10.5 The Partner acknowledges that Mibcon takes into account the implementation of corporate social responsibility principles when selecting, evaluating, and managing its business partners. Mibcon places particular emphasis on ethical conduct, support for community and educational projects, anti-corruption measures, equal treatment, and the development of a healthy work environment. The Partner undertakes to perform the Agreement in a manner that protects and promotes the above-mentioned principles.

10.6 The Partner undertakes to comply with the content of the document: Code of Conduct

11. Changes to the Terms

11.1 Mibcon reserves the right to amend these Terms at any time.

11.2 Mibcon shall notify the Partner of any changes to the Terms at least 7 calendar days prior to their effective date by sending a notice to the Partner’s contact email address.

11.3 The Partner is entitled to reject the amendment to the Terms by sending a written notice to Mibcon while simultaneously terminating the Agreement in relation to which the Partner rejects the binding nature of the amendment to the Terms, provided that such notice and termination are delivered to Mibcon no later than the day immediately preceding the date on which such changes to the Terms are to take effect, and provided that the relevant Agreement is terminated by such termination as of the date on which the changes to the Terms rejected by the Partner, to which the Partner has expressed its disagreement through the aforementioned procedure, are to take effect.

12. Final Provisions

12.1 The Agreement between Mibcon and the Partner, as well as these Terms, are governed by the laws of the Czech Republic, in particular the Civil Code.

12.2 Upon termination of the cooperation, the Partner is obligated to:

a) hand over to Mibcon all data generated in connection with the performance of the Agreement in a machine-readable format,

b) provide appropriate cooperation during the data migration for a period of at least 30 days from the start of the migration,

c) after migration, securely delete the data from the Partner’s systems in accordance with Mibcon’s instructions, unless otherwise provided by law, and issue the relevant written confirmation at Mibcon’s request.

12.3 These Terms are drawn up in the Czech language and, for informational purposes, also in English; in the event of any discrepancies, the Czech language version shall prevail.

12.4 These Terms (this version of the Terms) shall take effect on May 20, 2026.

---

Download as PDF