Terms and conditions 

These terms and conditions and our Privacy Policy  apply to all contracts held between 8foldGovernance Ltd. and customers. Please ensure to read both fully before purchasing products from our site. Additional terms may apply to some contracts and will need to be signed prior to services commencing. 


The Prices displayed on our site are subject to addition of VAT and other state/national tax in line with relevant regulations. Any price changes made to products on the site are not applicable to purchases completed before the price change.  


In line with consumer rights laws, your right to cancel a contract within the relevant period starts once we have confirmed by returning the signed contract to you. During the relevant 14 day period you can notify us that you would like to cancel the contract and receive a refund. More information on your legal rights to refund can be found on your local citizens advice or Trading standards Office websites. 

Cancelation rights do not apply to the following: 

    • Digital Content (e.g PDF’s, Software, Electronic templates or audio books)
    • Products personalised to client specific requirements

For service products where the delivery start date is within 14days of contract confirmation, cancellation must be made at least 24hours prior to the first meeting or service delivery start date. If a delivery start date has not been established within the contract then the normal 14 day notice period applies.

For subscription products cancelation requests must be made…

All cancelation requests must be sent to support@8foldgovernance.com 

Upon cancellation we will:

    • Refund the amount paid for the product onto the card/payment method you used to pay for the product. 
    • Refunds are only permittable for cancelations made within the guidelines for cancelation stated above. 

Subscription Service Products 

8foldGovernance offer a number of annual and monthly support services including; DSP Toolkit as a Service, DPO as a Service and CSO as a Service. The subscription periods of these services are stated on each service page and will be set out in the contract we send to you upon purchase. Once your online payment has processed and the contract is signed you are formally agreeing to enter into a Recurring Payment Authority (RPA), this authorises us to collect the recurring payments, from the initial payment method used to purchase the product. By signing the contract and agreeing to enter the RPA you are agreeing to keep the card payment details correct and valid during the entire subscription period of the product and are liable to extra costs that result from failure to keep these details valid. Unless a cancellation request is received we will continue to collect payment or invoice in line with the subscription period stated in the contract. Where subscription has been made by means of a Purchase Order you are agreeing to pay all subsequent invoices for subscription services until a cancelation request is made. If any changes are made to subscription services prices we will inform you at least 28 days prior to the changes to allow time for a cancelation request to be made if you so wish to do so. 

To cancel the recurring payment and cease delivery of services you must email support@8foldgovernance.com

Upon cancelation we will revoke access to any digital documentation and cease service delivery up to the end date of the subscription period that has paid for. 

Some Services are subject to the specific terms below. 

DPO as a Service 

It is your responsibility to ensure all company directors and authorised officers have read and understand these terms and conditions 

    • You are responsible to getting correct legal advice on matters than require so. And any legal fees that result from that advice fall solely on you 
    • By entering this contract you are agreeing to provide us with the necessary recourses and access to documentation and company procedure for us to carry out our service.

CSO as a Service 

It is your responsibility to ensure all company directors and authorised officers have read and understand these terms and conditions 

    • You are responsible to getting correct legal advice on matters than require so. And any legal fees that result from that advice fall solely on you 
    • By entering this contract you are agreeing to provide us with the necessary recourses and access to documentation and company procedure for us to carry out our service.


On entering this contract you are confirming:

    • All responsibility for GDPR compliance and any other relevant regulation lies solely with you.
    • Liability of the delivery of services lies only with the company and action cannot be taken against individual employees.
    • We are not liable for any delays that occur in the delivery of services where caused by circumstances beyond our reasonable control.
    •  We do not accept any liability in relation to third parties we may need to liaise with on your behalf.
    • It is your responsibility to engage promptly with the service on any matters that are time sensitive and we are not liable for any delays from you engaging with us on matters where you require our advice. 
    • It Is your responsibility to follow any advice given by us, should you not follow the service provided advice, we are not liable for any actions on fees that result. In the event you fail to follow advice provided by the service we have the right to immediately terminate the contract without any refund of payments already made. 
    • We are not responsible for notifying/reminding of dates or time sensitive actions required by yourselves. 


    • We will ensure any staff assigned to delivering services to you have the necessary knowledge and experience to do so. By signing the contract you agree that 8foldGovernance will determine the required knowledge and experience to deliver services. 
    • Services will usually be delivered by a team of our staff and the relevant contact details will be given upon contract confirmation.
    • A Service Delivery Lead will be assigned to you and this will be your main point of contact for the delivery of your services. 


Data protection


Processing as a Data Controller:

    • We process personal data in line with the requirements of the EU General Data Protection Regulation (‘GDPR’) and the UK Data Protection Act (‘DPA’) 2018. Our Privacy Policy  sets out the specific bases on which, as a Data Controller, we process personal data.

Processing as a Data Processor:

    • In respect of personal data we hold to be able to deliver services to you, we act as a Data Processor and process that data securely, in line with our obligations under the EU GDPR and the UK DPA 2018 and to your order.
    • In the event of a data breach (as defined by law) we will notify you within the time frame required by law. It is your responsibility to determine whether or not the incident has to be reported to the relevant supervisory authority.
    • Where we act as a Data Processor, we will not sub-contract any processing to any sub-processor without first notifying you.
    • We will not hold any personal data beyond the completion of a service agreement other than at your instruction.

Taking account of the nature of the processing, and the risks to the rights and freedoms of natural persons, we apply appropriate measures of security to protect the confidentiality, integrity and availability of all personal data that we process.

Availability of Services 

    • Unless otherwise agreed otherwise, we will provide the Services between the hours of 9:00 am and 5:00 pm in the United Kingdom not including weekends or Bank Holidays 
    • Calls received outside of the standard hours of service will go through to an answerphone service and will not be accessed by us until the next working day. 
    • Emails received outside of the standard hours of service will be received by our server, but no action will be taken by us until the next working day. 

Intellectual property

    • By signing the contract you recognise we own the intellectually property and copyright of our website and all products purchased from us. 
    • Purchase of products or services in no way provides licence for the use or modification of our intellectual property. Use of our intellectual property without our permission will result in a cease and desist from use, and may result in penalty fee’s. 

Limitation of liability

    • Our total liability under any contract will not exceed the amounts paid by you under that contract.
    • We are not liable for consequential, indirect or special losses of any sort.


    • In the event that any of the above terms be held in any jurisdiction to be void or invalid, the term will be altered to the extent minimally necessary to comply with the laws of that jurisdiction to prevent the term being voided. The term will still be binding in its altered form. 
    • Each term above holds on its own and can not be affected by other voided terms. 
    • No waivers of us in exercising any of our rights can be taken as a waiver for additional rights or for said rights at a future date. Delays in us exercising our rights cannot be taken as a waiver. 
    • These terms will be governed by and construed in accordance with the laws of England and you explicitly accept that only the law courts of England have jurisdiction to deal with any matter arising from or in any way, whether directly or indirectly, related to the use of this website and, accordingly, you explicitly waive all and any rights to bring any action of any sort in relation to this website, or to any transaction carried out with it, or any data stored on it or provided to it in any court anywhere else in the world.


8foldGovernance Cyber Essentials and Vulnerability monitoring end user license agreement


These terms, the Terms and Conditions and our privacy policy form the binding agreement between you (“You” or “the Customer”) and us (“the Company”) and shall come into force at such time as you use purchase the Company’s Cyber Compliance Services (including Cyber Essentials certification and remote vulnerability monitoring) (“the Services”). Please read these terms carefully and contact us in case You have any questions.



    • Agent: a program that can be installed on a computer or mobile device and which can check and secure the configuration of the computer or device;
    • Terms and conditions: The terms and conditions stated above 
    • Auto-Fix: refers to features which, when enabled by the Customer, can change the configuration of the Customer’s systems;
    • CE: Cyber Essentials as defined in the Cyber Essentials Scheme;
    • Customer: any user of the Site and/or registered user with an account on the Site that has or has not requested certification or deployed Agents through the Site, regardless of whether or not fees have been paid for any Services;
    • Company: 8foldGovernance;
    • Opinion: non legally binding information contained in the Company’s toolkits;
    • Systems: any technology or computer infrastructure, software and hardware; and
    • Site: the website at www.cybersmart.co.uk and any of its sub-domains, Agents and applications.
    • Website: the website at www.8foldgovernance.com and any of its sub-domains, Agents and applications.

Scope of these terms

    1. The use of the Site, the Services and all its parts is subject to the acceptance of these terms of use, the Company’s privacy policy (https://8foldgovernance.com/privacy-policy/) and the terms of use of the Company’s partners as outlined in other parts of the Site and privacy policy (https://cybersmart.co.uk/privacy/).
    2. The agreement identified by these terms constitutes the entire agreement under which the Company’s Services and the Site may be used. Any prior communication, warranty or statement shall not apply to the contract between us.
    3. Headings have been inserted for convenience and may not be used to interpret the content of this agreement.
    4. By using the Site as representative of a corporate entity, Customers warrant that they are entitled to do so.
    5. These terms shall only be applicable between the Company and the Customer and do not intend to benefit or confer any other right in regards to third parties.
    6. The Company may, at any time and on its discretion by notice amend these terms and its privacy policy. Customers Site agree that it falls into their responsibility to regularly check the Website for notice of any such changes to these documents.
    7. If you disagree with any of the provisions of these terms or our privacy policy, you should stop using the Site and/or any Services.
    8. Any disputes shall be subject to the version of these terms and conditions in effect at the date at which the dispute was first brought to the Company’s attention in writing.


Use of Site

    1. The Site and all its content are owned by and under copyright of the Company and/or third-party licensors. Customers may not reproduce any written content, images or concepts without the prior written permission of the Company. Customers may not (and shall not incite or cause others to):
      1. modify, disassemble, decompile or reverse engineer the Site, except to the extent expressly permitted by law;
      2. resell, sublicense, distribute or otherwise transfer any materials from the Site to any third party;
      3. copy any of the Site content;
      4. circumvent, disable or remove any Site security features;
      5. interfere (or try to do so) with the proper working of the Site or any activities conducted on it.
    2. In case of breach of this provision, the Company shall have the right to immediately terminate Your access to the Site and claim damages for the damage suffered where appropriate.
    1. Any data provided by Customers over the course of the Services and whilst using the Agents remain the sole property of the Customer.
    2. Customers will be liable for any and all loss, liability and/or damage to the Company or third parties through the use of their Site account, including any unauthorised third-party access. Customers are recommended to use strong passwords, changed in case of a suspected security breach and to enable multi-factor authentication at all times.
    3. In the case of a suspected security breach, Customers must inform the Company in writing immediately.
    4. The purpose of our Cyber Essentials Site is to provide easy access to Cyber Essentials certification and Agents for 24/7 compliance monitoring. In order to provide Customers with unparalleled service, the Company stores and processes Company and personal data. Please refer to the privacy policy for further information.
    5. In offering Cyber Essentials certification, the Company provides a non-exclusive, non-transferable licence to access an easy-to-understand toolkit using the account issued to the Customer. This toolkit contains non-legally binding Opinions. Neither the Company nor any of its officers, employees or partners will be held liable for any delays in the certification process or objection to a Customer’s certification altogether as a result of the Customer using this toolkit.
    6. All information entered by You onto Your account on the Site in the course of the Services is treated by the Company as confidential. You acknowledge that the Company has the right to access, monitor and modify Your account for the purpose of providing the Company’s Services.
    7. It is Your responsibility to provide the Company at all times with accurate contact information including, but not limited to, a valid e-mail address. You must promptly advise the Company of any changes in Your contact information.
    8. The Company provides “Auto-Fix” solutions, which help the Customer to implement standards more quickly. The Customer accepts that these “Auto-Fixes” are applied at its discretion and risk. The Company will not be held liable for any damage incurred by the Customer using such a function.
    9. The Company will not be held liable for any damage or inconvenience resulting from the Company following Opinions provided. It is recommended that Customers discuss any changes in their IT infrastructure with a professional familiar with the Customer’s Systems.
    10. In order to function comprehensively, the Customer installs Agents on the Customer’s Systems to facilitate certification and provide 24/7 compliance monitoring. Agents have been developed together with leading cyber security professionals and have been thoroughly and independently tested. The Customer agrees to Agents being installed on the Customers Systems and Customer will not hold the Company, its officers or employees liable for any damage, loss or inconvenience caused by any such Agents.
    11. The Company may make commercially reasonable changes to the Services offered to the Customer from time to time. If the Company makes a material change to the Services, the Company will notify the Customer by giving not less than 30 day’s prior notice. If the Customer notifies the Company that it does not agree with such material change, then the Customer will remain governed by the terms in effect immediately prior to the change until the end of the then-current subscription term, except where such change is required by applicable law.
    12. The Company grants (or procures the grant of) to Customers the right to use the Company’s background IPR in the course of the Customer’s business and for any purposes reasonably incidental thereto in accordance with the terms of the EULA. The Company represents and warrants that the only license terms that are required for use of the Products and Services and/or Documentation by the Customer are included in the EULA and the EULA includes all rights and licenses necessary to enable use by Customer in case a third party is providing a managed service to Customers in connection with the Products, Services and/or Documentation or that third party is reselling the Products, Services and/or Documentation to the Customer and the end-user does not need any further licenses to use the Products, Documentation and Services.


    1. Customers may, at any time without cause terminate its contract for the provision of the Services offered by the Company. Under such circumstances, the Company will provide the Customer with an aggregation of data submitted over the course of the contractual relationship.
    2. Where the Customer has achieved any certification or certifications and has paid by annual subscription(s)  in advance, the Customer shall not be entitled to any refund of monies paid to the Company if it terminates pursuant to clause 22.
    3. Where the Customer has achieved any certification or certifications and has paid by monthly subscription(s), the Customer shall remain liable on termination for a sum of the difference between their current fees paid and the sum of the value of 10 months of their subscription, with the calculation date to start from the date the certification or certifications were issued, if it terminates pursuant to clause 22. Such fees will be liable per certificate subscription terminated.
    4. In case of breach of these terms, the Terms and Conditions of our partners or our Privacy Policy by the Customer, the Company shall have the right to terminate any contractual relationship with the Customer with immediate effect.


    1. The Site is provided on an “as is” and “as available” basis without any representation or endorsement made and the Company makes no warranties, whether express or implied, in relation to the Site or its use. You acknowledge that the Company cannot be responsible for the security or privacy of information transmitted to the Company and the Customer must bear the risk associated with the use of the internet.
    2. Notwithstanding any other provision in these Terms, nothing in these Terms will affect or limit any rights You may have under English Law; or exclude or limit the Company’s liability for death or personal injury caused by our negligence or for fraud or fraudulent misrepresentation or any other liability which cannot be excluded or limited under applicable law.
    3. In no event will the Company be liable for any indirect, special, punitive, exemplary or consequential losses or damages of whatsoever kind arising out of Customer’s use of, or access to the Site or Services, including loss of profit, whether or not in the contemplation of the parties, whether based on breach of contract, tort (including negligence), product liability or otherwise. The Company’s total aggregate liability for direct losses or damages of whatsoever kind (including loss of profits) in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising out of the delivery to You of paid-for Services, whether based on breach of contract, tort (including negligence), product liability or otherwise shall be limited to the total fees paid by You for the Services during the 12 months immediately preceding the date on which the claim arose.
    4. The Company may, at any time and at its own discretion, temporarily or permanently discontinue its Services where necessary as a result of any cause beyond the Company’s reasonable control including, without limitation, mechanical, electronic or communications failure. Under such circumstances, the Company shall not be liable for any damage, loss or inconvenience.

Dispute resolution and Jurisdiction

        1. Before instigating court proceedings, users agree to provide the Company with sufficient time and information to rectify the point in issue. Furthermore, before filing any claims users agree to provide the Company with the opportunity to engage in an alternative dispute resolution process.
        2. Subject to clause 30, these terms and any claims resulting from its application are subject to the laws of England and Wales. Both parties, therefore, waive any rights of claim in any other jurisdiction, except for the right of the Company which may at its discretion submit claims within the jurisdiction of the Customer.

V1.1 08/10/20