1. Services

1.1. The provider shall make the contractual services, in particular access to the software, available within its own sphere of control (from the data center interface to the Internet). The scope of services, specifications, intended use, and conditions of use for the contractual services are set out in the respective service description, and additionally in the software user manual.

1.2. Any additional services, such as the development of customer-specific solutions or required adaptations, require a separate agreement.

1.3. The provider may provide updated versions of the software. The provider will inform the customer electronically about updated versions and corresponding usage instructions and make them available accordingly.

2. Scope of Use

2.1. The contractual services may only be used by the customer and only for the purposes agreed in the contract. During the term of the contract, the customer may access the contractual services via telecommunication (over the Internet) and use the functionalities associated with the software as contractually agreed using a browser or another suitable application (e.g., “app”). No further rights, in particular to the software or any infrastructure services provided at the data center, shall be granted to the customer. Any use beyond this requires the prior written consent of the provider.

2.2. In particular, the customer is not permitted to use the software beyond the agreed scope of use, allow third parties to use it, or make it accessible to third parties. In particular, the customer is not permitted to duplicate, sell, transfer temporarily, rent, or lend the software or parts thereof.

2.3. The provider is entitled to take reasonable technical measures to protect against non-contractual use. Contractual use of the services must not be more than insignificantly impaired as a result.

2.4. In the event of a contractual breach by a user exceeding the scope of use or unauthorized transfer of use, the customer shall, upon request, immediately provide the provider with all information available to him necessary for the assertion of claims, particularly the name and address of the user.

2.5. The provider may revoke the customer's access authorization and/or terminate the contract if the customer significantly exceeds the permitted use or violates rules for protection against unauthorized use. In such cases, the provider may interrupt or block access to the contractual services. Prior to this, the provider shall generally set a reasonable grace period for remedy. The revocation of access authorization alone does not constitute termination of the contract. Revocation of access authorization without termination can only be maintained for a reasonable period, a maximum of 3 months.

2.6. The provider's right to claim remuneration for use beyond the agreed scope remains unaffected.

2.7. The customer has a claim to reinstatement of the access authorization and access capability after demonstrating that the non-contractual use has ceased and future non-contractual use has been prevented.

3. Availability, Defects in Service

3.1. The availability of the provided services is specified in the service description.

3.2. In the case of only an insignificant impairment of the suitability of the services for the contractual use, the customer shall have no claims for defects. The provider's no-fault liability for defects existing at the time of contract conclusion is excluded.

4. Data Protection

4.1. Insofar as the provider can access personal data of the customer or from the customer's area, he shall act solely as a data processor and will only process and use these data for the purpose of executing the contract. The provider will comply with the customer's instructions regarding handling of these data. The customer bears any adverse consequences of such instructions for the execution of the contract. The customer shall agree with the provider the details of handling the customer's data according to data protection requirements.

4.2. The customer remains the controller both in the general sense and under data protection law. If the customer processes personal data (including collection and use) in connection with the contract, he shall ensure that he is authorized to do so under applicable, especially data protection, law and shall indemnify the provider against third-party claims in the event of a violation.

4.3. In the relationship between provider and customer: the customer shall bear responsibility towards the data subject for the processing (including collection and use) of personal data, unless the provider is responsible for any claims due to a breach of duty attributable to him. The customer shall review, process, and respond to any queries, requests, and claims from data subjects independently. This also applies to any claims against the provider by a data subject. The provider shall support the customer within the scope of his obligations.

4.4. The provider ensures that the customer's data are stored exclusively in the territory of the Federal Republic of Germany, in a member state of the European Union, or in another contracting state of the Agreement on the European Economic Area, unless otherwise agreed.

5. Obligations of the Customer

5.1. The customer must protect the access credentials, identification, and authentication information assigned to him or to users from access by third parties and must not pass them on to unauthorized persons.

5.2. The customer is obligated to indemnify the provider against all third-party claims arising from legal violations resulting from unlawful use of the contractual services by him or with his approval. If the customer becomes aware of, or should become aware of, any such violation, he is obligated to notify the provider immediately.

5.3. The customer must use the options provided by the provider to back up his data within his own area of responsibility.

6. Breach of Contractual Use, Compensation for Damages

In each case where a contractual service is used without authorization within the customer’s area of responsibility, the customer must pay damages equal to the compensation that would have been due for the contractual use of the service over the applicable minimum contract term. The customer reserves the right to prove that he is not responsible for the unauthorized use or that the damage was non-existent or significantly lower. The provider retains the right to claim further damages.

7. Incident Management

7.1. The provider shall accept incident reports from the customer, assign them to the agreed incident categories (section 7.3), and carry out the agreed measures for analyzing and resolving incidents based on that classification.

7.2. The provider shall accept proper incident reports from the customer during its normal business hours and assign a reference number to each. Upon request, the provider shall confirm receipt of the incident report by communicating the reference number.

7.3. Unless otherwise agreed, the provider shall assign incoming incident reports to one of the following categories after initial review:

1. Severe Incident
   The incident is due to an error in the contractual services that makes use of the contractual services, especially the software, impossible or only possible with serious restrictions. The customer cannot reasonably work around the issue and is therefore unable to complete urgent tasks.

2. Other Incident
   The incident is due to an error in the contractual services that significantly restricts use of the contractual services, especially the software, without constituting a severe incident.

3. Other Notification
   Incident reports that do not fall into categories a) or b) are classified as other notifications. Other notifications are handled by the provider only according to any separate agreements.

7.4. In the case of severe or other incidents, the provider shall immediately take appropriate action, based on the information provided by the customer, to first localize the root cause of the incident.

If the reported incident, upon initial analysis, is not caused by an error in the contractual services, particularly the provided software, the provider shall inform the customer of this immediately.

Otherwise, the provider shall take further action to analyze and resolve the reported incident or — in the case of third-party software — forward the incident report along with its analysis results to the distributor or manufacturer of the third-party software, requesting a remedy.

The provider shall make available to the customer any existing workarounds or corrections to the contractual services, particularly the software (e.g., instructions or patches), without delay. The customer shall promptly implement such measures and, if issues persist, report them again to the provider without delay.

8. Contract Duration and Termination

8.1. The agreed contractual services will be provided from the date specified in the contract for the duration of the agreed minimum term. During this minimum term, early ordinary termination by either party is excluded.

8.2. The contract may be terminated with three months’ notice, earliest at the end of the minimum term. If not terminated, the contract shall automatically renew for successive one-year terms, unless terminated with three months’ notice before the end of the respective renewal period.

8.3. The right of each contractual party to terminate the contract for cause remains unaffected.

8.4. Any notice of termination must be in writing to be effective. See section 16.4.

8.5. The customer must back up his data independently before the end of the contract (e.g., by download). Upon request, the provider shall support the customer in this; see section 12.3. Due to data protection regulations, the customer will generally no longer have access to these data after termination of the contract.

9. Compensation, Payment, Performance Protection, Deadlines

9.1. Unless otherwise agreed, compensation shall be calculated based on effort, at the provider’s generally applicable rates at the time of contract conclusion. Fees are net amounts plus any applicable VAT.

The provider may invoice monthly. Where services are billed by effort, the provider shall document the type and duration of activities and include this documentation with the invoice.

9.2. All invoices are payable without deduction no later than 14 calendar days after receipt.

9.3. The customer may only offset or withhold payments due to defects if he has legitimate payment claims arising from material or legal defects. For other claims related to defects, the customer may only withhold a proportionate amount that is reasonable in light of the defect. Section 4.1 applies accordingly. The customer has no right of retention if his defect claim is time-barred. Otherwise, offsetting or withholding is only permitted with undisputed or legally established claims.

9.4. The provider retains ownership and any usage rights to the services until full payment of the owed compensation, taking into account justified defect-related retentions under section 1.3 sentence 2. The provider also retains ownership until all claims arising from the business relationship with the customer are fulfilled.

The provider is entitled to prohibit the customer from further use of the services for the duration of any payment default. This right may only be exercised for a reasonable period, usually no more than 6 months. This does not constitute contract withdrawal. § 449 (2) BGB remains unaffected.

If the customer or his buyers return the services, acceptance does not constitute withdrawal by the provider unless expressly declared. The same applies to seizure of reserved goods or rights by the provider.

Goods or rights subject to reservation may not be pledged or transferred as collateral. Resale is only permitted to resellers in the ordinary course of business and only if the provider receives a valid assignment of the customer’s claims against his buyers arising from the resale, and the customer transfers ownership subject to payment. By entering into this contract, the customer assigns such future claims to the provider, who hereby accepts the assignment.

If the value of the provider’s security rights exceeds the secured claims by more than 20%, the provider shall release the corresponding share of security rights at the customer’s request.

9.5. The customer is obligated to impose the same contractual usage restrictions on recipients when rights to services or deliveries are lawfully transferred.

9.6. If the customer fails to settle a due payment in full or in part by the agreed payment deadline, the provider may revoke agreed payment terms for all outstanding claims. The provider may also require prepayment or a performance bond issued by a credit institution or insurer authorized in the EU before delivering further services. Prepayment must cover the billing period or, for one-time services, the full fee.

9.7. In the event of the customer’s financial inability to fulfill obligations toward the provider, the provider may immediately terminate existing exchange contracts or ongoing service agreements — even in the event of insolvency filing. § 321 BGB and § 112 InsO remain unaffected. The customer shall inform the provider in writing at an early stage of any impending insolvency.

9.8. Fixed service deadlines must be agreed upon expressly and in documented form. Agreed deadlines are subject to the provider’s timely and proper receipt of necessary supplies or services from its subcontractors.

10. Cooperation, Customer Duties, Confidentiality

10.1. The customer and the provider shall each appoint a responsible contact person. Unless otherwise agreed, all communication shall take place via these contact persons. The contact persons shall make all decisions necessary for the execution of the contract without delay. Such decisions must be documented in a binding manner.

10.2. The customer is obligated to support the provider as needed and create all conditions necessary for proper performance within his operational sphere. This includes providing essential information and, where possible, granting remote access to the customer's system. If remote access is not possible due to security or other reasons, affected deadlines shall be reasonably extended; the parties shall agree on suitable adjustments for any further consequences. The customer shall ensure that qualified personnel are available to support the provider.

If the contract provides for services to be delivered at the customer’s premises, the customer shall provide adequate workspace and tools at the provider’s request, free of charge.

10.3. Unless otherwise agreed, the customer shall be responsible for appropriate data backup and disaster recovery measures for data and components (e.g., hardware, software), in line with their nature and importance.

10.4. The customer shall report defects without delay in a comprehensible and detailed form, including all information useful for identifying and analyzing the defect. This includes the steps that led to the defect, the manifestation, and the impact. Unless otherwise agreed, the provider’s forms and procedures shall be used.

10.5. The customer shall support the provider as reasonably required in reviewing and asserting claims against other parties involved in service delivery. This applies in particular to recourse claims the provider may have against subcontractors.

10.6. The parties are obligated to maintain confidentiality regarding trade and business secrets and other information designated as confidential that becomes known during the execution of this contract. Disclosure to unauthorized persons not involved in the conclusion, performance, or termination of the contract is permitted only with prior written consent of the other party. Unless otherwise agreed, this obligation continues for five years after the information becomes known, and for continuing obligations, at least until the end of the contract.

The parties shall also impose these obligations on their employees and any third parties engaged.

10.7. The parties acknowledge that electronic and unencrypted communication (e.g., by email) carries security risks. They shall not assert claims based on the lack of encryption unless encryption was expressly agreed.

11. Disruptions in Service Delivery

11.1. If a cause not attributable to the provider, including strikes or lockouts, affects timely performance ("disruption"), deadlines shall be postponed by the duration of the disruption, including a reasonable restart period where necessary. Each party shall inform the other promptly about the disruption and its expected duration.

11.2. If the disruption increases workload, the provider may claim compensation for the additional effort unless the customer is not responsible for the disruption and it lies outside his area of responsibility.

11.3. If the customer is entitled to withdraw from the contract and/or claim damages due to improper performance by the provider — or claims to do so — the provider may request a written statement within a reasonable period as to whether the customer wishes to enforce these rights or continue performance.

In case of withdrawal, the customer must compensate the provider for the value of any usage already obtained; this also applies to deterioration from intended use.

If the provider is in default with service delivery, the customer’s compensation for damages and expenses for each full week of delay is limited to 0.5% of the price for the delayed part of the service. The total liability is limited to 5% of the total remuneration for the affected services, or for ongoing obligations, to the annual remuneration for the affected services. A higher or lower contractual penalty agreed at contract signing shall apply with priority. This does not apply in the case of gross negligence or willful misconduct by the provider.

11.4. If the service is delayed, the customer may only withdraw from the contract within legal limits and if the delay is attributable to the provider.

If the customer claims damages or expenses due to delay, such claims are limited to 1% of the price of the delayed portion of the service for each full week of delay, capped at 10% of that price; for continuing obligations, the cap applies to the annual remuneration for the affected services. Any higher agreed percentage shall apply with priority.

12. Material Defects and Reimbursement of Expenses

12.1. The provider warrants that the services conform to the contractually agreed quality. No claims for material defects exist in case of minor deviations from agreed specifications.

No claims arise for excessive or improper use, normal wear and tear, failure of system environment components, non-reproducible or otherwise unverified software errors, or damages caused by exceptional external influences not contemplated by the contract. This also applies to later modifications or repairs by the customer or third parties, unless they do not hinder defect analysis or remedy.

Section 6 applies accordingly for claims for damages and reimbursement of expenses.

12.2. The limitation period for material defect claims is one year from the start of the statutory limitation period. The statutory periods under § 478 BGB and longer periods under § 438 (1) No. 2 or § 634a (1) No. 2 BGB, as well as in cases of intentional or grossly negligent breach, fraudulent concealment, or injury to life, body, or health, or under the Product Liability Act, remain unaffected.

The processing of a defect report by the provider only suspends the limitation period if the legal requirements for suspension are met. A new limitation period does not begin through such processing.

Any supplementary performance (replacement or repair) only affects the limitation period of the specific defect being remedied.

12.3. The provider may claim reimbursement for expenses if:

a) he acts on a defect report without a defect being present, unless the customer could not reasonably have known this, or

b) a reported defect is not reproducible or cannot be demonstrated by the customer, or

c) additional effort results from the customer’s failure to meet his obligations (see sections 2.2, 2.3, 2.4 and 5.2).

13. Legal Defects

13.1. The provider is only liable for infringement of third-party rights if the service is used as contractually intended and in the specified environment.

Liability applies only within the EU, the EEA, and at the location where the service is used according to contract. Section 4.1 sentence 1 applies accordingly.

13.2. If a third party asserts a claim against the customer due to infringement by a provider’s service, the customer shall notify the provider immediately. The provider and possibly his suppliers are entitled, but not obligated, to defend the claims at their own expense.

The customer may not acknowledge any claims without first giving the provider a reasonable opportunity to defend against them.

13.3. If a provider's service infringes third-party rights, the provider shall, at his own discretion and expense:

a) secure the right for the customer to use the service, or

b) modify the service to eliminate infringement, or

c) withdraw the service and refund the fee paid by the customer (less reasonable usage compensation) if no other remedy is feasible.

The customer's interests shall be duly considered.

13.4. Claims for legal defects are subject to section 4.2. Claims for damages and expenses are governed by section 6; claims for additional provider effort are governed by section 4.3.

14. General Liability of the Provider

14.1. The provider is always liable to the customer:

a) for damages caused intentionally or through gross negligence by himself, his legal representatives or agents,

b) under the Product Liability Act, and

c) for injury to life, body or health caused by the provider, his legal representatives or agents.

14.2. The provider is not liable for slight negligence unless a material contractual obligation has been breached — one that is essential for fulfilling the contract and upon which the customer regularly relies.

In such cases, liability is limited to typical and foreseeable damages, including lost profits or missed savings. Liability for other indirect damages is excluded.

For individual cases, liability is limited to the contract value, or in case of ongoing services, to the annual remuneration. Section 4.2 applies to limitation periods. The parties may agree on broader liability in writing at contract conclusion, usually for an additional fee. Any individually agreed limit prevails. Section 6.1 remains unaffected.

Additionally, and with priority, the provider’s liability for slight negligence under this contract is limited to the agreed percentage of the contractual fee. Section 6.1 b) remains unaffected.

14.3. The provider is liable for damages arising from a warranty only if expressly stated in the warranty. In case of slight negligence, such liability is subject to the limits in section 6.2.

14.4. If data or components (e.g., hardware or software) must be restored, the provider is only liable for the effort required if proper backups and precautions were taken by the customer. For slight negligence, this liability only applies if the customer had appropriate backups and precautions before the incident. This does not apply where backup was the provider’s responsibility.

14.5. Sections 6.1 to 6.4 apply accordingly to the customer’s claims for expenses or other liabilities. Sections 3.3 and 3.4 remain unaffected.

15. Data Protection

The customer shall enter into the necessary data protection agreements with the provider for handling personal data.

16. Miscellaneous

16.1. The customer shall independently comply with applicable import and export regulations, especially those of the USA. In case of cross-border delivery or service, the customer shall bear customs duties, fees, and other charges. The customer shall handle any legal or official procedures related to cross-border delivery or service, unless otherwise agreed.

16.2. German law applies. The UN Convention on Contracts for the International Sale of Goods (CISG) is excluded.

16.3. The provider renders services based on his General Terms and Conditions (GTC). Customer GTCs do not apply, even if the provider does not expressly object.

Acceptance of the services by the customer implies acceptance of the provider’s GTC and rejection of the customer’s GTC.

Other conditions only apply if accepted in writing by the provider; in such cases, the provider’s GTC also apply.

16.4. Amendments and supplements to this contract must be made in writing. Where written form is required (e.g., for termination, withdrawal), text form is not sufficient.

16.5. Jurisdiction for business customers, public law entities or special public assets is the provider’s place of business. The provider may also sue the customer at the customer’s place of business.