General terms and conditions
for the use of software via the Internet

(Software as a Service SaaS)

1. Services

1.1 The Provider shall provide the contractual services, in particular access to the software, in its area of availability (from the data center interface to the Internet). The scope of services, the nature, the intended use and the conditions of use of the contractual services are set out in the respective service description on the website describing the software.

1.2 Any additional services, such as the development of customized solutions or necessary adaptations, shall require a separate contract.

1.3 The Provider may provide updated versions of the software.The Provider shall inform the Customer electronically of updated versions and corresponding instructions for use and make them available accordingly.

2. Scope of use

2.1 The offer for the use of the software is directed exclusively at companies (B2B). The contractual services may only be used by the customer and only for the performance of tasks arising in the business operations of this company. During the term of the contract, the customer may access the contractual services by means of telecommunications (via the Internet) and use the functionalities associated with the software in accordance with the contract by means of a browser or another suitable application (e.g. “app”). The customer shall not receive any rights beyond this, in particular to the software or the infrastructure services provided in the respective data center, if any. Any further use shall require the Provider’s prior written consent.

2.2 In particular, the Customer may not use the Software beyond the agreed scope of use or have it used by third parties or make it accessible to third parties. In particular, the Customer shall not be permitted to reproduce, sell or temporarily transfer, rent or lend software or parts thereof.

2.3 The Provider shall be entitled to take appropriate technical measures to protect the software from use not in accordance with the contract. The use of the services in accordance with the contract may not be more than insignificantly impaired by this.

2.4 In the event that a user exceeds the scope of use in violation of the contract or in the event of an unauthorized transfer of use, the customer shall, upon request, immediately provide the Provider with all information available to it for asserting claims due to the use in violation of the contract, in particular the name and address of the user.

2.5 The Provider may revoke the Customer’s access authorization or terminate the contract if the Customer significantly exceeds the use permitted to him or violates regulations for protection against unauthorized use. In connection with this, the provider can interrupt or block access to the contractual services. The Provider shall generally set the Customer a reasonable grace period for remedial action beforehand. The sole revocation of the access authorization shall not be deemed to be a termination of the contract at the same time. The Provider may maintain the revocation of the access authorization without termination only for a reasonable period of time, not exceeding 3 months.

2.6 The Provider’s claim to remuneration for the use exceeding the agreed use shall remain unaffected.

2.7 The Customer shall have a claim to the reinstatement of the access authorization and the access possibility after it has proven that it has ceased the use in breach of contract and has prevented future use in breach of contract.

3. Availability, performance deficiencies

3.1 The availability of the server application shall be 96% on an annual average, not including the Customer’s Internet connection.

3.2 The availability is calculated according to the formula: Availability = (Total time – Total downtime) / Total time)

3.3 When measuring the total downtime, the following shall not be taken into account:a) Periods of non-availability of the server due to the fact that the technical requirements to be created by the user for the use of the clients, the app or the web application are temporarily not given, e.g. in the event of malfunctions in the user’s hardware. b) Times of unavailability of the server due to malfunctions that are based on errors in the data transmission network or are the responsibility of the data transmission company.c) Times of unavailability of the server due to force majeure, in particular due to hardware defects, power failures or hacker attacks that are not within the sphere of influence of 2S.d) Times of unavailability of the server due to maintenance work that is preferably carried out in a fixed defined time window, outside core hours (8:00 – 18:00).

3.4 2S has the right to use the services of external third parties for the fulfillment of parts of the described service.

3.5 In case of an only insignificant reduction of the suitability of the services for the contractual use, there are no claims of the customer due to defects. The strict liability of the Provider due to defects that were already present at the time of the conclusion of the contract is excluded.

3.6 2S is not liable for damages or consequential damages caused by the unavailability of the applications.

4 Data protection

4.1 Insofar as the Provider has access to personal data of the Customer or from the Customer’s area, the Provider shall act exclusively as a processor and shall process and use this data only for the purpose of executing the contract. The Provider shall comply with the Customer’s instructions for handling such data. The Customer shall bear any adverse consequences of such instructions for the performance of the contract. The details for the processing and use of the Customer’s data are described in the Provider’s Privacy Policy.

4.2 The Customer remains the responsible party both generally in the contractual relationship and in terms of data protection law. If the Customer processes personal data (including collection and use) in connection with the contract, the Customer warrants that it is entitled to do so in accordance with the applicable provisions, in particular the provisions of data protection law, and shall indemnify the Provider against claims by third parties in the event of a breach.

4.3 The following shall apply to the relationship between the Provider and the Customer: vis-à-vis the data subject, the Customer shall bear responsibility for the processing (including collection and use) of personal data, except to the extent that the Provider is responsible for any claims by the data subject due to a breach of duty attributable to it. The Customer shall responsibly examine, process and respond to any inquiries, applications and claims of the data subject. This shall also apply in the event of a claim against the Provider by the data subject. The Provider shall support the Customer within the scope of its duties.

4.4 The Provider warrants that Customer data will be stored exclusively in the territory of the Federal Republic of Germany, in a member state of the European Union or in another contracting state of the Agreement on the European Economic Area, unless otherwise agreed.

5. Obligations of the customer

5.1 The customer shall protect the access authorizations as well as identification and authentication information assigned to him or to the users from access by third parties and shall not disclose them to unauthorized persons.

5.2 The customer shall be obligated to indemnify the provider against all claims of third parties based on infringements of rights that are based on an unlawful use of the subject matter of the service by him or occur with his approval. If the customer recognizes or must recognize that such an infringement is imminent, the obligation exists to inform the provider immediately.

5.3 The Customer shall use the possibilities provided by the Provider to secure its data in its original area of responsibility.

6. Use in breach of contract, compensation
For each case in which a contractual service is used without authorization in the Customer’s area of responsibility, the Customer shall pay compensation in the amount of the remuneration that would have been incurred for the contractual use within the framework of the minimum contract period applicable to this service. The customer reserves the right to prove that the customer is not responsible for the unauthorized use or that there is no damage or significantly less damage. The Provider shall remain entitled to claim further damages.

7. Fault management

7.1 The Provider shall receive fault reports from the Customer, assign them to the agreed fault categories and, on the basis of this assignment, carry out the agreed measures for analyzing and clearing faults.

7.2 The Provider shall receive proper fault reports from the Customer during its normal business hours and assign an identifier to each one. Upon the Customer’s request, the Provider shall confirm receipt of a malfunction report to the Customer by informing the Customer of the assigned identifier.

7.3 Unless otherwise agreed, the Provider shall assign received malfunction reports to one of the following categories after first reviewing them:a) Serious malfunctionThe malfunction is based on a defect in the contractual services that makes the use of the contractual services, in particular the software, impossible or allows it only with serious restrictions. The Customer cannot reasonably circumvent this problem and therefore cannot complete tasks that cannot be postponed.b) Other faultThe fault is based on a fault in the contractual services that restricts the Customer’s use of the contractual services, in particular the software, more than just insignificantly, without there being a serious fault.c) Other messageFault messages that do not fall into categories a) and b) are assigned to the other messages. Other reports shall be handled by the provider only in accordance with the agreements made for this purpose.

7 .4 In the case of reports of serious malfunctions and other malfunctions, the Provider shall initiate appropriate measures within a reasonable period of time on the basis of the circumstances communicated by the Customer in order to first localize the cause of the malfunction.If, after initial analysis, the reported malfunction does not appear to be a fault in the contractual services, in particular in the software provided, the Provider shall notify the Customer of this without delay. Otherwise, the Provider shall initiate appropriate measures for further analysis and for remedying the notified fault or – in the case of third-party software – transmit the fault report together with its analysis results to the distributor or manufacturer of the third-party software with the request for remedial action. The Provider shall immediately provide the Customer with measures available to it for circumventing or remedying a fault in the contractual services, in particular in the software provided, such as manual instructions or corrections to the software provided. The Customer shall immediately adopt such measures for the avoidance or correction of faults and shall immediately report any remaining faults to the Provider again when using them.

8. Contract term and contract termination

8.1 The contractually agreed services shall be provided from the time of contract confirmation by the Provider and provision of the access data for the Customer.8.2 The minimum contract term shall be three full calendar months.8.3 The contract may be terminated with one month’s notice, at the earliest at the end of the minimum term. If this is not done, the contract shall be extended by a further three months in each case, unless it has been terminated with one month’s notice to the end of the respective extension period.8.4 The right of each contractual partner to extraordinary termination for good cause shall remain unaffected.8.5 The Customer shall back up its data files (e.g. by download) on its own responsibility in good time before termination of the contract. Upon request, the Provider shall support the Customer in this process, charging for the effort involved. After termination of the Agreement, the Customer will generally no longer be able to access these databases for reasons of data protection.

9. Remuneration, payment, protection of services, deadlines

9.1 The remuneration of the Provider shall be invoiced monthly in advance by charging a credit card of the Customer in accordance with the respective valid price list.

9.2 The Provider retains ownership and rights to be granted to the Services until full payment of the remuneration owed, justified retentions of defects in accordance with shall be taken into account. Furthermore, the Provider retains ownership until all its claims arising from the business relationship with the Customer have been satisfied.

9.3 The Provider is entitled to restrict or prohibit the Customer from further use of the Services for the duration of any default in payment by the Customer. The Provider may only assert this right for a reasonable period of time, generally for a maximum of 6 months. This does not constitute a withdrawal from the contract. § Section 449 (2) of the German Civil Code (BGB) shall remain unaffected.

9.4 The Customer shall inform the Provider in writing at an early stage of any impending insolvency.

10 Cooperation, Duties to Cooperate, Confidentiality

10.1 The Customer shall be obligated to support the Provider to the extent necessary and to create in its sphere of operation all prerequisites necessary for the proper execution of the order. To this end, the Customer shall in particular provide the necessary information and, if necessary, enable remote access to the Customer’s system. If remote access is not possible for security reasons or other reasons, the deadlines affected by this shall be extended appropriately; the contracting parties shall agree on an appropriate arrangement for further effects. The Customer shall also ensure that expert personnel are available to support the Provider.

10.2 It is not envisaged that services will be provided on site at the Customer’s premises.

10.3 The contractual partners shall be obliged to maintain confidentiality with regard to business and trade secrets and other information designated as confidential which becomes known in connection with the performance of the contract. Such information may only be disclosed to persons who are not involved in the conclusion, performance or execution of the contract with the written consent of the other contracting party. Unless otherwise agreed, this obligation shall end five years after the respective information has become known, but in the case of continuing obligations not before their termination.

10.4 The contractual partners shall also impose these obligations on their employees and any third parties engaged.

11. Liability

11.1 The Provider shall be liable for damages based on an intentional or grossly negligent tortious act or on an intentional or grossly negligent breach of contractual or pre-contractual obligations of the Provider or a legal representative or vicarious agent. Further claims, in particular claims for consequential harm caused by a defect, are excluded.11.2 The Provider is not liable in any case for damages caused by unavailable, incorrect or false data from external providers (e.g. Google).11.3 2S is not liable for damages or consequential harm caused by the unavailability of the applications.

12. Miscellaneous

The contractual partners are aware that electronic and unencrypted communication (e.g. by e-mail) is subject to security risks. In this type of communication, they will therefore not assert any claims based on the lack of encryption, except to the extent that encryption has been agreed upon in advance.German law shall apply. The application of the UN Convention on Contracts for the International Sale of Goods is excluded.

The place of jurisdiction vis-à-vis a merchant, a legal entity under public law or a special fund under public law is the registered office of the provider. The provider may also sue the customer at the customer’s registered office.

Status: January 25, 2019