AGB

ISMS for Confluence and RiskManager for Jira

Terms and Conditions

Thank you for your interest in using our software product „ISMS for Confluence“ and “RiskManager for Jira”(hereinafter referred to as the „Software“). Our software helps companies to implement information security management when using the Confluence™ Wiki software provided by Atlassian. The core function is the provision of document templates for an information security management system including instructions for customization.

Below you will find the terms and conditions of us, 3einhalb GmbH, Nägelsbachstraße 26, 91052 Erlangen, Germany (hereinafter the „Provider“), which apply to you as a customer (hereinafter the „User“) when you purchase our software via the Atlassian Marketplace or via third-party providers for download and installation on your own system (hereinafter the „Terms and Conditions“).

§ 1 General Provisions

(1) The terms and conditions of the Provider apply only to the download, installation and use of the software. Support services by the Provider are not included.

(2) The terms and conditions of the Provider apply exclusively. Conflicting, additional or deviating terms and conditions of the User shall not become part of the contract, unless the Provider has expressly agreed to their validity. The terms and conditions of the Provider shall also apply if the Provider performs a service without reservation in the knowledge of conflicting or deviating terms and conditions of the User.

(3) The Provider’s terms and conditions shall only apply if the User is a business (§ 14 BGB), a legal entity under public law or a special fund under public law.

§ 2 Subject matter of the contract

(1) The content and scope of the services to be provided by the Provider as well as the concrete scope of services of the Software are specified in the respective service description or in the offer.

(2) The Provider shall provide the User with the described Software including the associated application documentation as described in the description of services or the offer in the language specified therein (hereinafter referred to as „Application Documentation“) (Software and Application Documentation hereinafter referred to as the „Contractual Objects“) under the agreed terms of use.

(3) The User shall receive the Software as an executable program in object code. The source code of the Software is not part of the subject matter of the Agreement.

(4) Unless otherwise agreed, the Software shall be delivered in the version current at the time of delivery.

(5) The specification of services or the offer of the Provider shall be conclusively decisive for the properties of the software delivered by the Provider. The Provider shall not be liable for any further properties of the software. In particular, the User cannot derive such an obligation from other representations of the Software in public statements or in advertising by the Provider and its employees or sales partners, unless the Provider has expressly confirmed a quality beyond this.

(6) Installation and configuration services as well as consulting services are not subject of these terms and conditions and must be ordered separately.

§ 3 Delivery; force majeure

(1) The Provider consummates the delivery by making the software and the application documentation available for download on the internet and by providing the User with an individual license key after receipt of the server ID of the Confluence™ instance by the User.

(2) Delays in performance due to force majeure, e.g. strike or lockout in third-party companies or in the Provider’s company (in the latter case, however, only if the industrial action is lawful), official orders, legal prohibitions, general telecommunication disturbances or other circumstances beyond the Provider’s control (hereinafter referred to as „force majeure“) or circumstances within the User’s sphere of influence, e.g. failure to provide cooperation in time, delays by third parties attributable to the User, etc., shall not be considered as force majeure, entitle the Provider to postpone the provision of the affected services for the duration of the hindrance plus a reasonable start-up time. If the force majeure lasts uninterruptedly for more than three months, both parties shall be released from the obligation to perform. Any further (legal) claims or rights of the Provider, in particular those arising from default of acceptance by the User, shall remain unaffected.

(3) The provisions of § 10 shall otherwise apply to the User’s claims for damages or compensation for futile expenses in the event of delay in delivery or impossibility of performance.

§ 4 Obligations of the User to cooperate and provide information

(1) The User has informed himself about the essential functional features of the software and bears the risk as to whether the software meets his wishes and needs; he has obtained advice on doubtful questions from employees of the Provider or from competent third parties prior to conclusion of the contract.

(2) The User shall be solely responsible for setting up a functional hardware and software environment for the contractual objects which is sufficiently dimensioned – also taking into account the additional load caused by the contractual objects – and which is available for the contractual objects. To use the software, the User needs a version of Confluence™ Server marked as compatible. Depending on individual use, additional components may be required.

(3) The User shall thoroughly test the software for freedom from defects and usability in the existing hardware and software configuration before using it. This shall also apply to software that he receives under warranty and, if applicable, maintenance.

(4) The User shall observe the information provided by the Provider for the installation and operation of the software; the User shall inform himself at regular intervals on the website accessible via the Internet at https://3einhalb.com/security-advisories-errata/ about current information provided by the Provider and shall take this into account during operation.

(5) The Provider is entitled to check whether the contractual objects are used in accordance with the provisions of this agreement. For this purpose, the Provider may demand information from the User, in particular regarding the period and scope of use of the contractual objects, as well as inspection of the User’s hardware and software. For this purpose, the Provider shall be granted access to the User’s business premises during normal business hours.

(6) The User shall bear any disadvantages and additional costs resulting from a violation of these obligations.

§ 5 Data backup by the User; liability for loss of data

(1) The User shall take reasonable precautions in the event that the software does not work properly in whole or in part (e.g. by daily data backups, fault diagnosis, regular checking of data processing results). In particular, he will make a complete data backup of all system and application data immediately before any intervention and/or access by the Provider or by third parties commissioned by the Provider. The data backups are to be kept in such a way that the backed up data can be restored at any time.

(2) Unless the User expressly points this out in advance, the Provider may assume that all of the User’s data with which the Provider may come into contact has been backed up.

(3) The Provider shall not be liable for the loss of data of the User to the extent that the damage is due to the fact that the User, contrary to his obligation under paragraph 1, has failed to carry out data backups and thereby ensure that lost data can be restored with reasonable effort. For the rest, § 11 shall apply.

§ 6 Rights of use

(1) The Provider grants the User a simple, temporally unlimited, non-transferable and non-sublicensable right of use of the contractual objects in accordance with the regulations in the service description or in the offer and (supplementary) in the present conditions. The software may only be used on one Confluence™ installation.

(2) The User shall not be entitled to transfer the software or software components to third parties. In particular, he is not permitted to sell, give away, lend, rent or in any other way grant sub-licenses or to reproduce or make the software publicly available.

(3) Reproductions of the software are only permitted to the extent that this is necessary for use in accordance with the contract. The User may make backup copies of the software to the extent necessary in accordance with the rules of technology. Backup copies on movable data carriers must be marked as such and provided with a copyright notice.

(4) The User is only authorized to make changes, extensions and other modifications to the software within the meaning of § 69c No. 2 of the German Copyright Act (UrhG) to the extent that the law permits such modifications, extensions and other modifications. Before the User eliminates errors himself or through third parties, he first allows the Provider to attempt to eliminate the error. The User shall not be entitled to any rights of use and exploitation of his own in such adaptations – beyond the rights of use granted under this contract.

(5) The User is only entitled to decompile the software within the limits of § 69e UrhG (German Copyright Act) and only if the Provider, after written request with a reasonable period of notice, has not provided the necessary data and/or information to establish interoperability with other hardware and software.

(6) If the Provider provides the User with additions (e.g. patches, bug-fixes, additions to the user documentation) or a new edition of the subject matter of the Agreement (e.g. update, upgrade) that replaces previously provided subject matter of the Agreement („Old Software“) within the scope of the elimination of defects pursuant to § 9, these shall be subject to the present provisions.

(7) Subject to paragraphs 4 and 5 (insofar as the documentation is integrated into the Software), the user documentation may not be copied or modified.

(8) Within the scope of the use of the Software, the User shall be granted access to documents which he/she may use for the purpose of information security management (hereinafter referred to as „Templates“). The templates are subject to the following usage rights:

Unless expressly agreed otherwise, the User is entitled to reproduce templates within his own company without restriction, to edit their content, to distribute them, and to make them available to his own employees in order to create and use one or more management systems for the User’s company or companies, including versioning. Any transfer to third parties or affiliated companies is prohibited, in particular also the transfer to subsidiaries.

Insofar as templates within the framework of the Information Security Management System (ISMS) have to be passed on to third parties in physical or non-physical form, the User is permitted to distribute and/or make available these templates in a non-editable format. If third parties have to store templates of the User, the User is obligated to contractually bind each third party in such a way that the third party uses the templates only for the cooperation with the User and irretrievably deletes all templates of the User after the cooperation has ended.

Copyright notices on templates may neither be removed nor changed.

§ 7 Remuneration

(1) The software is provided to the user by the provider for a fee.

(2) The remuneration for the services owed under this contract is determined by the respective individual offer of the provider.

(3) The statutory value-added tax is not included in the price and will be separately stated on the invoice at the applicable legal rate on the date of invoicing.

(4) In the case of providing the software for retrieval over a network, the provider bears the costs of making the software accessible online, while the user bears the costs for the retrieval.

(5) The necessary download for using the software will be provided by the provider only after full payment of the agreed purchase price has been made.

§ 8 Protection of software, application documentation and templates

(1) Unless the User is expressly granted rights under this contract, all rights to the subject matter of the contract (and all copies made by the User) – in particular copyright, rights to or in inventions and technical property rights – as well as to the templates shall be the exclusive property of the Provider. This also applies to any adaptations of the contractual objects and/or the templates by the Provider.

(2) The User shall carefully store the contractual objects and templates provided in order to prevent misuse. He shall only make contractual items (whether unchanged or modified) accessible to third parties with the prior written consent of the Provider. The User’s employees and other persons who are staying at the User’s premises for the contractual use of the contractual items are not considered third parties.

(3) The User is not permitted to change or remove copyright notices, any marks and/or control numbers or symbols of the Provider. If the User changes or edits the subject matter of the contract, these notices and marks shall be incorporated into the amended version of the subject matter of the contract.

§ 9 Material defects and defects of title

(1) The User shall immediately notify the Provider of any defects in the contractual objects and/or the templates and grant the Provider access to documents which show the detailed circumstances of the occurrence of the defect.

(2) The defects shall be remedied at the Provider’s discretion by free repair or replacement.

(3) The User can only claim damages in accordance with § 10.

(4) Withdrawal from the contract is only permissible if the Provider has been given sufficient opportunity to rectify the defect and this has failed. A failure of the removal of defects is only to be assumed if this is impossible, if it is seriously and finally refused by the Provider or delayed in an unreasonable way or if it is unreasonable for the User for other reasons.

(5) Withdrawal due to an only insignificant hindrance of the contractual use is excluded.

(6) The Provider shall not be liable for defects insofar as these are attributable to the User, such as errors or quality losses due to insufficient input data, unless the User proves that the defect is not due to this.

(7) The obligation to maintain does not include the adaptation of the software to changed conditions of use and technical and functional developments, such as changes to the IT environment, in particular changes to hardware or the operating system, adaptations to the functional scope of competing products or the establishment of compatibility with new data formats.

§ 10 General liability

(1) The Provider shall be liable – regardless of the legal grounds – for damages or compensation for futile expenses in accordance with the following provisions under letter (a) and (b):

(a) In case of intent or gross negligence, the Provider shall be liable without limitation. In the case of simple negligence, the Provider shall only be liable for damages resulting from the breach of a material contractual obligation (an obligation whose fulfillment is essential for the proper execution of the contract and on whose compliance the User regularly relies and may rely); in this case, however, the Provider’s liability shall be limited to compensation for the foreseeable damage typical of the contract.

(b) The liability resulting from letter (a) shall not apply to damages resulting from injury to life, body or health, or in the case of liability under the Product Liability Act.

(2) Insofar as liability towards the Provider is excluded or limited, this also applies to the personal liability of his legal representatives and vicarious agents.

§ 11 Secrecy and data protection

(1) The contracting parties undertake to treat as confidential for an unlimited period of time all knowledge of confidential information and business secrets („business secrets“) of the respective other contracting party obtained in the course of the initiation and execution of the contract and to use such knowledge only for the purposes of executing this contract. The Provider’s trade secrets also include the contractual objects and the services rendered under this Agreement.

(2) The User shall only make the contractual items accessible to employees and other third parties to the extent that this is necessary to exercise the rights of use granted to him. He shall instruct all persons to whom he grants access to the contractual objects about the Provider’s rights to the contractual objects and the obligation to maintain secrecy and shall obligate these persons in writing to maintain secrecy and use the information only to the extent specified in paragraph 1, unless the persons concerned are obligated to maintain secrecy for other legal reasons at least to the extent specified above.

(3) The above obligations shall not apply to trade secrets which (i) were already in the public domain or known to the other contracting party at the time of their transmission by the contracting party; (ii) have become public after their transmission by the contracting party without any fault on the part of the other contracting party; (iii) have been made accessible to the other contracting party by a third party after their transmission by the contracting party in a non-illegal manner and without restriction as to confidentiality or exploitation; (iv) which have been developed independently by one of the contracting parties without use of the trade secrets of the contracting party; (v) which must be published in accordance with the law, an official order or a court decision – provided that the publishing party informs the contracting party thereof without delay and supports it in defending such orders or (vi) to the extent that the other party is permitted to use or disclose the trade secrets by mandatory legal provisions or under this Agreement.

(4) The Provider shall comply with the rules of data protection, in particular if it is granted access to the operation or to the User’s hardware and software. He shall ensure that his vicarious agents also comply with these provisions, in particular he shall obligate them to maintain data secrecy before commencing their activities. The Provider does not intend to process or use personal data on behalf of the User. If the User cannot exclude access to personal data by the Provider, the parties will conclude a contract for processing.

§ 12 Export and Import Control

(1) The parties are aware that the services under this contract may be subject to export and import restrictions. In particular, licensing requirements may exist or the use of the Software or related technologies may be subject to restrictions in certain countries.

(2) The User shall comply with the applicable export and import control regulations of the Federal Republic of Germany, the European Union and the United States of America, as well as all other relevant regulations.

(3) Fulfilment of the contract by the Provider is subject to the proviso that there are no obstacles to fulfilment due to national and international regulations of export and import law or any other legal provisions.

§ 13 Final provisions

(1) The User may only transfer rights and obligations from or in connection with this contract to third parties with the prior written consent of the Provider.

(2) Place of performance is the registered office of the Provider in Erlangen, Germany.

(3) If the User is a merchant within the meaning of the German Commercial Code (HGB), a legal entity under public law or a special fund under public law, the place of jurisdiction for any disputes arising from the business relationship between the Provider and the User shall be the Provider’s registered office in Erlangen, Germany. The Provider is also entitled to take legal action at the User’s registered office as well as at any other permissible place of jurisdiction.

(4) The relationship between the Provider and the User is subject exclusively to the law of the Federal Republic of Germany. The United Nations Convention on Contracts for the International Sale of Goods of 11 April 1980 (CISG) shall not apply.

(5) Should individual provisions of this agreement be or become invalid, the validity of the remaining provisions shall not be affected thereby.

(6) These terms and conditions are written in German and English. In the event of contradictions, the German language version shall prevail.