General Terms and Conditions
General terms and conditions
the Securitee UG (haftungsbeschränkt) c/o WeWork
Kemperplatz 1, DE-10785 Berlin, registered in the commercial register of the district court Charlottenburg under HRB 233040 B, represented by the managing director Christian G. Junger
hereinafter referred to as „Securitee”
the Customers designated in § 2 of these terms and conditions.
§ 1 Description of Securitee’s Service
Securitee provides secure infrastructure for Confidential Computing (CC). Confidential Computing protects data in use by performing computations in a hardware-based Trusted Execution Environment (TEE). These secure and isolated environments prevent unauthorized access or modification of applications and data while they are in use, thereby increasing the security level of organizations that manage sensitive and regulated data. The secure infrastructure offered is bare-metal Intel servers that allow trusted execution (Intel SGX-capable servers), on which a secure Kubernetes cluster including the framework MarbleRun is pre-installed by Securitee. The servers are hosted at OVHcloud in datacenter locations in Germany or France. Securitee currently offers three different server types with different parameter configurations, which depend on the availability of Intel-SGX capable servers at OVHcloud. Clients are themselves responsible for choosing the right server types, capacities, and configurations that serve their specific needs.
Clients can deploy self-created environments in the form of Intel SGX Docker images on Securitee’s infrastructure inside a TEE. While clients have to create these images themselves, Securitee offers comprehensive user guides to support clients throughout this process. Securitee also serves as a platform for ready-to-use Intel SGX Docker images for specific applications (e.g., a Redis database) as add-ons to its infrastructure, so clients can directly deploy these within a few steps. These add-ons are provided by third parties, such as other CC players that specialize in the provisioning of such ready-to-deploy Intel SGX Docker images. We provide them with the opportunity to offer these as add-ons on our platform. Third-party providers are solely liable for the setup and functioning of the specific applications.
§ 2 Order of Services
2.1 Customer Account
To order the secure infrastructure, the Customer must have a valid customer account with Securitee. Customer accounts can be obtained online on the Securitee website. The Customer provides all requested information necessary for the provision of the Services and the management of the customer relationship (e-mail address, name, address, bank details, etc.) and shall ensure that all this information is correct and up to date throughout the term of the contract. The Customer shall prevent unauthorized access to her/his customer account. The Customer shall change her/his passwords on a regular basis. If a customer account is created and used by a third party, it is assumed that this person acts in the name and on behalf of the Customer and has full authority to enter into and perform this Agreement on behalf of the Customer.
2.2 Activation of the customer account
Prior to the activation of the customer account and at any time during the duration of the Agreement, Securitee reserves the right to verify the accuracy of the information given by or for the customer account and to request supporting documents from the Customer. Securitee reserves the right not to activate or deactivate the Customer’s account if the information submitted by the Customer is incomplete, inaccurate or fraudulent.
2.3 Ordering process
In the customer portal, there will be a section, where Customers can order new products. Firstly, they need to select one of the three available server types, which vary by technical capabilities. For each of the server types, Customers can choose from three product plans: Basic, Standard, Enterprise.
For ‘Basic’ and ‘Standard’, the technical configurations and number of servers are pre-defined by Securitee, so Customers can directly select a commitment period (1, 6, 12, 24 months for ‘Basic’ and 6, 12, 24 months for ‘Standard’). Depending on the product plan chosen and the commitment period (discounts exist for longer commitments), a price is automatically calculated and indicated. Clients can now click “Checkout” to continue with the payment as the last step in the ordering process.
When Customers select the plan ‘Enterprise’, no direct purchase option is available, since the ‘Enterprise’ plan allows for custom configurations. Customers can customize parameters, such as storage, memory, and bandwidths. Available options for each of the parameters are shown in a drop-down menu. After customizing all parameters, Customers will click on “Send request”. Securitee will then get back to the Customer with a priced offer.
§ 3 Ordering and delivery
Securitee will notify the Customer by email and in the client portal about the provisioning of her/his secure infrastructure. The provisioning will take place within a time period of a maximum of 15 days after the receipt of payment by the Customer. If the secure infrastructure is not made available by Securitee within this time, the Customer is entitled to demand the cancellation of the order and the refund of payments already made. In the event that an order placed by the Customer cannot be covered by the currently available infrastructure at OVHcloud, Securitee reserves the right to contact the Customer prior to providing the Service in order to agree on an alternative solution that takes into account the needs of both parties.
4.2 Service selection
The terms and features of the Services shall be updated on a regular basis. It is the Customer’s responsibility to take note of these updates, especially when placing new orders.
In order to use the Services, the Customer must ensure that she/he has access to a remote connection (such as the internet or a private network; hereinafter collectively referred to as the „Network“) for which only he is responsible and bears the cost.
The Services are provided to the Customer via the respective data center’s connection to the Network. The Customer is hereby informed that the internet involves technical threats and security risks which are beyond the technical measures used by Securitee in the provision of the Services.
The Customer is responsible for the management and confidentiality of the necessary means of authentication to connect to and use the Services. The Customer shall ensure that users are aware of and follow the standard procedures that enable them to maintain the confidentiality of their authentication credentials. The Customer is responsible for any consequences resulting from the loss, disclosure, fraudulent or unlawful use of the authentication credentials provided to users. The Customer agrees to notify Securitee immediately of such loss or disclosure of any authentication data and to change such authentication data without undue delay.
4.5 Compliance with laws and regulations – Prohibited activities
The Customer shall use the Services in a reasonable manner and comply with all applicable laws and regulations. Explicitly prohibited activities include, but are not limited to, (a) misuse, fraudulent or excessive use of the Services and resources provided to Customer, including, without limitation, any use that jeopardizes the stability and security of the Securitee systems or which may lead to a degradation of the performance of the Services provided to other Securitee customers, (b) intrusions or attempted intrusions launched from the Services (including, for example, port scanning, spying, spoofing, and general attacks on external parties originating from resources provided by Securitee), (c) any use or attempted use of spam or other techniques similar to spamming; and (d) the use of illegal or prohibited content.
4.6 Service suspension
4.7 Updates to the Services
Securitee may change the Services at any time and may add, change or remove areas, options or features, as well as improve their performance. The Services are described online on the Securitee website. The Customer is responsible to stay informed.
4.8 Intellectual property, rights of use
All items (software, infrastructure, documentation, etc.) that are provided to the Customer by Securitee during the provision of Services and during the term of the Agreement shall remain the exclusive property of Securitee or the third parties who have granted the rights to use them. Securitee grants the Customer a non-exclusive license to use the items provided to her/him in accordance with and for the duration of this Agreement. Except for the foregoing items provided to the Customer by Securitee in the course of the Services’ provision, it shall remain the sole responsibility of the Customer to maintain all permissions and rights of use for the elements and content (data, software, applications, systems, websites, etc.) that the Customer uses and operates in connection with the Services. The Customer and users retain all intellectual property rights regarding their respective content, which Securitee may use only to the extent necessary for the provision of the Services. Subject to mandatory statutory and/or contractual provisions, the Customer is not entitled to use the software, source code and algorithms used in the context of the provision of the Services, in particular to reverse-engineer them (reverse-engineer).
4.9 Sanctions and export controls
The Customer must ensure that sanctions are observed at all times. The Customer assures and warrants that she/he is not, or has not been, a person subject to or affected by sanctions, that he is not owned or controlled by any person or entity that is or has been subject to sanctions and that he is not acting for or on behalf of such person and that the Services will not be sold, exported, diverted or otherwise transferred to any person or entity located in any jurisdiction, country, or regions that are subject to comprehensive sanctions or trade embargoes, or to the governments of such countries or regions, or to individuals or entities otherwise affected by sanctions laws, or to natural or legal persons directly or indirectly involved in terrorist acts or in connection with weapons of mass destruction or the like and it will not use, trade in, sell, deliver, transfer or export the Services in any way or export, or procure the use, trade, sale, supply, transfer or export of the Services in a manner that would otherwise violate sanctions.
4.10 Third-party products
§ 5 Responsibility
Each of the parties guarantees and assures that she/he is fully authorized and empowered to enter into and perform the Agreement. In particular, the Customer and Securitee assure and guarantee that they have all the authorizations, skills and knowledge (in particular, of technical nature) which enable them to use or provide the Services in accordance with the terms of the Agreement.
Securitee shall be liable to the Customer in all cases of contractual and non-contractual liability in the event of intent and gross negligence in accordance with the statutory provisions for damages or reimbursement of futile expenses.
5.3 Responsibility of the Customer
§ 6 Cancellation
§ 7 Handling of Personal Data
The parties commit themselves to comply with the applicable legal and regulatory requirements relating to data processing, data files and privacy, in particular the EU’s General Data Protection Regulation (EU) 2016/679 („GDPR“) and any other applicable Laws or Regulations. With respect to the handling of personal data for which each party is responsible, each party undertakes to follow all necessary procedures (e.g., notification) to the relevant data protection authority or other competent authority, and to respect the rights of the data subjects (in particular the right of access, rectification, erasure, restriction of processing as well as the right to data portability and the right to object to the processing of personal data). The Customer, who remains solely responsible for his choice of the Services, must ensure that the Services have the necessary characteristics and conditions that enable her/him to process personal data that may be processed in the context of the use of the Services to be handled in accordance with the applicable regulations, and in particular if the Services are used to process sensitive personal data (such as health data). If Securitee provides Services that enable the Customer to process personal data that is subject to legal provisions or special regulations, Securitee shall notify the Customer of the scope of responsibility and the conditions under which Securitee complies with such standards or regulations.
§ 8 General Terms
8.1 Salvatory clause
If any provision or part-provision of this Agreement is or becomes invalid, illegal, or unenforceable, it shall be deemed amended to the extent necessary to make it effective, lawful and enforceable. If such amendment is not possible, the provision or portion thereof in question shall be deemed deleted. Any amendment or deletion of a provision or partial provision under this Article 8.1 shall not affect the validity and enforceability of the remainder of the Agreement. If any provision or part-provision of this Agreement is found to be invalid, illegal, or unenforceable, the parties shall negotiate in good faith to modify such provision so that, as modified, it is legal, valid and enforceable and, to the maximum extent possible, achieves the intended economic result of the original provision.
The headings of the articles and paragraphs in this Agreement are for convenience only. They are not to be taken into account for the interpretation of the contract.
8.3 Applicable law
Contracts between the parties shall be governed by the laws of the Federal Republic of Germany to the exclusion of the UN Convention on Contracts for the International Sale of Goods. The statutory provisions on the limitation of the choice of law and on the applicability of mandatory provisions, in particular of the state in which the Customer has his habitual residence as a consumer, shall remain unaffected.
8.4 Place of jurisdiction
Each party irrevocably agrees that the courts in Berlin shall have the exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this Agreement, its subject matter or formation.