General Terms and Conditions

Status: 12.10.2022
General terms and conditions
between
the Securitee UG (haftungsbeschränkt) c/o WeWork
Kemperplatz 1, DE-10785 Berlin, registered in the commercial register of the district court Charlottenburg under HRB 233040 B, represented by the managing director Christian G. Junger
hereinafter referred to as „Securitee”
and
the Customers designated in § 2 of these terms and conditions.

§ 1 Description of Securitee’s Service

Securitee provides secure infrastructure for Confidential Computing (CC). Confidential Computing protects data in use by performing computations in a hardware-based Trusted Execution Environment (TEE). These secure and isolated environments prevent unauthorized access or modification of applications and data while they are in use, thereby increasing the security level of organizations that manage sensitive and regulated data. The secure infrastructure offered is bare-metal Intel servers that allow trusted execution (Intel SGX-capable servers), on which a secure Kubernetes cluster including the framework MarbleRun is pre-installed by Securitee. The servers are hosted at OVHcloud in datacenter locations in Germany or France. Securitee currently offers three different server types with different parameter configurations, which depend on the availability of Intel-SGX capable servers at OVHcloud. Clients are themselves responsible for choosing the right server types, capacities, and configurations that serve their specific needs.

Clients can deploy self-created environments in the form of Intel SGX Docker images on Securitee’s infrastructure inside a TEE. While clients have to create these images themselves, Securitee offers comprehensive user guides to support clients throughout this process. Securitee also serves as a platform for ready-to-use Intel SGX Docker images for specific applications (e.g., a Redis database) as add-ons to its infrastructure, so clients can directly deploy these within a few steps. These add-ons are provided by third parties, such as other CC players that specialize in the provisioning of such ready-to-deploy Intel SGX Docker images. We provide them with the opportunity to offer these as add-ons on our platform. Third-party providers are solely liable for the setup and functioning of the specific applications.

§ 2 Order of Services

2.1 Customer Account

To order the secure infrastructure, the Customer must have a valid customer account with Securitee. Customer accounts can be obtained online on the Securitee website. The Customer provides all requested information necessary for the provision of the Services and the management of the customer relationship (e-mail address, name, address, bank details, etc.) and shall ensure that all this information is correct and up to date throughout the term of the contract. The Customer shall prevent unauthorized access to her/his customer account. The Customer shall change her/his passwords on a regular basis. If a customer account is created and used by a third party, it is assumed that this person acts in the name and on behalf of the Customer and has full authority to enter into and perform this Agreement on behalf of the Customer.

2.2 Activation of the customer account

Prior to the activation of the customer account and at any time during the duration of the Agreement, Securitee reserves the right to verify the accuracy of the information given by or for the customer account and to request supporting documents from the Customer. Securitee reserves the right not to activate or deactivate the Customer’s account if the information submitted by the Customer is incomplete, inaccurate or fraudulent.

2.3 Ordering process

In the customer portal, there will be a section, where Customers can order new products. Firstly, they need to select one of the three available server types, which vary by technical capabilities. For each of the server types, Customers can choose from three product plans: Basic, Standard, Enterprise.

For ‘Basic’ and ‘Standard’, the technical configurations and number of servers are pre-defined by Securitee, so Customers can directly select a commitment period (1, 6, 12, 24 months for ‘Basic’ and 6, 12, 24 months for ‘Standard’). Depending on the product plan chosen and the commitment period (discounts exist for longer commitments), a price is automatically calculated and indicated. Clients can now click “Checkout” to continue with the payment as the last step in the ordering process.

When Customers select the plan ‘Enterprise’, no direct purchase option is available, since the ‘Enterprise’ plan allows for custom configurations. Customers can customize parameters, such as storage, memory, and bandwidths. Available options for each of the parameters are shown in a drop-down menu. After customizing all parameters, Customers will click on “Send request”. Securitee will then get back to the Customer with a priced offer.

§ 3 Ordering and delivery

Securitee will notify the Customer by email and in the client portal about the provisioning of her/his secure infrastructure. The provisioning will take place within a time period of a maximum of 15 days after the receipt of payment by the Customer. If the secure infrastructure is not made available by Securitee within this time, the Customer is entitled to demand the cancellation of the order and the refund of payments already made. In the event that an order placed by the Customer cannot be covered by the currently available infrastructure at OVHcloud, Securitee reserves the right to contact the Customer prior to providing the Service in order to agree on an alternative solution that takes into account the needs of both parties.

§ 4 Terms of use

4.1 Compliance with the terms of use

The Customer agrees to order and use the Services in accordance with the applicable Terms of Use. The Services must be used in good faith. In particular, the Customer agrees to comply with these General Terms of Use and the Special Terms of Use and all information provided to the Customer when placing the order communicated to the Customer. If the Customer uses the Services on behalf of a third party or authorizes a third party to use the services, the Customer undertakes to inform this third party of the relevant conditions to use the Services to ensure compliance with the same by the third party concerned.

4.2 Service selection

Before ordering and using the Services, the Customer shall acquaint herself/himself with all the applicable Terms of Use (particularly the Special Terms of Use) and review all documentation, configuration, options, and Service offers in order to select the Services and features that meet the needs of the Customer and those of third parties for whom or on whose behalf the Services are used. In particular, the Customer must verify that the Services comply with legal and regulatory requirements applicable to the activities carried out in the context of the use of the Services.

The terms and features of the Services shall be updated on a regular basis. It is the Customer’s responsibility to take note of these updates, especially when placing new orders.

4.3 Connection

In order to use the Services, the Customer must ensure that she/he has access to a remote connection (such as the internet or a private network; hereinafter collectively referred to as the „Network“) for which only he is responsible and bears the cost.

The Services are provided to the Customer via the respective data center’s connection to the Network. The Customer is hereby informed that the internet involves technical threats and security risks which are beyond the technical measures used by Securitee in the provision of the Services.

4.4 Authentication

The Customer is responsible for the management and confidentiality of the necessary means of authentication to connect to and use the Services. The Customer shall ensure that users are aware of and follow the standard procedures that enable them to maintain the confidentiality of their authentication credentials. The Customer is responsible for any consequences resulting from the loss, disclosure, fraudulent or unlawful use of the authentication credentials provided to users. The Customer agrees to notify Securitee immediately of such loss or disclosure of any authentication data and to change such authentication data without undue delay.

4.5 Compliance with laws and regulations – Prohibited activities

The Customer shall use the Services in a reasonable manner and comply with all applicable laws and regulations. Explicitly prohibited activities include, but are not limited to, (a) misuse, fraudulent or excessive use of the Services and resources provided to Customer, including, without limitation, any use that jeopardizes the stability and security of the Securitee systems or which may lead to a degradation of the performance of the Services provided to other Securitee customers, (b) intrusions or attempted intrusions launched from the Services (including, for example, port scanning, spying, spoofing, and general attacks on external parties originating from resources provided by Securitee), (c) any use or attempted use of spam or other techniques similar to spamming; and (d) the use of illegal or prohibited content.

4.6 Service suspension

Securitee reserves the right to suspend the Services in whole or in part if (a) there is a known risk to the stability and/or security of Securitee systems or environment through the Services and/or customer content, or (b) scheduled maintenance is performed or (c) there is a request from a public authority or a competent court, or (d) Customer fails to comply, in whole or in part, with the Terms of Service. This suspension may occur immediately and without prior notice, if it is urgent or necessary, and in particular in the event of an occurrence as described in points (a) and (c) above, or in the event of unlawful or fraudulent use of the Services or use that infringes the rights of third parties, and in general in the event of any use that could cause liability for Securitee. With the exception of cases of judicial or legal seizure or failure to comply with the Terms of Use, Securitee will attempt to minimize the impact of any suspension on the normal operation of the Services. Such suspension shall in no way relieve the Customer of his obligation to pay all amounts due to Securitee under the Agreement, which shall be without prejudice to Customer’s right to invoke Securitee’s liability under the „Responsibility“ article below if the suspension is due to Securitee’s failure to perform its obligations.

4.7 Updates to the Services

Securitee may change the Services at any time and may add, change or remove areas, options or features, as well as improve their performance. The Services are described online on the Securitee website. The Customer is responsible to stay informed.

4.8 Intellectual property, rights of use

All items (software, infrastructure, documentation, etc.) that are provided to the Customer by Securitee during the provision of Services and during the term of the Agreement shall remain the exclusive property of Securitee or the third parties who have granted the rights to use them. Securitee grants the Customer a non-exclusive license to use the items provided to her/him in accordance with and for the duration of this Agreement. Except for the foregoing items provided to the Customer by Securitee in the course of the Services’ provision, it shall remain the sole responsibility of the Customer to maintain all permissions and rights of use for the elements and content (data, software, applications, systems, websites, etc.) that the Customer uses and operates in connection with the Services. The Customer and users retain all intellectual property rights regarding their respective content, which Securitee may use only to the extent necessary for the provision of the Services. Subject to mandatory statutory and/or contractual provisions, the Customer is not entitled to use the software, source code and algorithms used in the context of the provision of the Services, in particular to reverse-engineer them (reverse-engineer).

4.9 Sanctions and export controls

The Customer must ensure that sanctions are observed at all times. The Customer assures and warrants that she/he is not, or has not been, a person subject to or affected by sanctions, that he is not owned or controlled by any person or entity that is or has been subject to sanctions and that he is not acting for or on behalf of such person and that the Services will not be sold, exported, diverted or otherwise transferred to any person or entity located in any jurisdiction, country, or regions that are subject to comprehensive sanctions or trade embargoes, or to the governments of such countries or regions, or to individuals or entities otherwise affected by sanctions laws, or to natural or legal persons directly or indirectly involved in terrorist acts or in connection with weapons of mass destruction or the like and it will not use, trade in, sell, deliver, transfer or export the Services in any way or export, or procure the use, trade, sale, supply, transfer or export of the Services in a manner that would otherwise violate sanctions.

4.10 Third-party products

Unless subject to specific obligations under the applicable Special Terms of Use, (a) Securitee shall not be responsible for any third-party products provided as part of the Services that may contain technical defects, security vulnerabilities, incompatibilities, or instabilities and Securitee does not provide any warranty for the third-party products provided to the Customer when providing the Services (including any related information and items such as software, systems, applications, etc.), and (b) the Customer may only use such third-party products made available to her/him by Securitee in accordance with the Agreement, in particular, she/he is prohibited from decompiling any software or systems made available to her/him, to reinstall on a different infrastructure or access their source code, unless these rights of use are granted by law. The Customer shall use the third-party products entirely at her/his own risk, in accordance with these Terms of Use, and is responsible for ensuring that these Services meet her/his needs and the purposes for which she/he uses them.

§ 5 Responsibility

5.1 Capability

Each of the parties guarantees and assures that she/he is fully authorized and empowered to enter into and perform the Agreement. In particular, the Customer and Securitee assure and guarantee that they have all the authorizations, skills and knowledge (in particular, of technical nature) which enable them to use or provide the Services in accordance with the terms of the Agreement.

5.2 Liability

Securitee shall be liable to the Customer in all cases of contractual and non-contractual liability in the event of intent and gross negligence in accordance with the statutory provisions for damages or reimbursement of futile expenses.

5.3 Responsibility of the Customer

The Customer bears the risks associated with her/his activities and is responsible for the use of the Services provided by Securitee and for compliance with the applicable Terms of Use, including ensuring that third parties, who use the Services or on whose behalf the Services are used, comply with these Terms of Use. In particular, the Customer is responsible for (a) ensuring that the Services ordered meet her/his needs and the needs of third parties for whom or on whose behalf the Services are used, (b) for the content, such as information, data, files, systems, applications, software, websites and other elements, reproduced, hosted, installed, collected, transmitted, distributed or published and, in general, used and/or operated within the framework of the Services, as well as (c) for the management and use of said contents (in particular, their verification, validation, updating, deletion, backup, together with all measures to protect against the loss or alteration of the content), even if the content belongs to a third party or is used or operated by a third party and (d) for compliance with applicable laws and regulations and the Code of Ethics. If the Customer is using the Services in the course of a business or on behalf of a third party, the Customer agrees to provide a liability insurance with an insurance company known to be creditworthy, which covers the entire amount of damages attributable to it, and agrees to maintain this insurance (or other equivalent insurance) for the entire term of the Agreement.

§ 6 Cancellation

Either party may terminate this Agreement for cause without notice and with immediate effect. Good cause shall be deemed to exist if the terminating party, taking into account all the circumstances of the specific case, cannot reasonably be expected to continue the contractual relationship until the agreed end or until the expiry of a notice period. Notwithstanding the foregoing, in the event of any fraudulent, unlawful or deceptive use of the Services or any use that infringes the rights of any third party, Securitee shall be entitled to terminate the relevant Services or the Agreement in its entirety with immediate effect by email and without prior formal notice (provided that, if the Customer is a consumer, the Customer’s rights under applicable consumer protection law are not affected by this article). Either party may terminate this Agreement in the event of a breach of any term of this Agreement by the other party if such breach is irremediable or if such breach is irreparable or if such breach is not remedied within a period of seven (7) calendar days after notice by certified mail, return receipt requested, is cured. This paragraph shall not be deemed a Securitee’s waiver of the right to suspend or interrupt the Services in accordance with the terms of the Agreement, in particular in the event of non-compliance by the Customer with the Terms of Use. Terminations due to breach of contract shall not affect claims for damages of the aggrieved party.

§ 7 Handling of Personal Data

The parties commit themselves to comply with the applicable legal and regulatory requirements relating to data processing, data files and privacy, in particular the EU’s General Data Protection Regulation (EU) 2016/679 („GDPR“) and any other applicable Laws or Regulations. With respect to the handling of personal data for which each party is responsible, each party undertakes to follow all necessary procedures (e.g., notification) to the relevant data protection authority or other competent authority, and to respect the rights of the data subjects (in particular the right of access, rectification, erasure, restriction of processing as well as the right to data portability and the right to object to the processing of personal data). The Customer, who remains solely responsible for his choice of the Services, must ensure that the Services have the necessary characteristics and conditions that enable her/him to process personal data that may be processed in the context of the use of the Services to be handled in accordance with the applicable regulations, and in particular if the Services are used to process sensitive personal data (such as health data). If Securitee provides Services that enable the Customer to process personal data that is subject to legal provisions or special regulations, Securitee shall notify the Customer of the scope of responsibility and the conditions under which Securitee complies with such standards or regulations.

§ 8 General Terms

8.1 Salvatory clause

If any provision or part-provision of this Agreement is or becomes invalid, illegal, or unenforceable, it shall be deemed amended to the extent necessary to make it effective, lawful and enforceable. If such amendment is not possible, the provision or portion thereof in question shall be deemed deleted. Any amendment or deletion of a provision or partial provision under this Article 8.1 shall not affect the validity and enforceability of the remainder of the Agreement. If any provision or part-provision of this Agreement is found to be invalid, illegal, or unenforceable, the parties shall negotiate in good faith to modify such provision so that, as modified, it is legal, valid and enforceable and, to the maximum extent possible, achieves the intended economic result of the original provision.

8.2 Headings

The headings of the articles and paragraphs in this Agreement are for convenience only. They are not to be taken into account for the interpretation of the contract.

8.3 Applicable law

Contracts between the parties shall be governed by the laws of the Federal Republic of Germany to the exclusion of the UN Convention on Contracts for the International Sale of Goods. The statutory provisions on the limitation of the choice of law and on the applicability of mandatory provisions, in particular of the state in which the Customer has his habitual residence as a consumer, shall remain unaffected.

8.4 Place of jurisdiction

Each party irrevocably agrees that the courts in Berlin shall have the exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this Agreement, its subject matter or formation.