Contractual Licensing Conditions of KeyIdentity GmbH Delivery of Software, Subscription & Support (valid as of: 1 January 2018)
The Licensee is planning to use the Licensor’s software products within its enterprise for a fixed period of time. The Licensor shall therefore, on the basis of this contract, enable its software products to be used by the Licensee for a fixed period of time, and it shall deliver these products in their respective current version to the Licensee.
1.1 These Contractual Licensing Conditions (‹Conditions›) and the prices set out in our quotations shall apply to all contractual relationships, under which the Licensor cedes use of and operates the KeyIdentity MFA Platform.
1.2 Other general terms and conditions to which the Licensee refers in any declarations, namely in orders, quotations or invitations to tender shall not form part of the agreement, even if the Licensor does not explicitly repudiate them, reject them or if accept its performance without reservation.
1.3 Individual written contracts or master agreements shall take precedence over the Conditions in the event of any contradictions.
1.4 The contracts concluded with the Licensee together with these Conditions replace all aspects of the discussions, correspondence, declarations or negotiations concerning the object of the agreement, unless these are referred to in writing in the contracts. This also applies to offers, specifications and tenders.
2. Terminology and definitions
The terminology in used in italics in these Conditions have the following defined respective meanings:
- “Updating“ is the general name for minor and major releases.
- “Third-party Components” is the common name for Open Source Components of third-party vendors and the proprietary software of third-party vendors.
- "LinOTP” (“KEYIDENTITY MFA Server") is a flexibly deployable platform for adaptive multi-factor authentication (Open Source back-end under AGPLv3 and GPLv2) for the administration of digital identities and strong user authentication. In this context, users are assigned tokens, whereby a user may have several tokens (relating to hardware, software, SMS etc.). Its modular architecture means that LinOTP is non-proprietary-based and supports various authentication protocols, Tokens, user databases as well as directory services. LinOTP is multi-client capable and scalable.
- “Major Release” describes upgrades and new versions of the software supplied, which introduce new functionalities for the first time and/or significantly enhance existing functionalities.
- “MAT” (Managed Active Token) is the name for the token administered via LinOTP, unless these are designated as deactivated.
- “Minor Release” is the name for hot fixes, patches and updates of the software supplied, which neither introduce new functionalities for the first time nor significantly enhance existing functionalities.
- “Open Source Component” describes a piece of software that is generally free-of-charge and can be acquired from an open source.
- “OTP” ("One Time Password”) is the term for a two-factor authentication process.
- “Server” describes a virtual server for the delivery and use of software, i.e. a storage medium that can also be used by other customers, and which contains its own IP address and appears as an independent server to third parties.
- “Subscription & Support” is the term for the contractually agreed maintenance and support services provided by KeyIdentity GmbH.
- “Support Contact” is an adequately technically qualified employee nominated by the customer to KeyIdentity GmbH, who is authorised to requisition support services from KeyIdentity GmbH.
- "SVA” (“KEYIDENTITY LinOTP Smart Virtual Appliance” ) is an out-of-the-box solution with the complete functional scope of LinOTP. In addition, SVA also encompasses an operating system with further functionalities, as well as a graphical user interface.
- “Token” is the term given to hardware and software tokens.
- “Contract” is the agreement between customer and KeyIdentity GmbH, comprising the terms and conditions of the relevant order in conjunction with the provisions in these Conditions.
- “Confidential Information” is the term given to information and documents belonging to the other contractual party, and which are labelled as confidential or which, given the circumstances, must be viewed as confidential.
3. Services of KeyIdentity GmbH
3.1 The provision of software and documentation for the fixed contractual term
3.1.1 KeyIdentity GmbH shall provide the Licensee with software (e.g. SVA) and documentation to the agreement per email, as downloads, or via the internet or by using another electronic method. The delivery shall take the form of object code, with the exception of Open Source Components.
3.1.2 KeyIdentity GmbH is permitted to use Open Source Components and Third-party Components in the software provided to the customer. KeyIdentity GmbH shall inform the customer of the use of Open Source Components and Third-party Components. The customer shall be obliged to observe the applicable licensing Conditions.
3.2.1 For the agreed term of the agreement, KeyIdentity GmbH shall update supplied software and the associated documentation, in order to adapt it to the current state of authentication technology. In this respect, the Tokens and database interfaces supported at the time of the initial delivery shall be maintained, unless, upon an inquiry by KeyIdentity GmbH the Licensee confirms that it does not wish to use certain Tokens or database interfaces. Section 3.2.3 remains unaffected.
3.2.2 Based on its own discretion, KeyIdentity GmbH shall incorporate new types of Tokens and/or database interfaces into the software in accordance with the technical development for standard market and industry application scenarios. The customer has no entitlement to the incorporation of certain Tokens or database interfaces.
3.2.3 According to its own discretion, KeyIdentity GmbH may completely or partly cease support for Tokens or database interfaces supported at the time of the initial delivery, if these jeopardise the secure and stable operation of the KeyIdentity MFA Platform. KeyIdentity shall notify the customer in text form of the cessation. In this case, the customer shall have a special right to terminate the Contract in question, exercisable with a notice period of one (1) month to the month's end. The special right of termination shall expire fourteen (14) days following receipt of the notification from KeyIdentity GmbH.
3.2.4 KeyIdentity GmbH shall provide the Licensee with minor releases and, at the discretion of KeyIdentity GmbH, major releases as downloads available via the internet. KeyIdentity GmbH reserves the right to provide major releases in return for a separate payment.
3.2.5 For the purpose of the updating process, KeyIdentity GmbH shall employ technically tried and tested methods, in order to maintain the security of the software. The Licensee is aware that the maintenance of IT security is a continuous adaptation process, in which the diligence of a prudent businessman must be applied in responding to known potential safety issues and attacks as well as attempted attacks and intrusions.
3.3.1 KeyIdentity GmbH shall, within a reasonable period of time, examine and analyse the malfunctions reported over the telephone or by email by the customer's Support Contact. KeyIdentity GmbH does not provide end-user support.
3.3.2 KeyIdentity GmbH shall react within the response times listed in the order. This commence at the time a sufficiently detailed fault report is received from the Support Contact by KeyIdentity GmbH. The response time is fulfilled once a KeyIdentity GmbH support employee commences the examination, analysis, evaluation or reproducibility of the substantive aspects of the fault.
3.3.3 If reports concerning different malfunctions are received simultaneously, KeyIdentity GmbH shall process these in the order in which they are received, unless the faults can be categorised in terms of their criticality. Following the categorisation, KeyIdentity GmbH shall agree the priority of the malfunctions with the Licensee, insofar as two or more similarly critical faults are reported. Due to the existence of a malfunction, KeyIdentity GmbH may, particularly for security reasons, advise the Licensee to limit or suspend the use of the software until the fault is eliminated, and to inform end users accordingly.
3.3.4 KeyIdentity GmbH shall advise the Licensee’s Support Contact regarding the elimination of and/or workarounds for malfunctions caused by operating errors and/or which can eliminated or circumvented personally by the Licensee by making changes to user settings.
3.3.5 KeyIdentity GmbH shall use its best efforts to notify the Licensee's Support Contact of how and when a malfunction is eliminated and/or worked around. A workaround shall be deemed to constitute conclusive trouble-shooting, unless this permanently negatively impacts on the use of the software.
Response times/error classes:
- Priority 1 - Partial or complete system failure: Response time during regular on-call periods: 4 hours.
- Priority 2 - Short-term impairment of the operation: Response time during regular on-call periods: 1 working day.
- Priority 3 - Fault without direct impact on the customer's operations: Response time during regular on-call periods: 2 working days.
4. Customer's duties of cooperation
4.1 The Licensee shall perform reasonable cooperative duties in order to facilitate the delivery of services by KeyIdentity GmbH. In particular, it shall provide KeyIdentity GmbH with the information and data required in this respect.
4.2 The Licensee shall promptly install all updates. KeyIdentity GmbH is obliged only to continue to support the latest update released.
4.3 The faults in delivered services identified during trial or live operations, shall be documented in a reproducible, in any case traceable form, and must be promptly reported to the Licensor.
4.4 Before issuing the fault report, the Licensee must, within its capabilities, perform an analysis of the system environment, in order to ensure that the error is not attributable to the system components, which do not form part of this Contract.
4.5 The Licensee shall ensure continuous system management of the system environment, in which the licensed product is run. The Licensee shall continuously maintain its system environment (hardware and software).
4.6 If the Licensee is in default of the fulfilment of actions within its sphere of responsibility, for the duration of the default the Licensor's performance obligations shall be suspended, if these cannot be delivered without the said actions of the customer, or could only be delivered with a disproportionate degree of effort. In addition, following prior notification of the agreed fee, the Licensee shall also pay the Licensor the additional costs thereby incurred, as calculated on the basis of the relevant applicable man-day rates/hourly rates. This shall not affect any statutory right to terminate in favour of the Licensor.
4.7 The software, concepts or other works provided by the Licensor to the Licensee is the intellectual property of the Licensor (see Section 5). These may not be copied or made available to third parties. If no software agreement is concluded, they must be returned or deleted and may not be issued any further. These Conditions shall also be valid during the pre-contractual relationship.
4.8 The Licensee is duty bound to promptly give notice of any additionally used licences or other changes that concern its right of use or the payable fee. The Licensor shall be entitled, following prior notification, to perform licence payments at any time. The Licensee shall participate in the payment process if necessary.
4.9 If the Licensee fails to fulfil its duties of cooperation, and KeyIdentity GmbH is wholly or partially unable, for this reason, to deliver services within the agreed period of time, the agreed period of time shall be extended reasonably.
5. Rights of use
5.1 With the delivery of the software and upon full payment of the fee, KeyIdentity GmbH shall grant the Licensee non-exclusive rights of use without adaptation or continuous development rights. This does not encompass any right of reproduction, which is not performed for back-up purposes in accordance with Section 69d (2) of the Copyright Act ( Urheberrechtsgesetz, “UrhG”). In the case of services to be delivered over or for a certain period of time, this right shall be limited to the contractually agreed duration.
5.2 The Licensee is entitled to undertake changes, additions and other such alterations to the software within the definition of Section 69d no. 2 UrhG, provided the customer has previously afforded KeyIdentity GmbH three (3) attempts at eliminating the fault. The customer shall have no personal rights of use to the adaptation beyond the Contract itself.
5.3 The Licensee shall only be entitled to decompile the software within the limits defined by Section 69e UrhG.
5.4 The rights of the Licensee to utilised Open Source Components and Third-party Components are defined solely according to the conditions of the relevant Open Source Component or Third-party Components.
5.5 KeyIdentity GmbH reserves the right to in future offer existing or new functionalities of a software product under an open source licence.
5.6 The transfer and sub-licensing of rights of use is permissible only with the written consent of KeyIdentity GmbH.
5.7 If KeyIdentity GmbH provides the Licensee with any updates, which replace or augment the software previously supplied, these shall likewise be subject to the provisions contained these Conditions.
5.8 The Licensee is not entitled to modify the SVA over and beyond the “unsupported” mode without the consent of KeyIdentity GmbH.
5.9 If the Licensee infringes any of the aforementioned conditions, then all rights of use transferred to the Licensee under this Contract shall be extinguished immediately.
6. Price and payment terms
6.1 The prices set out in the Licensor’s quotation applicable upon the conclusion of Contract apply to the configuration and cession of use. If daily rates are agreed, this shall correspond to an 8 (eight)-hour day.
6.2 All prices are net prices and do not include value-added tax at the statutory rate. Invoices are payable within fourteen (14) days of the receipt of invoice. The Licensee may raise written and substantiated objections to the invoice during this period. After that time, the invoice shall be deemed to be accepted unreservedly. If the Licensee fails to fulfil its duty of payment within the payment period, it shall be in default of payment without any further reminder and shall be required to payment default interest at the rate of eight percentage points over the base lending rate.
6.3 If the payment is not made by the time of the expiry of the payment period, the Licensor shall be entitled to block all access or cease providing services. The payment for the operation and support of the software shall remain due even in the case of blocked or suspended services.
6.4 The duty of payment commences with the start of the available of use. The fees are payable in advance annually. If contracts are concluded during the calender year, in accordance with an individual agreement the fee may be payable on a pro rata temporis basis, i.e. to the end of the calendar year.
6.5 Additional licences shall be invoiced to the end of the current billing period following notification by the Licensee. Non-reported licences shall be retroactively invoiced from the month in which the additional users were recorded.
6.6 The Licensor reserves the right thereafter to amend the fee following written notification, upon providing notice of 3 (three) months to the end of each contractual year, irrespective of the minimum contractual term. Any such change may not exceed the fee for the preceding twelve-month period by more than 10 percent. If the fee is increased by more than 10 percent of the fee for the preceding twelve-month period, the Licensee may terminate the Contract in writing with a notice period of four weeks from the time of the increase.
6.7 Services outside of the agreed scope of delivery or the contractual subject matter, shall be separately remunerated by the Licensee. The Licensor's respective applicable rates shall apply in this respect. This also applies to services provided on the basis of inaccurate or incomplete information provided by the Licensee, non-verifiable defect complaints, improper use of the system or breaches of duty, such as a defective data import. The Licensor shall separately, verifiably and promptly invoice the requisite outgoings and expenditure together with the services rendered by it. In the case of resource-related billing, the Licensor shall indicate the number, names, scope, daily or hourly rate as well as a brief activity description of the employees deployed.
7.1 The parties agree to the non-disclosure of confidential information for a period of two (2) years following the end of the Contract. This does not include confidential information, which
a) was known to the recipient upon the conclusion of Contract without there being an infringement of a non-disclosure agreement, statutory provision or official directives, or which, subject to the same conditions, is disclosed to it thereafter by a third party;
b) is in or subsequently enters the public domain without any breach of Contract;
c) must be disclosed due to statutory obligations, judicial orders or official directives;
d) is excluded from this duty of non-disclosure by way of an explicit written agreement.
7.2 The parties shall afford access to confidential information only to individuals who are subject to the duty of non-disclosure in accordance with Section 6.
7.3 The Licensor shall be entitled to include the Licensee in its (online) list of references, including through the use of the latter’s publicly accessible logos (such as is available on its website for example).
8. Warranty and liability
8.1 If any service is not rendered in accordance with the Contract by KeyIdentity GmbH, and if KeyIdentity is responsible for this circumstance, it shall deliver the service in accordance with the Contract within a reasonable period of time. This shall be conditional on the customer having issued a written complaint without delay, no later than within two (2) weeks of gaining knowledge.
8.2 The customer must grant KeyIdentity GmbH at least two reasonable additional grace periods, insofar as a subsequent improvement remains wholly or partially outstanding or entails significant restrictions on use.
8.3 KeyIdentity GmbH shall be unreservedly liable for intentional acts and gross negligence, for death and personal injury for which it is responsible, and as defined by the provisions of the Product Liability Act. The scope of any warranty extended by KeyIdentity GmbH shall remain unaffected.
8.4 Its liability pursuant to Section 7.3 notwithstanding, KeyIdentity GmbH shall only be liable for the negligent breach of material contractual obligations, the extent of this liability limited to the foreseeable (upon the conclusion of Contract) damages typical for this type of contract. Material contractual obligations are those which must be fulfilled as an essential condition for the orderly performance of the Contract, or the breach of which would jeopardise the achievement of the contractual objective, and the performance of which the customer may regularly depend upon.
8.5 The parties are responsible for the backup procedures on their systems. In the case of a data loss for which KeyIdentity GmbH is responsible, KeyIdentity GmbH shall only be liable for the data recovery costs, which would be incurred with orderly backup procedures.
8.6 Any liability on the part of KeyIdentity GmbH is otherwise excluded.
8.7 The customer's claims pursuant to Section 7.3 are limited in time in accordance with the statutory provisions. Otherwise the limitation period for compensation claims is one (1) year.
8.8 The disclaimers likewise apply to any culpability of KeyIdentity GmbH’s vicarious agents, as well as for the personal liability of the employees, representatives and corporate bodies of KeyIdentity GmbH.
9.1 Provisions concerning termination for cause shall remain unaffected by the rules on termination set out in the licence contract (page 1 of the contract).
9.2 Notices to terminate must be issued in writing in order to be enforceable.
9.3 After expiry of the original term, it is automatically extended by one (1) additional year in each case, unless the customer objects to the extension in writing with a period of three (3) months to the end of the contract year.
9.4 Notices of termination must be in writing to become effective.
10. Force majeure
10.1 If either contractual party is wholly or partially impeded from the fulfilment of its duties of performance under this Contract or can no longer guarantee the fulfilment of these obligations by reason of force majeure, this party shall be released from this obligation for the duration and to the extent it is impeded by force mandatory.
10.2 A case of force majeure is always established in the event of military combat operations (regardless of whether war is declared or not), civil unrest, explosions, fires, floods, earthquakes, typhoons, epidemics and in the event of labour disputes, due to which business operations completely or largely come to a standstill, as well in the event of actions, omissions or measures on the part of a government or when complying with governmental orders and in the event of the disruption to operating facilities or parts thereof, which are necessary for the fulfilment of obligations.
10.3 If a force majeure situation arises, the parties must promptly notify one another and, within 15 (fifteen) days, present information particularly detailing the extent and, insofar as possible to do so in a reasonable manner, the duration of the force majeure situation.
11. Concluding provisions
11.1 The Licensor reserves the right to amend the material contractual terms and conditions at any time. Any such change shall be notified to the customer in an appropriate manner, and shall be deemed approved if no written objection is made within a time limit of one month following the notification, or in an case if the software is used following the expiry of the 30-day time limit for raising objections. If the Licensee is significantly impacted by such a change, it shall be entitled to terminate the Contract to the time that the change comes into effect. The right of termination is extinguished with the coming into effect of the change.
11.2 The Licensor has the right to use the services of sub-contractors in the fulfilment of this Contract.
11.3 Any offset shall only be permitted in respect of undisputed claims or those which have been confirmed by a legally enforceable judgement (res judicata).
11.4 The Licensee’s general terms and conditions shall not apply.
11.5 Changes and additions to this Contract must be made in writing. This applies equally to the amendment or revocation of this clause stipulating the written form. The written form requirement is satisfied by communications sent in “text form”.
11.6 If any of the provisions of these terms and conditions are unenforceable, this shall not prejudice the enforceability of the remaining provisions. The parties shall substitute the unenforceable provision for a lawful provision that most closely achieves the economic purpose of the Contract.
11.7 The law of the Federal Republic of Germany shall apply, to the exclusion of United Nations Convention on Contracts for the International Sale of Goods of 11 April 1980.
11.8 The sole legal venue for all disputes arising from or connected with the Contract is Darmstadt, provided the customer is a merchant or a legal entity constituted under public law. KeyIdentity GmbH may also pursue actions against the customer before those courts with jurisdiction over the place in which the customer has its registered address.