Terms & Conditions of WIBU-SYSTEMS USA, Inc.
A. General Provisions
A1. Subject Matter
A1.1 These General Terms and Conditions (GTC) shall apply to all deliveries and services of Wibu-Systems. Where applicable, the special provisions (Parts B, C and D) shall take precedence over the general provisions (Part A).
A1.2 Individual services of Wibu-Systems are subject to product-specific Hosting conditions. Insofar as these are relevant in individual cases, they shall take precedence over the provisions set out in para. 1.
A1.3 Both Wibu-Systems' and the Customer's affiliated companies pursuant to §§ 15 et seq. of the German Stock Corporation Code (AktG) are also covered by these GTC.
A1.4 Deviating terms and conditions of the Customer shall not apply unless Wibu-Systems has expressly agreed to them in writing.
A2. Conclusion of Contract
A2.1 Offers and quotations from Wibu-Systems are non-binding. Product directories, samples, price lists and the like also do not constitute binding offers.
A2.2 The commissioning of the service by the Customer shall be deemed a binding offer.
A2.3 Unless otherwise stated in the order, Wibu-Systems is entitled to accept this offer within three weeks of its receipt.
A2.4 Wibu-Systems shall declare acceptance by means of a written order confirmation.
A2.5 The illustrations, drawings, weights, and dimensions attached to an order confirmation are only approximate values and are not binding unless they are expressly designated as binding.
A2.6 Wibu-Systems shall retain its rights to quotations and all other documents at all times, in particular ownership rights, copyrights and all other rights of use, reproduction, or exploitation. The Customer may not make them accessible to third parties without express consent. If no contract is concluded, all documents must be returned to Wibu-Systems upon request.
A3. Provision of Services
A3.1 All information provided by Wibu-Systems regarding the expected time and cost of a commissioned service are estimates based on the conditions specified by the Customer and are non-binding; the same applies to information regarding delivery and performance dates unless they are designated as binding.
A3.2 Wibu-Systems reserves the right to prepare minutes of meetings with the Customer, recording the main points discussed and the decisions made. Wibu-Systems without undue delay shall provide the minutes to the Customer upon its completion. If the Customer does not object within seven calendar days with its own counter-proposal, the content of the minutes shall become binding for both parties. An objection shall be negotiated at the next meeting.
A3.3 Wibu-Systems is entitled to have individual services performed by third parties. To the extent necessary for the proper fulfillment of the contractual obligations, these third parties may be given access to the Customer's documents, information, and data in accordance with data protection regulations. Even if third parties are employed, Wibu-Systems shall remain responsible for the performance and the success of the service if promised.
A3.4 Wibu-Systems shall be released from its obligation to perform for as long and to the extent that it cannot be fulfilled due to force majeure. Force majeure refers to circumstances beyond Wibu-Systems' control, such as strikes, epidemics, natural disasters, power failures, or technical infrastructure failures, as well as non-delivery by a supplier for which Wibu-Systems is not responsible.
A4. General Obligations of the Customer to Cooperate
A4.1 Unless otherwise agreed, the Customer alone is responsible for backing up his data. Wibu-Systems accepts no liability for any unintentional loss of data as a result of the contractually agreed provision of services.
A4.2 The Customer shall provide Wibu-Systems with all information and data required to perform the services in a complete and accurate manner. In this respect, Wibu-Systems shall have no obligation to investigate. If necessary, the Customer shall temporarily provide Wibu-Systems with hardware and other items or grant Wibu-Systems access to its hardware and software infrastructure.
A4.3 The Customer shall fulfill his – general and, if applicable, special – obligations to cooperate in his own interest and may not demand any remuneration for this. If the Customer fails to comply with his obligations to cooperate, any agreed performance deadlines shall be extended accordingly. Wibu-Systems reserves the right to temporarily suspend the services after the expiry of a reasonable period and to resume them at its own discretion. Other claims and rights of Wibu-Systems shall remain unaffected.
A5. Prices and Terms of Payment
A5.1 The remuneration owed by the Customer is laid down in the order confirmation.
A5.2 Unless otherwise agreed, all prices are FCA Karlsruhe (Germany) plus applicable VAT and, if applicable, plus shipping costs.
A5.3 Wibu-Systems shall be bound by the prices stated in the order confirmation for 120 calendar days from the date of confirmation. If per agreement performance is rendered after this date or if no price has been specified, Wibu-Systems' listed price valid on the date of performance shall apply.
A5.4 If performance is delayed due to circumstances for which Wibu-Systems is not responsible, and if the costs on which the price calculation is based have increased by at least three percentage points between the agreed and the actual date of performance, Wibu-Systems reserves the right to make reasonable price adjustments. The Customer shall be notified of any price adjustment in writing, together with an explanation of the reasons for the adjustment, before Wibu-Systems performs the service.
A5.5 The remuneration shall be due for payment without deduction 30 calendar days after the invoice date. If the Customer is in default of payment, Wibu-Systems shall charge interest at a rate of five percentage points above the general statutory interest rate.
A5.6 The Customer may only set off claims against Wibu-Systems that are undisputed or have been legally established. Outside the scope of § 354a of the German Commercial Code (HGB), the Customer may only assign claims arising from the contract to third parties with the prior written consent of Wibu-Systems. The Customer shall only be entitled to a right of retention or the defense of non-performance of the contract within the respective contractual relationship.
A5.7 If it becomes apparent after conclusion of the contract that the payment claim is jeopardized by the Customer's inability to pay, Wibu-Systems shall be entitled to refuse performance and to withdraw from the contract.
A6. Warranty for Defects
A6.1 With the exception of services according to §§ 611 et seq. (dienstvertragliche Leistungen) of the German Civil Code (BGB), Wibu-Systems warrants that performance corresponds to the agreed quality and is suitable for the intended use. It shall not have any defects that cancel or reduce its value or suitability for the customary use or the use assumed under the contract. The relevant time is the passing of risk, i.e., the dispatch of the goods in the case of the delivery of hardware, the provision for download in the case of the delivery of software and the acceptance by the Customer in the case of services to produce a work.
A6.2 Technical data, specifications, descriptions, and promises of performance contained in these GTC, in any attachments or in the order confirmation are to be understood exclusively as quality specifications (Beschaffenheitsvereinbarungen) according to § 434 para. 1 sentence 1 BGB) and do not constitute any further guarantee.
A6.3 Unless an acceptance test (§ D6 para. 1) is to be carried out anyway, the Customer must inspect performance immediately upon passing of risk and, if a defect becomes apparent, notify Wibu-Systems accordingly in writing within 14 calendar days and in such a way that Wibu-Systems is able to understand and evaluate the defect. If the Customer fails to notify Wibu-Systems in due time, performance shall be deemed approved, unless the defect was not recognizable during the inspection. If such a defect is discovered later, the notification must be made within five calendar days of its discovery; otherwise, performance shall be deemed approved in this respect as well.
A6.4 Wibu-Systems shall rectify any defects reported within the deadline or recorded in the acceptance report (§ D6 para. 2 sentence 2) without undue delay within the scope of what is technically possible. The specific type of defect rectification is at Wibu-Systems' discretion. The Customer must give Wibu-Systems the time and opportunity required to rectify the defect and hand over any hardware or software that is the subject of complaint for testing purposes. The rectification of defects shall not include the installation and deinstallation of hardware or software as well as the associated costs.
A6.5 The Customer shall support Wibu-Systems in the search for and rectification of defects in accordance with § A4.
A6.6 Any warranty claims shall expire within one year of the passing of risk.
A6.7 Warranty claims shall be excluded if a defect is due to the fact that the Customer or a third party has modified, improperly used, or repaired the object of performance without Wibu-Systems' consent or has not installed, operated, or maintained the object of performance in accordance with Wibu-Systems' manuals and instructions.
A6.8 If Wibu-Systems provides services in the search for or rectification of defects without being obliged to do so, Wibu-Systems reserves the right to charge the Customer for the expenses incurred. This applies in particular if a defect cannot be proven, reproduced or is not attributable to Wibu-Systems.
A7. Liability
A7.1 Both parties shall be liable for damages due to the breach of contractual obligations insofar as they are at fault.
A7.2 The amount of liability for gross and simple negligence shall be limited to the damage typically foreseeable for the damaging party at the time of the breach of duty.
A7.3 Wibu-Systems shall only be liable for obvious damage or other readily recognizable impairments of delivered hardware or software if the Customer has certifiably reserved any claims for compensation with the delivery service or carrier immediately upon receipt of the goods.
A7.4 Non-contractual liability remains unaffected.
A7.5 Liability is excluded
(a) if the Customer himself is responsible for the damage (§ 254 BGB), in particular because he
- has not complied with the duty to cooperate (§ A4),
- services have not been used in accordance with the contract (e.g., operating errors; use of hardware or software that does not comply with specifications),
- has made unauthorized changes to the object of performance,
- has disregarded statutory or contractual provisions on loss minimization;
(b) for loss of profit;
(c) for damages due to defective components from third-party manufacturers or open source software;
(d) for cyber damage, i.e., data loss or damage due to network security breaches (e.g., hacker attacks, malware, denial of service), data breaches and cyber extortion by third parties.
A7.6 Wibu-Systems shall at all times maintain insurance sufficient to cover the aforementioned claims for compensation and shall provide evidence to the Customer upon request.
A8. Rights of Third Parties
A8.1 Wibu-Systems warrants that the services rendered do not infringe any third-party rights. Wibu-Systems shall indemnify the Customer against all claims asserted against him by third parties for infringement of their rights. This however necessitates that the Customer immediately informs Wibu-Systems of the claim in writing and takes any action against the third party only after consulting Wibu-Systems.
A8.2 If third parties assert claims that prevent the Customer from exercising the right of use granted to him in regard to the object of performance, the Customer shall inform Wibu-Systems immediately in writing. In addition, Wibu-Systems shall endeavor at its own expense to enforce the Customer's right of use or, alternatively, to modify or replace the deliverable in such a way that no rights of third parties are infringed, but the deliverable continues to fulfill the contractually agreed functions.
A8.3 In the event of infringements of rights by products of other manufacturers supplied by Wibu-Systems, Wibu-Systems shall either assert its own claims against the manufacturer for the account of the Customer or assign such claims to the Customer. In this case, the Customer shall only have claims against Wibu-Systems if the judicial enforcement of claims against the manufacturer was unsuccessful or has no prospect of success whatsoever.
A9. Data Protection
Wibu-Systems complies with the statutory provisions on data protection when processing the Customer's personal information. This includes technical security measures according to the current state of the art (Art. 32 GDPR) and the obligation of employees to maintain data secrecy (Art. 28 para. 3 lit. b GDPR). If subcontractors of the provider (§ A3 para. 3) come into contact with personal data, a Data Processing Agreement (DPA) is concluded with them in advance, which can be inspected on request.
A10. Confidentiality
A10.1 The parties shall maintain secrecy about all confidential information of which they become aware in the course of their business relationship, in particular business or trade secrets, and shall neither disclose nor otherwise exploit such information.
A10.2 The duty of confidentiality shall not apply if the information in question must be disclosed by order of a court, by order of a public authority, or by statutory law. The party so obliged shall inform the other party of the disclosure without undue delay and disclose the information in such a way that confidentiality is maintained as far as possible.
A11. Referencing
The Customer agrees that Wibu-Systems may include him in its reference list or other communication materials and publicly refer to the business relationship with the Customer in other ways. The authorization also includes the use of the Customer's trademarks for these purposes, in particular its word and figurative marks. Upon request, the Customer shall provide Wibu-Systems with a printable digital template of its trademarks. The Customer may revoke its consent to referencing in writing at any time.
A12. Export Provisions and Customs Clearance
If the Customer exports Wibu-Systems' products, he shall comply with German export regulations and shall also inform his customers that German export regulations apply in the event of export. Wibu-Systems shall not provide deliveries and services to and in places where the products manufactured by Wibu-Systems are subject to export restrictions and shall request proof of final destination prior to delivery to the Customer if necessary. If, at the Customer's request, deliveries are made duty unpaid, the Customer shall be liable to Wibu-Systems for any claims by the customs authorities.
A13. Final provisions
A13.1 The place of performance for all services (deliveries and payments) shall be the registered office of Wibu-Systems in Karlsruhe (Germany).
A13.2 All notifications, requests and other transmissions by the Customer provided for in these GTC must be made in writing (e-mail is sufficient) to the address sales@wibu.com.
A13.3 German law shall apply excluding the UN Convention on Contracts for the International Sale of Goods.
A13.4 The place of jurisdiction is Karlsruhe (Germany).
A13.5 Should one of the above provisions be or become invalid or should a necessary provision not be included, this shall not affect the validity of the remaining provisions. The parties shall endeavor to find an amicable solution in this case.
B. Special Provisions for the Delivery of Hardware and Software
B1. Delivery, Date and Deadlines
B1.1 The expected delivery date is stated in the order confirmation and is subject to Wibu-Systems' itself being supplied in time. Delivery dates and deadlines are only binding if they have been expressly designated as binding by Wibu-Systems in writing. Otherwise, all delivery dates and deadlines are non-binding.
B1.2 The goods shall be delivered to the address specified by the Customer by a carrier selected by Wibu-Systems. Additional costs for express shipping and other special requests regarding shipping shall be borne by the Customer. Unless otherwise agreed, the risk shall pass to the Customer as soon as Wibu-Systems has handed over the goods to the carrier.
B1.3 Partial deliveries are permissible, provided they are not unreasonable for the Customer.
B1.4 If non-compliance with a bindingly agreed deadline is due to obstacles for which Wibu-Systems is not responsible, the deadline shall be extended accordingly.
B1.5 In the event of a delay in delivery, the Customer shall be entitled to withdraw from the delivery contract after a reasonable grace period has expired. Wibu-Systems' liability for any damage caused by delay shall be limited to a lump sum compensation of 0.5% of the net order value of the delayed item for each completed week, but in any case, not more than 5%.
B2. Retention of Title
B2.1 Wibu-Systems shall retain title to the delivered goods until all payments arising from the business relationship with the Customer have been received ("Reserved Goods"). If a current account relationship exists, retention of title refers to the recognized balance in favor of Wibu-Systems.
B2.2 The Customer is obliged to treat the reserved goods with suitable care. In particular, he is obliged to insure them at his own expense against loss and damage at replacement value. The Customer must present the insurance policy and proof of payment of the premiums on request. The Customer hereby assigns to Wibu-Systems any claims and rights arising from the insurance relationship. The assignment is subject to the condition subsequent that the Customer acquires full ownership.
B2.3 The handling and processing of the goods subject to retention of title by the Customer shall always be carried out on behalf of Wibu-Systems, but without any obligation on the part of Wibu-Systems. In the event of processing and combination with other goods, Wibu-Systems shall acquire co-ownership of the new goods in the ratio of the invoice value of the goods subject to retention of title to the value of the other processed materials at the time of processing. The same shall apply if the goods subject to retention of title are mixed with other materials.
B2.4 The Customer shall be entitled to collect the claims assigned to Wibu-Systems in order to meet its payment obligations to Wibu-Systems. If the Customer fails to meet his payment obligations, Wibu-Systems may revoke the authorization to resell and demand that the Customer informs Wibu-Systems of the assigned claims and their debtors, provides all information required for collection by Wibu-Systems, hands over the relevant documents, and informs his debtors of the assignment.
B2.5 As long as the retention of title continues, the Customer may only pledge the goods subject to retention of title to a third party or assign them as security with the written consent of Wibu-Systems. Wibu-Systems must be notified immediately of any seizure of the reserved goods by third parties. The Customer shall bear any costs incurred in the defense against such seizure, unless the third party reimburses them.
B2.6 If the value of the goods subject to retention of title exceeds Wibu-Systems' claims by more than 10%, Wibu-Systems shall, at the Customer's request, release goods at its discretion to the extent of the excess value.
B3. Copyright and Right of Use to Delivered Software
B3.1 The terms of this provision shall apply generally to the delivery of Wibu-Systems software and third-party software (software developed by a software manufacturer independent of Wibu-Systems). For products the Customer purchases according to the contract for transfer to third parties, § B4 shall apply. For products the Customer purchases as part of a software subscription, § B5 shall apply.
B3.2 The Customer shall be granted a permanent, non-exclusive and non-transferable right to use Wibu-Systems software and third-party software for internal use in object code form. No further acquisition of rights to the software shall be associated with this granting of rights of use; in particular, the source code of the software shall not be made available. Wibu-Systems reserves all distribution, exhibition, presentation, performance, and publication rights to the software. The same applies to editing and reproduction rights, unless otherwise stipulated below.
B3.3 The Customer shall be permitted to allow his own customers to make changes to the Wibu-Systems software for their own use and to reverse-engineer these changes for debugging purposes. However, the Customer and his customers are prohibited from passing on to third parties the work results obtained by way of reverse engineering. The Customer and his customers also are prohibited from passing on modified versions of the Wibu-Systems software. The Customer must set up the contracts with his customers in accordance with these permissions and restrictions. Warranty claims against Wibu-Systems are excluded unless the Customer can prove that the defect already existed in the unmodified version of the software.
B3.4 Reproduction of the software stored on data carriers or copying to electromagnetic, optoelectronic, or other data carriers as well as the accompanying material is prohibited. This excludes the installation of the software from the data carrier onto a hard disk. It also excludes the creation of backup copies, insofar as this is necessary to secure the use of the software for the contractually stipulated purpose. If the original data carriers bear a note indicating copyright protection, this note must be affixed by the Customer to all copies.
B3.5 If a Wibu-Systems product contains open source software, Wibu-Systems shall provide a list of the open source software used in machine-readable form with the release documentation. In this case, the Customer shall not acquire any rights of use from Wibu-Systems, but directly from the rights holders of the respective open source components. In this respect, the above license terms shall not apply, but only the respective license terms of the open source components. Wibu-Systems shall make these license terms available to the customer upon request.
B3.6 The Customer shall be liable for all damages incurred by Wibu-Systems as a result of a breach of copyright and usage rights.
B4. Runtime Software and Libraries
B4.1 When using
- Wibu-Systems hardware (e.g., WibuBoxes or CmSticks)
- software-based protection (CmActLicense)
- CmCloud
the following special terms of use apply exclusively in deviation from § B3.
B4.2 The Customer is entitled to integrate the Wibu-Systems software libraries required for the use of the Wibu-Systems protection systems into his computer programs or data in order to protect them from unauthorized use or to measure their use in accordance with the description in the respective manual.
B4.3 The Customer shall be entitled to pass on the integrated Wibu-Systems software libraries to the distributors and end users of his computer programs and data together with these and to distribute the Wibu-Systems runtime software as part of his protected software. The Customer's purchasers may use the Wibu-Systems software libraries and the Wibu-Systems runtime software as part of the protected computer programs and data as intended.
B4.4 Before passing on the Wibu-Systems software libraries and the Wibu-Systems runtime software, the Customer must test whether they function correctly with the protected computer program or the protected data and must inform Wibu-Systems immediately of any problems.
B5. Software Subscriptions
B5.1 In deviation from § B3, the following special terms of use apply exclusively to software that Wibu-Systems rents to the Customer as part of a software subscription.
B5.2 Wibu-Systems grants the Customer the rights of use required to use the software only for the duration of the subscription.
B5.3 Insofar as Wibu-Systems provides the Customer with new software versions, the rights of use described in para. 2 shall only include those software versions that were provided in the contract year of purchase and in the year before. Any rights of use previously granted for earlier software versions shall expire.
B5.4 The remuneration for the provision of the software shall be paid either per contract year or per calendar year. It is due for the first year upon conclusion of the contract and thereafter annually in advance. In the case of invoicing per calendar year, the remuneration for the year in which the contract is concluded shall be calculated on a pro rata basis.
B5.5 If the Customer defaults on payment of the remuneration and fails to pay even after a reminder from Wibu-Systems, the Customer's right to use the software shall be suspended until the remuneration has been paid in full.
B5.6 Each party may terminate the subscription with 90 calendar days' notice to the end of the billing period. Termination is permitted at the earliest at the end of the second year from the start of the services. Unless terminated, the subscription is extended by one year at a time.
B5.7 At the end of the subscription term the Customer shall delete the software, destroy all copies, and confirm in writing that this has been done.
B5.8 Wibu-Systems shall adjust the prices to be paid on the basis of a subscription to the development of the costs that are relevant for the price calculation at its reasonable discretion. A price increase shall be considered and a price reduction shall be made if the contractual partners of Wibu-Systems required to provide the service change their prices, upstream suppliers change their prices, or if the producer price index for IT services determined by the Federal Statistical Office changes by at least 2.5% compared to the index published for the month in which the agreement was concluded. Increases in one category of costs only justify a price increase to the extent that they are not offset by any decreases in costs in other areas. In the event of cost reductions, Wibu-Systems will reduce prices to the extent that these cost reductions are not fully or partially offset by increases in other areas. In exercising its reasonable discretion, Wibu-Systems shall select the respective time of a price change in such a way that cost reductions are not taken into account according to standards that are less favorable to the Customer than cost increases, i.e., cost reductions shall have at least the same price effect as cost increases. Price increases shall only take effect at the end of a quarter and only if Wibu-Systems gives 90 calendar days' notice. In the event of a price increase, the Customer may also terminate the subscription before the end of the minimum term of this contract (para. 6 sentence 2).
B6. Right of Return
B6.1 The Customer is not entitled to a right of return.
B6.2 Anything to the contrary shall only apply if Wibu-Systems has expressly granted the Customer a right of return in writing. In any case, software and goods manufactured individually for the Customer will not be taken back.
B6.3 An exceptionally accepted return requires that the Customer sends the goods to Wibu-Systems within two weeks of receipt complete with original packaging in unaltered, especially undamaged new condition. The return shipment shall be at the expense and risk of the Customer.
B7. Recourse Claims
B7.1 The Customer shall only be entitled to rights of recourse (§ 445a BGB) if Wibu-Systems is responsible for the defect.
B7.2 If a claim for subsequent performance is asserted against the Customer by a purchaser, the Customer may only take recourse against Wibu-Systems if the Customer has given Wibu-Systems the opportunity for subsequent performance and if Wibu-Systems itself would not have been entitled to refuse subsequent performance. Only expenses that have led to successful subsequent performance are eligible for compensation.
B7.3 If the Customer has taken back the purchased item or the purchaser has reduced the purchase price, the subscription Customer shall only be entitled to recourse claims against Wibu-Systems if he himself could not have averted the return or reduction by subsequent performance.
B7.4 The amount of the Customer's right of recourse is limited to the net purchase price of the goods concerned.
C. Special Provisions for Hosting Services
C1. Operation
The hosting services are provided by Wibu Operating Services.
C2. Data Centers
C2.1 The hosting services are provided in data centers run by subcontractors of Wibu-Systems. The operators may be replaced at Wibu-Systems' discretion. Wibu-Systems shall immediately announce any change of operator. The subcontractors currently commissioned by Wibu-Systems can be found on Wibu-Systems´ website (https://www.wibu.com/terms-conditions.html).
C2.2 The data centers are located in the territory of the Federal Republic of Germany. Wibu-Systems shall ensure that the storage location for the data of hosting services is only relocated to another territory with the prior consent of the Customer.
C2.3 The operators of the data centers are certified in accordance with ISO EN9001:2015 and ISO/IEC27001 for active quality and IT security management and will maintain this status at all times.
C3. Disturbance Classes
C3.1 Wibu-Systems cannot completely rule out the possibility of a disturbance occurring during productive operation. Wibu-Systems evaluates each disturbance based on its effects and generally assigns it to one of three disturbance classes for the purpose of efficient and effective disturbance management:
- Class 1: Service not available
- Class 2: Limited service available
- Class 3: Service available, other disturbance
C3.2 The characteristics for classifying disturbances are described in the supplementary product-specific conditions.
C4. System and Function Check
C4.1 Wibu-Systems regularly carries out automated system and function checks according to the current state of the art. These system and function checks serve to automatically rectify errors using scripts, to alert the Wibu Operating Services team and to monitor the availability of the system. The system and function check includes:
(a) calling up functions of the hosting services,
(b) the retrieval of status information, such as information about running processes,
(c) monitoring the connection of hosting services to the Internet, for example by means of a query via a system located in another data center.
C4.2 Wibu-Systems shall regularly and independently adapt the system and function check to the current state of the art.
C4.3 All disturbances detected by the system and function check shall be analyzed by Wibu-Systems. The aim of the analysis is to continuously improve the system and function check so that similar disturbances are detected as far as this is technically possible and commercially reasonable.
C5. Availability
C5.1 The availability of the hosting services describes the probability that the service will process the requests within the promised time frame. The availability of the respective hosting service per calendar month specified to the customer is defined in the supplementary product-specific Hosting conditions.
C5.2 Wibu-Systems shall use commercially reasonable efforts to ensure the availability of the hosting services in question as specified in the supplementary product-specific Hosting conditions. The availability of the system will be monitored and assessed as downtime as follows:
(a) The automatic system and function check (§ C4) is performed once per minute. If two consecutive checks fail, the entire time between the checks is counted as downtime. The failure of a single check does not constitute downtime.
(b) Disturbances that are not detected by the automatic system and function check shall be monitored manually. The notification of Wibu-Systems by the Customer shall be deemed the start of the downtime. The rectification of the disturbance shall be deemed the end of the downtime.
(c) A hosting service is deemed to be down if there is a class 1 disturbance. A class 2 or 3 disturbance does not constitute an outage.
(d) Periods of unscheduled maintenance and emergency maintenance are considered downtime.
C5.3 The following performance and availability issues are not considered downtime and therefore are not subject to the availability as defined in these GTC:
(a) scheduled maintenance as described in § C6 below,
(b) unavailability, interruption or delay of the internet connection,
(c) DDOS attacks (Distributed Denial-Of-Service), virus attacks, or hacker attacks,
(d) inability to function due to the fact that the Customer exceeds the maximum number of API function calls or the permitted number of transactions defined in the supplementary product-specific Hosting conditions,
(e) problems resulting from the Customer's failure to implement a configuration or software change recommended in writing by Wibu-Systems in order to maintain the availability of the hosting services to the required extent,
(f) circumstances that fall under § A3 para. 4 on force majeure.
C5.4 If the availability of the hosting services specified in the supplementary product-specific Hosting conditions is not achieved, Wibu-Systems shall grant the Customer a credit in accordance with § C10.
C6. Maintenance
C6.1 Wibu-Systems endeavors to set up the hosting services in such a way that an interruption of the service is not necessary for updates to the software or due to other components involved. However, Wibu-Systems cannot completely rule out the possibility that events may occur that make it necessary to interrupt the service.
C6.2 If an interruption of the service cannot be avoided with economically reasonable efforts, Wibu-Systems shall keep the interruption as short as possible and will undertake any measures necessary at times of typically low usage (e.g., weekends at night).
C6.3 Maintenance work shall be announced at least two weeks in advance. In the case of acute events that require an interruption of service with less than two weeks' notice, Wibu-Systems reserves the right to carry out maintenance with a shorter lead time and without prior written notice.
C6.4 Hosting takes place in virtual machines, so that an interruption of availability due to maintenance of the hardware and infrastructure is only necessary in exceptional cases. The maintenance window for these exceptional cases shall be determined by the data center (§ C2) and, if an impairment of the service is to be expected, will be communicated to the Customer by Wibu-Systems immediately after becoming known.
C7. Data Backup
C7.1 Wibu-Systems performs a daily backup of the hosted data.
C7.2 The daily backups are stored for at least 60 calendar days.
C8. Disturbance Report
C8.1 Hosting services, supporting servers, firewalls and other security components of the service are constantly and proactively monitored by an automated monitoring system. Any disturbances are detected during operation and automatically reported to Wibu-Systems.
C8.2 In addition to the automatic disturbance report, the Customer may report disturbances to Wibu-Systems:
(a) Report in the Wibu-Systems ticket system (https://support.wibu.com/) as a fault via the Wibu Operating Services (WOPS) form.
(b) Telephone support hotline Monday to Friday from 08:00 - 17:00 (+49-721-93172-14). The time stated refers to Central European Time (CET) or Central European Summer Time (CEST) excluding all national public holidays in Germany.
C8.3 The support hotline provides support in German and English.
C9. Introduction of Error Analysis and Corrective Measures
C9.1 Wibu-Systems implements automatic immediate measures that are carried out in the event of class 1 and 2 disturbances following the failure of system checks.
C9.2 Wibu-Systems employs an alarm system that alerts the WOPS team in the event of class 1 and 2 disturbances that cannot be rectified automatically.
C9.3 Wibu-Systems shall respond as quickly as possible to all reports of class 1 and 2 disturbances from the Customer:
(a) Within the service times of the support hotline, disturbance analysis and rectification begin within a maximum of 1 hour (class 1) or 2 hours (class 2).
(b) Outside the service hours of the support hotline, disturbances analysis and rectification shall begin as soon as possible, at the latest by 9 a.m. (CET or CEST) on the next working day at Wibu-Systems.
C9.4 Wibu-Systems shall begin analyzing class 3 disturbances during the next working day at Wibu-Systems. If necessary, Wibu-Systems and the Customer shall coordinate the start of the remedial measures.
C10. Credit Voucher
C10.1 If the availability of the hosting service falls below the availability specified in the supplementary product-specific Hosting conditions, Wibu-Systems shall grant the Customer a credit voucher. The calculation refers to the respective calendar month and is calculated as follows:
Actual availability in % = (1 - (downtime in the calendar month [min]) /
(calendar days of the month * 24 * 60)) * 100
C10.2 Downtime in para. 1 is determined in accordance with the regulation in § C5.
C10.3 Based on the actual availability of the hosting service pursuant to para. 1, the Customer shall receive a one-off credit voucher for the calendar month in question as a percentage of the remuneration paid for that month, as defined in the supplementary product-specific Hosting conditions.
C10.4 The credit voucher shall be credited to the Customer's account upon request.
C10.5 The credit voucher shall primarily cover any reduction claims by the Customer that are caused by or related to the actual reduction in the Customer's usage options or access due to reduced availability. The Customer accepts this credit voucher in lieu of damages excluding all other remedies.
C11. Limitation of Liability
The general liability regulation pursuant to § A7 shall apply with the proviso that the liability for simple negligence is limited per damage event to a maximum amount of € 10,000 or the value of the remuneration due in the current calendar year if this is lower.
C12. Designated Technical Contact Person
C12.1 When commissioning a hosting service, the Customer designates a technical contact person. This person
(a) manages any access to the hosting service,
(b) is the contact person for maintenance planning,
(c) receives notification of scheduled maintenance, and
(d) receives the alarm message in the event of disturbances.
C12.2 Wibu-Systems must be informed promptly if the technical contact person changes.
C13. Termination of Individual Contracts
C13.1 The Customer may terminate individual contracts for hosting services in writing at any time with a notice period of 90 calendar days to the end of the billing period.
C13.2 Wibu-Systems may terminate an individual contract in writing subject to the following notice periods in relation to the end of the billing period:
(a) with a notice period of 30 calendar days if the Customer uses the service in a manner that does not comply with the features and functions specified by Wibu-Systems and the intended use. This is particularly the case if the Customer's application repeatedly exceeds the maximum number of API function calls, transactions, or containers/users specified in the relevant product-specific terms and conditions.
(b) for any other reason with a notice period of 180 calendar days.
C13.3 30 days after termination of the individual contract, Wibu-Systems will delete the hosted Customer data and any access to the web interface. Wibu-Systems shall provide the Customer with his data in machine-readable form if the Customer so requests in writing within 30 days of termination of the individual contract.
D. Special Provisions for Work and Services
D1. Contents
D1.1 Wibu-Systems offers comprehensive support through the following services:
- Wibu Pre-Sales Consulting
- Wibu Consulting Services
- Wibu Training Services
- Wibu Support Services
D1.2 The content of the individual works and services shall be agreed individually with the Customer.
D2. Dates
The dates for individual services shall be agreed individually between the Customer and Wibu-Systems.
D3. Consulting Services, Training and Workshops
D3.1 Wibu-Systems designs training courses and workshops in such a way that an attentive participant can achieve the intended objectives. A specific gain in knowledge or training success is not guaranteed.
D3.2 The Customer shall ensure that the information provided to Wibu-Systems for the provision of individual consulting services is accurate and complete. § A4 para. 2 shall apply accordingly.
D3.3 Any recommendations are made to the best of the knowledge and belief of the Wibu-Systems employees responsible. Wibu-Systems accepts no liability for the actual occurrence of the described effects and the achievement of the stated goals.
D3.4 Wibu-Systems is not obliged to provide any accompanying documents unless the parties have agreed otherwise in writing.
D4. Special Obligations of the Customer to Cooperate
D4.1 If Wibu-Systems performs services or produces a work for the Customer, the general duties to cooperate pursuant to § A4 shall also apply. In addition, the following provisions shall apply.
D4.2 If Wibu-Systems is to provide services in relation to the Customer´s software (e.g., installation, customization, connection, etc.), Wibu-Systems must be able to access it at the agreed time and must be provided with the necessary usage rights and user documentation.
D4.3 If Wibu-Systems provides services on the Customer´s premises as agreed, all necessary preparatory work must be completed by the Customer so that the services can be started immediately after the arrival of Wibu-Systems' employees and can be carried out without interruption. The Customer shall provide the employees with suitable workspaces that are equipped with the necessary technical appliances in working order. The Customer shall assist Wibu-Systems to the best of his ability in the operation of third-party equipment and other facilities and shall make it possible for performance to be rendered outside normal working hours, insofar as this is necessary.
D5. Change Requests
D5.1 Until acceptance, the parties may at any time propose changes to the production of a work in writing ("Change Requests").
D5.2 Change Requests shall be reviewed promptly and a meaningful statement shall be issued. In particular, the expected effects on performance features, agreed schedules, timetables and estimated costs shall be addressed. If Wibu-Systems considers a Change Request from the Customer not to be feasible, or if the Customer does not wish to comply with a Change Request from Wibu-Systems, this decision must be justified. Otherwise, Wibu-Systems shall submit an offer for the desired change.
D5.3 Wibu-Systems reserves the right to charge the Customer for the costs of reviewing his Change Request and for preparing the concept on which the offer is based.
D5.4 A mutually agreed change to the production of a work shall be laid down in writing, including its effects on deadlines, costs, and use of resources. If no agreement is reached, the relevant work shall be produced as contractually agreed.
D6. Acceptance
D6.1 Upon completion of the production of a work, Wibu-Systems shall notify the Customer so that he can carry out an acceptance test.
D6.2 The Customer shall accept the work if it meets the agreed acceptance criteria. Any defects identified during the acceptance test shall be recorded by the Customer in an acceptance report. Wibu-Systems shall without undue delay rectify any defects that prevent acceptance and make the work available again for acceptance. Any other defects shall be remedied by Wibu-Systems within the scope of the warranty (§ A6).
D6.3 A defect preventing acceptance exists if the work is unusable for the agreed purpose or if the Customer cannot reasonably be expected to use it even temporarily.
D6.4 The Customer may declare acceptance expressly or by conclusive action. In particular, the work shall also be deemed to be accepted if the Customer
(a) uses the work productively, unless the use is clearly for the sole purpose of acceptance testing; or
(b) he has not refused acceptance due to defects preventing acceptance within 14 calendar days of the work being made available for acceptance testing (para. 1).
D6.5 The provisions of para. 1 to 4 shall apply accordingly in the case of partial acceptance.
D7. Copyright and Right of Use of Works
D7.1 Upon acceptance of a work, the Customer shall irrevocably receive the exclusive, spatially, and temporally unrestricted right to use as intended the components individually created for him. Any further use or exploitation of these components or their documentation (e.g., distribution, publication, or rent) is not permitted to the Customer.
D7.2 The Customer shall only receive a non-exclusive right of use to all other components of the work or its documentation – in particular to those components that are part of Wibu-Systems' toolset (e.g., its own tools or standard software) and that are also used for other Customers – to the extent as it is necessary to realize his rights under para. 1. The Customer is prohibited from any further independent use or exploitation of these components.
D7.3 By way of exception, the Customer shall be permitted to use the work for testing purposes prior to acceptance, insofar as this is necessary to carry out the acceptance test.
D7.4 If components from third-party manufacturers or open source software (collectively "third-party components") are integrated during the creation of individual software, Wibu-Systems shall inform the Customer accordingly. Unless otherwise agreed, the Customer shall be responsible for obtaining the necessary licenses for the third-party components in order to be able to use the individual software productively.
D8. Remuneration
D8.1 Unless otherwise agreed, works and services shall be invoiced on a time and material basis. The Customer shall receive a report of the services rendered. The Customer must raise any objections in writing within a period of 14 calendar days. Once this period has expired, the report shall be deemed approved.
D8.2 In the case of regularly recurring services or services that are ongoing in nature, invoicing shall take place on a monthly, quarterly, or annual basis. In the latter case, the first service period shall be invoiced from the first day of the month following the conclusion of the contract until the end of the year. Subsequent service periods are invoiced at the beginning of the year for the calendar year.
Issue date: 2024-05-01
[Note: In the event of any deviations resulting from the translation, the formulation set forth in the German version shall prevail.]
Preamble
These terms and conditions apply to the hosting of Personal CmCloudContainers and Enterprise CmCloudContainers with the Seats fee model. In addition and in case of doubt, subordinate, the General Terms and Conditions (GTC) of Wibu-Systems apply.
1. Scope – Description of services, access, and usage rights
1.1 Wibu-Systems provides the Customer with CmCloudContainer as SaaS (Software as a Service), hereinafter referred to as CmCloudSaaS, in a cloud operated by Wibu-Systems in a data center. The provision of CmCloudSaaS enables the following actions:
(a) Create and manage CmCloudContainers via CmCloud Dashboard or CmCloud Management-REST-API.
(b) Access and use of CmCloudContainers from CodeMeter runtime environments via the CodeMeter Core-API, hereinafter referred to as API-Function-Calls.
1.2 In order to support different Customer use cases, Wibu-Systems provides the following options for productive operation:
Item number | Designation |
---|---|
6620-10-100 | Hosting CodeMeter Cloud Seats prepaid Seats for Personal and Enterprise CmCloudContainers |
6620-10-200 | Hosting CodeMeter Cloud Seats additional used Seats for Personal and Enterprise CmCloudContainers |
6620-80-100 | CodeMeter Cloud REST-API for managing CmCloudContainers |
Table 1: Functional scope of the service
1.3 Definition of a Seat (workstation): A seat is a real or virtual instance of a computer that a user can use independently of other users. In particular, a computer, a virtual machine, a terminal server session or a container instance in containerized environments such as Docker is considered a Seat.
1.4 Wibu-Systems offers two types of CmCloudContainers:
(a) A Personal CmCloudContainer allows license access by a single user from up to three (3) Seats simultaneously. Licenses in a Personal CmCloudContainer can only be used with Seats that are directly connected to CmCloudSaaS via the CodeMeter runtime environment. The use of a Personal CmCloudContainer in environments that require network licenses, such as terminal servers or containerized environments, is excluded.
(b) An Enterprise CmCloudContainer can be shared by multiple users or devices and can be used on up to 500 Seats simultaneously. Both Seats that are connected directly via the CodeMeter runtime environment and Seats that are indirectly connected to CmCloudSaaS via one or more CodeMeter runtime environments are counted equally as Seats. The Customer can adjust the maximum permitted number of Seats for an Enterprise CmCloudContainer himself.
1.5 A Credentials File is available for each CmCloudContainer, which must be imported into the CodeMeter runtime environment in order to gain access to the respective CmCloudContainer. This Credentials File can be created manually in the CmCloud dashboard or in CodeMeter License Portal as well as automatically via the CmCloud-Management-REST-API.
1.6 API-Function-Calls include
(a) all CodeMeter Core API-Calls explicitly integrated into a software by the Customer,
(b) all CodeMeter Core API-Calls implicitly integrated into a software that were generated by tools provided by Wibu-Systems (e.g., CodeMeter Protection Suite) and
(c) all implicit CodeMeter Core API-Calls made by Wibu-Systems tools (e.g., CodeMeter WebAdmin, CodeMeter License Editor, CmBoxPgm, cmu, CmDust).
1.7 API-Function-Calls added by Wibu-Systems in future versions of CmCloudSaaS and the CodeMeter runtime environment will be defined by Wibu-Systems by updating Appendix A - Definition API-Function-Calls. Wibu-Systems will endeavor to ensure that the API-Calls are backward compatible with previous versions of the API.
1.8 To ensure consistent availability and performance of CmCloudSaaS, API-Function-Calls are limited to a maximum of 200.000 calls per seat per month. This limitation is not intended to affect the normal use of CmCloudSaaS but is intended to protect against accidental and unexpected increases in API-Function-Calls by applications that make exceptionally demanding requests.
1.9 Wibu-Systems grants the Customer a revocable, non-exclusive and non-transferable right to access CmCloudSaaS during the agreed term and to use it in accordance with these Terms and Conditions. Wibu-Systems shall provide the Customer with the necessary passwords and access data for access to CmCloudSaaS.
1.10 If the use of CmCloudSaaS makes it necessary for the Customer to distribute certain software components of Wibu-Systems together with his own software, the following provisions shall apply:
(a) The Customer may integrate the Wibu-Systems software libraries required for the use of Wibu-Systems' protection systems into his computer programs or data in order to protect them from unauthorized use or to monitor their use as described in the respective manual.
(b) The Customer may also sublicense and supply the integrated Wibu-Systems software libraries together with the Customer's computer programs and data to distributors and end customers and distribute the Wibu-Systems runtime software as part of the Customer's protected software. The end customers shall have the right to use the Wibu-Systems software libraries and the Wibu-Systems runtime software as components of the Customer's protected computer programs and data in accordance with these Terms and Conditions.
2. Disturbance classes
2.1 Class 1 - CmCloudSaaS is not available
API-Function-Calls (e.g. access and/or use of CmCloudContainers) to more than ten (10) different Personal CmCloudContainers or one or more Enterprise CmCloudContainers with a total of more than ten (10) Seats on more than ten (10) different CodeMeter runtime environments are not possible, although the Customer's Internet connection is functional (e.g., web browsers can access external websites).
2.2 Class 2 - CmCloudSaaS is available with restrictions
API-Function-Calls (e.g. access and/or use of CmCloudContainers) to more than ten (10) different Personal CmCloudContainers or one or more Enterprise CmCloudContainers with a total of more than ten (10) Seats on more than ten (10) different CodeMeter runtime environments cannot be performed in an acceptable time. An unacceptable amount of time is defined as a response time that is more than five (5) seconds longer than the expected maximum response time specified in Appendix A - Definition API-Function-Calls. The response time is defined as the time between the receipt by CmCloudSaaS and the output of the response from CmCloudSaaS for the API-Function-Call.
2.3 Class 3 - CmCloudSaaS is available
Some of the Customer's end customers experience outages that are not assigned to disturbance class 1 or 2.
2.4 If the outage was not caused by the CmCloudSaaS-System (e.g. outage due to interruption of the internet connection), this outage is not counted as downtime.
3. Availability
3.1 CmCloudSaaS data is stored on a database cluster so that CmCloudSaaS and the data remain available in the event of a single hardware failure.
3.2 Wibu-Systems makes commercially reasonable efforts to ensure an availability of CmCloudSaaS of 99.95% per calendar month.
3.3 A malfunction of CmCloudSaaS that occurs due to exceeding the permitted API-Function-Calls per Seat and month in accordance with § 1 para. 8 does not constitute a failure. Wibu-Systems shall be responsible for providing evidence that the limit has been exceeded.
3.4 If the specified availability of CmCloudSaaS pursuant to § 3 para. 1 is not achieved, Wibu-Systems shall grant the Customer a one-off credit for the calendar month concerned as a percentage of the remuneration paid for that month in accordance with GTC § C10 (only the line with the highest percentage is counted):
Availability within one calendar month | Credit |
---|---|
Less than 99.95%, but more than 99.9% | 10% |
Less than 99.9%, but more than 99.5% | 20% |
Less than 99.5%, but more than 99.0% | 50% |
Less than 99.0% | 100% |
Table 2: Credit if availability is not reached
4. Maintenance
Should maintenance become necessary that could impair the availability of CmCloudSaaS, it will be carried out in accordance with GTC § C6 para. 2 to 4.
5. Quantity structure and fees
5.1 The required data capacity generally correlates with the number of CmCloudContainers and their simultaneous use by Seats. Fees are therefore incurred for the use of CmCloudSaaS, which are based on the number of Seats as defined in § 1 para. 3, are to be paid by the Customer and are billed per calendar month according to coordinated universal time (UTC).
5.2 Each Personal CmCloudContainer used is billed as one (1) Seat, even if it can technically be used on up to three (3) Seats simultaneously. Enterprise CmCloudContainers are billed according to the maximum number of Seats that have used this Enterprise CmCloudContainer simultaneously in the calendar month.
5.3 The Customer places a written order with Wibu-Systems or a Wibu-Systems sales partner for a certain number of Seats ("Prepaid Seats"). The Customer may change the number of Prepaid Seats ordered once a month by placing a new written order as follows:
(a) An increase of Prepaid Seats is possible at any time and will take effect at the beginning of the next month, provided the order is received at least five (5) working days before the end of the month.
(b) A reduction of Prepaid Seats is possible with a notice period of 30 calendar days to the end of the month.
5.4 The Customer assigns the Prepaid Seats to the created Personal CmCloudContainers (implicitly) and/or Enterprise CmCloudContainers (explicitly) as required. In addition to the Prepaid Seats, the Customer may assign further Personal CmCloudContainers and/or assign further Seats to Enterprise CmCloudContainers at his own discretion. In this case, the number of Seats used simultaneously ("Concurrent Seats") may be higher than the number of Prepaid Seats.
5.5 If not all Prepaid Seats are used in a month, there will be no refund for the unused Seats.
5.6 Wibu-Systems or a Wibu-Systems sales partner shall invoice the Customer for the fees owed as follows:
(a) monthly, quarterly, semi-annually or annually in advance for the fees resulting from the number of Prepaid Seats ordered,
(b) monthly or quarterly in arrears for all additional fees incurred as a result of exceeding the ordered Prepaid Seats in accordance with § 5 para. 3.
5.7 All fees and amounts set out in these Hosting Conditions or an Order are exclusive of taxes. The Customer shall be solely responsible for the proper payment of all sales, service, value-added, use‑, excise and other taxes imposed by governmental authorities on the Customer for services provided by Wibu-Systems to the Customer under these Hosting Conditions.
Appendix A – Definition of API-Function-Calls
The following defines which CodeMeter Core API calls are counted as API-Function-Calls.
Compared to the complete listing according to the Core API Help, some API-Calls are missing in the following listings because they either cannot be used for Universal Firm Code or the execution is not passed on to CmCloudSaaS.
The maximum response time for all API-Function-Calls listed below is one second.
The following Core-API-Functions are counted as API-Function-Calls:
- CmCalculateSignature
- CmCrypt
- CmCrypt2
- CmCryptEcies
- CmCryptSim
- CmCryptSim2
- CmGetPublicKey
- CmGetSecureData
- CmAccess
- CmAccess2
- CmExecuteRemoteUpdate
- CmGetBoxContents
- CmGetBoxInhalt2
- CmGetBoxes
- CmGetInfo
- CmGetRemoteContext
- CmGetRemoteContext2
- CmGetRemoteContextBuffer
- CmRelease
- CmRevalidateBox
- CmSetRemoteUpdate
- CmSetRemoteUpdate2
- CmSetRemoteUpdateBuffer
Issue date: 2024-05-01
[Note: In the event of any deviations resulting from the translation, the formulation set forth in the German version shall prevail.]
Preamble
These terms and conditions apply to the hosting of CodeMeter Cloud Lite for the hosting packages:
- Hosting CodeMeter Cloud Lite Package S
- Hosting CodeMeter Cloud Lite Package M
- Hosting CodeMeter Cloud Lite Package L
In addition and in case of doubt, subordinate, the General Terms and Conditions (GTC) of Wibu-Systems apply.
1. Scope – Description of services, access and usage rights
1.1 Wibu-Systems provides the Customer with CodeMeter Cloud Lite as SaaS (Software as a Service), hereinafter referred to as CmCloudLiteSaaS, in a cloud operated by Wibu-Systems in a data center. The hosting services include:
(a) Provision and maintenance of infrastructure
(b) Installation of the application according to the selected scope of functions
(c) Automatic monitoring of the functionality of the infrastructure
(d) Automatic monitoring of CodeMeter Cloud Lite
(e) Maintenance of the operating system (updates and security patches)
(f) Maintenance of the CodeMeter Cloud Lite application (updates and security patches)
(g) Creation of a daily snapshot of the virtual machine.
1.2 CmCloudLiteSaaS is used via the CodeMeter Cloud Lite API, hereinafter referred to as API-Function-Calls. The API-Function-Calls enable the following actions:
(a) Activate and deactivate licenses using CodeMeter Cloud Lite Access-REST-API
(b) Manage licenses with CodeMeter Cloud Lite Management-REST-API
1.3 API-Function-Calls added by Wibu-Systems in future versions of CmCloudLiteSaaS will be defined by Wibu-Systems by updating Appendix A - Definition API-Function-Calls. Wibu-Systems will endeavor to ensure that the API-Calls are backward compatible with previous versions of the API.
1.4 Wibu-Systems provides the following hosting packages and options for productive operation to support different Customer use cases:
Item number | Designation |
---|---|
6630-01 | Hosting CodeMeter Cloud Lite Package S |
6630-02 | Hosting CodeMeter Cloud Lite Package M |
6630-03 | Hosting CodeMeter Cloud Lite Package L |
6631-01, 6631-02, 6631-03 | Additional 1,000,000 calls for CodeMeter Cloud Lite Package S, M, L |
6632-01, 6632-02, 6632-03 | Additional CmContainer/User for CodeMeter Cloud Lite Package S, M, L |
6633-01 | Hosting CodeMeter Cloud Lite REST-API for retrieving usage statistics |
6619-03 | Hosting CodeMeter Cloud Lite operated by Wibu Operating Service on infrastructure of ISV, per line/instance |
Table 1: Hosting packages and options
1.5 To ensure consistent availability and performance of CmCloudLiteSaaS, the number of usable containers/users and the number of API-Function-Calls per month is limited depending on the selected CodeMeter Cloud Lite hosting package. This limitation is not intended to affect the normal use of CmCloudLiteSaaS but is intended to protect against accidental and unexpected increases in API-Function-Calls by applications making exceptionally demanding requests.
1.6 Wibu-Systems grants the Customer a revocable, non-exclusive and non-transferable right to access CmCloudLiteSaaS during the agreed term and to use it in accordance with these Honsting Conditions. Wibu-Systems shall provide the Customer with the necessary passwords and access data for access to CmCloudLiteSaaS.
2. Disturbance classes
2.1 Class 1 - CmCloudLiteSaaS is not available
All users/devices cannot perform all or some API-Function-Calls (e.g., assigning licenses to a user, assigning or releasing licenses), although they can reach the service.
2.2 Class 2 - CmCloudLiteSaaS is available with restrictions
Some users/devices cannot perform all or some API-Function-Calls or cannot do so in an acceptable time, although they can reach the service. Other users/devices can complete all API-Function-Calls. An unacceptable time is defined as a response time that is more than 5 seconds longer than the expected maximum response time specified in Appendix A - Definition of API-Function-Calls. The response time is defined as the time between CmCloudLiteSaaS receiving and issuing the response from CmCloudLiteSaaS for the API-Function-Call.
2.3 Class 3 - CmCloudLiteSaaS is available
Failures occur with individual users/devices that are not assigned to disturbance class 1 or 2.
2.4 If an outage of CmCloudLiteSaaS is caused by an outage of the underlying CodeMeter License Central, this outage is not counted as downtime.
2.5 If the outage was not caused by the CmCloudLiteSaaS system (e.g. outage due to interruption of the Internet connection), this outage is not counted as downtime.
3. Availability
3.1 Wibu-Systems will use commercially reasonable efforts to ensure the availability of CmCloudLiteSaaS. Since CmCloudLiteSaaS is based on CodeMeter License Central, the availability depends on the CodeMeter License Central hosting package used as follows:
Item number | CodeMeter License Central hosting package | Availability |
---|---|---|
6612-01 | High Availability Package | 99.9% |
6611-01 | High Performance Edition | 99.7% |
6610-01 | Dedicated Server | 99.5% |
Table 2: Availability of the service depending on the selected CodeMeter License Central hosting package
3.2 A malfunction of CmCloudLiteSaaS caused by exceeding the quantity framework according to the selected License Central hosting package does not constitute a failure. Wibu-Systems shall be responsible for providing evidence of the overrun.
3.3 If the specified availability of CmCloudLiteSaaS pursuant to § 3 para. 1 is not achieved, Wibu-Systems shall grant the Customer a one-off credit for the calendar month concerned as a percentage of the remuneration paid for that month in accordance with GTC § C10 (only the line with the highest percentage is counted):
Availability within one calendar month | Credit depending on the selected CodeMeter License Central hosting package | ||
---|---|---|---|
High Availability Package | High Performance Edition | Dedicated Server | |
Less than 99.9%, but more than 99.7% | 10% | / | / |
Less than 99.7%, but more than 99.5% | 25% | 10% | / |
Less than 99.5%, but more than 99.0% | 50% | 25% | 10% |
Less than 99.0%, but more than 95.0% | 100% | 50% | 50% |
Less than 95.0% | 100% | 100% | 100% |
Table 3: Credit if availability falls below the limit depending on the selected CodeMeter License Central hosting package
4. Maintenance
4.1 Should maintenance become necessary that could impair the availability of CmCloudLiteSaaS, it will be carried out in accordance with GTC § C6 para. 2 to 4.
4.2 CmCloudLiteSaaS is not available during maintenance of the underlying CodeMeter License Central.
5. Quantity structure and fees
5.1 The required computing power generally correlates with the number of containers/users used and the number of API-Function-Calls. Fees are therefore incurred for the use of CodeMeterCloudLiteSaaS depending on the CodeMeter Cloud Lite hosting package selected.
Item number | Designation | Quantity Container / User | Quantity Calls per month |
---|---|---|---|
6630-01 | Hosting CodeMeter Cloud Lite Package S | 100 | 100 million |
6630-02 | Hosting CodeMeter Cloud Lite Package M | 1,000 | 1,000 million |
6630-03 | Hosting CodeMeter Cloud Lite Package L | 10,000 | 10,000 million |
Table 4: User quantity structure of the service depending on the selected Hosting package
5.2 The Customer places a written order with Wibu-Systems or a Wibu-Systems sales partner for the selected hosting package. The Customer may change the hosting package by placing a new written order with Wibu-Systems or a Wibu-Systems sales partner.
(a) An upgrade of the hosting package is possible at any time and becomes effective at the beginning of the next month, provided the order is received at least 5 working days before the end of the month.
(b) A downgrade of the hosting package is possible with a notice period of 30 calendar days to the end of the month.
5.3 If not all containers/users or API-Function-Calls are used in a month, no refund will be made.
5.4 The number of containers/users and API-Function-Calls used is recorded monthly and compared with the selected CodeMeter Cloud Lite hosting package.
5.5 Wibu-Systems or a Wibu-Systems sales partner shall invoice the Customer for the fees owed as follows:
(a) monthly, quarterly, semi-annually or annually in advance for the fees resulting from the selected CodeMeter Cloud Lite hosting package,
(b) monthly or quarterly in arrears for all additional fees incurred as a result of exceeding the permitted values in accordance with the selected hosting package.
5.6 All fees and amounts set out in these Hosting Conditions or an Order are exclusive of taxes. The Customer shall be solely responsible for the proper payment of all sales, service, value-added, use, excise and other taxes imposed by governmental authorities on the Customer for services provided by Wibu-Systems to the Customer under these Hosting Conditions.
Appendix A – Definition of API-Function-Calls
The following defines which CodeMeter Cloud Lite API calls are counted as API-Function-Calls.
The maximum response time for all API-Function-Calls listed below is one second.
The following Access REST-API-Functions are counted as API-Function-Calls:
- .../cloudlite/getsummary
(Get an overview of all available licenses) - .../cloudlite/getcontents2
(Get information about all available licenses) - .../cloudlite/access
(Allocate License) - .../cloudlite/release
(License Release) - .../cloudlite/getcontentsforhandle2
(Get information about all available licenses) - .../cloudlite/revalidate
(Renew License Access) - .../cloudlite/decreaseunitcounter
(Decrement Unit Counters)
The following Management REST-API-Functions are counted as API-Function-Calls:
- .../cloudlite/manager/licensesofticket3
(Determine licenses of a ticket) - .../cloudlite/manager/assignlicensestouser2
(Assign licenses of a user) - .../cloudlite/manager/licensesofuser2
(Determine licenses of a ticket) - .../cloudlite/manager/removelicensesfromuser
(Cancel assignment of licenses to a user) - .../cloudlite/manager/autoupdateusercontainer
(Apply Licenses for user) - .../cloudlite/manager/getversion
(Query the version number of the Web-Services)
Issue date: 2024-05-01
[Note: In the event of any deviations resulting from the translation, the formulation set forth in the German version shall prevail.]
Preamble
These terms and conditions apply to the hosting of a Firm Security Box (FSB) on the basis of a CodeMeter CloudContainer. In addition and in case of doubt, subordinate, the General Terms and Conditions (GTC) of Wibu-Systems apply.
1. Scope – Description of services, access, and usage rights
1.1 Wibu-Systems provides the Customer with a Firm Security Box (FSB) as SaaS (Software as a Service), hereinafter referred to as CmCloudFSB, in a Wibu-Systems-operated cloud data center. The service allows the use of the FSB in combination with a Universal Firm Code and all the tools of CodeMeter SDK and CodeMeter License Central (CmLC).
1.2 The hosting services include:
(a) Provision and operation of the infrastructure
(b) Automatic monitoring of the functionality of the infrastructure
(c) Infrastructure maintenance (updates and security patches)
1.3 In order to support different Customer use cases, Wibu-Systems provides the following delivery options for productive operation:
Item number | Designation |
---|---|
6640-03 | Hosting Cloud FSB for usage of one Universal Firm Code with all tools from CodeMeter SDK and CodeMeter License Central, using CmCloud |
1210-30-100 | Creation of an FSB with new Universal Firm Code |
1210-30-103 | Creation of an additional FSB for existing Firm Code |
1210-33-100 | FSB delivery: Delivery as ticket for CmCloud FSB |
1210-33-103 | FSB delivery: Delivery as CmCloud FSB to Wibu Operating Services (WOPS) for CmLC hosting |
Table 1: Delivery options of the service
1.4 The CmCloudFSB service uses an Enterprise CmCloudContainer in a CodeMeter Cloud instance. Wibu-Systems offers cloud instances in different regions. The instance to be used is agreed with the Customer.
1.5 The Enterprise CmCloudContainer used by the CmCloudFSB service allows the simultaneous connection of up to 500 users or devices. In addition to the restriction for the simultaneous use of an Enterprise CmCloudContainer, the maximum simultaneous use of a license is limited by the number of licenses that the Customer has purchased from Wibu-Systems for the relevant application.
1.6 For each CmCloudFSB, Wibu-Systems provides a credentials file that must be imported into the CodeMeter Runtime environment in order to gain access to the CmCloudFSB.
1.7 To ensure consistent availability and performance of CmCloudFSB, the API function calls are limited to a maximum of 20,000 calls per month. This restriction is not intended to affect the normal use of CmCloudFSB. The maximum number of function calls can be increased by Wibu-Systems on request, if there is a legitimate interest.
1.8 Wibu-Systems grants the Customer a revocable, non-exclusive, and non-transferable right to access CmCloudFSB during the agreed term and to use the service in accordance with these Terms.
2. Disturbance classes
2.1 Class 1 - CmCloudFSB is not available
All users/devices cannot perform all or some API function calls (e.g., access and/or use by programs for CodeMeter license creation or AxProtector), although they can reach the service.
2.2 Class 2 - CmCloudFSB has limited availability
Some users/devices cannot perform all or some API function calls or cannot do so in an acceptable time span, although they can reach the service. Other users/devices can complete all API function calls. An unacceptable time span is defined as a response time of more than 5 seconds. The response time is defined as the time between receipt by CmCloudFSB and the output of the response from CmCloudFSB for the API function call, i.e., it does not include the runtimes from the calling system to CmCloudFSB and back.
2.3 Class 3 - CmCloudFSB is available
Failures occur for individual users/devices that are not assigned to disturbance class 1 or 2.
2.4 If the outage was not caused by the CmCloudFSB system (e.g., failure due to interruption of the Internet connection), this outage is not counted as downtime.
3. Availability
3.1 Wibu-Systems makes commercially reasonable efforts to ensure that CmCloudFSB has an availability of 99.95% per calendar month.
3.2 A malfunction of CmCloudFSB that occurs due to exceeding the permitted API function calls per month in accordance with § 1 para. 7 does not constitute a failure. Wibu-Systems shall be responsible for providing evidence that the limit has been exceeded.
3.3 If the specified availability of CmCloudFSB pursuant to § 3 para. 1 is not achieved, Wibu-Systems shall grant the Customer a one-off credit for the calendar month concerned as a percentage of the remuneration paid for that month in accordance with GTC § C10 (only the line with the highest percentage is counted):
Availability within one calendar month | Credit note |
---|---|
Less than 99.95%, but more than 99.9% | 10% |
Less than 99.9%, but more than 99.5% | 20% |
Less than 99.5%, but more than 99.0% | 50% |
Less than 99.0% | 100% |
Table 2: Credit if availability is not reached
4. Maintenance
4.1 Should maintenance become necessary that could affect the availability of CmCloudFSB, it will be carried out in accordance with GTC § C6 para. 2 to 4.
4.2 CmCloudFSB is not available during maintenance of the underlying CodeMeter Cloud instance.
5. Quantity structure and fees
5.1 The Customer places a written order with Wibu-Systems or a Wibu-Systems sales partner for a CmCloudFSB for:
(a) a new Firm Code
(b) an existing Firm Code
5.2 If not all API function calls are used in a month, no refund will be made.
5.3 There is a one-off fee for creating/modifying an FSB. There is also a hosting fee for the ongoing use of CmCloudFSB, which is payable annually. Wibu-Systems or a Wibu-Systems sales partner will invoice the Customer at the beginning of the respective service period.
5.4 All fees and amounts set forth in these Hosting Terms or an Order are exclusive of taxes.
Issue date: 2024-07-15
[Note: In the event of any deviations resulting from the translation, the formulation set forth in the German version shall prevail.]
Preamble
These conditions apply to the hosting of CodeMeter License Central for the editions:
- Datacenter Edition
- Dedicated Server
- High Performance Edition
- High Availability Package
In addition and in case of doubt, subordinate, the General Terms and Conditions (GTC) of Wibu-Systems shall apply.
1. Scope – Description of services, access, and usage rights
1.1 Wibu-Systems provides the Customer with CodeMeter License Central as SaaS (Software as a Service), hereinafter referred to as CmLicenseCentralSaaS, in a hosting center operated by Wibu-Systems in a data center. The hosting services include:
(a) Provision and maintenance of infrastructure
(b) Redundant installation of the systems according to the selected hosting package
(c) Automatic monitoring of the functionality of the infrastructure
(d) Automatic monitoring of CodeMeter License Central
(e) Maintenance of the operating system (updates and security patches)
(f) Maintenance of the CodeMeter License Central application (updates and security patches)
(g) Creation of a daily snapshot of the virtual machine
1.2 In order to ensure consistent availability and performance of CmLicenseCentralSaaS, Wibu-Systems provides the Customer with the following hosting packages with performance data for productive operation in accordance with § 5 para. 2:
Item Number | Designation |
---|---|
6600-01 | Hosting CodeMeter License Central Datacenter Edition (for 1 year) |
6610-01 | Hosting CodeMeter License Central Dedicated Server (for 1 year) |
6611-01 | Hosting CodeMeter License Central High Performance Edition (for 1 year) |
6612-01 | Hosting CodeMeter License Central High Availability Package (for 1 year) |
6613-01 | Extension of High Availability Package by an additional line (for 1 year) |
Table 1: Hosting packages
1.3 If the Customer integrates CodeMeter License Central into his ERP landscape for the purpose of automated business process handling using the CodeMeter License Central Extensions and/or CodeMeter License Central Connectors provided, the customer-specific integration requires separate systems (Dedicated Server) for the development of interfaces (D-System) and for the verification of the handling processes (Q-System).
Item Number | Designation |
---|---|
6610-04 | Hosting CodeMeter License Central Q-System Including CodeMeter License Central Dedicated Server (for 1 year) |
6610-05 | Hosting CodeMeter License Central D-System Including CodeMeter License Central Dedicated Server (for 1 year) |
Table 2: Development systems
1.4 Wibu-Systems grants the Customer a revocable, non-exclusive and non-transferable right to access CmLicenseCentralSaaS during the agreed term and to use it in accordance with these Hosting Conditions. Wibu-Systems shall provide the Customer with the necessary passwords and access data for access to CmLicenseCentralSaaS.
2. Disturbance classes
2.1 Class 1 - CmLicenseCentralSaaS is not available
All or some business transactions (e.g., creating tickets, activating licenses) cannot be carried out by any user/device.
2.2 Class 2 - CmLicenseCentralSaaS is available with restrictions
Several users/devices cannot carry out all or individual business transactions or cannot do so in an acceptable time, although they can reach CmLicenseCentralSaaS. Other users/devices can carry out all business transactions.
2.3 Class 3 - CmLicenseCentralSaaS is available
Failures occur with individual users/devices that are not assigned to disturbance class 1 or 2.
2.4 If the outage was not caused by the CmLicenseCentralSaaS system (e.g. outage due to interruption of the Internet connection), this outage is not counted as downtime.
3. Availability
3.1 Wibu-Systems will make commercially reasonable efforts to ensure the availability of CmLicenseCentralSaaS depending on the selected hosting package as follows:
Item Number | Designation | Availability |
---|---|---|
6612-01 | High Availability Package | 99.9% |
6611-01 | High Performance Edition | 99.7% |
6610-01 | Dedicated Server | 99.5% |
6600-01 | Datacenter Edition | 99.5% |
Table 3: Availability of the service depending on the selected hosting package
3.2 A malfunction of CmLicenseCentralSaaS that occurs due to the monthly or hourly transaction volume being exceeded in accordance with § 5 para. 2 does not constitute a failure. Wibu-Systems shall be responsible for providing evidence of the overrun.
3.3 If the specified availability of CmLicenseCentralSaaS pursuant to § 3 para. 1 is not achieved, Wibu-Systems shall grant the Client a one-off credit for the calendar month in question as a percentage of the remuneration paid for that month in accordance with GTC § C10 (only the line with the highest percentage is counted):
Availability within one calendar month | Credit | |||
---|---|---|---|---|
High Availability Package | High Performance Edition | Dedicated Server | Datacenter Edition | |
Less than 99.9%, but more than 99.7% | 10% | / | / | / |
Less than 99.7%, but more than 99.5% | 25% | 10% | / | / |
Less than 99.5%, but more than 99.0% | 50% | 25% | 10% | 10% |
Less than 99.0%, but more than 95.0% | 100% | 50% | 50% | 50% |
Less than 95.0% | 100% | 100% | 100% | 100% |
Table 4: Credit in the event of lower availability depending on the selected hosting package
4. Maintenance
4.1 Should maintenance become necessary that could impair the availability of CmLicenseCentralSaaS, it will be carried out in accordance with GTC § C6 para. 2 to 4.
4.2 Maintenance work for the purpose of
(a) Program updates from CodeMeter License Central
(b) Maintenance on the hardware for the FSB (Firm Security Box)
is carried out in consultation with the Customer. The frequency of updates depends on the Customer's requirements. The required maintenance time and duration is agreed and planned with the Customer.
5. Quantity structure and fees
5.1 The number of transactions for the various hosting packages is based on a calculation that ensures undisturbed regular operation.
5.2 The following transactions are counted:
(a) An activation / deactivation per license is the creation, modification or deletion of a Product Item in a CmContainer. An activation process can contain several items (CodeMeter License Central Item). Each item can contain several product items. An activation process can therefore contain several activations / deactivations per license. All activations / deactivations are counted, regardless of the interface used to carry them out. Interfaces are in particular the web interface for the Customer, a license portal (e.g., WebDepot or CustomDepot), the gateways and the web services.
(b) A license request per article is each article that is contained in a ticket request. If a ticket query contains n articles, these are n license queries per article. All corresponding calls in a license portal (e.g., WebDepot or CustomDepot) or via the gateways are counted as a ticket query. These are in particular the calls of the functions doGetTicketInformation, getTicketInformation or derived functions and the license overview in the license portal.
(c) A web service call is a call to a CodeMeter License Central web service by the Customer's own application or a connector.
Item Number | Designation | Activations / Deactivations per license (month / hour) | License requests per article (month / hour) | WebService calls (month / hour) |
---|---|---|---|---|
6600-01 | Datacenter Edition | 1,500 / 15 | 50,000 / 500 | - |
6610-01 | Dedicated Server | 3,000 / 30 | 250,000 / 2,500 | 250,000 / 2,500 |
6611-01 | High Performance Edition | 25,000 / 250 | 250,000 / 2,500 | 250,000 / 2,500 |
6612-01 | High Availability Package | 50,000 / 500 | 500,000 / 5,000 | 500,000 / 5,000 |
6613-01 | Extension High Availability Package by a further line | +25,000 / +250 | +250,000 / +2,500 | +250,000 / +2,500 |
Table 4: Quantity structure of hosting packages per month / hour
5.3 All transactions are recorded both monthly and hourly. The value per hour is calculated as a burst value (maximum value) of the value per month and is listed separately in the table above.
5.4 If the monthly transaction volume from the "Datacenter Edition" hosting package is exceeded as defined below, Wibu-Systems is entitled to automatically switch the customer to the "Dedicated Server" hosting package at the list price valid at the time of the switch and to charge the difference starting from the following month. The following criteria apply alternatively:
(a) Exceeding the transaction volume by more than 100 % in three consecutive months.
(b) Exceeding the transaction volume by more than 400 % within one month.
5.5 For all other overruns, an upgrade to a higher level hosting package will be decided cooperatively between Wibu-Systems and the Customer.
5.6 The hosting fee is payable annually. Wibu-Systems or a Wibu-Systems sales partner will invoice the Customer at the beginning of the respective service period.
5.7 All fees and amounts set out in these Hosting Conditions or an Order are exclusive of taxes. The Customer shall be solely responsible for the proper payment of all sales, service, value added, use, excise and other taxes imposed by governmental authorities on the Customer for services provided by Wibu-Systems to the Customer under these Hosting Conditions.
Issue date: 2024-05-01
[Note: In the event of any deviations resulting from the translation, the formulation set forth in the German version shall prevail.]
download the CodeMeter License Central Hosting conditions as pdf
Preamble
These terms and conditions apply to the hosting of CodeMeter License Portal including the following extensions:
- Single Level User Management (Basic)
- Multi-Level User Management
- Extension CodeMeter Cloud Support
In addition and in case of doubt, subordinate, the General Terms and Conditions (GTC) of Wibu-Systems shall apply.
1. Scope – Description of services, access, and usage rights
1.1 Wibu-Systems provides the Customer with CodeMeter License Portal as SaaS (Software as a Service), hereinafter referred to as CmLicensePortalSaaS, in a hosting center operated by Wibu-Systems in a data center. The hosting services include:
(a) Provision and maintenance of infrastructure
(b) Installation of the application according to the selected scope of functions
(c) Automatic monitoring of the functionality of the infrastructure
(d) Automatic monitoring of CodeMeter License Portal
(e) Maintenance of the operating system (updates and security patches)
(f) Maintenance of the CodeMeter License Portal application (updates and security patches)
1.2 Creation of a daily snapshot of the virtual Machine CmLicensePortalSaaS requires CodeMeter License Central Edition Dedicated Server or higher.
1.3 In order to support different customer use cases, CmLicensePortalSaaS provides the following range of functions with performance data in accordance with § 5 para. 2:
Item Number | Designation |
---|---|
6624-20001-HP | Hosting CodeMeter License Portal - Single Level User Management |
6624-20002-HP | Hosting CodeMeter License Portal - Extension CodeMeter Cloud Support |
6624-20003-HP | Hosting CodeMeter License Portal - Extension Multi Level User Management |
6624-20004-HP | Hosting CodeMeter License Portal - Extension Electronic Software Distribution |
6624-20005-HP | Hosting CodeMeter License Portal - Extension License Creation |
Table 1: Functional scope of the service
1.4 Wibu-Systems grants the customer a revocable, non-exclusive, and non-transferable right to access CmLicensePortalSaaS during the agreed term and to use it in accordance with these terms and conditions. Wibu-Systems shall provide the client with the necessary passwords and access data for access to CmLicensePortalSaaS.
2. Disturbance classes
2.1 Class 1 - CmLicensePortalSaaS is not available
All or some business processes (e.g., creating tickets, activating licenses) cannot be carried out by any user/device.
2.2 Class 2 - CmLicensePortalSaaS is available with restrictions
Several users/devices cannot perform all or individual business transactions or cannot perform them in an acceptable time, although they can reach CmLicensePortalSaaS. Other users/devices can carry out all business transactions.
2.3 Class 3 - CmLicensePortalSaaS is available
Failures occur with individual users/devices that are not assigned to fault class 1 or 2.
2.4 If the outage of CmLicensePortalSaaS is caused by an outage of the underlying CodeMeter License Central, this failure is not counted as downtime.
2.5 If the outage was not caused by the CmLicensePortalSaaS system (e.g., outage due to interruption of the internet connection), this outage is not counted as downtime.
3. Availability
3.1 Wibu-Systems will use commercially reasonable efforts to ensure the availability of CmLicensePortalSaaS. Since CmLicensePortalSaaS is based on CodeMeter License Central, the availability depends on the CodeMeter License Central hosting package used as follows:
Item Number | CodeMeter License Central Hosting Package | Availability |
---|---|---|
6612-01 | High Availability Package | 99.9 % |
6611-01 | High Performance Edition | 99.7 % |
6610-01 | Dedicated Server | 99.5% |
Table 2: Availability of the service depending on the selected CodeMeter License Central hosting package
3.2 A malfunction of CmLicensePortalSaaS caused by exceeding the quantity framework according to the selected License Central hosting package does not constitute a failure. Wibu-Systems shall be responsible for providing evidence of the overrun.
3.3 If the specified availability of CmLicensePortalSaaS is not achieved in accordance with § 3 para. 1, Wibu-Systems shall grant the customer a one-off credit for the calendar month in question as a percentage of the remuneration paid for that month in accordance with GTC § C10 (only the line with the highest percentage is counted):
Availability within one calendar month | Credit depending on the selected CodeMeter License Central hosting package | ||
---|---|---|---|
High Availability Package | High Performance Edition | Dedicated Server | |
Less than 99.9%, but more than 99.7% | 10% | / | / |
Less than 99.7%, but more than 99.5% | 25% | 10% | / |
Less than 99.5%, but more than 99.0% | 50% | 25% | 10% |
Less than 99.0%, but more than 95.0% | 100% | 50% | 50% |
Less than 95.0% | 100% | 100% | 100% |
Table 3: Credit in the event of lower availability depending on the selected CodeMeter License Central hosting package
4. Maintenance
4.1 Should maintenance become necessary that could impair the availability of CmLicensePortalSaaS, it will be carried out in accordance with GTC § C6 para. 2 to 4.
4.2 CmLicensePortalSaaS is not available during maintenance of the underlying CodeMeter License Central.
5. Quantity structure and fees
5.1 The number of transactions carried out by end users is technically unlimited.
5.2 The number of users available in CmLicensePortalSaaS is limited as follows, depending on the CodeMeter License Central hosting package used:
CodeMeter License Central Hosting Package | Number of ISV Admins | Number of Group Levels | Number of End Users |
---|---|---|---|
Dedicated Server | 5 | 5 | 10,000 |
High Performance Edition | 10 | 10 | 25,000 |
High Availability Package | unlimited | unlimited | unlimited |
Table 4: User quantity structure of the service depending on the selected CodeMeter License Central hosting package
5.3 If the average number of users permanently exceeds the specified user limits, Wibu-Systems is entitled to automatically switch the customer to the "next largest" CodeMeter License Central hosting package at the list price valid at the time of the switch and to charge the difference from the following month. Alternatively, the following criteria apply:
(a) Exceeding the user limits by more than 100 % in three consecutive months.
(b) Exceeding the user limits by more than 400 % within one month.
5.4 The hosting fee is payable annually. Wibu-Systems or a Wibu-Systems sales partner will invoice the Customer at the beginning of the respective service period.
5.5 All fees and amounts set out in these Hosting Conditions or an Order are exclusive of taxes. The Customer shall be solely responsible for the proper payment of all sales, service, value added, use, excise, and other taxes imposed by governmental authorities on the Customer for services provided by Wibu-Systems to the Customer under these Hosting Conditions.
Issue date: 2024-05-01
[Note: In the event of any deviations resulting from the translation, the formulation set forth in the German version shall prevail.]
The subcontractors currently commissioned by Wibu-Systems are:
- for CodeMeter Cloud
- AWS eu-central-1 Europa, Frankfurt am Main, Germany
- AWS ap-northeast-1 Asia Pacific, Tokyo, Japan
- Claranet GmbH, Frankfurt am Main, Germany
- for CodeMeter Cloud Lite, CodeMeter License Central, and CodeMeter License Portal
- Claranet GmbH, Frankfurt am Main, Germany
1. Recital
The Processor conducts maintenance services on the IT systems operated by the Client. It cannot be excluded that the Processor will have access to or become aware of personal data in this context. The contracting parties agree that the Client alone determines the purpose and means of the Processing of such personal data in the provision of these services. The Processing of such personal data is therefore to be carried out only on behalf of the Client in accordance with Art. 28 et seq. General Data Protection Regulations (hereinafter: “GDPR”).
2. Scope and Term
2.1 The subject matter of this order Processing Agreement (hereinafter: “Agreement“) results from the “Service Agreement“ concluded between the Processor and the Client on the basis of the valid
- GTC Part C: Special provisions for Hosting Services
and the respective supplementary product-specific hosting conditions:
- CodeMeter Cloud Hosting Conditions
- CodeMeter Cloud Lite Hosting Conditions
- CodeMeter Cloud FSB Hosting Conditions
- CodeMeter License Central Hosting Conditions
- CodeMeter License Portal Hosting Conditions
The Agreement covers all activities defined in the service specifications of the Service Agreement, in the provision of which personnel employed by the Processor or third parties commissioned by the Processor come into contact with any data of the Client.
2.2 The term of the Agreement is identical with the term of the Service Agreement.
3. Definitions
3.1 “Client Data” shall mean all information processed for Client by Processor including but not limited to Personal Data.
3.2 “Data Protection Laws” shall mean any laws that apply to the Processing of data by Processor under the Agreement. This includes laws, regulations, guidelines, requirements, and government issued rules in the U.S. and other jurisdictions, at the international, country, state/provincial, or local levels, currently in effect and as they become effective, including without limitation EU Directive 95/46/EC, the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the UK Data Protection Act, 2018, the California Consumer Privacy Act of 2018 (“CCPA”) as amended by the California Privacy Rights Act of 2020 (“CPRA”), the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Utah Consumer Privacy Act (“UCPA”), the Connecticut Data Privacy Act (“CDPA”), the New York SHIELD Act, and any applicable data security and/or privacy laws of other jurisdictions.
3.3 “Data Subject” shall mean any identified or identifiable natural person to whom Personal Data relates or identifies.
3.4 “Data Subject Request” shall mean a request to access, correct, amend, transfer, rectify, restrict, limit the use, opt out of sale or sharing or other processing, or delete Data Subject’s Personal Data consistent with that person’s rights under Data Protection Laws.
3.5 “De-Identified Data” shall mean information that cannot reasonably be used to infer Information about, or otherwise be linked to, a particular consumer, provided that the business possesses the information.
3.6 “Personal Data,” “Personal Information,” shall mean information that is linked, reasonably linkable, or relates to an identified or identifiable natural person. Both Personal Data and Personal Information are referred to in this Addendum as “Personal Data”.
3.7 “Process” or “Processing” shall mean any operation or set of operations performed on Client Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, sale, analysis, alignment or combination, restriction, erasure or destruction.
3.8 “Pseudonymous Data” shall mean Personal Data that cannot be attributed to a specific individual without the use of additional information, provided such additional information is kept separately and is subject to appropriate technical and organizational measures to ensure that the Personal Data is not attributed to an identified or identifiable individual.
3.9 “Security Incident” shall mean any actual or suspected (after reasonable investigation) accidental, unauthorized, unintended, or unlawful processing, access to, exfiltration, theft, disclosure, destruction, loss, alteration, compromise, and/or malicious infection of Client Data transferred, transmitted, stored, or otherwise processed by Processor or any of its Sub-Processors or third parties that process Client Data on Processor’s behalf.
3.10 “Sell” shall have the meaning as set forth in the Data Protection Laws.
3.11 “Sensitive Personal Information” shall have the meaning(s) provided in the Data Protection Laws.
3.12 “Services” shall have the same meaning provided under the Service Agreement.
3.13 “Share” shall have the meaning as set forth in the Data Protection Laws.
3.14 “Standard Contractual Clauses” shall mean the agreement executed by and between Client and Processor and attached hereto as Exhibit B pursuant to the European Commission’s decision ((EU) 2021/914) of 4 June 2021 on Standard Contractual Clauses for the transfer of personal data to Processors established in countries outside the purview of the Client and Processor which do not ensure an adequate level of data protection.
3.15 “Sub-Processor” shall mean a Sub-Contractor engaged by Processor or its affiliates to Process Client Data as part of the performance of the Services.
3.16 “UK Addendum” shall mean the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses, Version B1.0, attached hereto as Exhibit C.
4. Specification of the Processing
4.1 The type of the personal data and the categories of data subjects (Art. 28(3) GDPR) are listed in Annex 1.
4.2 Client instructs Processor to Process Client Personal Data to perform the Services as described in this Agreement and the Service Agreement.
4.3 Processor shall only Process (including but not limited to Sale, Sharing, or Disclosure) Client Personal Data for the purposes of providing the Services specified in the Service Agreement and only in accordance with Client’s documented instructions, which may be specific instructions or standing instructions of general application in relation to the performance of Processor’s obligations under this Agreement, unless otherwise required under Data Protection Laws to which Processor is subject, in which case Processor shall notify Client prior to such Processing unless prohibited by law.
(a) Processor will not Sell or Share Client Personal Data, nor will it retain, use, or disclose Client Personal Data for any purpose other than for the specific business purpose of performing the Services specified in the Service Agreement. Processor will not Process Client Personal Data outside the direct business relationship between Client and Processor, including retaining, using, or disclosing Client Personal Data for a commercial purpose other than providing the Services specified in the Service Agreement or as required by law.
(b) Processor shall not aggregate, anonymize, or otherwise de-identify Personal Data without the prior written authorization of Client except as needed to perform the Services.
(c) Processor shall not combine Client Personal Data received from Client with any other information Processor receives from or on behalf of another person or business or which it collects from its own interactions with Data Subjects.
(d) Processor shall Process Personal Data under the Service Agreement in compliance with Data Protection Laws, including providing the same level of privacy protection required by Data Protection Laws. Processor will notify Client if Processor determines it its Sub-Processor(s) cannot meet its obligations under the Data Protection Laws, in which case Client may, upon thirty (30) days’ notice, take reasonable and appropriate steps to stop and remediate unauthorized processing of Personal Data.
4.4 Processor shall maintain a record of all categories of Processing activities carried out on behalf of Client, including at least:
(a) The name and contact details of the Processor or Processors and of each Controller on behalf of which the Processor is acting, and, where applicable, of the Processor’s and Controller’s representatives, and the Data Protection Officers;
(b) The categories of Processing carried out on behalf of Client;
(c) The categories of Data Subjects whose Personal Data is Processed by Processor on behalf of Client;
(d) The categories of Personal Data Processed by Processor on behalf of Client;
(e) Where applicable, transfers of Personal Data to a country outside the European Economic Area, including the identification of the destination country and documentation of suitable safeguards pursuant to Section 6 of this DPA; and
(f) A general description of the technical and organizational measures implemented and maintained by the Processor to protect Client.
4.5 Processor shall be responsible for its compliance with all laws regarding data that cannot reasonably identify, be related to, describe, be capable of being associated with or be linked directly or indirectly to a Data Subject. To the extent Processor Processes De-Identified Data under the Agreement, Processor:
(a) Will not attempt to associate De-Identified Data with an individual;
(b) Will not attempt to re-identify De-Identified Data;
(c) Will maintain and use De-Identified Data only in a de-identified fashion; and
(d) Will not use De-Identified Data to infer information about, or otherwise link to, an identified or identifiable individual or a device linked to such an individual.
4.6 To the extent Processor Processes Pseudonymous Data under the Agreement, Processor will not attribute or attempt to attribute Pseudonymous Data to an identified or identifiable individual. Processor will ensure and provide documentation to Client to demonstrate that any information necessary to identify the Data Subject is:
(a) Kept separately from Pseudonymous Data; and
(b) Subject to effective technical and organizational controls that prevent access to such information.
4.7 Processor agrees to treat all Personal Data as confidential and will inform all individuals with authorized access to Personal Data of the confidential nature of such information. Processor will ensure that all employees are subject to binding confidentiality obligations.
4.8 The contractually agreed data Processing shall take place in the territory described in Annex 3 for the respective product. If several possible territories are specified, it shall be agreed separately with the Client in which territory or territories its Processing shall take place. The Processor shall inform the Client at least 30 calendar days in advance if the data Processing is to be relocated to another member state of the European Union, to another state party to the Agreement on the European Economic Area or to a region outside the EEA. Any relocation to a country outside the list in Annex 3 requires the prior consent of the Client and may only take place if the special requirements of Art. 44 et seq. GDPR are fulfilled.
4.9 The Client alone determines the purpose and means of the Processing of personal data in the context of this Agreement and is therefore the data controller in accordance with Art. 4(7) GDPR. As such, the Client is responsible for compliance with the GDPR as stipulated in Art. 24 GDPR.
5. Quality Assurance and Other Duties of the Processor
5.1 In addition to the stipulations of this Agreement, the Processor has other legal duties under Art. 28 to 33 GDPR. In particular, the Processor ensures compliance with the following requirements:
(a) The Processor has appointed a Data Protection Officer who executes its duties according to Art. 38 and 39 GDPR. The contact details of the Data Protection Officer can be found in Annex 4. The Client will be notified immediately about any change of the appointed Data Protection Officer.
(b) Maintaining confidentiality in accordance with Art. 28 (3) S. 2 lit. b, 29, and 32 (4) GDPR during and after the contractual relationship between the Parties. The Processor will only assign members of staff for the execution of the agreed works who have been formally committed to confidentiality and who have been made aware of the relevant data protection regulations applicable to them. The Processor and any person reporting to the Processor who has access to personal data must only process the personal data in accordance with the Client’s instructions, including the powers conferred to them by this Agreement, unless they are required to process this data by law.
(c) Implementing and maintaining all technical and organizational measures required for the data Processing in accordance with Art. 28 (3) S. 2 lit. c and 32 GDPR and Sect. 5 of this Agreement.
(d) The Client and the Processor will cooperate with the supervisory authorities if requested in the fulfillment of their responsibilities.
(e) Immediate notification to the Client about any investigatory or other activities of the supervisory authorities in so far as they relate to this Agreement. This also applies if relevant authorities conduct investigations as part of administrative or criminal proceedings relating to the Processing of personal data by the Processor. The Processor will remedy any failings identified in official inspection reports immediately.
(f) In so far as the Client is subject to investigations by supervisory authorities, administrative or criminal proceedings, liability claims from an affected person or third party, or other claims relating to the data Processing within the context of this Agreement, the Processor will support the Client to the best of its ability.
(g) The Processor will regularly control its internal processes and technical and organizational measures to ensure that the data Processing within its responsibility is compliant with the current requirements and standards of data protection legislation and ensures due protection for the rights of the persons affected.
(h) Providing proof of the implemented technical and organizational measures to the Client in accordance with the Client’s power of supervision arising from Sect. 6 of this Agreement.
(i) The Processor will not connect any hardware to the systems of the Client or install Software thereon without the prior consent of the Client. The Processor does not have the right to Process personal data under the Client’s responsibility with the systems of third parties, including for purposes of testing.
(j) The Processor will notify the Client immediately should personal data under the Client’s responsibility be at risk at the Processor as a result of seizure or confiscation, insolvency or mediation proceedings, or other incidents or actions by third parties. The Processor will also inform all persons responsible in such events that the ownership of the data lies with the Client.
6. Technical and Organizational Measures
6.1 The Processor is required to ensure the security of Processing in accordance with Art. 28 (3) lit. c and 32 GDPR, in particular in conjunction with Art. 5 (1) and (2) GDPR. The measures to be implemented generally represent measures to ensure data security and the provision of a level of security appropriate for the risks in terms of the confidentiality, integrity, availability, and resilience of the systems, with particular attention to the current state of technology, the cost of implementation, and the type, scope, circumstances, and purpose of the data Processing as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons in accordance with Art. 32 (1) GDPR.
6.2 The Processor will arrange the internal organization in its area of responsibility in a way that satisfies the particular requirements of data protection regulations. He will implement the technical and organizational measures (hereinafter: TOM) detailed in Annex 2 to ensure the appropriate security of all personal data that he has access to in the context of the services. If any of these TOM are changed, the P rocessor will adjust the statements in Annex 2 accordingly and notify the Client by providing them with the updated document. The level of security ensured by the TOM detailed in Annex 2 must be maintained and must be tested, reviewed, and updated regularly. Should any of Processor’s regular tests reveal that its policies and/or procedures to address the data security measures identified in Exhibit B and/or Article 32 of the GDPR do not adequately protect Client Data, Processor agrees to notify Client immediately.
6.3 The Client has checked and accepted the TOM detailed in Annex 2. They are considered part of the contractual basis for data Processing. The Parties agree to conduct any required inspections or audits by the Client by mutual consent.
6.4 The TOM are subject to technical developments and evolution. With this in mind, the Processor has the right to implement alternative appropriate measures as long as these do not fall below the level of security ensured by the agreed TOM. Any substantial changes must be documented.
7. Client’s Supervisory Rights
7.1 The Client is entitled to conduct inspections with the consent of the Processor or to commission external inspectors for individual inspections. Client has the right to ascertain whether the Processor complies with the requirements of this Agreement by means of random checks that are typically announced with at least 30 days notice and conducted during regular operating hours.
7.2 The Processor agrees to allow for and contribute to reasonable audits by Client (or Client’s designated auditor) to demonstrate Processor’s compliance with its obligations under this Agreement and under Data Protection Laws (“Audits”).
(a) Client may audit Processor’s compliance with its obligations under this Agreement and Data Protection Laws, including but not limited to ongoing manual reviews, automated scans, regular assessments, audits, or other technical and operational testing at least once every 12 months.
(b) Client may use a third party to perform the Audit on its behalf, provided the third party is a qualified auditor and executes a confidential agreement acceptable to Processor before the Audit.
(c) Alternatively, subject to the prior written consent of Client, Processor may arrange for a qualified and independent auditor approved by Client to conduct, at least annually and at the Processor’s expense, an audit of the Processor’s policies and technical and organizational measures in support of its obligations under this Agreement and Data Protection Laws. Such audit shall be conducted using an appropriate and accepted control standard or framework and audit procedure, which must be approved by Client.
(d) Processor must provide Client with any Audit reports or findings generated in connection with any Audit at no charge, unless prohibited by law.
7.3 The Processor ensures that the Client can ascertain whether the Processor complies with its duties in accordance with Art. 28 GDPR. He supports the Client in the implementation of inspections and random checks. The Processor will provide the Client with the required information in text form within appropriate notice and, in particular, provide proof of the implementation of technical and organizational measures.
7.4 Proof of the implementation of such technical and organizational measures may include, but are not limited to, the following forms:
(a) Compliance with agreed codes of conduct in accordance with Art. 40 GDPR;
(b) Certification by approved certification processes in accordance with Art. 42 GDPR;
(c) Current reports, statements, or excerpts thereof from independent entities (e.g. auditors, Data Protection Officers, IT security teams, data protection auditors, quality auditors etc.); or
(d) Suitable certification in IT security or data protection audits (e.g. BSI - German Federal Office for Information Security baseline protection).
7.5 The Client will notify the Processor immediately and comprehensively about any mistakes or irregularities concerning data protection regulations identified when reviewing the delivered services.
7.6 Processor shall notify Client without undue delay, and in no event later than 36 hours, after becoming aware of a Security Incident and shall co-operate with Client and take such reasonable commercial steps as are directed by Client to assist in the investigation, mitigation, and remediation of a Security Incident. Processor shall also provide Client with the assistance necessary for Client to meet its obligations relating to Security Incidents.
8. Support for the Performance of the Client’s Duties
8.1 The Processor supports the Client in the maintenance of the duties concerning the protection of personal data in accordance with Art. 30 to 36 GDPR, the duty to report any data incidents, the data protection impact assessments, and prior consultations. This includes, but is not limited to
(a) Maintaining an appropriate level of protection by means of technical and organizational measures in accordance with Sect. 5;
(b) Reporting any violation of data protection immediately to the Client;
(c) Supporting the Client in its duty to inform all persons affected and providing all relevant information in this context immediately;
(d) Supporting the Client with data protection impact assessments;
(e) Supporting the Client with creation of records of Processing activities; and
(f) Supporting the Client as part of prior consultations with supervisory authorities.
8.2 Processor will provide such assistance, including taking any appropriate technical and organizational measures, as Client requests to help Client fulfill its obligations under Data Protection Laws to respond to Data Subject Requests. Notwithstanding its obligations under this Section, Processor is not obligated to respond to a Data Subject Request directly from a Data Subject and does not otherwise assume any liability or responsibility for responding to Data Subject Requests.
(a) Unless expressly authorized by Client, Processor shall not respond to any Data Subject Request.
(b) Unless it is permitted to retain Personal Data under the Data Protection Laws, Processor will comply with Client’s direction to delete any Personal Data Processed under the Agreement and shall notify any Sub-Processors of such direction as applicable. Processor shall not be required to delete any of the Personal Data to comply with a Data Subject’s request directed by Client if it is necessary to maintain such information in accordance with applicable law, in which case Processor shall promptly inform Client of the exceptions relied upon under applicable law and Processor shall not use the Personal Data retained for any other purpose than provided for by that exception.
(c) Processor will assist Client in complying with a Data Subject‘s request to limit the use and disclosure of Sensitive Personal Information and will not use the Sensitive Personal Information after it has received instructions from the Client and to the extent it has actual knowledge that the Personal Data is Sensitive Personal Information for any other purpose.
8.3 Both Parties will assist the other in communicating and cooperating with any regulators relating to Client Personal Data.
(a) Processor shall notify Client of all enquiries from a regulator that Processor receives which relate to the Processing of Personal Data under the Agreement, the provision or receipt of the Services, or either Party‘s obligations under the Agreement, unless prohibited from doing so by law or by the regulator.
(b) Unless a regulator requests in writing to engage directly with Processor, the Parties (acting reasonably and taking into account the subject matter of the request) agree that Client shall be responsible for handling all regulator requests. Client shall: (a) be responsible for all communications or correspondence with the regulator in relation to the Processing of Personal Data and the provision or receipt of the Services, and (b) keep Processor informed of such communications or correspondence to the extent permitted by law. Processor shall provide such assistance as Client may request in relation to such a regulator request.
8.4 If Client Personal Data is being provided to a third party in response to a subpoena or other discovery request, to the extent permitted by applicable law, Processor will provide Client with notice of the subpoena or discovery request prior to disclosing the Client Personal Data so that Client may, at its expense, object to the subpoena or discovery request, or seek an appropriate protective order.
9. Authority of the Client
9.1 The Processor processes the personal data within the responsibility of the Client only as instructed by the Client and documents all instructions received from the Client. In particular the Processor must not remove, change, or delete any personal data without the Client’s express consent. This applies irrespective of the form in which such data is recorded or stored.
9.2 The Client’s authority as stipulated in Sect. 9.1 also covers instructions concerning the type, scope, and procedure of maintenance works to IT systems as part of the Service Agreement to the extent that these affect the Processing of personal data.
9.3 The Processor will confirm oral instructions immediately at least in text form.
9.4 The Processor will notify the Client immediately about any instructions deemed by them to not comply with data protection requirements. The Processor is entitled to suspend the implementation of such instructions until they have been confirmed or revised by the Client.
9.5 The Client appoints a person to exercise its right to issue instructions. The Processor appoints a person to receive the instructions of the Client and ensure their implementation. These persons and their contact details are listed in Annex 4.
9.6 If the Processor is obliged by legal requirements to carry out further processing, it shall inform the Client thereof prior to the processing, unless the relevant law prohibits such notification due to an important public interest.
10. Remuneration
All services required by the GDPR (e.g. deletion, rectification, direct access) are already covered by the Service Agreement. The Client will pay the Processor for any additional support services that are not covered by the Service Agreement and not due to any wrongdoing on the part of the Processor. The Processor will present an offer for such services.
11. Sub-Contracts
11.1 For the purposes of this Agreement, sub-contracts refer to all services that relate immediately to the delivery of the principal services. This does not include other services that the Processor uses, including, but not limited to telecommunication services, postal or other transport services, maintenance and user support services, or storage device destruction services. The Processor is required to implement appropriate agreements and controls in accordance with the legal requirements to protect the security and confidentiality of the Client’s data when using subcontracted services.
11.2 The Processor must only commission services from Sub-Contractors (additional, subordinate Processors) with the prior express and written consent of the Client.
(a) The Client consents to the commissioning of the Sub-Contractors named in Annex 3 on the condition of the presence of a written contractual agreement in accordance with Art. 28 (2 to 4) GDPR
(b) The Client hereby issues the Processor with a written and general authorization to change the Sub-Contractor named in Sect. 10.2 a)of this Agreement if:
- The Processor gives the Client at least 30 days prior notice of the commissioning to other Sub-Contractors in writing or text form, and
- The Client has not objected to the commissioning in writing or text form before the planned transfer of the data, and
- A written contractual agreement in accordance with Art. 28 (2 to 4) GDPR is implemented.
11.3 The transfer of personal data of the Client to a Sub-Contractor and the initiation of works by a Sub-Contractor are only allowed if all conditions for such sub-contracting are present and fulfilled. The Processor will provide the Client with a copy of the agreement entered into with the Sub-Contractor upon request by the Client.
11.4 Should the Sub-Contractor provide the agreed services outside of the member states of the EU / EEC, the Processor implements appropriate measures to ensure compliance with data protection regulations. This also applies if a Processor as according to Sect. 11.1 Sentence 2 is commissioned.
11.5 Processor will ensure that any Sub-Processor that has access to Client Personal Data enters into a written agreement obligating the Sub-Processor to comply with terms that are at least as restrictive as those imposed on Processor under this DPA.
11.6 Processor shall remain fully liable to Client for the performance of its Sub-Processors’ obligations and shall be responsible to Client for its Sub-Processors’ Processing of Personal Data.
12. Correction, Restriction, and Deletion of Data
12.1 The Processor must not correct, delete, or otherwise restrict the use of the data made available to them for data Processing, unless on the documented instruction of the Client. Should an affected person contact the Processor directly in this regard, the Processor will immediately notify the Client.
12.2 The rights stated in Chapter III GDPR for affected persons must to be assured by the Client. The Processor will support the client with suitable technical and organizational measures without additional costs.
12.3 No copies or duplicates of the data must be created without the knowledge of the Client. This does not include backup copies to the extent required to ensure orderly data Processing as well as data required for compliance with the legal retention requirements.
13. Deletion and Return of Personal Data
13.1 After the completion of the contractually agreed works or earlier at the request of the Client – but latest upon termination of the Service Agreement – the Processor will return all documents to the Client that have come into its possession, results of the Processing and use of data, and data sets relating to the contractual relationship with the Client or destroy them in accordance with the applicable data protection regulations with the Client’s prior consent. The same applies to testing and waste materials. A record of the destruction is to be provided upon request.
13.2 All records to serve as proof of the contractually correct and orderly Processing of the data are to be maintained by the Processor beyond the termination of the Agreement in accordance with the applicable retention periods. For its relief, the Processor can transfer such records to the Client upon termination of the Agreement.
14. Data Transfers
14.1 Processor will not transfer, Process, or cause another party to Process Client Data to or within any country outside of the European Economic Area without the consent of Client.
14.2 The Parties agree that the Standard Contractual Clauses, attached as Exhibit D, will apply to transfers of Personal Data either directly from the European Economic Area (“EEA”) or via onward transfer, to any country not recognized by the European Commission as providing an adequate level of protection for Personal Data (a “Restricted Transfer”) and to any other transfer which is a Restricted Transfer under the GDPR, and the Parties hereby enter into those Standard Contractual Clauses as a separate agreement in respect of such Restricted Transfer. For the avoidance of doubt, the Standard Contractual Clauses shall come into effect under this Section 14.2 on the later of (i) Client becoming a party to them by signing this Agreement; (ii) Processor becoming a party to them by signing this Agreement; or (iii) commencement of the relevant Restricted Transfer. If the Standard Contractual Clauses are invalidated or modified by judicial proceeding, statute, regulation, or otherwise, the Parties shall cooperate to identify alternative data transfer mechanisms, if available, provided that either Party may decline to adopt such mechanisms or to accept a modification of the Standard Contractual Clauses in its sole discretion.
14.3 The Parties agree that the UK Addendum to the Standard Contractual Clauses (“UK Addendum”) will apply to transfers of Personal Data in Section 14.2, where the Personal Data will be transferred either directly from the United Kingdom (“UK”) or via onward transfer to any country not recognized by the European Commission as providing an adequate level of protection for personal data (as described by the UK GDPR) (a “UK Restricted Transfer”), and the Parties hereby enter into the UK Addendum as a separate agreement in respect of the UK Restricted Transfer. For the avoidance of doubt, the UK Addendum shall come into effect under this Section 14.3 on the later of (i) Client becoming a party to it by signing this Agreement; (ii) Processor becoming a party to it by signing this Agreement; or (iii) commencement of the relevant UK Restricted Transfer. If the UK Addendum is invalidated or modified by judicial proceeding, statute, regulation, or otherwise, the Parties shall cooperate to identify alternative data transfer mechanisms, if available, provided that either Party may decline to adopt such mechanisms or to accept a modification of the UK Addendum in its sole discretion.
15. Additional Compliance Provisions
The Parties each represent and warrant to each other that they have read and understood the requirements of all applicable Data Protection Laws and will be responsible for their own compliance with them.
15.1 In addition to the terms set forth in Section 7.1 of this Agreement, Processor agrees, upon the reasonable request of Client, to make available to Client all information in its possession necessary to demonstrate Processor’s compliance with its obligations under this Agreement and the Data Protection Laws. Client shall have the right to take reasonable and appropriate steps to ensure that the Processor is using Client Data in a manner consistent with Processor’s obligations under this Agreement and Data Protection Laws.
15.2 The disclosure of Client Personal Data to Processor does not constitute a Sale or Sharing under the Data Protection Laws. Notwithstanding anything in the Agreement, the Parties acknowledge and agree that Client’s provision of access to Personal Data is not part of and is explicitly excluded from the exchange of consideration or any other thing of value between the Parties.
15.3 This Agreement and the Hosting Agreement shall be interpreted as broadly as necessary to implement and comply with the mandatory provisions of the Data Protection Laws.
15.4 Each Party agrees that it is responsible for its own compliance with the requirements of the applicable Data Protection Laws and agrees to indemnify, defend, and hold harmless the other Party from and against any claims, demands, losses, liabilities, fines, penalties, costs, and expenses arising out of or relating to its own acts and omissions that do not comply with the Data Protection Laws. This duty to indemnify, defend, and hold harmless includes fines that may be imposed by a governing authority and any and all reasonable attorneys’ fees and court costs.
15.5 The Parties agree that where Processor processes Personal Data, it functions as a Service Provider and a Processor under the Data Protection Laws.
16. Final Clauses
16.1 By signing this Agreement, Processor certifies that it understands the restrictions herein and will comply with them.
16.2 The obligations contained in this Agreement, including the Exhibits, Attachments, and Appendices, shall not restrict Processor in its rights and/or obligations to: (a) comply with federal, state, or local laws, or to comply with a court order or subpoena to provide information or legal holds, or (b) to comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities.
16.3 Unless explicitly stated otherwise in this Agreement, the terms in this Agreement are to be interpreted in accordance with their definitions in the GDPR.
16.4 Any amendments or additions to this Agreement must be made in writing (including by telefax or email). This includes any waiver to this requirement of the written form.
16.5 This Agreement is subject to the laws of the Federal Republic of Germany. The exclusive legal venue and place of delivery for all obligations arising from this Agreement is the registered seat of the Processor.
16.6 Should any one of the clauses of this Agreement be or become partially or fully void or invalid or there be any omissions in this Agreement, this shall not affect the validity of the remaining Agreement. The Parties agree to replace the void or invalid clause with a clause that is legally valid and comes closest to the original intent of the Parties. In the case of an omission, the Parties agree to find a stipulation that would have been agreed in accordance with the intention and purpose of this Agreement had the Parties considered the matter in question at the original conclusion of this Agreement.
16.7 The following annexes form part of this Agreement:
Annex | Title |
---|---|
Annex 1 | Information about Data Processing |
Annex 2 | Technical and organizational measures |
Annex 3 | Sub-Contractors |
Annex 4 | Contact persons |
Annex 1 – Information about the Data Processing
1. Types of Personal Data
Depending on the type of Agreement, different types or categories of data are subject to collection, Processing, and use of data:
1.1 CodeMeter Cloud Hosting
The following types or categories of data are subject to collection, Processing, and use:
Personal Data | Special Categories of Personal Data (cf. Art. 9 (1) GDPR) |
---|---|
User accounts | |
Encrypted passwords | |
Login records | |
IP addresses of end users | |
Serial numbers of CmCloud Containers | |
Programmed licenses | |
Browser identities | |
Client computer name |
1.2 CodeMeter Cloud Lite Hosting
The following types or categories of data are subject to collection, processing, and use:
Personal Data | Special Categories of Personal Data (cf. Art. 9 (1) GDPR) |
---|---|
User accounts | |
Login records | |
IP addresses of end users | |
Programmed licenses | |
Browser identities | |
Client computer name |
1.3 CodeMeter Cloud FSB Hosting
The following types or categories of data are subject to collection, processing, and use:
Personal Data | Special Categories of Personal Data (cf. Art. 9 (1) GDPR) |
---|---|
User accounts | |
Login records | |
IP addresses of end users | |
Serial numbers of CmCloudContainers | |
FSB Contents | |
Usage Data | |
Browser identities |
1.4 CodeMeter License Central Hosting
The following types or categories of data are subject to collection, processing, and use:
Personal Data | Special Categories of Personal Data (cf. Art. 9 (1) GDPR) |
---|---|
User accounts | |
Login records | |
IP addresses of end users | |
Serial numbers of CmContainers | |
Programmed licenses | |
Browser identities | |
Client computer name |
1.5 CodeMeter License Portal Hosting
The following types or categories of data are subject to collection, processing, and use:
Personal Data | Special Categories of Personal Data (cf. Art. 9 (1) GDPR) |
---|---|
User accounts | |
Login records | |
IP addresses of end users | |
Serial numbers of CmContainers | |
Programmed licenses | |
Browser identities |
2. Categories of Affected Persons
The persons affected by the Processing of the personal data include:
- Staff members of the Processor
- Staff members of the Client
- End users of the Client
3. The details of the Processing to be carried out under the Agreement are as follow
Roles of the Parties (check the option that applies) | Client: | Controller | Processor | Sub-Processor |
Processor: | Controller | Processor | Sub-Processor | |
If neither Client nor Processor is the Controller, identify the Controller: |
Subject Matter of Processing |
Processing Instructions | Client instructs Processor to Process Personal Data to provide the Services set forth in the Agreement, which include (please provide a general description of the Services provided by Service Provider): |
Duration of Processing | As set forth in the Agreement |
Nature and Purpose of Processing | As set forth in the Agreement |
Types of Personal Data Processed | Abilities/ aptitudes | Education records (e.g., transcript) | Iris/ retina scan | Professional licenses |
Address | Email address | Keystroke patterns | Purchase/ Service history | |
Attitudes | Employee ID | Marital status | Religion | |
Background checks | Employment history | Medical claim history | Resume | |
Bank account number | Eye color | Medical conditions | Signature | |
Bank routing number | Facial images | Medical device identifiers | Sleep patterns | |
Beneficiary information | Financial records | Medical photo images/X-Rays | Social Insurance Number | |
Beneficiary number | Finger or handprint | Medical record number | Social Security number | |
Blood pressure | Gender/ Gender Identity | Medical test results | State ID | |
CCTV footage | Genetic information | Medication | Subscriber number | |
Citizenship Status | Govt-issued ID number | Mental health | Survey responses | |
Compensation information | Handicapped status | Name | Tax information | |
Credit history | Health records | National ID Card Number | Telephone number | |
Criminal history | Health status | National origin/ race/ethnicity | Union membership or information | |
Date of birth | Health symptoms | Partial Social Security number | Vehicle License Plate Number | |
Dates of health service | Health treatments | Passport number | Vein patterns | |
Diagnosis | Height | Payment card number | Veteran/ Military Status | |
Disability | Immigration/ VISA | Performance Evaluations | Voice patterns | |
Disease/ disorder | Insurance information | Philosophical beliefs | Voice recordings | |
Driver’s license number | Insurance policy numbers | Political party | Weight | |
Education history information | Intelligence | Preferences, Trends, Predispositions | ||
Other: |
Categories of Data Subjects Whose Personal Data Is Processed | Employees | Vendors/ Third Parties | Merchant | Website visitors |
Job applicants | Vendor employees | Client employees | Consumers | |
Dependents/ Beneficiaries | Clients/ customers | Application/ website users | Client customers | |
Former Employees | Potential clients/ customers | Minors | ||
Other: |
Annex 2 – Technical and organizational measures
1. Confidentiality (Art. 32 (1) lit. b GDPR)
Physical access | Doors to the premises are kept closed. |
Electric door openers are installed. | |
Access controls are in place to ensure that delivery people or other external persons, including Processors, only enter the premises when required and never unaccompanied. | |
Keys are held by a closely defined group of authorized persons. All key holders know which measures need to be taken in case of loss. | |
A central locking system with separate locking areas is in place. | |
Burglar alarms are active outside of business hours. |
System access | Users’ logins to the operating systems are set with passwords. |
Only one login is used per user. Only special systems use group accounts. These are only available to a closely defined group of data center personnel. | |
Passwords contain at least eight characters, including capitals, figures, and special characters. | |
Password guidelines are in place. | |
When users leave their workstation, their computers are manually or automatically locked by a screen saver / lock after a defined period. |
Data access | Users are assigned to separate user groups with separate rights to access data. An entitlement concept is in place. |
User logins and logouts are recorded (with statistical analysis). | |
Passwords must not be shared with colleagues (cf. password guidelines). | |
All changes and deletions are recorded. |
Separation | Any changes are introduced in a “test – demo – live” process whenever possible on the Client’s systems. |
Physical separation of data is ensured. | |
Data is deleted on the instructions of the Client. |
Destruction of data media | The destruction data media is affected according to ISO/IEC 21964-1:2018. |
2. Integrity (Art. 32 (1) lit. b GDPR)
Data communication | Open-VPN, IPSEC are used. |
A log file is created. |
Entries | A log file records login attempts, logouts, and password changes. |
3. Availability and Resilience (Art. 32 (1) lit. b GDPR)
Availability | Uninterruptible power supply systems are used. |
The systems are protected externally by means of a firewall. | |
All computers use current anti-virus software. | |
Regular backups (incremental and complete) are conducted on a set cycle. | |
The systems are equipped with redundant hard-drive systems (RAID-1, RAID-5). | |
The data centers are climate controlled. | |
Security guidelines are in place. |
Security Updates | Available security updates are implemented automatically at regular intervals. |
Quick Recovery | The systems are equipped with redundant hard-drive systems (RAID-1, RAID-5). |
Storage of backup media | Backup media are stored and locked in a fire section separated from the server room. |
Fire protection | The server room used for hosting is equipped with an automatic fire extinguishing system. |
4. Regular Testing, Assessment, and Evaluation Procedures (Art. 32 (1) lit. d, and 25 (1) GDPR)
Order Monitoring | No data processing in accordance with Art. 28 GDPR without relevant instructions of the Client: IT management is in charge of monitoring the technical and organizational requirements defined by the Agreement. |
Annex 3 – Sub-Contractors
Wibu-Systems operates data centers in the following regions:
Sub- Contractor | Address | Service | Service location | Code- Meter Cloud | Code- Meter Cloud Lite | Code- Meter Cloud FSB | Code- Meter License Central | Code- Meter License Portal |
---|---|---|---|---|---|---|---|---|
Claranet GmbH | Hanauer Landstrasse 196 D-60314 Frankfurt am Main Germany | Data center operations | Germany | |||||
Amazon Web Services EMEA SARL | 38 Avenue John F. Kennedy 1855 Luxembourg | Data center operations | Germany, Japan, USA |
Annex 4 – Contact Persons
Recipient of Instructions to the Processor:
Name | Uwe Traschuetz, Director Wibu Operating Services (WOPS) |
Address | Zimmerstrasse 5, 76137 Karlsruhe, Germany |
Phone | +49 721 93172-312 |
uwe.traschuetz(at)wibu.com |
Data protection Officer of the Processor:
Name | Dr. Peer Wichmann |
Address | Zimmerstrasse 5, 76137 Karlsruhe, Germany |
Phone | +49 721 93172-0 |
dataprotection(at)wibu.com |
Issue date: 2024-09-17
[Note: In the event of any deviations resulting from the translation, the formulation set forth in the German version shall prevail.]