GTC

General Terms and Conditions

AWARE7 GmbH

Munscheidstraße 14

45886 Gelsenkirchen

(hereinafter “AWARE7”)

Preamble

AWARE7 operates a software for the automatic detection of IT security vulnerabilities („Software/RiskRex“) on the Internet under the URL https://riskrex.com. These GTCs govern the contractual relationship between AWARE7 and the customer.

1. Scope of application of these terms and conditions

1.1 The use of the software is based on these General Terms and Conditions („GTC“).

1.2 These General Terms and Conditions shall apply exclusively. Terms and conditions of customers or third parties shall not become part of the contract. By using the software and, if applicable, by concluding a subscription contract, the customer accepts these GTC.

2. Registration and Account

2.1 The use of the software in „RISKREX Lite“ is free of charge for the customer. However, the range of functions is very limited here.

2.2 In order to be able to make use of extended functions of the software, the customer must register in the software. All required fields in our registration form must be filled out. When the customer has filled in all required master data and transmitted it to AWARE7, the customer profile will be activated. After registration by the customer, AWARE7 will send a confirmation e-mail to the e-mail address provided. This e-mail contains an activation link for the customer profile. Only after the activation via the activation link the registration is complete and the customer profile can be used.

2.3 All master data requested by AWARE7 during registration must be complete and correct. For registration at least first and last name, industry and company size classification, a professional e-mail address and the choice of a personal password are required. The access data to RiskRex, especially the personal password, must be kept secret by the customer and may not be passed on to third parties.

2.4 There is no right to registration. AWARE7 is entitled at any time to reject a registration request or to delete the master data of registered customers without giving reasons, if there is a violation of these Terms and Conditions in accordance with section 5 or fundamental principles of these Terms and Conditions.

2.5 The customer may delete the profile on AWARE7 at any time. AWARE7 reserves the right to delete customer profiles that are not fully activated or those that have been inactive for a period of more than 12 months after prior notice.

2.6 AWARE7 is not able to verify the accuracy of the master data provided by a customer. Therefore, AWARE7 cannot assume any responsibility for the correctness and/or completeness of customer data. AWARE7 will immediately investigate justified complaints and, if necessary, take appropriate measures to resolve them.

3. Scope of Service

3.1 The software offers the customer an Internet-based service which, after entering a domain, checks the security status of the IP addresses, networks and other related endpoints (endpoints are domains, URLs, hostnames, websites, IP addresses that can be reached via the network (e.g. Internet)). The software does not interfere with the examined systems and does not overcome any access security measures, but only scans from outside for freely accessible services, proprietary and OSINT sources. This scan can also be a portscan. The automatic responses of these scans are logged and the results of the scan are further processed, evaluated and displayed. Further processing here means that various tests are carried out to determine the general security status of the systems, such as the exact version of the software used, checking whether server services are freely accessible or no passwords are used to use services.

3.2 With the use of the software the customer receives the simple, non-transferable right to use the restricted basic functions. After registration the customer has access to limited functions of the software. The full range of functions, however, will only be activated after the conclusion of a paid subscription contract. The customer therefore only receives the full simple, non-transferable rights to use the software after the conclusion of this subscription contract. These usage rights are limited to the term of the subscription contract.

3.3 AWARE7 shall be entitled to extend the respective scope of functions of the software at any time without any claims of the customer.

3.4 The software is operated on servers of AWARE7 and its service providers. The time of delivery for the use of the software is the router exit of the computer center of AWARE7 or its service providers. AWARE7 shall not be responsible for the quality of the required hardware and software on the customer’s side, nor for the telecommunication connection between the customer and AWARE7 up to the handover point.

3.5 If a subscription contract is concluded, the following shall apply: AWARE7 shall provide the contractual services with an availability of 97%. This availability is calculated on the basis of the time spent in the contract period on the respective calendar month minus the maintenance work defined below. During business hours, the service may be interrupted for a maximum of 60 minutes in total per day. Business hours are all working days available in North Rhine-Westphalia in the period from 9:00 to 17:00 CET.

3.6 AWARE7 is entitled to temporarily suspend or limit the availability of the contractual services outside business hours („Downtimes“) in order to carry out maintenance work or improvements to the system. AWARE7 shall notify the contractual customer in due time in writing of the start and duration of the maintenance work. However, the downtimes within the maintenance window shall not exceed 10 hours per month. Each commenced quarter of an hour shall be calculated as a whole. Downtimes shall also include times during which the system is not available within the agreed access times.

3.7 The scope of functions of the software in detail results from the booked software package. In particular, the software does not protect against attack by viruses, Trojans or similar malware. The functions of the software are limited to the collection, measurement and display of certain data.

4. Conclusion of contract, distance selling

4.1 The customer can conclude an online subscription contract in the software after completing the registration to activate the full range of functions and choose different packages. When selecting the desired package, the customer is then taken to an order page with a summary of the selected contract contents. Here, by clicking on the box „Yes, I agree and expressly demand that before the end of the revocation period, the execution of the commissioned service is commenced. I am aware that I will lose my right of revocation if the contract is completely fulfilled. You will find more information on this in the AGBd.“ to confirm that the right of revocation expires with complete fulfilment of the contract by access to the cost-obligated functions of the software. The customer can then send his offer to conclude a contract at the bottom of the order page by clicking on the button „Order now subject to payment“. Before sending the order, the customer can change and view the data at any time. AWARE7 will then send the customer an automatic confirmation of receipt by e-mail, in which the customer’s order is listed again and which the customer can print out by using the „Print“ function. The automatic confirmation of receipt merely documents that AWARE7 has received the customer’s order and does not constitute an acceptance of the request. The contract is not concluded until AWARE7 has submitted the declaration of acceptance, which is sent by a separate e-mail (order confirmation). In this e-mail the text of the contract will be sent to the customer by AWARE7 on a durable data carrier (e-mail or paper printout) (confirmation of contract). The text of the contract will be stored in compliance with data protection.

4.2 The contract is concluded in German language. This translation is provided as a service.

4.3 Right of revocation

As a consumer, the customer has a statutory right of revocation. The customer is aware that AWARE7 will begin to perform the commissioned service after the conclusion of the contract with the first retrieval of the unrestricted result list for an inspection process before the end of the objection period. The customer agrees herewith, also that he/she will lose his/her right of revocation if AWARE7 completely fulfils the contract. The customer will be informed of this fact again before placing his order and his consent will be obtained.

5. Duties of the customer

5.1 The customer is obliged to use the software only in accordance with applicable laws. In particular, he shall not use the software to spy on the websites of third parties with the intention of using the acquired information for illegal or unfair purposes.

5.2 The results of the respective test may not be published or passed on to third parties. They serve solely as a security check of the own web presence or the affiliated companies.

5.3 Insofar as the software enables the customer to store his own content in the software, the following conditions apply:

• Contents may not violate laws or essential principles of these GTC regarding prohibited contents
• By using the software, the customer undertakes in particular to ensure that any content posted by him does not infringe any rights of third parties, in particular copyrights, personal rights, patent and trademark rights and other rights. He also undertakes to observe the applicable criminal laws and youth protection regulations during the use of the software and when creating content. In particular, the customer will not disseminate on the portal any racist, Holocaust denying, grossly offensive, pornographic or sexual, youth endangering, extremist, violence glorifying or trivializing, war glorifying, advertising for a terrorist or extremist political association, inciting to a crime, defamatory statements, insulting or unsuitable for minors or other punishable contents.

6. Review of content, blocking

6.1 AWARE7 shall be entitled, despite the absence of any legal obligation to do so, to check the customer’s content for admissibility before or after publication and, in the event of a breach of these General Terms and Conditions, to delete or not activate it. In addition, AWARE7 shall have the right to edit, move or close down the customer’s content.

6.2 As far as AWARE7 provides the customer with the use of the software free of charge, i.e. no subscription agreement has been concluded with AWARE7, the services offered by AWARE7 are provided by AWARE7 as a voluntary service. In this case, the customer has no right to the use of the software, the fulfillment of certain requirements, or a constant and uninterrupted availability of the software. In particular, AWARE7 may at any time temporarily or permanently suspend its services without prior, explicit and individual information of the customer.

6.3 AWARE7 shall be entitled to adapt, improve and further develop the software, as well as to discontinue all services at any time after prior notice.

6.4 AWARE7 is entitled, without prior notice and at its sole discretion, to warn and/or temporarily or permanently suspend a customer for factual reasons, especially if there are concrete indications that the customer has violated these GTC, legal regulations or the rights of third parties. If a subscription contract is concluded, such a block is only permissible after prior termination of the contract without notice. Blocked customers are not allowed to register a new customer profile.

7. Rights of use

7.1 The customer is expressly prohibited from using, changing and/or modifying the software beyond the rights granted in section 3.2. In particular, the customer is not permitted to rent, sell, license, assign or otherwise transfer the rights granted to him/her in the portal. The customer is expressly prohibited from determining and disclosing the source code of the software. If the customer violates the agreed scope of use, he/she shall be liable to AWARE7 for compensation of any damages resulting therefrom.

7.2 The customer grants AWARE7 and all companies affiliated with AWARE7 a free, non-exclusive, irrevocable, transferable and sublicensable right of use, unlimited in time and place, in all known and not yet known types of use, in particular in the software and all mobile offers, of all content that the customer places and/or publishes in the software, insofar as these are works protected by copyright or other legal protection. The above granting of rights includes all copyrights, database rights, industrial, intangible or other property rights.

8. 8. Payment & invoicing

   8.1 The complete functional scope of the software is only accessible after conclusion of an online subscription contract. Up to this point in time, no payments are due to the customer.

   8.2 The amount of the remuneration depends on the selected package. These are described in detail within the software before the conclusion of the contract. The prices stated there apply. Unless otherwise stated, as gross final price including the statutory VAT.

   8.3 The remuneration is due annually or according to the selected payment model in advance. The first time on the day on which the contract was concluded.

   8.4 AWARE7 accepts major credit cards or invoices. Virtual credit cards and gift cards are generally not accepted. Other forms of payment can be arranged by contacting AWARE7 at support@riskrex.de. Please note that all payment terms presented to you when using or registering for paid services are considered part of this agreement.

   8.5 We use third party payment processors (the „Payment Processors“) to bill you for the use of the Paid Services through a payment account associated with your account in the Services (your „Billing Account“). In addition to this Agreement, the processing of payments may be subject to the Payment Processors‘ terms and conditions and privacy policies. We are not responsible for errors made by the Payment Processors. By opting to use Paid Services, you agree to pay us, through the Payment Processors, all fees at the then prevailing rates for the use of such Paid Services in accordance with the applicable Payment Terms and Conditions, and you authorize us to charge the Payment Processors to the payment processor of your choice (your „Payment Method“). You agree to make the payment using the selected payment method. We reserve the right to correct any errors or mistakes that it makes, even if it has already requested or received payment.

   8.6 The term of this agreement begins the day the subscriber signs up electronically for the services by creating an account with an email address. Payment will be invoiced in advance or paid directly via one of the payment methods indicated. All invoices are in Euro and must be paid in Euro by the Subscriber. Fees and renewal fees are invoiced at the rate agreed upon at the time of purchase. You may cancel the services at any time by unsubscribing in writing by e-mail to support@riskrex.de. Upon termination, your account will be deactivated and you will no longer be able to log on to our website and/or access the payable services. Except for the subscription obligations you have agreed to, which are non-refundable as permitted by law, you agree that upon termination, the first year fees for the Services and any start-up costs associated with setting up your account („Start-up Costs“) are non-refundable as permitted by law.

   8.7 Some of the Paid Services may consist of an initial period for which a one-off fee is payable, followed by recurring fees for the period to which You agree. By choosing a recurring payment plan, You acknowledge that such Services have an initial and recurring payment function and You assume responsibility for all recurring charges prior to termination. WE MAY SUBMIT PERIODIC FEES (E.G., MONTHLY) WITHOUT FURTHER APPROVAL FROM YOU UNTIL YOU NOTIFY US (RECEIPT OF WHICH WILL BE ACKNOWLEDGED BY US) THAT YOU WISH TO CANCEL THIS APPROVAL OR CHANGE YOUR PAYMENT METHOD. ANY SUCH NOTICE WILL NOT AFFECT FEES SUBMITTED BEFORE WE COULD REASONABLY ACT. TO TERMINATE YOUR AUTHORISATION OR CHANGE YOUR METHOD OF PAYMENT, WRITTEN AN E-MAIL TO support@riskrex.de.

   8.8 YOU MUST PROVIDE CURRENT, COMPLETE AND ACCURATE INFORMATION FOR YOUR SETTLEMENT ACCOUNT. YOU MUST PROMPTLY UPDATE ALL INFORMATION TO KEEP YOUR BILLING ACCOUNT CURRENT, COMPLETE AND ACCURATE (SUCH AS A CHANGE OF BILLING ADDRESS, CREDIT CARD NUMBER OR CREDIT CARD EXPIRATION DATE) AND YOU MUST PROMPTLY NOTIFY US OR OUR PAYMENT PROCESSORS IF YOUR PAYMENT METHOD IS CANCELLED (E.G., IN THE EVENT OF LOSS OR THEFT) OR IF YOU BECOME AWARE OF ANY POTENTIAL BREACH OF SECURITY, SUCH AS UNAUTHORIZED DISCLOSURE OR USE OF YOUR USER NAME OR PASSWORD. CHANGES TO SUCH INFORMATION MAIL TO support@riskrex.de. IF YOU DO NOT PROVIDE ANY OF THE ABOVE INFORMATION, YOU AGREE THAT WE MAY CONTINUE TO BILL YOU FOR THE USE OF FEE-BASED SERVICES UNDER YOUR BILLING ACCOUNT UNLESS YOU HAVE TERMINATED YOUR FEE-BASED SERVICES AS DESCRIBED ABOVE.

   8.9 Subscriber is responsible for all duties, fees, taxes and related penalties, fines, audits, interest and back payments in connection with Subscriber’s purchase of the Services, including but not limited to national, state or local sales taxes, use taxes, value added taxes (VAT) and taxes on goods and services (GST.) (collectively, „Taxes“). AWARE7’s standard pricing policies do not include any such taxes and will not reduce or increase such taxes. If AWARE7 is required to collect or pay taxes in connection with the purchase of the Services by the Subscriber, such taxes will be invoiced to the Subscriber as part of an invoicing transaction or collected at the time of purchase. In certain states, countries and territories, AWARE7 may determine whether the purchase of the Services by the Subscriber is subject to certain taxes, and if so, AWARE7 may collect and remit such taxes to the appropriate taxing authority. If the Subscriber believes that a particular tax is not applicable or that a particular amount of payments to AWARE7 should be withheld, the Subscriber must promptly provide AWARE7 with a tax certificate, withholding tax receipt, tax identification (e.g., VAT ID), or other appropriate evidence, provided such information is valid and sufficiently authorized by all applicable tax authorities. The Subscriber must also provide AWARE7 with all tax identification information necessary to enable AWARE7 to comply with any tax obligations that may be imposed by AWARE7 from time to time. The Subscriber is solely responsible for any misrepresentation or failure by the Subscriber to comply with any taxes, whether relating to AWARE7 or any other party, including any penalties, fines, audits, interest, back payments, or other taxes associated with such misrepresentation or failure to comply. Other specific tax policies are described on AWARE7’s tax information page, which is incorporated herein by reference.

    

   9. Duration for chargeable offers

   9.1 If the customer makes use of chargeable functions after registration, an independent contract is concluded between the parties in this respect under application of these GTC. The term of this contract is governed by the contract package chosen by the customer, the overview of which can be viewed after free registration under the menu item „Premium Administration“. In the absence of otherwise agreed regulations, the term is automatically extended by 12 months if the parties do not terminate the contract in text or written form with a notice period of 3 months to the end of the contract.

   10. Liability and warranty

   10.1 AWARE7 warrants during the applicable term of the Order that the hosted services will function in substantial conformance with its specifications in accordance with the functional specifications attached to a quotation.

   TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, AWARE7 AND ITS SUPPLIERS DISCLAIM ALL OTHER REPRESENTATIONS, WARRANTIES, TERMS AND CONDITIONS, WHETHER EXPRESS OR IMPLIED, WITH RESPECT TO THE HOSTED SERVICES, THE ACCOMPANYING DOCUMENTATION OR INFORMATION AND OTHER MATERIALS AND SERVICES AND SPECIFICALLY DISCLAIM THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, MERCHANTABILITY, NON-INFRINGEMENT OF THIRD PARTY RIGHTS AND THOSE ARISING FROM COURSE OF PERFORMANCE, DEALING, USE OR TRADE. AWARE7 does not warrant that the functions or information contained in the hosted services or in any update will meet the Subscriber’s requirements or that the operation of the hosted services will be uninterrupted or error-free or free from defects or other program limitations. The information may contain technical or typographical errors. AWARE7 does not warrant its accuracy or completeness. All information provided by AWARE7 is provided for informational purposes only.

   10.2 AWARE7 does not warrant that the Hosted Services will be used (i) not in accordance with this Agreement or for any purpose not intended by AWARE7 and not expressly licensed under this Agreement; or (ii) except for the latest unmodified and unmodified version of the Hosted Services which is provided to the Subscriber by AWARE7 as an update or upgrade.

    

   10.3 To the extent permitted by law, AWARE7’s sole obligation and the Subscriber’s sole remedy for any failure of the Hosted Services and breach of warranty shall be limited as set forth in Section 10.1 shall be limited to correcting, adjusting, or replacing the failed Hosted Services if an examination to AWARE7’s satisfaction shows that they are defective, or, at AWARE7’s sole discretion, terminating the license and access rights to the Hosted Services and refunding all fees paid by the Subscriber for the failed Hosted Services in the twelve (12) months prior to the failure.

    

   10.4 IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES OR PENALTIES, CLAIMS FOR LOST DATA, REVENUE, PROFITS, COST OF PROCUREMENT OR SUBSTITUTE GOODS OR SERVICES OR BUSINESS OPPORTUNITIES, ARISING OUT OF THIS AGREEMENT OR ANY ORDERS, EXHIBITS OR ADDITIONS THERETO, UNDER ANY CAUSE OF ACTION OR THEORY OF LIABILITY, whether in contract or tort, including negligence, liability, even if aware7 or the subscriber has been advised of such damages.

    

   10.5 except as expressly provided in this paragraph and to the maximum extent permitted by applicable law, in no event shall the aggregate liability of either party for any cause of action or theory of liability exceed the amount of the claim, paid by the subscriber to aWARE7 pursuant to the applicable order for which the cause of action arose during the preceding twelve (12) months prior to the date of the occurrence of the cause of action. THIS LIMITATION ALSO APPLIES TO THAT PARTY’S AFFILIATES, SOFTWARE DEVELOPERS AND SUPPLIERS.  IT IS THE MAXIMUM FOR WHICH THIS PARTY AND ITS AFFILIATES, SOFTWARE DEVELOPERS AND SUPPLIERS ARE JOINTLY RESPONSIBLE. Nothing in this 8.5 excludes or limits liability for death or personal injury resulting from the gross negligence of either party or its servants, agents or employees or from the infringement of the intellectual property rights of the other party as set forth herein.

   11. Note on data protection

       11.1 AWARE7 points out that by registering and initiating a test order in the software, personal data is stored in electronic form. Within the scope of the use of all services offered by AWARE7, we are entitled to collect, process and use the data provided by the customer, as far as this is necessary for the provision, execution and optimization of our services. In doing so, the regulations, the EU Data Protection Basic Regulation, the German Federal Data Protection Act and all other legal provisions on data protection shall be observed.

       11.2 The customer shall have the opportunity at any time to request the data stored by him/her from AWARE7 and to have it changed or deleted, provided that this does not make it impossible to perform the services owed under the contract.

       11.3 Any disclosure or other transmission of personal data of the customer to third parties shall only be made within the framework of the legal data protection regulations, in accordance with AWARE7’s privacy policy or with the express consent of the customer.

       11.4 In all other respects, our data protection declaration shall apply, which can be accessed at any time in the footer of the software at the highlighted position „Data Protection“ or via the direct link: https://www.aware7.com/privacy can be called up.

       Final Provisions

   12.1 The law of the Federal Republic of Germany shall apply to these General Terms and Conditions for domestic contracting parties, excluding the UN Convention on Contracts for the International Sale of Goods (CISG).

   12.2 The place of jurisdiction shall be the registered office of AWARE7, unless the customer has a registered office in Germany or the parties are both merchants. Notwithstanding this, AWARE7 may also assert claims at the customer’s general place of jurisdiction. Any exclusive place of jurisdiction shall remain unaffected.

   12.3 Should any provision of these terms and conditions be invalid, this shall not affect the validity of the remaining provisions. The parties to the contract shall endeavour to agree on a different provision in place of the invalid provision, which comes as close as possible to the invalid provision in terms of its meaning, technical, economic and financial aspects.

   12.4 AWARE7 may amend these General Terms and Conditions at any time without stating reasons. If AWARE7 makes changes to these GTCs, these changes shall be notified to the customer by e-mail. The customer may object to an amendment of these GTCs within a period of four (4) weeks after receipt by the customer. If the customer objects to an amendment of these GTC, AWARE7 may either choose to continue to apply the previous GTC or terminate the contractual relationship with a notice period of four (4) weeks. AWARE7 shall inform the customer of the consequences of any amendment of these GTC and of the rights resulting therefrom. If the customer does not object within the time limit, changes to the GTC shall be deemed to have been agreed upon from the beginning.