This Service Agreement (in the following “Agreement”) is made and entered into by and between KIProtect GmbH, Bismarckstr. 10-12, 10625 Berlin, Germany (“KIProtect”) and Customer.
KIProtect has developed certain software applications (SaaS) and downloadable software (DS) which it makes available to Customer via the Internet on a pay-per-use basis (SaaS), or as a software package that can be used by Customer in its own IT infrastructure (DS), for the purpose of helping Customer to automate and manage data protection and data security measures. Customer wishes to access and use the SaaS in its business operations; KIProtect has agreed to provide services as set out below and the Customer has agreed to accept and pay for KIProtect’s services subject to the terms and conditions of this agreement. Now, therefore, in consideration of the background set forth above and the mutual covenants contained herein, the parties hereby agree as follows:
- “Software as a Service (SaaS) and Downloadable Software (DS)” means the KIProtect Software defined as follows: KIProtect offers online services and downloadable software to automate and manage data protection and data security related tasks to the Customer’s Authorized Users as a Service via the Internet as well as downloadable software and which includes KIProtect’s websites (including https://www.kiprotect.com/ or any successor website as well as product websites like https://www.heyklaro.com), blog, documentation, API and any other software, sites, and services offered by KIProtect in connection to any of those.
- “Authorized Users” means those employees, agents, independent contractors, consultants or other individuals who are authorized by the Customer to use the SaaS or DS and for whom rights to use the SaaS or DS have been purchased and User Accounts have been supplied.
- “Change of Control” means the direct or indirect acquisition of either the majority of voting stock of a party or all or substantially all of the assets of such party, by another entity in a single transaction or a series of transactions; or the merger of such party with another entity, in which such party is not the surviving entity.
- “Customer” means anyone who accepted this agreement.
- “Paying Customer” will only be business Customers and means the business with whom KIProtect contracts.
- “Customer Data” means the Customer’s data stored, processed, transmitted, collected, or generated by Customer and/or its Authorized Users in connection with the use of the SaaS or DS.
- "Customer Data Source" means data processing or storage systems that Customer connects to KIProtect’s SaaS or DS.
- “Fees” means the subscription fees payable by the Customer.
- “Start Date” means the date when the Customer signed up for the SaaS or DS.
- “Support” means the provision of web-based technical assistance by KIProtect to the Customer with respect to installation, errors and technical product problems.
- "Taxes" means any duties, customs fees, or taxes (other than KIProtect’s corporate tax) associated with the sale of the Service, including any related penalties or interest.
- “Term” and “Term of Service” means the term of this Agreement.
- “User Account” means the account established with KIProtect in order to access the SaaS or DS.
- “User Generated Content” means any suggestions, comments, posts, articles, enhancement requests, recommendations or other feedback provided by Customer or its Authorized Users, relating to the operation of the SaaS or DS.
2. Grant of Rights
- Subject to the fulfillment of the obligations arising out of this Agreement by Customer KIProtect grants to Customer’s Authorized Users an unlimited, non-exclusive, non-transferable (except to a successor in interest in the event of Customer’s Change of Control), non-sublicensable right to use the SaaS via the Internet as well as the DS in its own IT infrastructure during the Term.
- Customer shall only allow access to or use of the SaaS and DS to Authorized Users.
- Documentation will be available in English at the respective product websites linked to on https://kiprotect.com, in particular https://heyklaro.com/docs and https://heykodex.com/docs.
- Customer is not granted any additional right to the SaaS, DS, or any other intellectual property of KIProtect. Customer shall not be entitled to distribute copies of the software and Customer shall not translate the program code into other forms of code (decompilation) or employ other methods aimed at revealing the software’s code in the various stages of its development (reverse engineering). Customer is not entitled to remove or make alterations to copyright notices, serial numbers or other features which serve to identify the software.
- New Versions / Changes.
- Customer acknowledges and agrees that the SaaS or DS may change from time to time without prior notice. Changes include, without limitation, security patches, added or removed functionality, and other enhancements or restrictions. For Paying Customers KIProtect will not limit the essential functions of the SaaS or DS. For the SaaS, KIProtect reserves the right to enforce quotas and usage limits (to any resources, including the API) or to disable Customer’s account at its sole discretion, with or without notice, which may result in KIProtect disabling or throttling Customer’s usage of the Service for any amount of time if bandwidth, storage, API request or other resources threaten the stability or availability of KIProtect’s software or services for other customers.
- KIProtect will provide multiple versions of DS on its website to Customer. Customer can install and upgrade DS at its own discretion. KIProtect will use semantic versioning to indicate patch, minor and major releases of DS. KIProtect will provide security and stability updates for outdated minor versions for at least 12 months. KIProtect will not willingly include breaking changes into patch releases and will strive to limit backwards-incompatibility in minor releases. KIProtect will provide detailed change logs for every release.
- KIProtect will not provide support, security updates and bugfixes for outdated major releases of DS. KIProtect considers a major release of DS outdated 12 months after a newer major version has been released.
- KIProtect has the right to, in KIProtect’s sole discretion (i) refuse or remove any content that, in KIProtect’s reasonable opinion, violates any KIProtect policy or is in any way harmful or objectionable, or (ii) terminate or deny access to and use of the website to any Authorized User violating any KIProtect policy or third Party rights, in KIProtect’s sole discretion. Adjustments, changes, and updates of the SaaS or DS that help to avoid outages and security issues or maintain or extend functionality may lead to temporary service suspensions. KIProtect will try to limit downtime of the service or restrictions of accessibility to 8 hours per year on average (corresponding to 99.9 % availability). KIProtect will try to do regular maintenance works during the weekend or at times between 10 pm and 6 am (CET). Customer is aware that the SaaS relies on a working Internet infrastructure. Additional downtime of the SaaS may occur, if the website is not available in whole or in part, e.g. because of interrupted broadband connection. Customer is aware that the SaaS or DS may not work if Customer’s Data Sources are not properly available (be it to KIProtect or the Customer).
- Support requests concerning the use of the SaaS or DS shall be sent via e-mail to firstname.lastname@example.org or, if available, submitted in the KIProtect web application. Support is available in English and German.
- Additional support services can be specific in a separate service agreement entered by Customer and KIProtect.
- Customer acknowledges that certain infrastructure requirements need to be fulfilled in order to run DS. These requirements are specific in the documentation and can change over time. Customer acknowledges that it is in its responsibility to ensure the infrastructure in which DS is used fulfills these requirements, and that KIProtect is not obliged to provide support for the deployment or operation of services that are not part of, but required to run DS.
- KIProtect claims no rights over any Customer Data. Customer retains copyright and any other rights Customer already holds in the Customer Data processed by KIProtect.
- Customer understands that KIProtect uses third-party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the SaaS.
5. Promotions and Marketing
- Customer may use the KIProtect name, brand and logo for promotion and marketing purposes with KIProtect’s prior written consent.
- Likewise, KIProtect may use the Customer name, brand and logo for promotion and marketing purposes with Customer’s prior written consent.
6. Fees, Expenses, and Taxes
- Trial Period.
- Customer can test the SaaS paid plans free of charge for a 7-day period beginning with the Start Date. At the end of the trial period, the paid SaaS will not be extended automatically, but will initially be downgraded to a free version (if one exists), unless a subscription is purchased. Customer is made aware of this fact in good time. This means that costs will only be incurred if the Customer additionally books Fee-based product subscriptions. Only then will the Customer have to enter its payment information into the Service.
- Customer can evaluate DS as agreed with KIProtect in a separate license or Proof-of-Concept (PoC) agreement.
- Invoices; Payment; Late Payment.
- Customer agrees to pay all prices for the SaaS subscriptions or DS licenses which are displayed on the KIProtect website or specified in a separate license agreement entered by Customer and KIProtect. The subscription prices which can be accessed here shall apply in the version valid at the time of the conclusion of the subscription. Prices are plus statutory value added tax. Invoices will be issued by e-mail and in either Euro or the currency of the Customer’s country of residence. Payment must be made at the beginning of the subscription period, using the payment methods provided by KIProtect and selected by Customer in its Account, unless different payment terms are specific in a separate license agreement. If the due date for the payment is a fixed calendar date, the Customer shall be in default of payment once this date has expired. Otherwise, the Customer shall be in default after a warning letter has been sent, or, at the latest, if the Customer fails to pay an invoice within 10 days from the due date and receipt of such invoice. In the event of default, the Customer shall pay to KIProtect default interest amounting to 9 percentage points above the applicable base rate. Should Customer fail to fulfill its payment obligations, KIProtect reserves the right to temporarily, up until full payment has been effected, or permanently block the Customer's access to the Service. The Customer's obligation to pay default interest shall not preclude the assertion by KIProtect of default damage going beyond this.
- Pricing and changes
- KIProtect shall have the right to adjust the prices for SaaS subscriptions and DS licenses at any time, after a corresponding notification in accordance with legal requirements. Price changes and the introduction of new product subscriptions and/or subscriptions during a subscription term shall apply to subsequent terms and for all new members after the day on which such changes take effect. Unless Customer terminates this Agreement, subscription will automatically renew, and Customer authorizes KIProtect to collect then-applicable Fees (as well as any taxes) using any credit card or other payment mechanism Customer has selected in his account.
- Customer is responsible for any Taxes, and Customer will pay KIProtect for the Service without any reduction for Taxes. If KIProtect is obligated to collect or pay Taxes, the Taxes will be invoiced to KIProtect, unless Customer provides KIProtect with a valid tax exemption certificate authorized by the appropriate taxing authority. If Customer is required by law to withhold any Taxes from its payments to KIProtect, Customer must provide KIProtect with an official tax receipt or other appropriate documentation to support such payments.
7. Customer Obligations
- Accounts registered by “bots” or other automated methods are not permitted.
- Customer login may only be used by one person. Single logins shared by multiple people are not permitted. Customer may create separate logins for as many people as Customer’s plan allows. One person or legal entity may not maintain more than one free account.
- Customer shall use the SaaS or DS exclusively for authorized and legal purposes, consistent with all applicable laws, regulations, and the rights of others, and without limitation, Customer will not use the SaaS or DS to knowingly infringe the intellectual property rights of others.
- Customer agrees to comply with all applicable laws and regulations relating to data protection and privacy of personal information, including all privacy notification statutes and requirements currently in effect and that may come into effect during the Term.
- Customer is responsible for the security of Customer’s passwords and keys and for any use of Customer’s account.
- Customer agrees to assume full responsibility for configuring the SaaS or DS to allow appropriate access to any Customer Data provided to the SaaS or DS.
- Customer retains sole responsibility for any Authorized User that Customer allows to view Customer Data in Private Data Sources and entrusts them at his own risk.
- KIProtect is not responsible if Customer fails to configure, or misconfigures, the SaaS or DS and inadvertently allows unauthorized parties to access any Customer Data.
- Customer agrees to not engage in any activity that interferes with or disrupts the SaaS or DS such as but not limited to: (i) copying, distributing, or disclosing any part of the SaaS or DS in any medium, including without limitation by any automated or non-automated “scraping”; (ii) using any automated system, including without limitation “robots,” “spiders,” “offline readers,” etc., to access the SaaS in a manner that sends more request messages to the KIProtect servers than a human being can reasonably produce in the same period of time by using a conventional online web browser.
- Customer is responsible to inform KIProtect immediately about any possibility of unauthorized access to the SaaS or DS, particularly but not exclusively because of loss of password, stolen password, loss of keys, stolen keys, or other breach of security.
- Customer shall promptly notify KIProtect of any known violation of the terms and conditions of this Agreement and shall cooperate with KIProtect with respect to: (a) investigation by KIProtect of any suspected or alleged violation of this Agreement; and (b) any action by KIProtect to enforce the terms and conditions of this Agreement.
- During the registration and use of the SaaS it is required to have a browser which accepts cookie files and local storage. Customer ensures that technical requirements of usage of KIProtect online software are met.
8. Warranty, Limitation and Exclusions of Liability
- KIProtect represents and warrants that it will provide the SaaS or DS in a professional manner consistent with good industry practices.
- Defects in the supplied Software shall be remediated within a reasonable time following a detailed notification of such defect being given to KIProtect by the Customer. For remediating defects, KIProtect may choose to replace the defective Software with a version of the Software which is free of defects.
- Unless otherwise specified at the end of section 8.4 the Customer’s claims for damages are excluded. Particularly but not exclusively KIProtect shall not be liable for any claims, losses, or damages (a) caused by actions taken by KIProtect at Customer’s direction; and (b) arising out of or in connection with Customer’s or any Authorized User’s use of the SaaS or DS in violation of the terms of this Agreement and (c) arising out of Customer’s non-compliance with the technical requirements specified in the SaaS or DS documentation, or arising out of unauthorized access to the SaaS or DS (particularly but not exclusively hacking or theft of data).
- Except as expressly provided in section 8.1, the SaaS or DS is provided "as is", without warranties of any kind whatsoever, express or implied, in contract, in tort or otherwise, including but not limited to the warranties of merchantability, fitness for a particular purpose, regulatory compliance and accuracy of any information provided. In no event shall either party be liable for any incidental or consequential damages, including loss of income, data, profits, revenue or business interruption, or cost of substitute services, or other economic loss, whether or not such party has been advised of the possibility of such damages, and whether any claim for recovery is based on theories of contract, warranty, tort or otherwise. The limitation and exclusion of warranty and liability set forth in this section shall not apply in cases of death, personal injury, fraud or willful misconduct, where liability is legally mandated, such as under the Product Liability Act, in cases of malicious intent, gross negligence, where assurance of freedom from defect was given or in case of failure to fulfill essential contractual duties.
- Customer shall defend, indemnify and hold harmless KIProtect, against any loss, damage or costs (including reasonable attorneys' fees) incurred in connection with claims made or brought against KIProtect by a third party to the extent that Customer Data, or Customer's use of the SaaS or DS is in violation of this Agreement, infringes the intellectual property rights of, or has otherwise harmed, a third party.
10. Term and Termination
- The Agreement runs for an indefinite time and will remain in effect until terminated by one of the Parties in accordance with this section. The Parties may terminate this Agreement or any subscription feature for any or no reason at their convenience to the end of the subscription period.
- Termination may be issued in writing or by using the provided account closing mechanism, if provided by KIProtect.
- If Customer does not cancel before the end of the booking period, the Service will be extended for one more period.
- In addition, each Party’s right to terminate
this Agreement for good cause remains unaffected.
Good cause for termination of the Agreement by
KIProtect shall include, but is not limited to, the
- a use of bandwidth, storage, API requests or other resources of the SaaS that significantly exceeds the average usage of other KIProtect Customers.
- a serious breach of the obligations arising from this Agreement by the Customer.
- a default in payment of the Customer with an amount that equals at least the compensation of one month (including, but not limited to, the failure to settle outstanding invoices).
- a serious breach of contract leading to the loss of mutual trust or renders the continuation of this Agreement in consideration of the purpose of the Agreement unreasonable.
- an attempt of a denial of service attack on the SaaS by the Customer or any attempt to hack or break any security mechanism on the SaaS or DS.
- determination that the Customer’s use of the SaaS or DS poses a security or service risk to KIProtect, or to any user of services offered by KIProtect.
- an application for the initiation of insolvency proceedings concerning the Customer, as well as the refusal to open insolvency proceedings for lack of assets, or the issue of a declaration in lieu of an oath, or any similar proceedings.
- Upon any termination for cause by Customer, KIProtect shall refund to Customer, within thirty (30) days, any prepaid Fees. In no event shall any termination relieve the Customer of the obligation to pay any Fees payable to KIProtect for the period prior to the effective date of termination. Upon any termination for cause by KIProtect, Customer shall pay any unpaid Fees and Fees which would have been payable for the whole subscription period.
- In case of termination of the Agreement, Customer’s Data will be deleted. Backups thereof will be deleted within 30 business days. Customer Data required for tax or legal reasons will be retained.
- The rights and obligations of KIProtect and Customer contained in Sections 4 (Ownership), 6 (Fees, Expenses and Taxes), 8 (Warranty, Limitation and Exclusions of Liability), 10 (Refund of Payment upon Termination), 11 (Survival) and 12 (General) shall survive any expiration or termination of this Agreement.
- This Agreement, and all rights and obligations of the Parties arising from or otherwise relating to this Agreement, shall be governed by, construed in accordance with, and enforced under the laws of the Federal Republic of Germany, without reference to principles of conflict of laws. The application of the United Nations Convention on Contracts for the International Sale of Goods is hereby excluded. Severability. In the event any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions of this Agreement shall remain in full force and effect.
- Neither party shall be liable hereunder by reason of any failure or delay in the performance of its obligations hereunder on account of events beyond the reasonable control of such party, which may include without limitation strikes, riots, fires, flood, storm, explosions, acts of God, war (whether declared or not), acts of piracy, acts of sabotage, terrorism, governmental action, labour conditions not in the control of the applicable party, cyclones, tidal waves, destruction by lightning and earthquakes (each a “Force Majeure Event”)
- Neither party may assign or transfer this Agreement, in whole or in part, without the other party’s written consent (which shall not be unreasonably withheld), except in the event of a Change of Control. Subject to the foregoing restrictions, this Agreement shall inure to the benefit of the successors and permitted assigns of the parties.
- This Agreement is drafted in the English language. If this Agreement is translated into any other language, the English language text shall prevail where there are conflicts.
- This Agreement can be amended by a separate license agreement entered between KIProtect and the Customer, which takes precedence over this agreement if there are conflicting clauses.
13. Data Protection
- To govern the processing of personal data according the General Data Protection Regulation (GDPR), Customer and KIProtect can sign a separate data processing agreement (DPA), which can amend or override specific terms of this service agreement.
- 2021-11-22 (the current version)