RF360 EUROPE GMBH STANDARD TERMS AND CONDITIONS OF PURCHASE


UNLESS EXPRESSLY SUPERSEDED IN WRITING, THESE TERMS APPLY TO ALL PURCHASE ORDERS

ISSUED BY RF360 EUROPE GMBH


1.

AGREEMENT. These terms and conditions (“Terms and Conditions”) shall apply to any purchase order (“P.O.”) issued by RF360 Europe GmbH or by any of its subsidiaries (the “Buyer”) to purchase the goods (“Goods”) and/or services (“Services”) from the seller identified as the named Seller on the P.O. (the “Seller”). Seller is further defined to mean a vendor, contractor or supplier depending on the work contemplated in the P.O. Buyer and Seller are hereinafter referred to severally as a “Party” and jointly as the “Parties”. Seller’s acknowledgement of any P.O., or Seller’s performance in response thereto, shall constitute Seller’s acceptance of Buyer’s offer to purchase and shall create a binding contract between the Parties subject to and in accordance with the P.O. and these Terms and Conditions (such Terms and Conditions, together with the corresponding P.O. and Seller’s acceptance of the P.O., collectively the “Agreement”). As such, Buyer’s use of the Goods and Services shall be governed by the Agreement and thus any other terms or conditions, which Seller seeks to impose or incorporate, including in any click-through, wrappers, quotations, order acknowledgments, invoices, delivery notes or other communications or documents (collectively “Seller T&Cs”), or which are implied by law, trade, custom, practice or course of dealing, are expressly rejected by Buyer and of no force and effect. Furthermore, the Agreement shall apply exclusively if Buyer, having knowledge of other general terms and conditions (including, without limitation, any Seller T&Cs), elects to effect contractual performance under the Agreement without reservation.
2.

DELIVERY; TITLE AND RISK OF LOSS. Shipment of Goods and performance of the Services (“Delivery”) shall be in accordance with the dates set forth in the P.O. If it becomes apparent that Seller cannot meet such dates and no adequate reschedule date(s) or resolution plan has been offered by the Seller to Buyer, Buyer retains the right to withdraw from or terminate the Agreement effective immediately without penalty or further obligation.


Title to the Goods shall transfer to the Buyer upon Delivery. Risk of loss of the Goods during shipment will be determined and governed by the agreed-upon INCOTERMS as set forth in the P.O.  

3.

INSPECTION AND CLAIMS FOR DEFECTS. Upon Delivery, Buyer will inspect the Goods and effect proper notification of defects pursuant to Section 377 of the German Commercial Code to the Seller. Obvious defects will be notified to Seller in writing without undue delay, but at the latest within one week of Delivery, hidden defects without undue delay, but at the latest within one week of being discovered. For Services, unless otherwise stipulated in the P.O., acceptance of the Services by Buyer shall be within one week from date of completion of Services except in the case where Buyer requires (as specified in the P.O. or otherwise) that such Services must pass one (1) or more acceptance test plans, in which case acceptance shall occur on date on which Buyer confirms in writing (email is acceptable) to Supplier that said Services have successfully passed the applicable acceptance test plans, but in no event later than 10 working days upon completion of Services. In case of defects, at Buyer’s option, Buyer may (i) return non-conforming Goods to Seller at Seller’s expense and Seller shall be required to repair or replace such Goods and/or re-perform the non-conforming Services; (ii) modify or adapt non-conforming Goods and/or Services to render such acceptable after the expiry of a reasonable period for the subsequent performance set by Buyer without resolution of the defect; or (iii) return non-conforming Goods or reject non-conforming Services for a full refund after the expiry of a reasonable period for the subsequent performance set by Buyer without resolution of the defect. If Buyer elects to reject non-conforming Goods, Seller shall authorize a return for all non-conforming Goods within twenty-four (24) hours after Buyer’s request, and such non-conforming Goods shall then, where title had passed to the Buyer, be the property of Seller. If Buyer elects to modify or adapt non-conforming Goods or Services, Buyer may offset all costs incurred in performing any such modifications and adaptations against any and all amounts otherwise due to Seller or, at Buyer’s option, may bill Seller directly for such costs. 

4.

INVOICE/PAYMENT. Unless stated otherwise in the P.O., all invoices must reference the P.O. number and shall be sent to the attention of the Buyer’s Accounts Payable Department at the Buyer’s address found on the P.O. Buyer shall pay for the Goods and/or Services within forty-five (45) calendar days following both Delivery of the Goods and/or completion of Services and receipt of Seller’s undisputed invoice, whichever is later. All payments will be made electronically (i.e. EFT, ACH or Wire).

All invoices must comply with applicable laws and include the following in order to ensure proper tax treatment and avoid unnecessary processing delays:

(a) Buyer’s applicable P.O. number.
(b) Buyer contact information (including full mailing/legal address).
(c) A unique invoice number.
(d) Seller contact information (including full mailing/legal address, phone and email address).
(e) Seller Tax ID number and value added tax ID number
(f) Amount and description of Goods and/or Services, project name or items purchased. This description must match the PO line item as closely as possible. For the avoidance of doubt, if a P.O. contains multiple lines, all invoices must indicate the appropriate line Seller is billing against.
(g) Invoice date in dd/mm/yyyy or written out (e.g. 4 May 2017)
(h) If applicable, shipping date, ship to location(s) and date of service.
(i) If Seller is a non-California entity, Seller must indicate in the invoice where the Services were performed (i.e. California, another state, another country)
(j) Appropriate payment information (EFT, ACH, Wire).
(k) If billing for Services and pre-approved expenses on the same invoice, segregate amounts for Services and amounts for expenses on different invoice line items.
(l) Payment amount (excluding taxes), or segregate payment amounts (excluding taxes) if different tax rates and/or a tax exemption apply on different invoice items.
(m) The applicable tax rate(s) and tax due on the payment amount or segregate payment amounts, or notice of tax exemption or other relevant information (e.g. application of reverse-charge mechanism).

5.

TAXES. All prices are exclusive of sales tax, use tax, value-added tax, withholding tax, duties, and any other taxes or similar levies imposed by any government authority. All amounts due to the Seller shall be paid without deduction for any levies or charges of any nature which may be imposed. In the event that any sales, use, consumption, value-added, gross receipts, excise, or similar taxes or surcharges (“Transactional Tax(es)”) are applicable to any of the transactions contemplated by the Agreement, Buyer will be solely responsible for any and all applicable Transactional Taxes, excluding Seller’s income taxes. Seller acknowledges that it is the Seller's sole and exclusive responsibility to pay any applicable Transactional Taxes under the Agreement that may be imposed on the Seller by any governmental authority under any tax law. At the request of Buyer, Seller will provide documentation reasonably satisfactory to Buyer evidencing payment of such Transactional Taxes by the Seller to the applicable taxing authority. To the extent that any Transactional Taxes are required by law to be collected by the Seller, Buyer shall be responsible for payment of such Transactional Taxes to the Seller whether concurrently invoiced with the original invoiced amount or subsequently invoiced based on a review of the facts affecting Buyer’s tax status or a determination that the laws of the applicable state(s) require assessment and collection of such Transactional Tax. If Transactional Taxes are concurrently invoiced with the original invoiced amount Transactional Taxes shall be separately itemized on the invoices to which they apply. To the extent Buyer is held liable by any governmental authority for Seller’s Transactional Taxes, Seller shall indemnify Buyer against all Transactional Taxes and other ancillary costs (including but not limited to legal costs) that may be imposed on Buyer.

Notwithstanding the foregoing, if Buyer is required by applicable law to withhold income taxes from any payment due Seller, then the amount due to Seller in respect to such payment shall be reduced by the amount of such income tax withholding; then Buyer will deliver to Seller an income tax withholding certificate or similar documentation reasonably satisfactory to Seller evidencing payment of any such income tax withholding. Upon receipt by Seller of the income tax withholding certificate, the portion of the invoice represented by the income tax withholding certificate will be deemed fully paid.

Seller shall provide to Buyer all documentation (including, without limitation, the necessary income tax withholding exemption or reduction certificate, or residency certificate) required for the application of any applicable double taxation agreement or any other reduction of or exemption from statutory income tax withholding. Such documentation shall be delivered promptly after Buyer’s request and it shall be true, correct and complete as of the date of the delivery. If valid documentation is not provided, the statutory income tax withholding rate will be applied without any reduction or exemption provided by the applicable double taxation agreement or statutory law.
   

6.

 INDEMNIFICATION. Seller shall defend, indemnify and hold Buyer, its affiliates and each of their respective officers, directors, employees, affiliates, agents, and customers (each an “Indemnified Party”) harmless from and against any and all claims, losses, liabilities, damages, costs, and expenses (including attorneys’ fees) arising from or related to (i) any culpable breach or alleged culpable breach by Seller of the Agreement, including any representations and warranties made by Seller, (ii) any negligence, recklessness, willful or intentional act or omission of Seller or any of its employees, agents, representatives or subcontractors in the delivery of Goods or performance of Services (at Buyer’s facilities or elsewhere), and (iii) any payments or liabilities for which Seller is or becomes liable. If any third party asserts or initiates any claim or action against any Indemnified Party for which Seller is responsible for indemnification under this Section 6, Buyer will promptly notify Seller of such claim or action after it becomes aware, provided however Buyer’s failure to provide such notice thereof in a prompt manner to Seller shall not relieve Seller from any obligations owed hereunder, except to the extent that Seller has been materially prejudiced by Buyer’s failure in giving such prompt notice. Buyer shall have the right to participate at its own expense in the defense of such claim or action, including any related settlement negotiations. No such claim or action shall be settled or compromised without Buyer’s express written consent, which consent may be withheld or conditioned by Buyer at its sole discretion, including requiring the execution of a full and complete release of all claims and actions made against the Indemnified Parties by each party bringing any such claims or actions. Buyer shall have the right to withhold from any payments due to Seller the amount of Buyer’s actual and projected costs of defending or settling any such claim or action, plus any other reasonable additional amounts, as security for the performance by Seller of its obligations under this Section 6. 

7.

BUYER PROPERTY. All property used by Seller in connection with its performance under the Agreement which is owned, furnished, or consigned by Buyer, or is charged to or paid for by Buyer, including but not limited to materials, equipment, drawings, specifications and other technical documentation (the “Property”) shall be and remain the property of Buyer. All Property shall be used only for Seller’s performance under the Agreement and held at Seller’s risk and insured at Seller’s sole expense with loss payable to Buyer. Seller shall be responsible for any injury to any person (including death) or damage to property (including Buyer’s) arising out of use of such Property. Buyer may inspect and/or remove any Property at any time at no charge to Buyer, and Buyer shall have reasonable access to Seller’s premises for such purpose. Seller shall return such Property to Buyer upon Buyer’s demand at Seller’s sole expense.

8.

PROPRIETARY RIGHTS. Seller agrees to promptly disclose to Buyer any (i) works of authorship, designs, logos, discoveries, inventions, and innovations conceived or first actually reduced to practice for or in the performance of the Agreement, or (ii) any proposals, research, records, reports, recommendations, manuals, findings, evaluations, forms, reviews, information, data, computer programs, and software originated or prepared by or on behalf of Seller for or in the performance of the Agreement, the items listed in clauses (i) and (ii) being hereinafter referred to collectively and severally as “Work Product”. Seller hereby assigns to Buyer, who accepts this, all of Seller’s rights, title and interest in and to all Work Product, and to any and all intellectual property rights, including but not limited to, patents, designs, copyrights or trademarks which have been or may be obtained with respect to such Work Product, effective immediately upon such rights being vested in Seller or Seller being assigned such rights by law, contract or otherwise, and regardless of the medium of expression thereof. Seller will ensure to be assigned any such intellectual property rights to any Work Products created by any third party for or on behalf of Seller, including but not limited to Seller’s employees, subcontractors or similar personnel, to the broadest extent permitted under applicable law. Especially, Seller will take all reasonable steps to be granted an exclusive license to any copyrights for the entire duration of the respective copyright. Unless expressly stated in the Agreement, nothing in the Agreement shall be deemed to grant Seller any rights (whether express, or by way of implication, estoppel or otherwise) under any intellectual property right of Buyer. 

9.

SUBCONTRACTORS. Prior to the utilization of subcontractors, Seller shall first obtain prior written consent from Buyer and ensure that all subcontractors execute written agreements with Seller containing provisions necessary to comply with the terms of the Agreement. Seller shall at all times be responsible for the acts and omissions of subcontractors and personnel directly or indirectly employed by them and the performance of all the Services, whether performed by Seller or its subcontractors. The Agreement shall not give rise to any contractual relationship between Buyer and a subcontractor to Seller. Seller shall indemnify Buyer and hold Buyer harmless against all losses, damages, expenses and costs incurred or suffered by Buyer directly or indirectly attributable to any act or omission on the part of any subcontractor, provided that Seller is negligently or willfully infringing its legal obligations regarding the selection of such subcontractors.

10.

CONFIDENTIALITY; PUBLICITY. Unless a valid non-disclosure agreement exists between the Parties, in which case the terms of that non-disclosure agreement shall apply, the following terms shall apply (subject to Section 23 (DATA SECURITY AND COMPLIANCE WITH DATA PROTECTION LAW) below): Except as necessary for its performance under the Agreement, Seller shall not disclose to any person (including but not limited to any company affiliated with Seller and any subcontractor of Seller), reproduce, or use any information furnished by Buyer under the Agreement (whether or not marked as confidential or proprietary), including the terms and existence of the Agreement; and at Buyer’s request, Seller shall return all such information to Buyer. Further, Seller shall not make use of any Buyer trademark, trade name or logo, including but not limited to any news release, advertisement, publicity, or promotional material regarding the Agreement or Seller’s relationship with Buyer, without Buyer’s prior written consent. 

11.

CHANGES. From time to time during the term of the Agreement, either Party may submit to the other Party a written request for a change order (a “Change Order”). Neither Party shall be obligated by any Change Order unless agreed in writing by both Parties. Seller expressly waives any compensation for any change not authorized in writing by Buyer.

12.

EXPORT COMPLIANCE ASSURANCE. Seller acknowledges that all hardware, software, source code and technology (collectively, "Buyer Provided Products") obtained from Buyer are subject to the US government export control and economic sanctions laws, orders, and regulations, including without limitation the Export Administration Regulations ("EAR", 15 CFR 730 et seq., http://www.bis.doc.gov/) administered by the Department of Commerce, Bureau of Industry and Security, and the Foreign Asset Control Regulations (31 CFR 500 et seq., http://www.treas.gov/offices/enforcement/ofac/) administered by the Department of Treasury, Office of Foreign Assets Control ("OFAC") or any equivalent German and European law. Seller shall not take any action relating to the Buyer Provided Products that causes Buyer to violate any such laws, orders, or regulations.

Seller assures that it, its subsidiaries and affiliates will not directly or indirectly export, re-export, transfer, or release (collectively, "Export") any Buyer Provided Products or direct product thereof to any destination, person, entity or end use prohibited or restricted under US law without prior US government authorization to the extent required by regulation. The US government currently maintains comprehensive embargoes and sanctions against Cuba, Iran, North Korea, Sudan (N), Syria and Crimea region of Ukraine, but any amendments to these controls shall apply. Seller agrees not to directly or indirectly employ any Buyer Provided Products received from Buyer in missile technology, sensitive nuclear or chemical biological weapons activities, or prohibited military activity, or in any manner Export any Buyer Provided Products to any party for any such end use, as defined in Part 744 of the EAR. Seller shall not Export any Buyer Provided Products to any party listed on any of the denied parties’ lists or specially designated nationals lists maintained under said regulations without prior US government authorization to the extent required by regulation.

Seller acknowledges that other countries, in particular Germany, may have trade laws pertaining to the Export, import, use, or distribution of Buyer Provided Products, and that compliance with same is the responsibility of the Seller.

If Buyer is receiving any hardware, software, source code and technology (collectively, “Seller Provided Products”) Seller shall not deliver Seller Provided Products to Buyer that are subject to the International Traffic in Arms Regulations ("ITAR", 22 CFR 120 et seq., http://pmddtc.state.gov/), the Wassenaar International Munitions List ("IML", http://www.wassenaar.org/) or the 600 Series or 9x515 (the “x” representing any of the product groups A, B, C, D or E) of ECCNs on the EAR’s Commerce Control List (http://www.bis.doc.gov/index.php/regulations/commerce-control-list-ccl) or any equivalent German and European law.

This section shall survive the expiration or termination of the Agreement.

13.

OZONE-DEPLETING CHEMICALS USAGE CERTIFICATION. Seller, whether a manufacturer, importer, wholesaler, distributor, or retailer, is required to reliably and accurately label consistent with the requirements of (a) 40 CFR part 82, (i) all containers in which a class I or class II substance is stored or transported, (ii) all products containing a class I substance and (iii) all products directly manufactured with a process that uses a class I substance, unless the product was manufactured prior to May 15, 1993 and (b) any equivalent mandatory German and European laws and regulations, including but not limited to Regulation (EC) No. 517/2014 and Directive 2006/40/EC both of the European Parliament and the European Council, as applicable to the Agreement..

14.

TERMINATION.

(a) Buyer may terminate any long-term Agreement (meaning where the Parties execute more than one Agreement between them) regarding the provision of Services or any portion thereof at any time, with or without cause, effective immediately upon written notice to Seller.

(b) Either Party may terminate (or withdraw from) the Agreement if the other Party breaches any material term or condition of the Agreement and fails to cure such breach within fourteen (14) calendar days after receipt of written notice specifying the nature of the breach.

(c) Upon receipt of a termination notice, for any reason, Seller shall mitigate its damages and stop incurring any additional costs and expenses. Additionally, and within fourteen (14) calendar days, Seller shall: (i) return to Buyer all equipment and other properties owned by Buyer, and (ii) in Buyer’s sole discretion, either return all documents and other materials containing any Buyer confidential information, and all copies thereof made by Seller or certify destruction of the same.

(d) Those provisions, which by their nature are intended to survive the termination or expiration of the Agreement, in particular any non-disclosure obligations, shall survive the termination or expiration of the Agreement.
 

15.

ASSIGNMENT. Seller may not assign any of its rights or delegate any of its obligations under the Agreement without prior written consent of Buyer

16.

INSURANCE. Seller shall maintain at its sole expense during the term of the Agreement: (i) workers' compensation insurance as prescribed by applicable law; (ii) employer's liability insurance with limits of at least $1,000,000 for each occurrence; (iii) automobile liability insurance if the use of motor vehicles is required, with limits of at least $1,000,000 combined single limit for bodily injury and property damage per occurrence; (iv) Commercial General Liability (“CGL”) insurance, including, if applicable, Blanket Contractual Liability and Broad Form Property Damage, with limits of at least $1,000,000 combined single limit for bodily injury and property damage per occurrence; $2,000,000 in the annual aggregate; and (v) in the event that Seller's employee(s) or subcontractor(s) are on Buyer’s premises or have access to Buyer’s property, a fidelity bond (which includes third party liability) insuring against the dishonest act(s) committed by its employees assigned to Buyer’s premises under the Agreement. Seller shall maintain such fidelity bond in the amount of not less than $1,000,000. Seller shall have all CGL policies and automobile liability insurance policies if driving on Buyer’s premises, endorsed to name Buyer as an additional insured. All insurance as listed above shall be primary with respect to Seller’s activities and Buyer’s insurance policies will be non-contributing. Such policies shall contain a provision waiving the insurer’s right of subrogation against Buyer. Prior to the commencement of any Services, Seller will furnish Buyer with certificates of insurance which evidence the minimum levels of insurance set forth above. Buyer shall be notified in writing at least thirty (30) calendar days prior to cancellation of or any material change in the policy. Insurance companies providing coverage under the Agreement must be rated by A-M Best with at least an A- VII rating or equivalent.

17.

APPLICABLE LAW. The Agreement shall be governed by the laws of Germany, without regard to conflict of laws principles. The Parties expressly consent, and submit themselves, to the exclusive jurisdiction of the courts of Germany, and it is stipulated that venue shall be in Munich, Germany, for any claim, action, or dispute arising out of the Agreement. The Parties also agree that the prevailing Party in any legal proceeding shall be entitled to recover its reasonable attorneys’ fees incurred in connection therewith. The U.N. Convention on Contracts for the International Sale of Goods shall not apply to the purchase of Goods by Buyer.

18.

COMPLIANCE. Seller agrees that it will comply, and that all Goods delivered and Services performed hereunder will comply, with all applicable laws, regulations, and permit requirements including but not limited to labor, safety and environmental laws.

19.

OPEN SOURCE. Seller hereby agrees, and shall cause its affiliates and subcontractors to agree, not to incorporate, link, distribute or use any third party software or code in conjunction with any Work Product, Goods or deliverable provided to Buyer under the Agreement (if any) in such a way that: (i) creates, purports to create, or has the potential to create, obligations with respect to any Buyer software, including without limitation the distribution or disclosure of any source code; or (ii) grants, purports to grant, or has the potential to grant to any third party any rights to or immunities under any Buyer intellectual property or proprietary rights. Without limiting the generality of the foregoing, neither Seller nor any of its affiliates or subcontractors shall incorporate, link, distribute or use, in conjunction with the Work Product, Goods or any deliverable provided to Buyer, any code or software licensed under any open source license in any manner that could cause or could be interpreted or asserted to cause any Buyer software (or any modification thereto) to become subject to the terms of any such open source license.

Without limiting the generality of the forgoing, neither Seller nor any of its affiliates or subcontractors shall use any software or technology in a manner that will cause any patents, copyrights, or other intellectual property which are owned or controlled by Buyer or any of its affiliates (or for which Buyer or any of its affiliates has received license rights) to become subject to any encumbrance or terms and conditions of any third party or open source license.

Upon request, Seller shall provide information regarding its use of Open Source Software (as defined below). Seller represents and warrants that any list/declaration/information provided by Seller regarding the Open Source Software included in the Work Product is complete and accurate. “Open Source Software” means any software, libraries, or other code (including without limitation middleware and firmware) that is characterized as freeware, share, or open source software. Without limiting the generality of the foregoing, Open Source Software includes any software made available under an open source license. 

20.

SUPPLIER CODE OF CONDUCT. As a member of the Electronic Industry Citizenship Coalition (“EICC”), Buyer expects Seller to act in accordance with all elements of the EICC’s Code of Conduct, in its current version, and permit Buyer or its authorized representatives to conduct an audit of Seller and any of its suppliers or subcontractors. Seller shall ensure that its employees, agents and sub-contractors understand and comply with the EICC Code of Conduct. Information on the EICC’s Code of Conduct is found at www.eiccoalition.org/standards/code-of-conduct/.

21.

COMPLIANCE WITH ANTI-CORRUPTION LAWS. Seller represents and warrants to Buyer that, in connection with the transactions contemplated by the Agreement or in connection with any other business transactions involving Buyer, Seller, and everyone acting on its behalf, will comply with and will not violate any anti-corruption law or international anti-corruption standards, including but not limited to the U.S. Foreign Corrupt Practices Act, in connection with the supply of Goods or Services it has agreed to perform under the Agreement. Seller warrants to Buyer that Seller has not, and covenants and agrees that it will not, in connection with the transactions contemplated by the Agreement or in connection with any other business transactions involving Buyer, make, promise, or offer to make any payment or transfer anything of value, directly, or indirectly, to any individual to secure an improper advantage. It is the intent of the Parties that no payments or transfer of value shall be made which have the purpose or effect of public or commercial bribery, acceptance of or acquiescence in extortion, kickbacks, or other unlawful or improper means of obtaining or retaining business.

22.

AUDIT RIGHTS. Not more than once per calendar year during the term of the Agreement and with at least thirty (30) calendar days’ prior written notice by Buyer to Seller, Buyer may, at Buyer’s sole expense, audit Seller to verify compliance with these Terms and Conditions, and all applicable laws. Such audit shall be:

(a) completed within fourteen (14) calendar days;
(b) performed in a manner that does not unreasonably disrupt Seller’s operations;
(c) performed during Seller’s normal business hours;
(d) performed on Seller’s premises; and
(e) conducted by either Buyer’s employees or, with Buyer's approval, by an independent third party agreed to by the Parties.

Buyer shall disclose the results of its audit to Seller within seven (7) calendar days after its completion. Seller shall promptly respond to audit findings and, at Seller’s expense, remediate and/or mitigate any critical and high risk findings to the satisfaction of Buyer.

23.

DATA SECURITY & COMPLIANCE WITH DATA PROTECTION LAW.

(a) Definitions:

(i) “Data” means any Personal Data (if applicable and as defined below), and any non-public information that Buyer, any of its subsidiaries or affiliated companies, or Buyer’s representatives, customers, distributors, and other business partners, processed by Seller in connection with the Goods and Services provided under the terms of the Agreement.

(ii) “Personal Data” shall have the meaning set forth in the German Federal Data Protection Act (‘Bundesdatenschutzgesetz’) as may be amended from time to time (hereinafter “German Data Protection Law”).

(b) General:

(i) Processing Personal Data & Compliance with Data Protection Laws. If Seller (or its affiliates or subsidiaries) processes Personal Data on behalf of Buyer, Seller and Buyer shall enter into a separate, mutually agreeable, data processing agreement meeting the requirements of German Data Protection Law. In addition, if Seller transfers Personal Data to any non-adequate jurisdiction (as defined under German Data Protection Law), Seller and Buyer shall execute the European Union standard contractual clauses approved by the European Commission for Data transfer to processors or controllers, as applicable. Seller shall comply with all applicable privacy, data protection, and information security laws. In the event Buyer believes that Seller is not in compliance, Buyer may notify Seller of such in writing, in response to which, Seller shall promptly take measures to be in full compliance. Once taking such measures has been completed, Seller shall notify Buyer in writing of such.

(ii) Data Deletion or Return. Within thirty (30) calendar days after termination or completion of the Agreement, Seller shall, at Buyer’s option, (i) electronically erase, destroy, and render unreadable all Data, or (ii) physically destroy Data through shredding all physical media containing such, or (iii) provide Buyer with all physical media containing Data, unless mandatory applicable law requires retention of the Data. Seller shall certify in writing to Buyer that these actions have been completed.


(c) Security Requirements:

(i) General. Seller shall maintain Data and its information technology environment secure from unauthorized access by using best commercial efforts and state-of-the art organizational, physical, and technical safeguards. Such safeguards shall include:

(1) Pseudonymisation of Personal Data and encryption of Data, as appropriate;

(2) The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of Processing systems and services;

(3) The ability to restore the availability and access to Data in a timely manner in the event of a physical or technical incident;

(4) A process for regularly testing, assessing and evaluation the effectiveness of technical and organizational measures for ensuring the security of Processing; and

(5) All additional controls and measures set out in Sections 23 (c)(ii) and (iii) below.

Seller shall refrain from implementing changes that materially lower the level of security protection provided as of the effective date of the Agreement. Seller shall comply with the minimum security standards set forth herein and provide sixty (60) calendar days’ prior written notice to Buyer of any significant changes to Seller’s information security policy. If Seller conducts SSAE 16 or similar or successor audits (such as audits against ISO 27001-2), Seller shall, at Seller’s expense, provide Buyer prompt notice of any non-conformance and promptly remediate and/or mitigate any non-conformance findings. When requested, Seller shall provide a sanitized version of remediation or mitigation plan to Buyer.

(ii) Passwords. With respect to Seller’s IT infrastructure, servers, databases, or networks that process, store, or transmit Data, Seller shall adhere to each of the following password parameters:

(1) Be at least eight (8) characters in length;
(2) Include a combination of letters and numbers;
(3) Include at least one (1) special character, such as ! & @ * ?;
(4) Never be shared or used in connection with another system; and
(5) Must be changed at least every one hundred eighty (180) calendar days. Alternatively, passwords exceeding twenty-four (24) characters and meeting all complexity requirements above may be changed less frequently (eighteen (18) months or less).

(iii) Technical Security Controls. With respect to IT infrastructure, servers, databases, or networks that Process, store, or transmit Data, Seller shall use the following technical security controls where applicable (and keep them current by incorporating and using all updates commercially available):

(1) Network Protection.

  • Network based firewalls; and
  • Network intrusion detection/protection systems.

(2) Client Protection.

  • An anti-virus program using commercially available software that is updated at least daily on systems that are commonly susceptible to virus and malware attacks;
  • Host-based firewall/intrusion prevention software that blocks activity not directly related to or useful for business purposes;
  • A vendor supported operating system with all current critical patches and security fixes installed.

(3) System and Software Protection.

  • All system and applications must utilize secure authentication and authorization mechanisms.
  • All Seller-developed applications must be designed and implemented using secure coding standards and design principles (e.g. OWASP)
  • Operating systems should be hardened appropriately according to industry best practices (e.g. NIST 800 series, NSA guidelines, CIS benchmark, etc.)

(4) Encryption. Seller shall utilize only industry accepted encryption algorithms with a minimum key length of 256 bits.

(5) Data Protection.

  • Data Access: Seller shall ensure that only authorized individuals (based on role) shall, on behalf of Seller, have access to Data.
  • Data Storage: Seller shall not Process Data on or transfer such to any portable storage medium unless that storage medium is encrypted in accordance with encryption requirements set forth in these Terms and Conditions.
  • Data Transmission: All transmission or exchange of Data by Seller shall use secure protocol standards in accordance with encryption requirements set forth in these Terms and Conditions.

(iv) Incidents. If Seller becomes aware of any actual or suspected (i) unauthorized access to or disclosure of the Data Processed by Seller; (ii) unauthorized access to equipment, applications, processes, or systems owned, managed or subcontracted by Seller on which Data is Processed; or iii) vulnerabilities in any equipment, applications, processes, or systems owned, managed or subcontracted by Seller potentially affecting the privacy of Data Subjects or security of Data (“Breach”), Seller will immediately take steps to mitigate and/or remediate any Breach to protect Data and Data Subjects from further risk or harm and will take steps to prevent any similar Breach from occurring in the future.

Upon becoming aware of a Breach, Seller must immediately notify Buyer, consult and cooperate with investigations, any potential required notices, disputes, inquiries, claims, litigation, or regulatory actions arising from the Breach and provide any information reasonably requested by Buyer. On systems managed by Seller, but not on Seller premises, Seller shall provide such notification to Buyer within twenty-four (24) hours of Seller becoming aware of any such incident, and when the incident occurred on systems located within Seller’s IT infrastructure, servers, databases, or networks that process, store, or transmit Data, such notification shall be made within eight (8) hours of Seller awareness.

At no additional cost, Seller will fully cooperate with Buyer in investigating the Breach, including, but not limited to, the provision of system, application, and access logs, conducting forensics reviews of relevant systems, imaging relevant media, and making personnel available for interview. On notice of any actual or suspected Breach, Seller will immediately institute appropriate controls to maintain and preserve all electronic evidence relating to the Breach in accordance with industry best practices.

In the event any Breach of security or confidentiality by Seller or its agents requires notification to an individual under any privacy law, Buyer will have sole control over the timing, content, and method of notification. Seller agrees that Buyer has the right to name Seller as responsible for the Breach. Seller will promptly reimburse Buyer for all costs and expenses incurred as a result of the Breach, including but not limited to, notice, print and mailing costs, call center services, and the costs of obtaining credit monitoring services and identity theft insurance for the individuals whose Personal Data was or may have been compromised. At Buyer’s discretion, Buyer can request Seller to send Breach notices on Buyer’s behalf.
 

24.

DEBARMENT, SUSPENSION, AND INELIGIBILITY. Seller certifies that it is not debarred, suspended, or proposed for debarment by the United States Federal Government. Seller agrees to notify Buyer immediately if at any time the Seller becomes debarred, suspended, or proposed for debarment by the United States Federal Government.


25.PRECEDENCE OF THE ENGLISH VERSION. These Terms and Conditions have been drafted in English and German language. In case of any discrepancy between the English and the German version, the English version of these Terms and Conditions shall prevail over the German one. 




Standard Terms and Condition; Revision 1 dated 07-21-17


 

Our website uses cookies to provide you with the best possible service. More information about the use of cookies on this website and how they can be disabled is available on our information page. With your consent, you confirm that you have read the information about the use of cookies and accept it. Please also note our further information on the subject of data privacy policy.