Contract Terms (SaaS)
Contract Terms of Equinox FinTech Solutions GmbH
for the use of software via the Internet
(Software as a Service)
-SaaS Equinox-
1. Services
1.1 The provider shall make the contractual services, in particular access to the software, available within its sphere of control (from the data center interface to the Internet). The scope of services and description of the paperfly scan and portal software are set out in the Paperfly Service Description or the individual customer offer.
1.2 Any services beyond this, such as the development of customer-specific solutions or required customizations, require a separate agreement.
1.3 The provider may provide updated versions of the software.
The provider shall inform the customer electronically about updated versions and the corresponding usage instructions and shall make them available accordingly.
2. Scope of Use
2.1 The contractual services may be used only by the customer and only for the purposes agreed in the contract. During the term of the contract, the customer may access the contractual services by means of telecommunications (via the Internet) and use the functionalities associated with the software in accordance with the contract by means of a browser or another suitable application (e.g. an “app”).
The customer shall not receive any rights beyond this, in particular to the software or to any infrastructure services provided in the respective data center. Any further use requires the provider’s prior written consent.
2.2 In particular, the customer may not use the software beyond the agreed scope of use, allow third parties to use it, or make it accessible to third parties. In particular, the customer is not permitted to reproduce, sell, temporarily transfer, rent, or lend the software or any parts thereof.
2.3 The provider is entitled to take appropriate technical measures to protect against use that is not in accordance with the contract. Such measures may not impair the contractual use of the services more than insignificantly.
2.4 In the event that a user exceeds the scope of use in breach of the contract, or in the event of unauthorized transfer of use, the customer shall, upon request, promptly provide the provider with all information available to the customer that is required to
assert claims arising from the non-contractual use, in particular the user’s name and address.
2.5 The provider may revoke the customer’s access authorization and/or terminate the contract if the customer significantly exceeds the permitted use or breaches provisions designed to protect against unauthorized use. In connection with this, the provider may interrupt or block access to the contractual services. As a rule, the provider must first set the customer a reasonable grace period to remedy the breach. The revocation of access authorization alone shall not also be deemed termination of the contract. The provider may maintain a revocation of access authorization without termination only for a reasonable period, not exceeding 3 months.
2.6 In the event of serious breaches of the Terms of Use (see Section 6.2), the provider is entitled to temporarily freeze or permanently close user accounts even without setting a deadline, if this is necessary to prevent harm to the provider itself or to other users and to ensure the security and operation of the software.
2.7 The provider’s claim to remuneration for any use exceeding the agreed scope of use shall remain unaffected.
2.8 The customer shall be entitled to reinstatement of access authorization and access options once the customer has demonstrated that it has ceased the non-contractual use and prevented any future non-contractual use.
3. Availability, Defects in Performance
3.1 The availability of the services provided is set out in the Service Description.
3.2 In the event of only an insignificant reduction in the suitability of the services for contractual use, the customer shall have no claims for defects. The provider’s strict liability for defects that already existed at the time the contract was concluded is excluded.
4. Data Protection and Data Security
4.1 Our Privacy Policy applies to data protection; the Paperfly Service Description also applies with regard to data security.
4.2 To the extent that the provider can access personal data of the customer or from the customer’s sphere, the provider shall act solely as a processor and shall process and use such data only for the performance of the contract. The provider shall comply with the customer’s instructions regarding the handling of such data. The customer shall bear any adverse consequences of such instructions for the performance of the contract. The customer shall agree with the provider on the details of the provider’s handling of the customer’s data in accordance with data protection requirements. For this purpose, the parties shall enter into a separate data processing agreement.
4.3 The customer shall remain the controller both generally within the contractual relationship and within the meaning of data protection law. If the customer processes personal data (including collection and use) in connection with the contract, the customer warrants that it is authorized to do so under the applicable provisions, in particular data protection provisions, and shall indemnify the provider against third-party claims in the event of a breach.
4.4 The following applies to the relationship between the provider and the customer: vis-à-vis the data subject, the customer is responsible for the processing (including collection and use) of personal data, except to the extent that the provider is responsible for any claims by the data subject due to a breach of duty attributable to the provider. The customer shall be responsible for reviewing, processing, and responding to any inquiries, requests, and claims by data subjects. This also applies if the data subject asserts claims against the provider. The provider shall support the customer within the scope of its obligations.
4.5 The provider warrants that the customer’s data shall be stored exclusively within the territory of the Federal Republic of Germany, unless otherwise agreed.
An overview of the physical and operational security processes used in the data center for the network and server infrastructure, as well as service-specific security implementations, ishere described.
5. Customer Obligations
5.1 The customer must protect the access rights assigned to the customer and/or its users
as well as identification and authentication information against access by third parties and must not disclose them to unauthorized persons.
5.2 The customer is obligated to indemnify the provider against all third-party claims arising from legal violations that are based on unlawful use of the subject matter of the service by the customer or that occur with the customer's approval. If the customer becomes aware, or should become aware, that such a violation is imminent, the customer must notify the provider without undue delay.
5.3 The customer must use the options provided by the provider to back up its data within the customer's own area of responsibility.
6. Use in Breach of Contract, Damages
6.1 For each case in which a service covered by the contract is used without authorization within the customer's area of responsibility, the customer must pay damages in the amount of the remuneration that would have been incurred for contractual use during the minimum contract term applicable to that service. The customer reserves the right to prove that the customer is not responsible for the unauthorized use or that no damage, or substantially lower damage, occurred. The provider remains entitled to assert further damages.
6.2 Users of the paperfly Scan- und Portal Software are, in particular, prohibited from:
The following list is not exhaustive and is provided for guidance only.
➔ Providing a false identity or acting on behalf of another person without the appropriate authorization
➔ Knowingly accessing unauthorized parts of the software
➔ Interfering with the normal function and availability of the software through DDoS attacks or deliberately overloading core functionalities using automated scripts (executing functions in a loop)
➔ Uploading or transmitting invalid data, viruses, worms, malicious code, malware, or other attacks that do not reflect normal use of the DMS
➔ Decrypting data transmissions to reverse-engineer security functionalities, circumventing login processes, attempting to hack DMS user accounts, or making other attempts to compromise the security of the DMS
➔ Attempting to scan the DMS platform for attack vectors (e.g., port scans) without the consent of Equinox GmBH, or attempting to exploit software vulnerabilities
➔ Attempting to access user accounts, the DMS portal, or third-party hardware (e.g., smartphones) by modifying transmitted data packets
Reproducing, duplicating, copying, selling, exchanging, reselling, renting, or sublicensing the DMS platform or individual services
➔ Integrating the DMS platform or individual services into the customer's own products for resale without the provider's written consent
➔ Publishing information about the performance of the DMS platform; such information is considered confidential
➔ Modifying DMS platform services by interfering with data traffic
➔ Reverse engineering, disassembling, decompiling, or using other methods aimed at investigating the source code, underlying ideas, algorithms, file formats, or non-public APIs of the DMS platform, unless such conduct is explicitly permitted in the applicable jurisdiction, and even then only with prior notice to, or notification of, Equinox GmbH
➔ Preventing or circumventing security measures, data or document transmission limits, or configuring DMS platform services in a manner intended to avoid costs that would normally be incurred.
➔ Distributing DMS platform services in any manner other than as expressly permitted in this document
➔ Accessing the DMS in order to create a competing product or to copy features or the user interface
➔ Using the DMS for product evaluation, benchmarks, or other comparative analyses for public publication without the consent of Equinox GmbH
➔ Removing or obscuring trademarks, logos, or copyright information of Equinox GmbH (including reports generated from the DMS)
7. Incident Management
7.1 Incidents during demonstration operation
During free demonstration operation, Equinox GmbH assumes no liability for the loss or unavailability of data sets, unless Equinox GmbH acted fraudulently, intentionally, or with gross negligence. To the extent permitted by law, any claim to maintenance and support is generally excluded.
7.2 The provider will receive the customer's incident reports, assign them to the agreed incident categories (Section 7.4), and, based on this classification, carry out the agreed measures to analyze and resolve incidents.
7.3 The provider will receive proper incident reports from the customer during its regular business hours and assign each report an identifier. At the customer's request, the provider will confirm receipt of an incident report and provide the assigned identifier.
7.4 Unless otherwise agreed, the provider will assign received incident reports to one of the following categories after an initial review:
a) Critical incident
The incident is based on an error in the contractual services that makes use of the contractual services, in particular
the software, impossible or possible only with severe restrictions. The customer cannot reasonably work around this problem and is therefore unable to complete urgent tasks.
b) Other incident
The incident is based on an error in the contractual services that makes use of the contractual services, in particular
of the software by the customer more than insignificantly, without a critical disruption being present.
c) Other notification
Disruption reports that do not fall into categories a)
and b) are classified as other notifications. Other notifications will be handled by the Provider only in accordance with the agreements made for that purpose.
7.5 In the case of reports of critical disruptions and other disruptions, the Provider will, without undue delay and on the basis of the circumstances communicated by the Customer, initiate appropriate measures to first localize the cause of the disruption.
If, after an initial analysis, the reported disruption does not prove to be an error in the contractual services, in particular the software provided, the Provider will inform the Customer without undue delay.
Otherwise, the Provider will arrange appropriate measures for further analysis and for remedying the reported disruption or, in the case of third-party software, forward the disruption report together with its analysis results to the distributor or manufacturer of the third-party software with a request for remediation.
The Provider will make available to the Customer without undue delay any measures available to it for bypassing or remedying an error in the contractual services, in particular the software provided, such as instructions for action or corrections to the software provided.
The Customer will implement such measures for bypassing or remedying disruptions without undue delay and, when using them, will promptly report any remaining disruptions to the Provider again.
8. Contact Point (Hotline)
8.1 Contact Point for Demonstration Use
During free demonstration use, there is no entitlement to use the hotline; Equinox GmbH is also free to restrict or discontinue the hotline service for test users during free demonstration use at any time without stating reasons. In principle, of course, we welcome feedback, requests, and suggestions from every interested party.
8.2 Contractual Services
The Provider will set up a contact point for the Customer (hotline). This contact point handles the Customer’s inquiries in connection with the technical requirements and conditions for using the software provided, as well as regarding
individual functional aspects.
8.3 Acceptance and Handling of Inquiries
A prerequisite for the acceptance and handling of inquiries is that the Customer names to the Provider appropriately qualified specialist and technical
personnel who are internally tasked by the Customer with handling inquiries from users of the software provided. The Customer is obliged to submit inquiries to the hotline only through the personnel named to the Provider and to use the forms provided by the Provider.
The hotline accepts such inquiries by email, fax, and telephone during the Provider’s normal business hours.
The hotline will process proper inquiries in the ordinary course of business and answer them where possible. In answering inquiries, the hotline may refer to documentation and other training materials for the provided
software that are accessible to the Customer. If the hotline is unable to answer an inquiry, or unable to do so in a timely manner, the Provider will—where expressly agreed—forward the inquiry for processing, in particular inquiries relating to software not manufactured by the Provider.
Additional hotline services, such as different contact hours and response times, on-call availability, or on-site deployments by the Provider at the Customer’s premises, must be expressly agreed in advance.
9. Contract Term and Termination
9.1 The contractually agreed services will be provided from the date specified in the contract, initially for the term agreed in the contract. During this minimum term, ordinary early termination by either party is excluded.
9.2 The contract may be terminated with one month’s notice, but no earlier than the end of the minimum term. If this does not occur, the contract will be extended by one additional month at a time. Refunds for paid days that are no longer used after receipt of the notice of termination through the end of the month are excluded.
9.3 The right of each contracting party to terminate the contract extraordinarily for good cause remains unaffected.
9.4 Any notice of termination must be in writing to be effective.
Clause 8.4 applies AV Equinox.
9.5 The Customer will back up its data inventories on its own responsibility in good time before the end of the contract (for example, by download). Upon request, the Provider will support the Customer in doing so; Clause 4.3 AV Equinox applies. For reasons of commissioned data processing alone, the Customer will generally no longer have access to these data inventories after the end of the contract.
10. Applicability of AV Equinox
In addition, the General Terms and Conditions of AV Equinoxapply.
Münster, October 25, 2021.