General Terms and Conditions

Licenses, Maintenance Services, and Professional Services

A. General Terms and Conditions (Part 1)

1. Scope

1.1 These General Terms and Conditions (“GTC”) apply to all agreements between scdsoft AG (“scdsoft”) and its customer (“Customer” or “Licensee“) regarding the licensing of scdsoft software and/or guidelines, software maintenance and support services, and professional services.

1.2 These GTC apply The Customer’s general terms and conditions do not apply.

2. Contact

2.1 The Customer shall designate a contact person to scdsoft and provide their contact details to ensure the performance of the contract. The contact person must be authorized to make all necessary decisions on behalf of the Customer.

B. Software license

3. License terms: Rental licenses

3.1 scdsoft grants the licensee the non-exclusive, non-transferable, and non-sublicensable right to use the software for internal business purposes for a limited period of time as specified in these Terms and Conditions.

3.2 A rental license grants the licensee the non-exclusive, non-transferable, and non-sublicensable right to install and use the software for its intended purpose (see Section 3.6 of the Terms and Conditions) for the duration of the agreed term.

3.3 The start date of the rental license term must be agreed upon in writing by the parties. The rental license is automatically renewed for additional 12-month periods (subscription model) unless the contract is terminated by either party by giving three months’ written notice to the end of the minimum term or the current renewal period.

3.4 The licensee acquires from scdsoft the time-limited right to use the software for the agreed number of installations. “Installation” means each individual installation of the software on any SAP system (whether productive, satellite, test, development, QA, backup, or other system).

3.5 The time-limited right to use the software is restricted to the use of the software in those SAP systems that the licensee has specified to scdsoft, providing the relevant system information (IP, host name, SID, instance number, clients).

3.6 The intended use of the software is to test and analyze your company’s SAP software applications in order to find insecure configurations and/or authorizations (or in other security and compliance- related areas) in these software applications, and to use the findings and all other results of the testing and analysis to improve such configurations and authorizations.

3.7 The temporary right to use the software is limited in terms of the number of installations and technically restricted to the use of the software in those production systems that the licensee has specified to scdsoft, providing the relevant system information, prior to conclusion of the contract and at the latest prior to delivery of the required license key. The license key is based on the SIDs specified by the licensee and only allows the software to be used in these production systems. The right of use is therefore not granted in the form of so-called “floating licenses,” but is always tied to specific production systems specified before the start of use.

There are only two exceptions to this rule:

  • If the licensee renames a production system by assigning a new SID to the same production system, they remain entitled to use the production system in question.
  • If the licensee decommissions a specific, named production system, they may migrate the right of use relating to the decommissioned production system to another production system, to be designated by name and SID, after informing scdsoft accordingly.

In both cases, scdsoft will change or reissue the license key accordingly upon request. A system is shut down if no productive postings take place in the ERP processes on a permanent basis (e.g., archive system). The role of the client in the client maintenance transaction (SCC4) is then not equal to “Productive.”

4. Other provisions regarding software licenses

4.1 Technical protection measures

The software delivered to the licensee may be configured by scdsoft using technical protection measures to effectively prevent uses that exceed the agreed scope of use. The licensee is not permitted to circumvent or attempt to circumvent these protection measures.

4.2 Extraordinary termination for good cause; termination of the license

  • Both parties retain the right to terminate rental licenses for cause if the legal requirements are met.
  • Both parties may also terminate the contract extraordinarily if the other party is declared insolvent, is liquidated (unless this is solely for the purpose of a merger or reestablishment), if an insolvency administrator is appointed to manage its assets, and if it is unable to meet its financial obligations when they become due.
  • Notices of termination must be in writing to be effective. Transmission of the notice by fax does not satisfy this written form requirement.
  • Upon termination of the licensed use, for whatever reason (e.g., extraordinary termination of the contract, end of the fixed-term license, revocation of the license), the licensee must immediately cease all use of the software and, at scdsoft’s discretion, surrender or destroy all copies of the software in its possession. At the request of scdsoft, the licensee must confirm in writing that the software has been completely returned or destroyed.

4.3 §§ 69 d, e UrhG (German Copyright Act)

Sections 69 d, e of the German Copyright Act (UrhG) apply with the following provisions:

  • Permissible backup copies must contain all copyright notices, ownership notices, and information texts contained in the original.
  • Before claiming a third party for permissible actions pursuant to Sections 69 d, 3 UrhG in accordance with § 69e (2) UrhG (i), the licensee must provide scdsoft with a written document from the third party in which this third party undertakes directly to scdsoft to treat all information obtained in the course of its activities in connection with the software as strictly confidential. The licensee may not (ii) engage any third party who, in scdsoft’s good faith and reasonable judgment, is a direct competitor of scdsoft.

4.4 Open Source Code

The licensee agrees that the software is delivered and used with certain libraries and other code that are made available to the licensee under the terms of separate open source license agreements. The components in question can be found in the current documentation for the software concerned. scdsoft warrants that the relevant license terms do not prevent the contractual use of the software as long as the license terms are complied with.

5. Transfer of the software

5.1 The software is delivered by sending the customer a link via which the customer can download the software from a network (“electronic delivery”). The customer bears the costs of downloading the software. The transfer is deemed to have taken place as soon as the customer receives the download link, provided that the download is technically possible. In particular, there is no acceptance of the software by the customer in accordance with § 640 BGB (German Civil Code) or a comparable procedure.

5.2 The obligation to hand over the software does not include any further obligations (e.g., installation or (employee) training, maintenance).

6. Obligation to inspect and give notice of defects

The customer must inspect the delivered software in accordance with Section 377 of the German Commercial Code (HGB) and report any obvious defects. An effective complaint can only be made in writing.

7. System environment

The customer is responsible for providing the correct system environment in accordance with the specifications of the software in the product description.

8. Warranty, defects

The statutory provisions apply with the following provisions:

8.1 Insofar as the product description states that the detection of errors and/or insecure configurations and authorizations in other software applications is a special feature of the software, scdsoft does not guarantee that the software will find all errors and/or insecure configurations and authorizations in the tested software applications.

In such cases, therefore, there is no material defect.

8.2 If the software shows clear defects, scdsoft will remedy the situation by, at its discretion, (i) delivering defect-free software products to the licensee or (ii) eliminating the defects. If the defect cannot be remedied within a reasonable period of time or if subsequent performance has failed for other reasons, the licensee may, at its discretion, reduce the license fees or withdraw from the contract. If the licensee recognizes a malfunction in the software from its point of view, it is obliged to provide scdsoft with all information and materials necessary to investigate, diagnose, and remedy the malfunction or error, in particular, with regard to software, a list of output and other data, including databases and backup systems, requested by scdsoft in order to replicate the operating conditions prevailing at the time the error occurred.

8.3 Warranty claims for defects do not exist for software, in particular,

  • if its replacement with an updated or upgraded version or a new release of the software intended to remedy the defect has been requested by scdsoft but not carried out by the licensee;
  • are based on the interoperability of the software with components of the IT environment, unless this interoperability is part of the specifications of the software.

8.4 The application of § 536a (2) BGB is excluded; the application of § 536a (1) BGB is limited to cases in which scdsoft has acted culpably or culpably failed to take a necessary action.

8.5 Except in cases of intent or gross negligence, fraudulent concealment of a defect, or injury to health, body, or life, all warranty claims of the licensee against scdsoft shall become statute-barred within one year of delivery of the software to the licensee.

C. Guidelines

9. Guidelines License and Guidelines Updates

9.1 Section B. applies to Guidelines.

9.2 If scdsoft offers guideline updates and the customer orders them, scdsoft will provide the customer with all improvements and additions to the guidelines or any other updates to these guidelines (“guideline updates”) that scdsoft generally issues to its customers. After the release of guideline updates, scdsoft will inform the customer and deliver or make the guidelines available via electronic delivery.

With regard to Guideline Updates, Section 9.1 of the General Terms and Conditions (including the provisions referred to directly or indirectly therein) shall apply accordingly.

9.3 The warranty for defects is governed by Sections 8.1 to 8.5 of the General Terms and Conditions.

D. Maintenance and support services

10. Services

10.1 Software maintenance and support are included in the fees for the rental license and comprise the following services:

  • Delivery of new releases, upgrades, updates, patches, and bug fixes for the software that scdsoft generally makes available to its customers as releases. After the release of an update and/or upgrade, scdsoft will inform the customer and deliver or make the update or upgrade available via electronic delivery.
  • Technical support for the software, consisting of
    • First Level Support: (i) Answers to technical questions and provision of solutions to technical problems that are known and can be answered/solved using the FAQ list, and (ii) Information about the latest features of the software, (iii) advice and assistance in using the software (e.g., assistance with troubleshooting and configuring parameters), and (iv) access to selected computer program-related electronic and web-based tools and services;
    • Second Level Support: (i) answering technical questions and providing solutions to technical problems that are still unknown and/or cannot be answered/solved using the FAQ list, (ii) providing solutions to known technical problems that require a customer-specific solution, and (iii) handling all other questions and problems that First Level Support forwards to Second Level Support in connection with the software, updates, and/or modifications and/or upgrades;
  • scdsoft will make commercially and technically reasonable efforts to eliminate all reproducible errors in the software that prevent the software from functioning in accordance with the contract, provided that the customer has informed scdsoft of the error in sufficient detail and scope. scdsoft reserves the right to eliminate the error by providing a workaround or patch;
  • Updating the rule database: scdsoft will continuously update the relevant rule database for the customer or provide the customer with access to all such updates.

10.2 scdsoft maintains, services, and supports (i) the latest version of the software that scdsoft has delivered to the customer and its immediate predecessor release. scdsoft’s obligations under these Terms and Conditions are limited to these versions or releases.

10.3 scdsoft shall support the customer in the event of error messages on working days (Monday to Friday, except local legal or public holidays at the contractor’s place of business) during normal business hours (from 9:00 a.m. to 5:00 p.m. CET/CEST) by providing information on error correction, error prevention, and error workarounds. The primary medium for this is the service infrastructure provided by scdsoft. End users can send error messages around the clock, every day.

The following services are not included:

  • Customer-specific development and programming services that scdsoft may offer the customer in return for additional payment;
  • Installation services;
  • Consulting and other consulting services in mitigation projects (projects to remedy discovered problems and risks identified by the contractual software, risk minimization, design reviews, penetration tests, etc.);
  • On-site support services;
  • Training services;
  • Hardware or hardware-related deliveries and services.

Furthermore, scdsoft does not provide maintenance services

  • to eliminate software errors caused by modifications to the software for which scdsoft is not responsible, misuse of the software or the data carriers provided, or changes to the data carriers provided by the customer or third parties;
  • for software that does not correspond to the software in a version for which maintenance services are provided under the contract;
  • for the software if it is not installed and/or implemented correctly or in a suitable environment (e.g., not installed in the correct system environment as specified in the product description and/or documentation);
  • if a patch, update, upgrade, or other new version of the software has already been delivered or made available to the customer that fixes the error in question, but this patch, update, upgrade, or new version has not been installed by the customer; the customer is therefore responsible for installing patches, updates, upgrades, or other new versions of the software delivered to them;
  • if the software is used in a manner that is not permitted under the purchased license;
  • if the software is not used in accordance with the specifications in the product description and/or documentation;
  • if the software is used in conjunction with other software that has not been approved by scdsoft;
  • in the event of errors that occur due to insufficient availability, functionality, or performance of the hardware or computer programs used by the customer to operate the software;
  • in the event of a lack of interoperability of the software with the IT environment and infrastructure used by the customer, unless the interoperability in question is specifically part of the specifications of the software.

11. Required Action Updates

scdsoft may, but is not obligated to, inform the customer of intended releases, updates, upgrades, and improvements to the software by means of a product newsletter and/or required action update. The customer is obligated to perform all actions required by a required action update with regard to software changes or updates.

12. Rights to updates, upgrades, etc.

scdsoft grants the customer the same rights of use for updates, upgrades, and other new versions of the licensed products provided under the maintenance agreement as were granted to customer for the software already licensed at the time the new version was made available.

13. Customer’s obligations to cooperate

In order to enable scdsoft to fulfill its obligations under the contract, the customer is obliged to fulfill its obligations to cooperate in a timely and comprehensive manner. If the customer fails to cooperate, scdsoft shall not be responsible for any restriction of the scope of services if and to the extent that (i) the failure to cooperate was the cause thereof, (ii) scdsoft is not at fault, and (iii) scdsoft has made reasonable efforts to provide the affected scope of services despite the failure to cooperate. Sections 642 and 643 of the German Civil Code (BGB) apply accordingly.

In particular, the following cooperation services are required:

13.1 The customer must install all error corrections, bug fixes, updates, modifications, and all other new versions for the software, including all improvements and further developments, in accordance with the instructions of scdsoft and as otherwise specified. If the customer fails to do so in whole or in part, scdsoft may, at its own discretion

    • suspend the provision of services until the customer has completed the installation; or
    • charge the customer a reasonable fee for the work involved in performing the installation, provided that the customer has been notified of this in advance.

Prior to installation, the customer must ensure that the IT systems concerned are in an appropriate condition and that the installation can be carried out. The benchmark for this is the state of the art, including ongoing virus scanning and removal and a proper data backup routine.

13.2 In order to enable scdsoft to provide the contractual services, the customer shall grant scdsoft access to its technical equipment, systems and, if requested by scdsoft, to its premises, as well as access to and support from appropriately qualified employees involved in the operation of the software.

13.3 If the customer discovers an error in the operation of the software and wishes to make use of scdsoft’s services, the customer is obliged to scdsoft with all information and materials that are necessary and requested by scdsoft in order to investigate, diagnose, and remedy these errors, in particular a list of output and other data, including databases and backup systems, which scdsoft may reasonably request in order to replicate the operating conditions prevailing at the time the defect occurred.

13.4 In connection with the fulfillment of its contractual obligations, scdsoft may request technical data and other information from the customer concerning circumstances necessary for the provision of the contractual deliveries and services, such as the system configurations and hardware used by the customer in operating the software. The customer is responsible for providing scdsoft with such data and information immediately upon request.

E. Services

14. Conclusion of contract and services

14.1 scdsoft shall provide professional services if and to the extent that the parties have entered into a corresponding written agreement. In this case, the customer is obliged to pay the agreed remuneration.

14.2 Professional Services may primarily involve services related to the introduction of software and/or guidelines at the customer’s premises (training, implementation, configuration, and other consulting services) or the further development or enhancement of scdsoft’s software. The individual services shall be agreed between the parties on a case-by-case basis.

14.3 scdsoft reserves the right to use one or more subcontractors to provide the services.

15. Cooperation services

15.1 The customer is obligated to provide the cooperation required by scdsoft for the provision of The provisions of Section 13 of these General Terms and Conditions apply accordingly.

16. Rights of use

16.1 The customer shall have exclusive ownership rights to embodied service results such as reports and analyses. This does not apply to certain service results from software development services in accordance with Section 14.2.

16.2 Service results from software development services that are suitable for inclusion in scdsoft’s software products (after appropriate processing, if necessary) remain the exclusive property of scdsoft in order to enable scdsoft to integrate them into the software products with a uniform legal status. The customer is granted a comprehensive, simple, perpetual right to use and further develop such performance results, including the rights to make the necessary reproductions of the performance result and to edit the performance result.

16.3 Notwithstanding clauses 16.1 and 16.2, scdsoft may freely use intangible service results, know-how, findings, and information (subject to the provisions of clause 17 of these GTC) to develop, further develop, and/or correct scdsoft products. In doing so, all features that indicate the customer as the source of the knowledge, etc., must be removed.

F. General Terms and Conditions (Part 2)

17. Remuneration

17.1 All prices are net plus sales tax in euros. The customer is obliged to pay all applicable taxes, in particular the applicable sales tax.

17.2 The remuneration amounts are due for payment within the agreed payment terms, in the case of software and guidelines upon delivery (making available for download). Invoices must be settled within 30 days of receipt.

17.3 It is hereby clarified that license fees and/or remuneration amounts allocated to software licenses as part of mixed services (e.g., for a project for a customer) shall be invoiced by scdsoft at the time of delivery of the respective software and shall be payable by the customer.

17.4 If license fees, guideline update fees, and/or professional service fees are not paid in accordance with the contract, scdsoft is entitled to exercise its right of retention with regard to the services concerned, in addition to claiming damages for delay.

17.5 scdsoft may increase the license fees, guideline update fees, and/or professional service fees for the next contract period, provided that scdsoft notifies the customer at least 3 months before the end of the relevant contract period and informs them of the following provisions that apply in this case:

(i) The customer has the right to terminate the contract with 30 days’ notice to the end of the current contract period by written declaration.

(ii) If the customer does not effectively terminate the contract, the increase in the fee(s) shall be deemed to have been validly agreed upon at the beginning of the following contract period.

17.6 The parties clarify that in the case of rental licenses (see Section 3.2 of the General Terms and Conditions), the license fees include remuneration for the software maintenance, servicing, and support services in accordance with Section D.

17.7 The customer is not entitled to offset. The prohibition of offsetting does not apply if the counterclaims of scdsoft have not been disputed or have been established by a court of law.

17.8 scdsoft reserves all rights and claims to the software (including all updates, upgrades, and modifications) and the guidelines (including all guideline updates) until the respective contractual claims.

18. Liability & Limitations of Liability

18.1 scdsoft shall be liable for damages incurred by the licensee, regardless of the legal basis, in accordance with the statutory provisions, if and to the extent that (i) the damages were caused by an intentional or grossly negligent breach of duty by scdsoft, a legal representative or vicarious agent of scdsoft, (ii) the damages are the result of the absence of a guaranteed characteristic, (iii) the claims are based on culpable injury to life, limb, or health or on culpable infringement of third-party rights, or (iv) the claims are product liability claims under the German Product Liability Act.

18.2 In cases of simple or slight negligence, scdsoft shall only be liable for damages caused by the breach of a cardinal contractual obligation. This limitation of liability shall not apply to damages caused by a culpable injury to health, body, or life, or which are the result of the absence of a guaranteed characteristic. Cardinal obligations are obligations whose fulfillment is essential for the proper execution of the contract and on whose compliance the contractual partner may regularly rely, and whose breach, on the other hand, jeopardizes the achievement of the purpose of the contract.

18.3 Even in the event of a breach of a cardinal obligation, liability is limited to such damages as can typically be expected to occur in the context of a contractual relationship such as the present one, provided that the damage is based solely on simple or slight negligence and does not affect life, limb, or health or result from the absence of a guaranteed quality.

18.4 Unless one of the cases specified in Section 18.1 applies, scdsoft shall not be liable for indirect or consequential damages.

18.5 In addition, liability in cases of breach of a cardinal obligation is limited to EUR 100,000 per claim and EUR 200,000 in total.

18.6 Any liability of scdsoft beyond that specified in Sections 18.1 to 18.5 inclusive is excluded.

18.7 The licensee is responsible for regularly backing up their data. If the licensee suffers damage as a result of data loss, scdsoft shall only be liable for this, even if there is an event giving rise to liability, to the extent that the damage could not have been avoided even if the licensee had regularly backed up all relevant data in accordance with the best practice standards applicable in the industry.

18.8 Claims for damages and claims for reimbursement of futile expenses, whether based on contract, tort or any other basis, shall become time-barred after one This shortened limitation period shall not apply to liability for intent and gross negligence, to claims resulting from injury to health, body or life, or to claims under the Product Liability Act. Section 199 (1) of the German Civil Code (BGB) applies. In any case, the limitation period for the claim shall expire five years after it arises. The provisions of this Section 18.8 shall not affect the limitation provisions for warranty claims pursuant to Section 8.5.

19. Confidentiality and references

19.1 Confidential information within the meaning of the Agreement includes, in addition to information marked as confidential, in particular (i) (a) all knowledge and information comprising technical and non-technical data, algorithms, formulas, diagrams, compilation devices, methods, business and trade secrets, know-how, techniques, drawings, designs, registered designs, processes, procedures, improvements, models, manuals, financial data, and business plans, as well as the contract and these contractual terms and conditions; (b) documents, manuals, and data, whether written, machine-reproducible, visual, or audible, relating to the software; (c) the design, structure, logic, and algorithms of the software and its interactions, as well as the programming techniques and methods used in it; or (d) information relating to scdsoft’s business, and (ii) information that has economic value and is not generally known.

The code portion of the software and all other portions of the software (including all updates, upgrades, and modifications) that are in plain text format, as well as the source code of the software, are by definition Confidential Information of scdsoft, whether in whole or in part and regardless of the form in which they are embodied.

However, the information is not Confidential Information within the meaning of this Section 19 if it (i) was already known to the receiving party without the information being subject to a confidentiality obligation, (ii) is generally known or becomes known without breach of the confidentiality obligations assumed, (iii) is disclosed to the receiving party by a third party without breach of a confidentiality obligation, or (iv) is disclosed due to law, court order, or government request.

19.2 The parties undertake to treat all Confidential Information as confidential and, in particular, not to directly or indirectly (i) disclose or reveal Confidential Information to third parties or publish it without the prior written consent of the other party, and/or (ii) use it for purposes not permitted by the Agreement.

The customer may disclose Confidential Information (i) to its employees only and only to the extent that the employees concerned need to know the Confidential Information, and (ii) only to those employees who have undertaken in writing to comply with the confidentiality obligations described above.

The following exceptions apply to the obligation of confidentiality towards third parties:

The customer may disclose Confidential Information to its outsourcing service providers (i) to the extent necessary for the fulfillment of the outsourcing service provider’s contract and (ii) provided that the outsourcing service provider has previously undertaken in writing confidentiality obligations that are no less stringent in content and scope than the provisions of this Section IV. Third parties who process the customer’s software applications for which scdsoft software is used on behalf of the customer, but only under the conditions specified for outsourcing service providers.

Confidential information may only be communicated or disclosed to other third parties with the specific prior written consent of scdsoft.

19.3 Within the scope of projects or other activities of scdsoft in connection with the respective software, identified information about novel vulnerabilities and similar findings may be used by scdsoft without restriction for research and further development purposes for the benefit of the software in question. All data relating to the customer will be anonymized in advance so that no conclusions can be drawn about the licensee.

19.4 Furthermore, anonymized statistical data may be collected in the context of software analyses. scdsoft does not collect any personal or other user data, but only general metrics (e.g., number and type of vulnerabilities). The data is included in benchmarks that are published by scdsoft at regular intervals.

19.5 scdsoft is entitled to include the customer in the list of scdsoft reference customers.

20. Final provisions

20.1 The exclusive place of jurisdiction for all disputes arising from or in connection with the contract, including these General Terms and Conditions, is Karlsruhe.

20.2 The contractual relationship shall be governed exclusively by the laws of the Federal Republic of Germany, excluding German and European private international law and the UN Convention on Contracts for the International Sale of Goods.

20.3 Should one or more provisions of the contract or these terms and conditions be or become invalid, this shall not affect the validity of the rest of the contract. Rather, the invalid provision(s) shall be replaced by means of supplementary interpretation of the contract by one or more legally effective provisions that come as close as possible to the economic purpose recognizably pursued by the contracting parties with the invalid provision(s). The same applies to the filling of any contractual gaps.