Terms and conditions

1. Scope.

IntraFind delivers and operates software, in particular an Enterprise Insight Engine which is provided as Software-as-a-Service (SaaS), as well as accompanying services (hereinafter "Software"). These General Terms and Conditions (hereinafter "T&C") govern the contractual relationship under which IntraFind, Landsberger Str. 368, 80687 Munich, Germany provides software and services to the client (§ 14 BGB, hereinafter "Client").

The Software indexes the contents of the Atlassian Confluence Cloud Instance (hereinafter "Confluence Software") of the Customer and makes the search results available in the Confluence Software of the Customer in accordance with the service description defined on the Atlassian Marketplace. During indexing, personal data is also transferred to the search index of the software and made searchable via a search input field of the Confluence software.

The T&C apply exclusively. Other terms and conditions of the Customer shall not be valid. Differing agreements between IntraFind and the Customer shall only apply if they have been made in writing in an individual contract.

The contractual agreement between IntraFind and the Customer is based on: the Atlassian Marketplace Terms of Use, which govern the purchase of IntraFind Confluence Search through the Atlassian Marketplace and the applicable terms of purchase, pricing and payment., these T&C, which concern the legal conditions of the contract; Annex A on the regulations of the software maintenance and software support services; Annex B as the data protection agreement on the processing of personal data (order processing pursuant to Art. 28 DS-GVO); and Annex C on the designation of subcontracting relationships.

2. Rights of use

2.1 Rights to the Software. During the term of the contract and subject to payment of the agreed fees, IntraFind grants the Customer, for a limited period of time, a non-transferable and non-exclusive right to access and use the Software and the Software documentation solely for the Customer's business purposes. Further rights of use are not transferred. Transfer of the rights of use to third parties is excluded.  

IntraFind will host the iFinder Enterprise Server and retain physical control over it. Unless expressly set forth in this Agreement or otherwise agreed in writing, IntraFind is not obligated to deliver copies or code of the Software to the Subscriber or obligated to otherwise make the Software available.

IntraFind provides the Customer with the use of the Software at the router exit of the respective data center ("Transfer Point"). IntraFind is not responsible for guaranteeing the data connection between the transfer point and the Customer's IT systems. It is the responsibility of the Customer to create the technical conditions for receiving the software at the transfer point and using it.

3.2 Use of the Software by Employees. The Client is entitled to use the Software by its own employees or by third parties (hereinafter "Users") to search Atlassian Confluence. The Customer shall be responsible for the use of the Software by its Users and any damage caused by negligent or intentional breaches of duty by its Users.

3.3 Limitation of Rights of Use. Unless otherwise agreed or required by mandatory law, the Customer shall not be entitled (i) to copy the Software beyond what is necessary for the contractual use, neither in whole nor in part; (ii) to modify, correct, adapt, translate, improve or otherwise make derivative developments to the Software; (iii) make the Software available to third parties; (iv) decrypt the source code of the Software, either in whole or in part; (v) circumvent or violate any security devices or protection mechanisms contained in or used for the Software; (vi) take any action likely to cause damage to the Software or Contractor's servers; (vii) use the Software in a manner that violates any applicable law and/or the rights of any third party; (viii) use the Software for purposes of benchmarking or competitive analysis of the Software, for the development, use or provision of a competing Software product or service, or for any other purpose that is detrimental to Contractor; and/or (ix) use the Software for or in the context of the design, construction, maintenance, operation or use of hazardous environments, systems or applications or other safety-critical applications, or otherwise use the Software in a manner that could result in physical harm or serious property damage.

If the Customer violates the terms of use or legal regulations or if there is any other important reason, IntraFind may terminate the contract without notice, or limit the duration of user accounts or block them permanently. The sole revocation of the access authorization (restriction or permanent blocking) shall not be deemed at the same time as termination of the contract.  

3.4 Third-party software. For third-party software, the respective terms and conditions of the provider shall apply (e.g. Google GKE).

3.5 Software maintenance and software support services. During the term of this Agreement, Customer shall be entitled to certain software maintenance and software support services ("Subscription Services" or "Services") provided by IntraFind, including the provision of new versions, upgrades and updates as further described in Annex A to this Agreement ("Maintenance Services"), and access to support services as further described in Annex A to this Agreement ("Support Services"). Training of Customer's employees, configuration, integration and commissioning of the Software as well as all other services that are not expressly part of the Subscription Services shall be considered "Professional Services" to be ordered separately by Customer and to be invoiced by IntraFind.

4 Term and termination

4.1 Term of the Contract. The beginning, end and ordinary termination options of the respective contractual relationship arise from the contract concluded via the Atlassian Marketplace for the use of the IntraFind Confluence Search. The right to extraordinary termination remains unaffected. The terms of use of the Atlassian Marketplaces apply in all other respects.

5. Payment

Payment is processed via the Atlassian Marketplace according to their terms of use.

6. Improvements

IntraFind endeavors to continuously develop the Software. Within the scope of these further developments, IntraFind intends to improve, expand, delete and/or otherwise change individual functions of the software. The functionalities of the software may be changed by IntraFind if this is necessary for a valid reason and the Customer is not objectively placed in a worse position as a result compared to the performance agreed upon at the time of the conclusion of the contract (e.g. in the case of an improvement of functionalities). A valid reason exists in particular if the functionalities are changed due to technical innovations.

7. Intellectual property

7.1 Intellectual Property of Customer. All information and data of the Customer or its Affiliates, including all documents and records indexed, retrieved, processed, searched or otherwise handled by the Software, shall remain the (Intellectual) Property of the Customer. Subject to the limited licenses granted herein, IntraFind does not acquire from Customer under this Agreement any right, title or interest in Customer's Data.

The Customer grants IntraFind, as well as affiliated subcontractors, a worldwide, time-limited right to store, copy, and process the Customer's Data only to the extent necessary to provide and improve the Services in accordance with this Agreement.

7.2 Intellectual property of IntraFind . IntraFind retains all rights and title in and to the Software, including but not limited to: (i) any modifications and/or enhancements to the Software and Deliverables, regardless of the source of inspiration for such enhancement or modification and regardless of whether Client has contributed to such modifications and/or enhancements, (ii) proprietary training or educational content, (iii) materials related to Professional Services processes and methodologies, (iv) any algorithms in the context of artificial intelligence ("AI") or cognitive capabilities of the Software.

Notwithstanding any other provision of this Agreement, IntraFind may access and use the Software and retains all rights to the Software, as well as aggregated and anonymized usage data. Provided that such data shall not reveal the identity or characteristics of any particular individual or Participant and shall not contain any confidential information of Users.

7.3 Artificial Intelligence ("AI"). Client acknowledges and agrees that the outputs of the AI algorithms of the Software are based solely on the electronic data or information that Client submits to the Software. Therefore, the Client understands and accepts that the quality of this data directly affects the quality of the output. IntraFind therefore makes no warranty, express or implied, as to the accuracy or completeness of the automatically generated results.

7.4 Suggestions and feedback. IntraFind has a worldwide, perpetual, irrevocable license to use and incorporate into the Software any suggestions, enhancement requests, recommendations, results of anonymous usage statistics, or other feedback provided by the Customer, including its users, regarding.

7.5 Usage Data. IntraFind may compile statistical and other information relating to the performance, operation and use of the Software solely for (i) providing usage statistics to Customer, (ii) maintaining the security and integrity of the Software, and (iii) research and development purposes relating to improvements to the Software Services; the data shall not include Customer's Confidential Information.

8 Confidentiality and data protection

8.1 Confidential information; business and trade secrets. IntraFind and the Customer are obligated for an unlimited period of time to maintain confidentiality about all information designated as confidential or business and trade secrets that become known to IntraFind or the Customer in connection with the execution of the contract. Disclosure to third parties not involved in the performance of the contract may only take place with the written consent of the respective other party. The obligations of this section shall apply for a period of five (5) years beyond the expiration or termination of this Agreement. If the parties have entered into a non-disclosure agreement (NDA) prior to the execution of this Agreement, the provisions of the NDA shall expire upon the execution of this Agreement

8.2 Exceptions. The obligation of confidential treatment does not apply to IntraFind insofar as ideas, concepts, know-how, techniques and data are concerned that relate to the software provided by IntraFind or relate to the software creation, provision or SaaS services and that are already known to IntraFind or were known outside of this contract.

8.4 Agreement on order processing. In the course of using the software, the Customer may process personal data of its employees and other data subjects. In this context, the Customer is the responsible party and IntraFind is the commissioned processor. This commissioned processing is governed by the Commissioned Processing Agreement between the Parties in Annex B and is expressly incorporated into these GTC and the Agreement between the Parties.

8.5 Data Protection. The Parties agree to fully comply with applicable data protection laws (including, but not limited to, Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter "GDPR")). Unless otherwise defined in this Agreement, all terms used in this Agreement that appear in the GDPR shall have the meaning set forth in Annex B.

8.6 Protection of Access Data. Personal Access Data may not be disclosed by Customer to third parties and shall be kept protected against unauthorized access.

8.7 Authorization to process anonymized data. IntraFind is entitled to use anonymized data in connection with the use of the software for internal business and/or operational purposes, in particular to analyze the use of the software and to improve the software. The Customer shall issue a corresponding instruction to anonymize the data required for this purpose.

8.8 Ownership and Return of Confidential Information. All Confidential Information is provided "as is" without warranty of any kind and shall remain the sole property of the respective party and no license or other right to such information is granted under this Agreement. Upon request, all Confidential Information, including copies thereof, shall be promptly returned or destroyed. Notwithstanding the foregoing obligations, it shall be permitted to retain backup copies of the Confidential Information to the extent required by applicable law and provided that such backup copies are kept securely.

9 Warranty and safety

9.1 Mutual Assurances. Each Party warrants to the other Party that: (i) it is authorized to enter into this Agreement; (ii) it will comply with all applicable federal, state, local or other laws and regulations applicable to the performance of its obligations under this Agreement; (iii) it has and will obtain all applicable permits and licenses required in connection with its obligations under this Agreement; (iv) to the best of its knowledge, the licensed use of the Software will not infringe the intellectual property rights of any third party;

9.2 License Warranties. IntraFind warrants to Customer that: (i) the Software is free of harmful code at the time of delivery; (ii) the Software will perform all essential functions described in the Documentation for a period of three (3) months after the initial delivery date; (iii) the Software will not infringe the intellectual property rights of any third party for a period of one (1) year after the initial delivery date to the best of IntraFind's current knowledge.

9.3 Exclusion of Warranties.

9.3.1 Fault of the Customer or third parties. The foregoing warranties are excluded in the event of (i) changes or modifications to the Software not made by IntraFind or its agents or not in accordance with IntraFind's instructions or expressly permitted in the Documentation, (ii) use of the Software in a manner other than as described in the Documentation, (iii) use of the Software as part of an unlawful process, (iv) a product that the Customer manufactures, uses or sells, or (v) an intentional act or gross negligence of the Customer or a breach of its obligations under this Agreement.

9.3.2 Third Party Software. The limited warranties set forth herein apply only to Software developed by or for IntraFind and its Affiliates. However, certain third party software may be provided to Customer along with the Software. Notwithstanding anything to the contrary herein, the limited warranties set forth herein do not apply to such third party software or products provided "as is" even if packaged and sold with the Software.

9.3.3 Excluded Warranties. The Software and all Subscription Services are provided "as is". There is no warranty that the Software and Subscription Services will meet Customer's or Users' requirements or that the operation of the Software will be uninterrupted or error-free.

9.4 Notification of Defects. The Customer shall report any defects in the Software to IntraFind in writing without undue delay, but no later than within two (2) weeks from the date of knowledge, with a detailed description of the defect. If such notification is not made, claims and rights based on the respective defect in the performance, insofar as it was recognizable by the Customer, are excluded.

9.5 Elimination of a defect. If a material defect or breach (as applicable) occurs and a valid claim is received by IntraFind during the warranty period set forth above, IntraFind may, in its sole discretion, either repair or replace the Software, re-perform the Services, or refund the Subscription Fees in an amount equal to a pro rata time portion of the annual Subscription Fee from the date of such refund.

9.6 Statute of Limitations. All claims and rights for any defect shall be barred by the statute of limitations six (6) months from the date such defect was first reported or should have been reported after notice of the defect. Otherwise, the warranty period shall be twelve (12) months.

9.7 Service guarantees. IntraFind warrants to Customer that IntraFind will perform the Services in a good and workmanlike manner, in accordance with the terms and conditions set forth in Appendix A.

10 Liability
10.1 Liability for intent and gross negligence. IntraFind shall be liable without limitation for damage caused by intent or gross negligence on the part of IntraFind, its legal representatives or vicarious agents.

10.2 Liability for essential contractual obligations, foreseeable damage. Furthermore, IntraFind shall be liable for the slightly negligent breach of essential contractual obligations. Material contractual obligations are those obligations (i) the fulfillment of which makes the proper performance of this contract possible in the first place, (ii) the violation of which jeopardizes the achievement of the performance of the contract, and (iii) compliance with which the Customer may regularly rely on (so-called cardinal obligations).

10.3 Unlimited liability in case of injury to life, body, health; guarantee of quality; fraudulent intent; product liability. The above limitations of liability shall not apply in the event of injury to life, limb or health, for a defect following the assumption of a guarantee for the quality of the product and in the event of fraudulently concealed defects. Liability under the Product Liability Act shall remain unaffected. The strict liability for initial defects in § 536a para. 1 Alt. 1 Alt. 1 BGB is, however, excluded for the software services.

10.5 Scope of the exclusion or limitation of liability. Insofar as the liability of IntraFind is excluded or limited, this also applies to the personal liability of employees, legal representatives and vicarious agents.

10.6 Force majeure. Cases of force majeure shall release both parties from their respective obligations to perform for their duration and to the extent of their effects. The parties shall immediately notify each other in writing of all cases of force majeure (both their commencement and termination) within three (3) days from the date on which they become aware of them and at the latest within five (5) days from their commencement or termination. If the notification is culpably delayed, each party shall be liable to compensate the other for any resulting damage.

If the resulting delays exceed the period of eight (8) weeks, both contracting parties shall be entitled to withdraw from the contract with regard to the affected scope of performance. There shall be no further claims.

Force majeure shall be events for which neither party is responsible, which may significantly impede, impair or frustrate the performance of the contract and which are beyond the control of the respective party and which could not have been prevented even by reasonable measures, such as war, riots, epidemics, malware, sovereign acts, mobilization, terrorism, fire, natural disasters or strikes or lockouts, provided that the party is therefore prevented from fulfilling its contractual obligations.

10.7 Disclaimer. Except for loss of life, personal injury, gross negligence or willful misconduct, in no event shall IntraFind or its licensors be liable for consequential damages (including, without limitation, loss of revenue or profits, loss of savings or other benefits, loss of opportunity, loss of goodwill, loss of reputation or loss, damage, compromise or corruption of data, loss of use of equipment, cost of replacement equipment and other related costs, downtime) arising out of the Agreement, whether based in contract, tort or any other legal theory. In addition, IntraFind shall not be liable in any way with respect to the Client's Data. For the avoidance of doubt, IntraFind shall not be liable for any loss and/or damage incurred by the Client and/or its Affiliates with respect to the content of the Software created and/or derived from the Client Data.

10.8 Limitation of Liability. In no event shall the aggregate liability of IntraFind or its licensors under this Agreement exceed an amount equal to 25% of an annual Subscription Fee or, in the case of Professional Services, the total amount of Professional Service Fees paid to IntraFind by Customer twelve months prior to the incident. Notwithstanding anything to the contrary in this Agreement, IntraFind and its licensors shall not be liable for any damages if Customer has not paid to IntraFind any amount for the Subscription giving rise to the claim.

10.9 Limitation. Contractual claims for damages by the contractual partners and its claims for reimbursement of futile expenses are subject to a limitation period of two (2) years.

11 Intellectual property rights and indemnification against claims of third parties

11.1 Indemnification by IntraFind. IntraFind ("Indemnitor") will defend, indemnify and hold the Client harmless from any third party claim asserted against the Client and its employees, officers, directors' agents and representatives, ("Indemnitees") based on (i) gross negligence, willful misconduct or violation of law by IntraFind and/or (ii) any claim, demand or allegation that Client's licensed use of the Services by IntraFind infringes or impairs any patent, copyright, trade secret, trademark or other intellectual property right (collectively, "IP Rights").

11.2 Indemnification by the Customer. Customer ("Indemnitor") shall defend, indemnify and hold harmless IntraFind and its Affiliates from and against any and all third party claims asserted against IntraFind and its employees, officers, directors, agents and representatives ("Indemnitors") based on a) allegations that Customer's Data infringes any Intellectual Property Rights and/or b) Customer's failure to comply with or breach of this Agreement, including unauthorized use of the Software Services.

11.3 Procedure. In order for an Indemnitee to be entitled to indemnification under this Section 13, Indemnitee shall: (i) promptly notify Indemnitee in writing within thirty (30) days after becoming aware of such claim; (ii) give Indemnitee sole control and authority over the defense or settlement of such claim; and (iii) provide Indemnitee with reasonable and complete information and reasonable assistance in the defense and/or settlement of such claim.

Neither Party shall, without the prior written consent of the other Party, accept any settlement that imposes any restrictions or obligations on the other Party, requires any admission by the other Party, or imposes any liability on the other Party that is not covered by the Indemnification Payments.
The Indemnified Party shall take reasonable steps to mitigate its loss following a breach covered by this Section 13.

If IntraFind infringes a third party's IP Rights by providing the Software and Customer is unable to use the Services or any portion thereof ("Infringing Element") because a court of competent jurisdiction issues a judgment that is not appealable, IntraFind may promptly, at its sole expense and discretion, either: (i) procure for Customer the right to continue to use the Infringing Element; or (ii) replace or modify the Infringing Element so that it is no longer infringing. If IntraFind determines, in its sole discretion, that neither option is commercially reasonable, IntraFind may terminate the Statement of Work (or any portion thereof). In such case, IntraFind will refund the unused portion of any prepaid fees received by the Client from IntraFind for the infringing item.

12 Other rights and obligations

12.1 Granting of licenses. The parties grant each other only those licenses and rights that are expressly specified and agreed. No rights are granted beyond the foregoing.

12.2 Non-liability. Each party shall not be liable for any failure to perform any obligation beyond its reasonable control.

12.3 Reference, mention for advertising purposes. Contractor shall have the right to publicly express the fact that Customer uses its Software or is its customer and to use Customer's name and logo for this purpose in its marketing materials, on the Internet on its website and/or on its social media pages. Any other use of the Client's name or logo requires the prior consent of the Client.

13 Contact

All written notices under this Agreement shall be addressed to:

IntraFind Software AG, Landsberger Str. 368, 80687 Munich, Germany
14 General

14.1 Exclusion of third-party general terms and conditions. The validity of general contractual or business terms and conditions of the Customer is expressly excluded. This also applies if IntraFind has not expressly objected to the Client's terms and conditions and/or provides services without objection.

14.2 Applicable law; place of jurisdiction. The law of the Federal Republic of Germany shall apply to the exclusion of the UN Convention on Contracts for the International Sale of Goods (CISG). In the event of any disagreement arising from this contract, the parties undertake to first reach an amicable settlement. Should this not be possible, the parties agree already now on Munich as the exclusive place of jurisdiction for all disputes arising from the business relationship vis-à-vis merchants and legal entities under public law or special funds under public law, unless another place of jurisdiction is mandatory by law.

15.3 Compliance. Customer agrees to comply with all federal, state, local and international rules, regulations, ordinances and laws applicable to Customer's obligations under this Agreement and Customer's use of the Software and Subscription Services, including import/export laws, labor laws and anti-corruption laws.

15.4 Severability Clause. If individual provisions are or become invalid in whole or in part or if the contract contains a loophole, this shall not affect the validity of the contract as a whole or the validity of the remaining provisions. In this case, the contracting parties undertake to agree on a provision that comes closest to the interests of both parties, taking into account the agreements contained in this contract.

15.5 Written form requirement . All agreements which contain an amendment, supplement or concretization of the terms and conditions of this contract, as well as all warranties of characteristics and other special agreements between the contracting parties must be made in writing. The submission of a declaration of intent by e-mail or SMS does not satisfy this formal requirement. The written form requirement shall also apply to the cancellation of this written form agreement.

15.6 Completeness . Upon conclusion of this Agreement, all previous oral and written agreements concerning the subject matter of this Agreement shall lose their validity.

15.7 Changes to the General Terms and Conditions. IntraFind is entitled to amend these General Terms and Conditions at any time if this does not affect essential provisions of the contract and if this is necessary to adapt to technical and/or legal developments that were not foreseeable at the time the contract was concluded and the failure to take these into account would noticeably disrupt the balance of the contract. IntraFind will notify the Customer in writing in good time of any changes to the General Terms and Conditions applicable to the Customer.

The changes shall be deemed to have been approved by the Contractor if he does not object to the changes in writing or terminate the contract within one month of the notification of the changes. In the event of an objection by the Contractor, IntraFind shall be entitled to terminate the existing contractual relationship with due notice. IntraFind will make special reference to this period and its consequences in the notification.

Annex A - Software Maintenance and Software Support Services

The following terms and conditions for Subscription Services ("Terms and Conditions" or "T&C") apply to all - Software Maintenance and Software Support Services provided by IntraFind under the Agreement entered into between the Parties.

1 Provision of Services.

During the term of the Agreement, Customer shall be entitled to certain software maintenance and software support services to be provided by IntraFind ("Subscription Services"), including the provision of new versions, upgrades and updates, as described in Section 2 ("Maintenance Services"), and access to support services, including the processing of support tickets, as described in Section 3 ("Support Services").

For the avoidance of doubt, all training of Customer's personnel, guidance on configuration (other than default parameters and settings), integration, commissioning and use of the Software, all configuration services and services to troubleshoot the existing configuration, and any other services that are not expressly part of the Subscription Services shall be considered "Professional Services" and must be ordered separately by Customer and invoiced by IntraFind.

2 Software Maintenance.

IntraFind will, in its sole discretion and from time to time, provide and release and install updates, upgrades and new versions of the Software to Customer. For purposes of this Agreement, (i) "Updates" are Software versions that contain bug fixes and are generally identified by a change in the digit to the right of the second decimal point (for example, a change from version x.x.x. to version x.x.y) and any corrections and updates to specifications or operating instructions relating to the Software; (ii) "Upgrades" means Software releases that contain new enhancements, features or functionality that are made commercially available and are generally identified by a change in the digit to the right of the first decimal point (e.g., a change from version x.x to version x. y), as well as corrections and updates to specifications or user manuals relating to such updated Software; and (iii) "Versions" mean Software versions generally identified by a change in the first decimal point (e.g., a change from Version x.x to Version y.x) that are associated with changes and additions to one or more features or modifications to the Software at the initiative of IntraFind with the goal of improving its functionalities or the quality of its functionalities. Updates, upgrades and versions provided to the Customer by IntraFind are considered new developments and, as such, become an integral part of the Software and remain the exclusive property of IntraFind in accordance with the terms of the Contract.

3 Non-GA Software.

NON-GA SOFTWARE SHALL NOT BE DEEMED "SOFTWARE " FOR PURPOSES OF THIS PROVISION AND ARE PROVIDED WITHOUT WARRANTY, EXPRESS OR IMPLIED. IntraFind may, at any time and in its sole discretion, discontinue any or all of the NON-GA SOFTWARE provided to Customer, including making it generally available.

4 Support Services.

IntraFind will provide support services to Customer during the term of the Subscription to assist in the operation of the Software.

4.1 Incident Reporting. To report an incident, question or problem with the Software ("Incident"), an Authorized User will submit a request for assistance ("Error Report") to IntraFind using the Support Report platform accessible at https://xxxx, with such Error Report assigned a support priority level ("Priority Level"). By default, each Error Report will be classified as "Category D: Low Impact" as described in Section 6 of these Terms and Conditions.

4.2 Error Reporting. In response to the filing of an Error Report, IntraFind will, to the extent warranted and as determined by IntraFind in its sole discretion, issue a digital Error Ticket in accordance with Section 6 of these Terms and Conditions. Each Error Ticket will be assigned a tracking number and, if applicable, a different priority level as determined by IntraFind. IntraFind will notify Customer of any changed priority level, and IntraFind will use commercially reasonable efforts to process the Trouble Ticket within the time period specified for the applicable priority level in accordance with Section 6 of these Terms and Conditions.

4.3 Excluded Services. The Subscription Services do not include, and IntraFind shall not be responsible in any way for (all of the following, collectively, "Excluded Services"): (a) any maintenance of (i) Third Party Software or (ii) any development or customization performed on the Software by Customer or any third party; (b) any Third Party Maintenance costs and any related fees; (c) any costs incurred as a result of Force Majeure; d) any programming, including but not limited to modification of software (including the Software), source or object code, and program maintenance, except as expressly set forth in this Agreement; or e) training services of any kind, except as expressly set forth in this Agreement; or f) on-site services of any kind, except as expressly set forth in a Purchase Order.

4.4 Work Product. All materials and information generated or used by IntraFind in the performance of the Subscription Services ("Materials"), and all intellectual property rights therein, are the sole property of IntraFind. To the extent the Customer acquires any rights therein, the Customer hereby irrevocably assigns and agrees to assign to IntraFind all right, title and interest in and to the Materials. All Materials provided to Customer in connection with the Subscription Services shall be subject to the provisions of the Agreement applicable to New Development, Software, Intellectual Property or Documentation, and Customer's use of such Materials shall be solely in accordance with the provisions of the Agreement.

4.5 Price. Payment for the Subscription Services is included in the fees for the Software. Notwithstanding the foregoing, IntraFind shall charge Customer for all additional costs and expenses incurred by IntraFind in providing the Maintenance Services, including but not limited to travel costs and expenses (the "Costs").

5 Service Level Agreement

5.1 Support Availability. Maintenance Services shall be provided during Working Hours. "Working Hours" shall mean working days Monday to Friday between 9:00 a.m. to 5:00 p.m. CET, excluding public holidays in the State of Bavaria of the Federal Republic of Germany.

5.2 Seductiveness. IntraFind does not assure a standard SLA with a guaranteed availability. However, availability has been 99.1% for the last 6 months and we aim for 99.5%.

5.3 Maintenance windows. To optimize application operation and minimize negative economic impact, IntraFind provides maintenance windows outside the hours of Monday to Friday, from 09:00 to 17:00 CET, excluding public holidays. These will be communicated to the Client in advance. IntraFind reserves the right to also carry out maintenance work within these times if this is necessary due to the specifications of contracted providers.

For unscheduled changes whose implementation IntraFind deems necessary for reasons of security or operation of the software, IntraFind reserves the right to provide notice at short notice and, in urgent cases, to provide information at a later date.

6 Priority levels and response times.

In the event of malfunctions or defects occurring, the priority levels and response levels listed below shall apply:
6.1 Priority Levels:

(a) Category A: Application Failure. Critical functions are unavailable, which has a significant impact on the Client's business or operations, or a security breach has occurred. Examples of critical priority events include: IntraFind Search is unavailable to all users,
b) Category B: Severe Degradation. Critical functions are interrupted, impaired, or unusable, which has a severe impact on the client's business or operations. Examples of high priority events include: IntraFind search is unavailable to a subset of users or is temporarily unavailable to all users; A new IntraFind release has a negative impact on existing business applications; A serious security incident is detected in the client's software.
c) Category C: Moderate Impact. Functionality is interrupted, impaired, or unusable, which has a minor impact on the Client's business or operations. Examples of "Normal Priority" category events include: IntraFind search is temporarily unavailable to some users; Search results are incomplete or truncated from known indexed data sources; General interface issues - user interface or API.
d) Category D: Low Impact/Investigation. Non-critical requests or issues that do not impact the client's business operations.  Examples of low priority events include: IntraFind search quality is impacted; IntraFind search is missing known or relevant documents from search results; General inquiries, including documentation, version content, billing, and usage; Any other general product issue.

6.1.1 Response Times:

a) Initial Response Time: The initial response time is calculated from the time the Customer successfully creates an issue through the approved Incident Submission System to the time IntraFind Support responds to that ticket.
b) Response Time: Response Time will be calculated from the time Client provides an update for an Incident Ticket to the time IntraFind Support provides a response for that ticket.
c) Resolution Time: Resolution Time is the time that IntraFind Support and the Client agree that a resolution is needed and the time that it is delivered.

7 Service Matrix

Category A: (i) Initial response time: 2 hours, (ii) response time: 2 hours, (iii) resolution time: 24 hours

Category B: (i) Initial response time: 6 hours, (ii) response time: 12 hours, (iii) resolution time: 1 working week

Category C: (i) Initial response time: 1 working day, (ii) response time: -, (iii) resolution time: 4 working weeks

Category D: (i) Initial response time: 2 working days, (ii) response time: -, (iii) resolution time: -

The working hours defined in section 5.1 apply.

Annex B - Data protection agreement on the processing of personal data on behalf of third parties (Data processing § 28 GDPR)
1 Subject matter and duration of the agreement

The commission comprises the operational processing of personal data within the scope of the provision of services in accordance with the service description of the main contract. In doing so, the Processor shall process personal data for the Principal within the meaning of § 4.2 and § 28 GDPR on the basis of this Agreement.

The contractually agreed service shall be provided, if possible, in a member state of the European Union or in a contracting state of the Agreement on the European Economic Area. Any relocation of the service or parts thereof to a third country may only take place if the special requirements of$ 44 et seq. GDPR are fulfilled.

The term of the contract depends on the main contract.

2 Purpose, scope and type of processing, type of personal data and categories of data concerned.

The processing of personal data on behalf of the customer shall be exclusively for a specific purpose. The purpose, scope and nature is (according to the definition of §4.2 GDPR) the provision of services according to the service description of the main contract.

The categories of data concerned (according to the definition of §4.1 GDPR) are the employee and staff data of the Client who use the software collaboratively with the Client and whose data are recorded and managed in the software.

The type of personal data (according to the definition of § 4.1, § 13, § 14 and § 15 GDPR) are:

- Personal master data: Salutation, surname, first name, address, title;
- Communication data: Telephone, e-mail
- Customer history: login, product usage, products purchased, time data.
- Technical data: IP address, device, browser, location, Mac address, product version.

Possible product personal data:

- Personal data indexed  by the search engine of all data sources connected to the search engine within the scope of the client's request for the search.
- AD information for processing the rights-checked search as well as the log level requested by the client

Special categories of personal data (as defined in § 9 and § 10 GDPR): none.

3 Rights and obligations as well as powers of instruction of the client

The Principal is solely responsible for assessing the permissibility of the processing pursuant to § 6 (1) GDPR and for safeguarding the rights of the data subjects pursuant to § 12 to § 22 GDPR. Nevertheless, the Processor is obligated to forward all such requests to the Principal without undue delay, provided that they are recognizably directed exclusively to the Principal.

Changes to the object of processing and procedural changes shall be agreed jointly between the Principal and the Processor and specified in writing or in a documented electronic format.
As a rule, the Customer shall issue all orders, partial orders and instructions in writing or in a documented electronic format. Verbal instructions shall be confirmed immediately in writing or in a documented electronic format.

The Customer shall be entitled, as stipulated in Section 5, to satisfy itself prior to the start of the Processing and thereafter regularly in an appropriate manner of compliance with the technical and organizational measures taken at the Processor as well as the obligations set forth in this Agreement. The Customer shall inform the Processor without undue delay if it discovers any errors or irregularities in the examination of the results of the order.

The Customer shall be obligated to treat as confidential all knowledge of trade secrets and data security measures of the Processor obtained within the scope of the contractual relationship. This obligation shall remain in force even after termination of this contract.

4 Persons Authorized to Issue Instructions to the Customer, Recipients of Instructions from the Processor

Functions of the Client authorized to issue instructions are the managing directors, authorized signatories or partners of the Client. Recipients of instructions from the Processor are the managing directors, authorized signatories or partners of the Contractor.

The communication channels to be used for instructions are the e-mail address specified in the main contract, e.g. in the SLA, or via the contact options on the platform.  

In the event of a change or longer-term prevention of the contact persons, the Contractual Partner shall be informed immediately and in principle in writing or electronically of the successors or the representatives. The instructions shall be kept for their period of validity and subsequently for three full calendar years.

5 Duties of the Processor

The Processor shall process Personal Data exclusively within the framework of the agreements made and in accordance with the instructions of the Principal, unless it is required to do so for other processing by the law of the Union or the Member States to which the Processor is subject (e.g. investigations by law enforcement or state protection authorities); in such a case, the Processor shall notify the Controller/Principal of these legal requirements prior to the processing, unless the law in question prohibits such notification due to an important public interest (§ 28 (3) sentence 2 lit. a GDPR).

The processor shall not use the personal data provided for processing for any other purposes, in particular for its own purposes. Copies or duplicates of the personal data shall not be made without the knowledge of the Customer.

In the area of the processing of personal data in accordance with the order, the Processor shall ensure that all agreed measures are carried out in accordance with the contract.

The Processor shall cooperate to the necessary extent in the fulfillment of the rights of the data subjects pursuant to § 12 to § 22 of the GDPR by the Customer, in the creation of directories of processing activities and in any necessary data protection impact assessments of the Customer and shall support the Customer appropriately to the extent possible (§ 28 (3) sentence 2 lit e and f of the GDPR). The Processor shall forward the information required for this purpose to the following office of the Principal without undue delay:

The function entitled to issue instructions as specified in Section 4.

The Processor shall notify the Principal without undue delay if, in its opinion, an instruction issued by the Principal violates statutory provisions (§ 28 (3) sentence 3 of the GDPR). The Processor shall be entitled to suspend the implementation of the relevant instruction until it is confirmed or amended by the Controller with the Principal after review.

The Processor shall correct, delete or restrict the processing of personal data from the contractual relationship if the Principal requests this by means of an instruction and legitimate interests of the Processor do not conflict with this.

The Processor may only provide information about personal data from the contractual relationship to third parties or the Data Subject after prior instruction or consent by the Customer. Excepted from this are obligations to notify the data protection supervisory authority or government agencies, which shall be communicated directly to the client. The processor shall report the type of personal data transferred, the persons to whom it was disclosed and the date and time of disclosure.

The Processor agrees that the Customer is entitled - in principle by appointment - to monitor compliance with the provisions on data protection and data security as well as the contractual agreements to a reasonable and necessary extent itself or through third parties commissioned by the Customer, in particular by obtaining information and inspecting the stored data and the data processing programs as well as through on-site reviews and inspections (§28 (3) sentence 2 lit. h GDPR).

The Processor warrants that it will assist in these inspections to the extent necessary.

The processing of data in private residences (teleworking/home office) or in mobile working by employees of the processor is permitted. Insofar as the data is processed in a private home, access to the employee's home must be contractually ensured in advance for control purposes of the employer. The measures pursuant to § 32 of the GDPR shall also be ensured in this case.

The Processor confirms that it is aware of the data protection provisions of the GDPR relevant for the commissioned processing.

The Processor undertakes to maintain confidentiality when processing the Client's personal data in accordance with the order. This shall continue to exist even after termination of the contract. The Processor warrants that it will familiarize the employees engaged in the performance of the work with the data protection provisions applicable to them before they commence their activities and that it will oblige them to maintain confidentiality in an appropriate manner for the duration of their activities as well as after termination of the employment relationship (§ 28 (3) sentence 2 lit. b and § 29 GDPR). The Processor shall monitor compliance with the provisions of data protection law in its operations.

The Processor has appointed the following data protection officer(s):  Stina-Maria Winter, IntraFind Software AG, Data Protection Officer, Landsberger Street 368, 80687 Munich, E-mail: datenschutzbeauftragter@intrafind.de.

The client must be informed immediately of any change of data protection officer. When contacting the data protection officer, please state the company to which your inquiry relates. Please refrain from enclosing sensitive information such as a copy of an ID card with your inquiry.

6 Notification obligations of the processor in the event of processing disruptions and personal data breaches.

The Processor shall notify the Customer without undue delay of any disruptions, violations by the Processor or the persons employed by the Processor as well as of any violations of data protection provisions or the stipulations made in the order as well as of any suspected data protection violations or irregularities in the processing of personal data. This shall also apply in particular with regard to any reporting and notification obligations of the Principal pursuant to § 33 and § 34 GDPR. The Processor assures to adequately support the Principal, if necessary, in its obligations under § 33 and § 34 GDPR (§ 28 (3) sentence 2 lit. f GDPR). The Processor may only carry out notifications pursuant to § 33 or § 34 of the GDPR for the Customer after prior instruction pursuant to Section 4 of this Agreement.

7 Subcontracting relationships with subcontractors for core services (§ 28 (3) sentence 2 lit. d GDPR)

The future commissioning of subcontractors for the processing of data of the Principal is permitted to the Processor without separate approval of the Principal, § 28 (2) sentence 2 GDPR. The Processor must ensure that it carefully selects the subcontractor, paying particular attention to the suitability of the technical and organizational measures taken by them within the meaning of § 32 GDPR. The relevant test documents in this regard shall be made available to the Customer upon request. In this case, the Processor shall also always inform the Controller of any intended change regarding the involvement or replacement of other Processors.

If subcontractors in a third country are to be involved, the Contractor shall ensure that an appropriate level of data protection is guaranteed at the respective subcontractor (e.g. by concluding an agreement based on the EU standard data protection clauses).

The processor must contractually ensure that the agreed regulations between the client and the processor also apply to subcontractors. In particular, the Principal must be entitled to carry out appropriate checks and inspections, including on-site checks and inspections, at subcontractors' premises if necessary, or to have such checks and inspections carried out by third parties commissioned by the Principal.

The contract with the subcontractor must be drawn up in writing, which may also be in an electronic format (§ 28(4) and (9) GDPR).

The onward transfer of data to the subcontractor is only permissible after the subcontractor has fulfilled the obligations under § 29 and § 32(4) of the GDPR regarding its employees.

The Processor shall regularly verify compliance with the obligations of the subcontractor(s): The result of the reviews shall be documented and made available to the Client upon request. The Processor shall be liable to the Customer for ensuring that the Subcontractor complies with the data protection obligations contractually imposed on it by the Processor in accordance with this section of the Agreement.

At present, the subcontractors documented in Annex C are engaged by the Processor in the processing of Personal Data to the extent specified therein. The Client agrees to the engagement of the subcontractors specified in Annex C.

The Processor shall always inform the Controller of any intended change regarding the involvement of new subcontractors or the replacement of previous subcontractors. The Principal shall be given the opportunity to object to such changes if the technical and organizational measures previously agreed upon and assured by Processor cannot be fully guaranteed (§ 28 (2) sentence 2 of the GDPR). In this case, the intended change may not be implemented.

8 Technical and organizational measures according to § 32 GDPR ($ 28 (3) sentence 2 lit.  GDPR).

A level of protection appropriate to the risk to the rights and freedoms of the natural persons concerned by the processing shall be ensured for the specific commissioned processing. To this end, the protection objectives of § 32 (1) of the GDPR, such as confidentiality, integrity and availability of the systems and services as well as their resilience in relation to the type, scope, circumstances and purpose of the processing operations are taken into account in such a way that the risk is permanently mitigated by appropriate technical and organizational remedies. An appropriate and comprehensible risk assessment methodology is used for the processing of personal data in accordance with the contract, which takes into account the likelihood and severity of the risks to the rights and freedoms of the data subjects affected by the processing.

The following options for proof exist:  

The Processor shall, as the occasion arises, but at least annually, conduct a review, assessment and evaluation of the effectiveness of the technical and organizational measures to ensure the security of the processing (§ 32 (1) (d) of the GDPR). Insofar as the measures taken at the Processor do not meet the requirements of the Principal, the Processor shall notify the Principal without undue delay. The measures taken by the Processor may be adapted to technical and organizational developments during the course of the contractual relationship, but may not fall below the agreed standards.

9 Obligations of the Processor after Termination of the Order, § 28 (3) Sentence 2 lit. g DS-GVO

After termination of the contractual services, the Processor shall delete all data and documents that have come into its possession. This also includes the deletion of the search index generated within the scope of the order after termination of the contract as well as all technical credentials required with the fulfillment of the contract. The access rights involved in the execution of the order shall be de-registered.

10 Miscellaneous

Agreements on technical and organizational measures as well as control and audit documents (including those relating to subcontractors) shall be kept by both contractual partners for their period of validity and subsequently for three full calendar years.

For ancillary agreements, the written form or a documented electronic format is generally required. The court locally competent for the Contractor is agreed as the place of jurisdiction.

If the property or the personal data of the Customer to be processed at the Processor is endangered by measures of third parties (such as by attachment or seizure), by insolvency or composition proceedings or by other events, the Processor shall notify the Customer without undue delay.

The defense of the right of retention within the meaning of § 273 of the German Civil Code (BGB) shall be excluded with regard to the data processed for the Customer and the associated data carriers.

Should individual parts of this agreement be invalid, this shall not affect the validity of the remainder of the agreement.

Annex C - Subcontracting relationships

Currently, the following subcontracting relationships exist in connection with the commissioned processing:

Name/Company: Google LLC.
Function/Activity: Operation and management of the platform, storage and management of data related to prospects and customers and the contractual relationship. Sending of emails.
Registered office [city, country]: Germany
Contact information: Google LLC, Unter den Linden 14, 10117 Berlin.
Categories of data involved: First and last name, title, position, employer, business contact information (company, email, phone, address).
Categories of data subjects: Prospects and customers

Operation and administration of the platform, storage and management of data relating to interested parties and the contractual relationship. Sending of emails.