General Terms and Conditions

1.1 These General Terms and Conditions (GTC) apply to all current and future business relationships between fernao information security GmbH, Albin-Köbis-Strasse 5, 51147 Cologne (hereinafter referred to as "fernao information security") and the client.

1.2 By placing an order, the client acknowledges the exclusive validity of these GTC as the contractual basis for the provision of the service by fernao information security. Any conflicting terms and conditions of the client are excluded. The agreements contained in the respective written order or other individual agreements made in writing with the client in individual cases (including collateral agreements, supplements and amendments) shall in any case take precedence over these GTC.

The offers of fernao information security are subject to change and non-binding. A binding order is concluded when the customer returns the signed offer to fernao information security or declares its acceptance to fernao information security (hereinafter referred to as the "order" or "orders"), but at the latest after acceptance of the subject matter of the contract by the customer. The sales employees of fernao information security are not authorized to make verbal collateral agreements or to give verbal assurances that go beyond the content of the written contract. Fernao information security reserves all rights to all offer documents, unless they are granted to the customer on the basis of an express agreement between the parties.

3.1 The client shall provide fernao information security with the information, documents and access required for the provision of the agreed services by fernao information security in good time and without separate charge. If the provision of the agreed services by fernao information security is delayed for reasons for which the customer is responsible (e.g. the customer cancels or does not meet agreed deadlines) and fernao information security incurs additional expenses or futile expenses (together the "additional expenses") as a result, the customer shall reimburse fernao information security for these additional expenses at the daily rates calculated in the project.

3.2 fernao information security is entitled to mention the project title of the commissioned project in publications and vis-à-vis individual third parties, as well as to refer to the award of the contract by the client. Further publications that go beyond the mention of the name of the client, the fact that the order was placed and the project title must be approved by the client before publication or disclosure to third parties.

Should differences of opinion arise between fernao information security and the client regarding the meaning or implementation of provisions in the context of the execution of the order, which concern the services of fernao information security or the cooperation of the client, both parties shall instruct a member of the management or an authorized representative of the management to reach an agreement with the representative of the other party.

5.1 "Confidential information" within the meaning of this offer is written and oral information about the business affairs of the respective other party, which one party (the "disclosing party") makes available to the respective other party (the "receiving party") or of which the receiving party becomes aware on the occasion of the execution of the order, insofar as this is designated as confidential by the parties or is obviously of a confidential nature. This includes in particular trade and business secrets of the parties as well as information about the business affairs of third parties (such as information about products, interfaces and concepts of third party manufacturers that fernao information security uses in the provision of services). Information is not considered Confidential Information if the receiving party can prove that it

was already known to the receiving party prior to the conclusion of the contract,
was already in the public domain before the conclusion of the contract or was disclosed after the conclusion of the contract without
Confidentiality obligation or copyrights by the receiving party,
the receiving party has received from a third party after the conclusion of the contract, provided that this third party has not violated a confidentiality obligation or copyrights by passing on the information.

5.2 The parties undertake to use the Confidential Information exclusively for the performance of the order and for the purposes agreed or assumed in the order, to reproduce it only if and to the extent that it is absolutely necessary for these purposes and not to make it accessible to third parties without the written consent of the disclosing party or to pass it on to them. Third parties in the above sense are all natural and legal persons with the exception of the following:

Employees, subcontractors and companies affiliated with the receiving party within the meaning of Section 15 AktG
Companies that need to know the Confidential Information in order to carry out the respective order and/or to achieve the purposes agreed or assumed in the order, provided that the receiving party has obliged them to maintain confidentiality within the scope of this Section 5, and
the receiving party's external consultants who are bound to confidentiality under professional law, such as lawyers, tax consultants and auditors.
Disclosure to a third party is also permitted insofar as the receiving party is obliged to do so on the basis of mandatory statutory provisions, legally binding court decisions or legally binding administrative acts. The receiving party shall inform the disclosing party of this without delay.

5.3 The receiving party shall exercise at least the same care and take the same protective measures with regard to the confidentiality of the Confidential Information as it would use to protect its own confidential information of the same kind and at least the care customary in the trade. In particular, it shall take all reasonable measures to protect the Confidential Information against unauthorized disclosure, duplication and use.

5.4 The obligation to maintain the confidentiality of Confidential Information and the restrictions on use pursuant to this Section 5 shall apply for as long as the confidential nature of the Confidential Information pursuant to Section 5.1 exists. The expiry of the confidentiality and use restrictions shall not affect further rights of the parties, in particular patent, trademark and copyright rights.

5.5 Insofar as fernao information security processes personal data of the client within the scope of the services owed, the parties undertake to comply with the relevant data protection regulations.

6.1 In the event of an assumed guarantee, the parties shall be liable to the extent of the respective guarantee; this shall remain unaffected by the following provisions.

6.2 The parties' claims for damages and reimbursement of futile expenses (hereinafter collectively referred to as "damages") shall be governed by the following provisions, irrespective of the legal nature of the respective claim.

6.3 The parties shall be liable to each other for culpable damage, i.e. damage caused intentionally or negligently, in accordance with the statutory provisions, unless their liability is limited or excluded below. However, the following exclusions and limitations of liability shall not apply to the statutory liability of the parties under the German Product Liability Act, to their liability for damages resulting from culpable injury to life, body or health and for damages for which one of the parties is liable under other mandatory statutory provisions.

6.4 In the event of culpable breach of non-essential obligations of the parties, unless such breach is due to gross negligence or intent, the liability of the parties is excluded.

6.5 The liability of the parties is limited to the damages foreseeable at the time the order is placed, which typically arise in transactions of this type, in the event of culpable breach of material obligations of the parties, unless this breach is grossly negligent or intentional, and
in the event of a grossly negligent breach of non-essential obligations by vicarious agents of the parties who are not legal representatives or executives of the parties.

6.6 Breaches of material obligations within the meaning of this clause 6 are those which jeopardize the achievement of the purpose of the contract, in particular a culpable breach of cardinal obligations, i.e. material contractual obligations of a party, the fulfillment of which is essential for the proper execution of the contract and on the observance of which the other party regularly relies and may rely.

7.1 The client shall confirm the handover of the work results in writing and, insofar as the work results are an acceptable work performance or an acceptance has been agreed, declare acceptance of the work results in writing after a successful acceptance test. The inspection period shall be three (3) weeks from the handover of the work results, unless otherwise agreed. fernao information security shall be available within the inspection period for queries to a reasonable extent in accordance with the order. The work result shall be deemed to have been accepted if the client does not accept the work result in writing within three (3) working days after expiry of the test period or declares in writing that he refuses acceptance due to significant defects in the work result, or if he is not obliged to accept it for other reasons. The client must specify the defects claimed individually and appropriately. Acceptance cannot be refused due to minor defects; minor defects shall be remedied by fernao information security as part of subsequent performance.

7.2 The customer shall also inspect work results not subject to acceptance and other services provided by fernao information security within three (3) weeks of their delivery to the customer and shall notify fernao information security in writing of any defects identified during such inspection no later than three (3) working days after expiry of the inspection period. If the customer fails to make this notification, the work result or other service shall be deemed to have been approved in accordance with the contract with regard to these recognizable defects. If the client discovers further defects in the work results or other services later, i.e. after acceptance or expiry of the inspection period, he must notify fernao information security of these in writing immediately, but no later than three (3) working days after their discovery. If the customer fails to make this notification, the work result or other service shall be deemed to have been approved in accordance with the contract with regard to these defects. The timely dispatch of the notification shall be sufficient in each case.

7.3 The client is aware that software is never free of errors. An insignificant reduction in the quality of the software does not constitute a defect. The client's claim to rectification of defects is excluded if the defect is not reproducible or cannot be demonstrated by means of handwritten or machine-recorded output.

7.4 fernao information security does not guarantee that the program functions meet the client's requirements or that they work together as selected by the client. Rather, the customer must satisfy himself by his own examination of the suitability of the products for the intended purpose.

7.5 fernao information security shall not be liable if the defect is caused by normal wear and tear, operating errors or other use contrary to the terms of the contract within the customer's area of responsibility.

7.6 If the customer asserts an unjustified request for the removal of defects, he shall be liable to fernao information security for damages if he has recognized or culpably failed to recognize that there is no defect, but that the cause of the phenomenon complained of lies within his own area of responsibility.

8.1 Insofar as the agreed work results are work or purchase services, fernao information security shall ensure that the work results correspond to the service description of the order (in particular that they correspond to the task in the form that it may have found in accordance with the agreed service changes),
unless the quality has been expressly agreed, are free from defects that nullify or significantly reduce their suitability for the use assumed in the respective order and otherwise for normal use and have a quality that is customary for work results of the same type and can be expected by the customer according to the type of service and are free from defects of title within the meaning of § 435 BGB or § 633 para.3 BGB.
In all other respects, fernao information security shall provide the services owed in accordance with the agreements with the client and with the diligence of a prudent businessman.

8.2 In the event of defective services, fernao information security shall initially be entitled to subsequent performance within a reasonable period set by the customer, at its discretion by rectifying the service or by providing the service again (e.g. production of a new work). If two attempts at subsequent performance fail within a reasonable period of time or if fernao information security refuses subsequent performance within a reasonable period of time, the customer may assert the other statutory claims for defects (in particular - at the customer's discretion - a reduction in payment or withdrawal from the contract) or the other statutory claims for defective performance. If fernao information security has provided the customer with a new software version in the course of subsequent performance and therefore the right to use the old software ends or the right to use the delivered/provided software ends due to withdrawal, the customer is obliged to return all original copies of the old software handed over by fernao information security or, in the case of withdrawal, of the old software. in the event of withdrawal, of the delivered software immediately after termination of the right of use or, if and as long as he is legally obliged to retain them for a longer period of time, immediately after expiry of the retention period, to return them to fernao information security and to delete all copies made by him immediately and to assure fernao information security in writing that they have been made.

8.3 Insofar as fernao information security is liable for damages of the customer in accordance with clause 6 or has fraudulently concealed a defect, these claims for damages and defects shall become statute-barred in accordance with the statutory limitation rules. All other claims for defects and other claims due to other poor performance shall become statute-barred within one year of the statutory commencement of the limitation period.

9.1 fernao information security grants the customer a non-exclusive, non-transferable and non-sublicensable right to use the work results for the contractually agreed or assumed purpose without restriction in terms of time, space and content. In all other respects, all rights and claims to the work results, to inventions made or copyrighted works and services created in connection with the work results of fernao information security shall remain with fernao information security. The rights to trademarks depicted in connection with the work results lie exclusively with their rights holders; fernao information security does not grant the client any rights of use to these.

9.2 Confidential Information within the meaning of Section 5 shall remain the property of the disclosing party or the respective third party; the Customer shall acquire rights of use to the Confidential Information of fernao information security only as part of the work results in accordance with Section 9.1 above and only in compliance with the agreed confidentiality obligations, which shall take precedence over Section 9.1 in this respect.

The customer agrees, revocable at any time (office@xiv-consult.com), that fernao information security is entitled to use the name of the customer and its company logo for advertising purposes for the consulting services of fernao information security online and offline, in particular in print media and via databases, electronic data networks and online services (e.g. ftp, www., e-mail, youtube, flickr, Facebook, Xing, LinkedIn and comparable networks) to reproduce, distribute, make available for retrieval, publish and present.

11.1 The amount of the remuneration for the service to be provided by fernao information security is set out in the respective offer. The contracting parties may agree remuneration on a time and material basis or flat-rate prices. The prices are net and in euros.

11.2 In the event of essential performance specifications based on the initiative of the customer or his wishes (for example, the objective of the desired solution or the individual system components), the agreements on deadlines and remuneration of the modified service must be adjusted accordingly.

11.3 If the performance of services by fernao information security is delayed for reasons for which the client is responsible or which lie within the client's sphere of risk, fernao information security may demand reasonable compensation. If the services in question are services, fernao information security may charge the agreed remuneration for the delayed services without being obliged to perform.

11.4 If the client does not fulfill its co-performance obligations, it shall reimburse fernao information security for the additional expenses incurred as a result.

11.5 Provisions on the due date of the remuneration are set out in the offer. Unless otherwise stipulated therein, invoices are due for payment no later than 14 days after invoicing.

11.6 If the customer is in default, fernao information security shall be entitled to charge interest at a rate of nine (9) percent (%) above the current statutory prime rate from the date of default. The aforementioned 9% is a base interest rate, which will not be undercut regardless of the current statutory base interest rate. The assertion of further damages remains unaffected.

11.7 fernao information security retains title to the contractual items capable of ownership until full payment of the remuneration owed (retention of title). The customer may neither assign these contractual objects as security nor pledge them.

12.1 These GTC and all orders are subject exclusively to the law of the Federal Republic of Germany. The United Nations Convention on Contracts for the International Sale of Goods (CISG) as well as the IPR regulations, the Uniform Law on the International Sale of Goods (EKG), the Uniform Law on the Formation of Contracts (EAG) and the Vienna UN Convention on the International Sale of Goods (UNCITRAL) are excluded. The exclusive place of jurisdiction for all disputes in connection with these GTC and the orders, also with regard to their effective conclusion, subsequent amendments and their termination, is Siegburg. However, fernao information security is entitled to sue the contractual partner at any other legal place of jurisdiction.

12.2 Amendments to these GTC and the respective order as well as its termination or withdrawal from an order must be made in writing to be effective. This also applies to any waiver of this written form requirement. In order to comply with the written form requirement, it is sufficient to send the declarations signed by the respective party by fax to the fax number provided by the other party for this purpose.

12.3 Should provisions of these GTC or the respective order be invalid or unenforceable or contain loopholes, the remaining provisions of these GTC and the order concerned shall remain valid and enforceable. The parties undertake to replace such an invalid provision with a valid provision that corresponds to what the parties would have agreed in good faith, taking into account the purpose of the contract, had they been aware of the invalidity of this provision when the order was placed. This applies accordingly in the case of unenforceable provisions and loopholes.