Master License and Services Agreement

Section I – Parties

This Master License and Services Agreement ("Agreement") is entered between the party identified as the "Customer" in the order form and Onapsis Europe GmbH, as set forth below, ("Onapsis"), together with Customer, the "Parties" or individually, a "Party"). The parties agree to be bound by the terms set forth herein.

Section II - Definitions

For the purposes of this Agreement: "Cloud Product(s)" means the product(s) owned and made available by Onapsis that are identified in the Order Form to be accessed by Customer over its internet connection when using the Cloud Services, and together with the On-Premise Product(s), the ("Product(s)"); "Cloud Services" means a technology service hosted by or on behalf of Onapsis and provided to Customer; "Customer Data" means any content or information entered by Customer into the Cloud Services, as well as any output from the Cloud Services, such as scan results information; "Documentation" means all written material provided by or on behalf of Onapsis to the Customer in connection with the Offerings; "Hosting Site":  means the internet connected hosting facility from which the system is accessed, as it may be modified by Onapsis from time to time; "Intellectual Property and/or Intellectual Property Rights" mean, collectively, all worldwide intellectual property rights in and to any works of authorship, moral rights, trademarks, patents, copyrights, trade secrets and design rights; "Object Code" means the fully compiled version of a software program that can be executed by a computer and used without further compilation; "Offerings" means the On-Premise Product(s), Cloud Product(s), Cloud Services, Professional Services, Support Services and other offerings that Onapsis makes generally available"; "Order Form" means an order for Offerings from Customer to Onapsis which shall include (i) the Purchased Offerings; (ii) the Products being licensed, (iii) the Subscription License Term for such Products, (iv) the fees related thereto, and (v) the Volume Limitations, "On-Premise Product(s)" means the product(s) owned and made available by Onapsis that are identified in the Order Form that is delivered and deployed by Onapsis; "Purchased Offerings" means the subscriptions licenses to Offerings that are acquired by the Customer under an Order Form, whether directly or indirectly through an authorized reseller; "Professional Services" means the professional services to be provided by Onapsis as set forth in the Order Form or a Statement of Work ("SOW")  executed by both Parties; "Software" means the software, in Object Code only, contained in the Product(s) licensed hereunder, and including the updates thereto; "Source Code" means the human-readable version of a software program that can be compiled into Object Code, including programmer's notes and materials and documentation, sufficient to allow a reasonable skilled programmer to understand the design, logic, structure, functionality, operation and features of such software program and to use, operate, maintain, modify, support and diagnose errors pertaining to such software program; "Volume Limitations" means the standard of measurement for determining the permitted use and calculating the fees due for an Offering as set forth in an Order Form, including, as applicable, number of target systems, assets, applications, data, plugins, and named individual users of the Software. "Work Product" means any work or materials generated by Onapsis as part of the Professional Services and provided by Onapsis to Customer under a SOW, and all intellectual property rights therein." 

 Section III - License; License Restrictions                     

This Agreement, together with the applicable Order Form, sets forth a limited license to use the Software and Documentation of the Product(s), subject to the terms and conditions herein and, as the case may be, the applicable Order Form, as follows:

1.    Subject to Section III. 3., Onapsis grants to Customer, for the term of a given Product license as set forth in the Order Form (the "Subscription License Term") a non-exclusive, nontransferable, non-sublicensable, revocable, license for Customer's and its employees or contractors (the "Authorized Users") to use and access the Software in Object Code form contained in the On-Premise and/or Cloud Product(s) within the Volume Limitations identified in the Order Form for Customer's internal business purposes. The Customer is authorized to make back-up copies of the Software and Documentation, provided that such copies shall be preserved from any unauthorized use and in all the cases, such copies shall be deemed Confidential Information of Onapsis. The Product, Software and Services shall be deemed accepted by Customer upon delivery to Customer.

2.    For the avoidance of doubt, and without limitation, except as permitted in this Agreement or as otherwise agreed to in writing by Onapsis, Customer and its Authorized Users shall not, and shall not permit any third party to (i) modify, adapt, alter, translate, or create derivative works from the Software or Documentation, nor merge the Software or Documentation with other software or documentation, (ii) perform or attempt to perform any kind of reverse engineering, decompilation, disassembling of the Software, or access any of its components, including databases, or attempt to derive the Source Code, (iii) use the Software or Documentation for any illegal activity or malicious attack, (iv) resell, rent, lease the Software or Documentation or use the Software or Documentation to provide services to third parties, whether as a service bureau, application service provider, or service provider, or otherwise, (v) combine the Software or Documentation with any other software or documentation (including without limitation open source software), (vi) use the Software, Documentation or this Agreement for a competitive analysis or for any other purpose than as contemplated hereby, (vii) endanger its operation or security, (viii) copy the Software in whole or in part, or (ix) move or transfer the Software from the designated target systems. Further, before employing the services of any third party for activities to reproduce the code of the Software and/or translate its form in cases where such activities are indispensable to obtain the information necessary to achieve the interoperability of an independently created computer program with other programs (sec. 69d, 69e of the German Copyright Act), Customer shall submit to Onapsis a request that Onapsis carry out the services in question or present Customer with another option to achieve the necessary interoperability, and shall only employ the services of the third party in question upon Onapsis having failed to comply with the request within a reasonable timespan having asked only for a reasonable compensation.

3.    The Product(s) may contain open source software components ("OSS") subject to separate license terms. Any OSS accompanying or embedded in the Product(s) are distributed by Onapsis in accordance with the OSS' applicable license terms. The applicable OSS license terms shall take precedence over this Agreement, solely with respect to the open source component(s) to which the license relates, and Onapsis does not grant any rights or licenses in these OSS components to Customer. Onapsis ensures that OSS and the applicable license terms do not impair the licensed use of the Software provided that Customer complies with this Agreement and the respective license terms.

4.    The statutory provisions on warranty (Gewährleistung) shall apply to the Software licensed to Customer, subject to the following conditions:

  1. Whereas a specific of the Software is to detect and find defects and insecure coding practices and/or insecure configurations and administrations in the designated software applications on a Target, Onapsis, for the avoidance of doubt, does not warrant that the Software will detect and find all defects and all insecure coding practices and/or insecure configurations and administrations in analyzed software applications. The Parties agree that the Software does not warrant that the Customer systems will be secure from unauthorized access. Parties further agree that the Software does not ensure compliance with any regulations or compliance regime.

  2. In the event of defects in the Software itself, Onapsis shall cure such defects, at Onapsis' discretion, either by (a) replacement, or (b) repair. Upon detection of any defect in the Software, Customer shall provide Onapsis with all information and documentation necessary for the purpose of assessing, diagnosing and remedying such defects.

  3. The limitation period of warranty claims is twelve (12) months from receipt of the goods, except in cases of claims for damages; except for cases that fall under Section VIII.1.

5.    For the avoidance of doubt, it is always the sole responsibility and obligation of Customer to assess whether, and ensure that, the use of the Software is within the scope of the license(s) that Customer has acquired for the applications, which will be analyzed by the Software. Further, Onapsis is not responsible and not liable in respect of whether the licensors of the applications, which will be analyzed by the Software, may require certain and/or additional licenses or whether Customer may necessitate maintenance and/or support services for such applications.

Section IV –Delivery; Upgrades; Compliance; Support Services

1.    Upon execution of the Order Form, delivery shall be deemed to have been made upon Onapsis providing instructions to download or activate the Software, as applicable.

2.    As soon as reasonably practicable following their release, Onapsis shall make available to Customer upgrades, enhancements and fixes to the Software for a licensed Product during the Subscription License Term and, if requested by Onapsis, Customer shall install and/or apply any such upgrade, enhancement and/or fix which Onapsis determines in its reasonable judgment to be material to the continuing use or performance of the Software for a licensed Product. Sections III 1. to 5. shall apply to all upgrades, enhancements and fixes to the Software made available to Customer hereunder accordingly.

3.    Onapsis shall have the right to audit Customer's and its Authorized Users use of the Software and Documentation as reasonably requested by Onapsis in order to ensure Customer's compliance with the terms of the Order Form and this Agreement. Customer authorizes Onapsis to aggregate and/or collect data resulting from Customer's and its Authorized Users use of the Software and Documentation for the purposes of enhancing the Offerings.

4.    Customer represents that it has all necessary rights, consents, and permissions on Customer's ERP Systems, networks, IP addresses, assets, and/or hardware on which it deploys the Software, or which it scans, monitors, or tests with the Software. Customer will indemnify, defend and hold harmless Onapsis for any losses, including reasonable attorneys' fees, resulting from Customer's failure to comply with this section.

5.    During the Subscription License Term, and for On-Premise Products, Onapsis shall provide to Customer the maintenance and support services in accordance with Onapsis' maintenance and support policy, a copy of which is available at https://onapsis.com/legal/supported-services-policy ("Support Services Policy").

6.    During the Subscription License Term, and for Cloud Products, Onapsis shall provide Customer the service level commitments in accordance with Onapsis' Service Level Agreement ("SLA"), a copy of which is available athttps://onapsis.com/legal/service-level-agreement.

Section V – Customer Data; Data Protection; Security

1.    Customer represents and warrants that it owns all Customer Data and has full authority to enter and maintain on the Cloud Services. Customer shall be responsible for the Customer Data that Customer and Authorized Users enter on the Cloud Services and for Customer's Authorized Users compliance with this Agreement, and the accuracy, lawful use of, and the means by which Customer acquired its Customer Data.

2.    To the extent that Onapsis processes personal data included in the Customer Data about any individual in the course of providing the Cloud, Professional and Support Services, Customer agrees to Onapsis's Data Processing Addendum, a copy of which is available at https://onapsis.com/legal/data-processing-addendum-mlsa; as may be updated from time to time by Onapsis (the "DPA"). Onapsis maintains appropriate administrative, physical and technical safeguards to protect the security of Customer Data on the Cloud Product(s) and Cloud Services as set forth in the DPA.

Section VI – Professional Services

Onapsis will perform the Professional Services as specified in the Order Form or a SOW in accordance with the Professional Services Terms and Condition, a copy of which can be located at https://onapsis.com/legal/professional-services-terms-of-services.

Section VII – Fees and Terms of Payment

1.    Customer will pay the fees for the Product license as set forth in the Order Form. Once the Order Form is executed, the applicable fees described therein shall be invoiced by Onapsis. 

2.    Customer will pay an undisputed Onapsis invoice within thirty (30) days of the date of such invoice. Any late payments shall bear interest at the rate granted by statutory law. The fees are exclusive of all taxes, including without limitation sales and use taxes, other than taxes on Onapsis' net income. The parties agree that Onapsis shall have the right to increase fees each anniversary of the effective date of an Order Form by the greater of three percent or the then-current cost of living adjustment.

3.    All fees, charges and other sums payable to Onapsis under this Agreement do not include any sales, use, excise, value added or other applicable taxes, tariffs or duties, payment of which shall be the sole responsibility of Customer, excluding any applicable federal and state taxes based on Onapsis's net income.

Section VIII – Intellectual Property Rights

Neither this Agreement nor any Order Forms or SOWs made hereunder create rights of ownership in the Offerings in favor of Customer. As between the Parties, Onapsis and its licensor(s) own, and shall own, all right, title and interest (including all Intellectual Property and/or Intellectual Property Rights) in the Products, Software (and all components thereof) or Documentation, including without limitation all modifications, derivative works, and/or customizations made whether upon the suggestion of Onapsis, Customer or another entity or person. The Customer shall maintain the intellectual property disclaimers set forth by Onapsis in the Software and the Documentation and shall reproduce and include such disclaimers in any Software back-up copy related thereto.

Section IX– Liability for Damages

1.    Onapsis shall be liable in accordance with the applicable statutory provisions (whether in contract, tort or otherwise) for damages suffered by Customer (i) have been caused by Onapsis', its legal representatives', its agents' or auxiliaries' gross negligence (grobe Fahrlässigkeit) or willful or malicious intent (Vorsatz); (ii) that have occurred as a result of a breach of a guarantee (the term "guarantee" in accordance with the applicable statutory meaning (Garantie)); (iii) from injury to life, limb or health; and/or (iv) that are subject to product liability under the German Product Liability Act (Produkthaftungsgesetz).

2.    Except for cases that fall under Section IX.1, in cases of slight negligence (leichte Fahrlässigkeit), Onapsis shall only be liable for damages that result from breaches of material obligations. "Material obligations" are such obligations the compliance with which the respective other party will reasonably expect and which, if breached, jeopardize the achievement of the aim(s) and purpose(s) of the contract.

3.    Except for cases that fall under Section IX.1., Onapsis' liability in case of a slight negligent breach of a material obligation is limited in amount to the damage that is foreseeable at the time when this Agreement and/or the applicable Order Form is concluded and which is typical for contracts of comparable kind.

4.    To the extent not otherwise agreed in the respective Order Form, both parties assume at the time when entering into an Order Form that an amount equal to 250.000 € (in words: two hundred fifty thousand Euro) per damage incident, limited to a maximum of two (2) damage incidents per calendar year, shall be sufficiently high as maximum liability amount to cover cases described in Section IX. 3 above the contractually typical damage, foreseeable at the time when the respective Order Form is concluded. If at the time when the respective Order Form is concluded, Customer should be of the opinion that that the maximum liability amount set forth in this Section is not sufficiently high to cover Customer's typical contractual damage that might occur in case of a slight negligent breach of a material obligation by Onapsis, then Customer will enter into negotiations with Onapsis in order to agree to an adequate adjustment of the maximum liability amount for the respective Order Form.

5.    Any liability other or beyond the liability provided in Sections IX.1. to 4. is excluded.

6.    Customer is responsible for ensuring the routine and risk-adequate backup of its data, if Customer suffers damages that result from the loss of data, Onapsis shall in each case only be liable for the expenditure that is necessary to recover the data from any backup copy that should have been made in order to comply with requirements for a proper data back-up.

7.    Damage claims that fall under Section IX.3., irrespective of their legal origin and nature (contract, tort or other), shall fall under the statute of limitations one year after the end of the calendar year during which the claims came into existence and Customer could have reasonably known the factual circumstances that gave rise to the claim.

Section X –Confidential Information

1.    "Confidential Information" means any and all non-public scientific, technical, financial, regulatory or business information, or data in whatever form (written, oral or visual) that is (a) furnished or made available by or on behalf of one Party (the "Discloser") to the other (the "Recipient"). Prior to entering into this Agreement, the Parties had access to, and as a result of the acceptance of this Agreement the Parties shall have access to, Confidential Information of the other Party. Without limiting the foregoing, the Software, the Source Code, the Documentation and all Intellectual Property and/or the Intellectual Property Rights related to any of the foregoing, and all feedback, performance information and perceived flaws relating to the Products shall be considered the Confidential Information of Onapsis. The terms of the Order Form and this Agreement are the Confidential Information of both Parties. Each Party agrees not to (i) disclose the other Party's Confidential Information without the other Party's express written consent, or (ii) use the other Party's Confidential Information for any purpose other than in the performance of this Agreement.  Without limiting the foregoing, each Party shall exercise at least the same degree of care that it uses to protect its own Confidential Information (and, in any case, no less than a reasonable degree of care), which includes without limitation that the Software be retained in a location which does not permit access to persons not authorized to use the Software. Recipient shall return all of the Discloser's Confidential Information to the Discloser upon the earlier of the request of the Discloser and the end of the last to expire License Term. 

2.    The Recipient may disclose the Discloser's Confidential Information only to such of its employees, agents, or consultants ("Recipient's Personnel") who have a need to know the Discloser's Confidential Information for the purposes of this Agreement and the business to be executed by the Parties as a consequence hereof, and then only to employees, agents, consultants or third-party providers (e.g., its Hosting Site). who have been advised of the confidential nature of the Discloser's Confidential Information and who are under a confidentiality and non-use obligation no less stringent than the provisions hereof.  Recipient shall be responsible for any violation hereof by Recipient's Personnel.

3.    The obligations herein undertaken shall not apply to any information: (i) which is or becomes generally available to the public through no fault of the Recipient; or (ii) rightfully disclosed to the Recipient by a third party; or (iii) independently developed by personnel of the Recipient without use of the Confidential Information of the Discloser.  Recipient may disclose Confidential Information of Discloser pursuant to a court order or pursuant to governmental action, provided that before such disclosure, the Recipient shall notify the Discloser in writing of the request and give the Discloser an opportunity to prevent such disclosure or to seek a protective order.

 

Section XI – Term; Survival

1.    The term of this Agreement shall run from the effective date hereof until the last to expire License Term or SOW term, unless earlier terminated by either Party as set forth herein. In the event Customer terminates this Agreement, an Order Form or a SOW for any reason other than for Cause, it shall pay to Onapsis any remaining unpaid fees for the duration of the so terminated Order Forms or SOW's. Unless otherwise agreed by the Parties, Order Forms shall automatically renew for successive periods equal to that of the expiring period at the then current Onapsis list price.

2.    Either Party may terminate this Agreement, Order Form or SOW if the other Party fails to cure a material breach, ("Cause") of such Order Form or SOW within thirty (30) days after receiving written notice from the other Party of such breach. Upon any termination of this Agreement or an Order Form, all applicable licenses are revoked and Customer shall immediately cease use of the applicable Product(s) and certify in writing to Onapsis within thirty (30) days that Customer has destroyed or returned to Onapsis such Product(s) and all copies thereof.

3.    The following provisions shall survive any termination, cancellation or expiration of this Agreement: License Restrictions, Compliance, Customer Data, Fees and Terms of Payment, Intellectual Property Rights, Liability for Damages, Confidential Information, Term; Survival, and Miscellaneous. 

Section XII – Miscellaneous

1.    Entire Agreement.  This Agreement, Order Forms and SOWs shall constitute the entire understanding between the Parties and supersedes all previous commitments, agreements, and understandings, whether oral or written, between the Parties hereto with respect to the subject matter hereof and no previous agreement or understanding varying or extending the same shall be binding upon any Party hereto.  In the event of a conflict between the terms of this Agreement and the terms of the Order Form or SOW, the terms of this Agreement shall control. The parties agree that any terms which may be included in any purchase order, confirmation or similar document shall not apply, and will be null, void and of no legal effect, unless otherwise negotiated and confirmed in writing by Onapsis. Preprinted terms in Customer purchase orders or other customer-generated ordering documents, or terms referenced or linked within them, will have no effect on this Agreement or Order Form or SOWs under it and are hereby rejected, regardless of whether they are signed by Onapsis and/or purport to take precedence over this Agreement. The terms of this Agreement shall replace and supersede any and all prior agreements between the Parties and their subsidiaries for software licenses and services.

2.    Contracting Parties. This Agreement is entered between Customer and Onapsis Europe GmbH, a limited liability company, established under the laws of the Federal Republic of Germany, with primary offices at Speyerer Street 6, 69115, Heidelberg, Germany. 

3.    Notices.  All notices, requests, demands, and other communications shall be in writing in the English language and delivered personally or sent by e-mail, fax, courier or registered or certified airmail and sent to (a) Customer to the address or contact information on file with Onapsis for the Customer, or (b) Onapsis to the following addresses or numbers or email address, and the Parties may update such information with reasonable prior notice):

 Attn:  Legal Department
Onapsis Europe GmbH
Salomon-Calvi-Straße 1-3, 69124,
Heidelberg, Germany
E-mail: [email protected]

4.    Assignment; Successors. Neither Party may assign or transfer this Agreement or any of its duties under this Agreement without the prior written consent of the other Party, which consent shall not be unreasonably withheld or delayed; provided that Onapsis may assign this Agreement in connection with a sale of all or substantially all of its stock or assets, or a merger. Any assignment or attempted assignment without the required prior written consent shall be void.  The terms of this Agreement shall be binding upon and shall inure to the benefit of the successors and permitted assigns of the Parties hereto.

5.    Compliance. Each Party hereby represents and warrants that it is, and will remain in compliance with all applicable laws, the requirements of all applicable export laws and regulations, e.g., the U.S. Export Administration Regulations and International Traffic in Arms Regulations. 

6.    Headings and Interpretation.  Headings used in this Agreement are provided for convenience only and shall not be used to construe meaning or intent.

7.    Governing Law; Jurisdiction.  Except to the extent expressly provided hereunder, this Agreement will be governed by the law of Germany, excluding its or any EU Regulations-based conflict of law provisions, and any claims arising hereunder shall be subject to the exclusive jurisdiction of the German courts, namely the courts of Frankfurt, Germany. The Parties specifically disclaim the application of the UN Convention on Contracts for the International Sale of Goods.

8.    Equitable Relief. Each Party acknowledges that use of any of the other Party's intellectual property in violation of this Agreement or breach of this Agreement shall cause irreparable harm for which monetary damages may be difficult to ascertain or an inadequate remedy. Each Party, therefore, agrees that the other Party may be entitled, in addition to its other rights and remedies, to injunctive or equitable relief for any violation of this Agreement as may be deemed proper by a court of competent jurisdiction.

9.    Reference Customer. Customer hereby agrees that Onapsis may mention Customer as client and user of the Software, by means of using and displaying Customer's name, trademarks, or logos in Onapsis' advertising material, including among others, commercial presentations, papers, web site, etc. Customer agrees to provide a written reference to Onapsis that can be used publicly within 90 days of implementing Onapsis Software.

10.    Severability.  If a provision of this Agreement is held invalid under any applicable law, such invalidity will not affect any other provision of this Agreement that can be given effect without the invalid provision. In addition, the unenforceable provision shall be deemed modified to the limited extent required to permit its enforcement in a manner most closely representing the intention of the Parties as expressed herein.

11.    Force Majeure.  Neither Party shall be deemed to be in default of any provision of this Agreement or for any failure in the performance required of such Party hereunder to the extent such failure is caused by fire, explosion, accidents, civil disorder, a natural calamity or other Act of God, act of government, or other cause beyond the control and without the fault or negligence of such Party.

12.    Counterparts.  This Agreement may be executed simultaneously in several counterparts, each of which shall be an original and all of which shall constitute but one and the same instrument. 

 

Last updated December 1, 2022