General Terms and Conditions for "Membership" in the "Perseus Cyber Security Club" and related services (as of November, 2018)
a) Perseus Technologies GmbH, Hardenbergstraße 32, 10623 Berlin (hereinafter: "Perseus") operates as an Internet provider on the under the domains www.perseus.de and www.club.perseus.de Perseus Cyber Security Club (hereinafter: "PCSC "). This offers only companies, ie restricted to the range b2b, a range of services related to the security of information and communication technologies in enterprises. These services include preventive measures to increase the cyber security of companies, the use of software-based cyber security technology for real-time monitoring and protection, advice in the event of a cyber attack and the subsequent coordination of claims management. To be clear, note that the PCSC is not a club in the sense of a registered association.
b) The PCSS is basically a service for companies, entrepreneurs, traders and self-employed persons in accordance with. § 14 of the German Civil Code (BGB) (hereinafter referred to as "company"). However, with Perseus aiming to make Europe safer from cyber threats, Perseus offers individual PCSS usage models to workers and other interested parties, including consumers according to § 13 BGB (natural persons who act in this respect for purposes that can be attributed predominantly neither their commercial nor their independent professional activity), in order to give them the opportunity to continue education in cyber security, even if their employer is not or no longer users of the PCSS. In relation to the service offer of Perseus in the context of the PCSS as well as the validity of these terms and conditions therefore applies the following:
Unless expressly stipulated otherwise in these GTC or within the scope of the service offer in question, Perseus' service offer is exclusively aimed at companies that are exclusively entitled to register for the PCSS, to conclude a relevant user agreement and to make use of the services offered within the framework. Consumer acc. § 13 BGB are accordingly excluded from a registration for the PCSS, as far as the service is not in accordance with these Terms and Conditions or is aimed directly to end customers.
c) The use of the PCSC and its services requires a valid "membership" in the PCSC.
d) These terms and conditions apply in their respective valid version for the justification, existence or implementation and termination of a "membership" in the PCSC as well as for all services offered therein and their use, according to the applicable conditions of the respective "membership model" Divergent conditions of "members" are not accepted by Perseus, even if Perseus does not expressly oppose them.
e) By registering in the PCSC and/or registering to use the services of the PCSC, these terms and conditions are expressly accepted. The terms and conditions can be viewed in their current version on www.perseus.de/en/terms-and-conditions.
f) By registering in the PCSC and/or registering for the use of the services of the PCSC, including the "Intelligent Security" module, the "Supplementary Special Information and Conditions of Perseus Technologies GmbH for the Intelligent Security Module" the current version of which is available at https://www.perseus.de/en/iss-terms-of-use/ . By registering for "membership" incorporating the "Intelligent Security" module or for supplementing an existing "membership" to this module, the "member" concerned (if any) accepts the validity of those provisions, including any regulations governing the validity of own conditions of use of the providers of third-party software or technology included as agreed.
a) The "membership" of a company in the PCSC presupposes its registration by an authorized representative of the company, giving full details of the information required in the registration process according to the "membership model." This applies in particular to the specification of the data required for classification as a company or trade. If the registration is carried out by a corporate representative, he is required to give his name fully and correctly during the registration process and, upon completion of the registration by him, assures that he has the necessary power of representation to carry out the registration for the company concerned.
b) "Membership" in the PCSS is possible after full completion of the respective registration and successful validation of the given data. There is no right to be included in the PCSS, ie, Perseus can deny or reject "membership requests." The acceptance of "membership" comes only after the receipt of a concrete declaration of acceptance of "membership" sent by Perseus. This creates a "membership contract" with the registered company in the PCSS according to the chosen conditions. The "Membership Agreement" entitles the use of services accessible via the PCSS according to the respective "Membership Conditions" and obliges, in the case of paid "membership models," the payment of the corresponding "membership fees" and compliance with the requirements of these provisions.
For use of the PCSS in Perseus' collaborations with partner companies that enable affiliate customers to register for usage models that include a combination of performance modules individually assembled for the customers of that affiliate (hereinafter referred to as "affiliate models") Furthermore, in particular the instructions and regulations under following § 3 a) of these terms and conditions apply.
c) Perseus provides each "member" with password protected access to the "member area" as part of a valid "membership". "Membership" and the use of the PCSS services contained therein can be managed there. One admin per "member company" receives access rights to the profile settings, the available services and the option to enable all employees of the specific "member company" for the available services.
a) "Membership" in the PCSC is modular. Every interested company or person (including consumers i.S.d. § 13 BGB) initially has the option of completing a free "start"-membership in the PCSS exclusively via the domains www.perseus.de and www.club.perseus.de. Within the framework of this "start"-membership interested companies can test selected services of the PCSS from the moment they submit their membership, but not the entire service portfolio. Perseus reserves the right, at its sole discretion, to withdraw or modify the free "start"-membership at any time, without prior notice and without liability.
- The registration for a "partner model" (see above under § 2 b)) takes place via a special website ("landing page"), which is communicated to the relevant customers of the partner company by the partner company for this purpose. The content and scope of the services covered by a partner model will be determined by Perseus and the relevant partner and will be communicated to each partner's customer by the partner and, incidentally, after registration and activation of the user account.
- Partner models may include service modules that are chargeable to "non-partner users," but do not require payment for the "partner"-user to the extent that only the services covered by each partner model are claimed pay compensation to Perseus.
- Users who are companies can extend their usage models at any time by chargeable service modules.
- The use of the full range of services provided by the PCSS requires the inclusion of the appropriate, regularly - that is, if not covered by a partner model - fee-based service modules and is reserved for companies. Regularly chargeable service modules are subject to fixed contract periods and periods of notice (see also § 8 of these GTC).
b) The content and scope of the respective usage models and modules as well as the fees that may be payable for these are to be found in the respectively valid version of the PCSS website and / or, in relation to partner models, the respective information of the respective partner company.
a) All prices are exclusive of applicable statutory sales taxes and all other applicable taxes and duties. The fee for paid usage models or service modules is due with billing advance immediately after registration for the respective usage model / service module and acceptance declaration by Perseus or, in case of extension of the term of such a usage model / service module - depending on the offered and chosen payment method by the user.
b) Perseus reserves the right to increase the fee for paid-for-use models and modules within the framework of the PCSS once a calendar year. In this case, Perseus will inform the relevant PCSS users at least six weeks before the beginning of the month from which the price increase is to apply. If a user does not agree with this, he may, at the latest three weeks before the price increase comes into force, by informing Perseus in writing by e-mail to email@example.com. Such a contradiction leads to a termination of the respective use model or module or modules (see § 8 of these Terms and Conditions), i. the right for usage of the relevant utilization model or module / service modules ends at the end of the last month to which the "old" charge applies.
a) "Members" of the PCSS can use the services listed there as part of a valid, paid "membership" according to the operating conditions and contents of the respective "membership model," including an initial consultation in acute cases of cyber attacks with a downstream coordination of claims management. In the case of combining "membership" in the PCSS with cyber insurance, such particular services are provided as a direct insurance benefit, depending on the extent of the insurance. In this case, these services are called "FNOL services" ("First Notice of Loss"). The specific scope of services and the provision of services thus depend on the respective "membership model" in the PCSC and any additionally completed cyber insurance policies. Perseus explicitly provides no legal advice or legal services through the PCSC.
b) Perseus is not obliged to provide the aforementioned services itself. Rather, Perseus is entitled to use third party service providers. If provided for by the EU General Data Protection Regulation, Perseus will conclude so-called contract processing contracts in this regard.
c) The "Intelligent Security" power module includes the use of software-based cyber security technology from Cylance Inc. (400 Spectrum Center Drive, Suite 900, Irvine, CA 92618, USA; hereinafter referred to as "Cylance") (hereinafter referred to as "Cylance security technology"). To the extent that a "membership" in the PCSC includes the "Intelligent Security" power module, Perseus will provide the relevant "member" with a license from Cylance to use the Cylance security technology accordingly in the IT infrastructure of the "Member", in particular on the end devices (PCs, notebooks, tablets, smartphones, etc.) integrated into and covered by the relevant "membership", to the extent required for the agreed use of the Cylance security technology. For the use of Cylance security technology within the scope of the "Intelligent Security" service module, the "Supplementary Special Terms and Conditions of Perseus Technologies GmbH for the "Intelligent Security" service module," the current version of which can be found at www.perseus.de/en/iss-terms-of-use/, shall apply.
e) The PCSS also has a partner network with partner companies and third party service providers. A guarantee for a certain number of partner companies or certain types of third-party services will not be provided. If a "member" of the PCSS requires special services that go beyond the services directly provided by Perseus' PCSS, then the PCSS names third party service providers in the areas of legal advice, forensics and PR from its aforementioned portfolio. The third-party service provider mentioned by Perseus in the PCSS and the conditions of the respective third-party service providers published in this regard are non-binding and are without guarantee. Perseus also assumes no liability or warranty for the selection of third-party service providers and the provision of services through them. The PCSS wants to support its "members" in this way only in order to be able to reach the right qualified contact person quickly in an emergency.
f) The use of such third-party service providers is in the case of the needs of a "member" on their own initiative, ie a "member" contracts with a third-party service provider in their own name and on their own account and without the participation of Perseus. The provision of such third-party services is chargeable and not included in the fee for "membership" in the PCSC. By commissioning such third-party services, resulting costs are paid by the "member" directly to the respective third party service provider. For such additional services of third-party service providers their respective terms and conditions and privacy policies apply.
g) If the third-party service provider requests this from Perseus and the respective "member" expressly agrees to this in the specific FNOL case (in writing, at least in text form, ie email), Perseus will send a third party appointed by a "member" of the PCSC. Perseus shall send the IT technical report prepared by Perseus as part of the initial consultation/FNOL services to a third party service provider commissioned by a "member" of the PCSC about the specific cyber security situation of the company of the respective "member" or the specific Cyber incident. In order to further develop its services, Perseus will help if the "member" promises (in writing, at least in text form, i.e. email) that the respective third-party service provider will submit the report on the (final) service result to Perseus to supplement Perseus’ initial report.
h) Perseus is entitled to further develop and/or modify the offer of its services, unless this is unreasonable for the PCSC "members." This applies in particular if Perseus should be obliged by statutory changes to respond to the services accessible via the PCSC, or to comply with a court order or administrative decision directed against Perseus, or where the change is necessary to fill existing security gaps, is merely beneficial to the "members" of the PCSC, or if the change is purely technical or process-related in nature without significant impact on the "members." If there are reasonable grounds, Perseus may, at its sole discretion, end certain services.
i) Changes with only insignificant influence on the functions of the PCSC do not constitute any changes in performance within the meaning of this clause.
a) As part of registration for "membership" in the PCSS, all data required according to the "membership model" must be filled in truthfully and accurately (see § 2 a). Upon completion of their registration, parties interested in "membership" in the PCSS confirm that they have fulfilled this obligation. Multiple registrations are excluded. In addition, the contract-relevant information created in the user account must always be up to date.
b) "Members" of the PCSS confirm that in using the PCSS and the services accessible therein, all applicable laws as well as the full rights of third parties will be observed. "Members" may use the PCSS and the services offered therein solely for the purpose for which they are contractually intended, namely, the use of services to improve IT security in their company and in the acute cyber security case. The (legal) improper use in any form is prohibited.
c) "Members" of the PCSS, therefore, in particular, are prohibited from using, advertising or offereing and/or distributing offensive or libelous, pornographic, violent, abusive, immoral or content in violation of child protection laws, goods and/or services as well as protected
content unauthorized within the framework of the PCSC, as well as harassing other "members" (in particular by spam) and/or to engage in and/or promote anti-competitive activities. In particular, they also bear sole responsibility for the content of any content published by their employees in the PCSC or transmitted to Perseus for publication; this is especially true for blog posts.
d) In addition, "members" of the PCSS shall in particular be prohibited from undertaking any action which may impair or unduly burden the functionality of the PCSS and the services offered therein, in particular by blocking, overwriting, modifying, copying, unless this is necessary for the proper use of the PCSS. Finally, the distribution and public reproduction of the contents of the PCSS and the services accessible therein is prohibited, unless such distribution and public communication is provided for the use of the PCSS or Perseus has
e) The respective "member" will indemnify Perseus, upon first request, against all claims and demands asserted by any third party against Perseus for violating their rights by any conduct attributable to said PCSS "member" representatives and/or vicarious agents, in particular, misuse of "membership" in the PCSC and the services offered in the PCSS. This includes, in particular, the obligation to indemnify Perseus for injunctive relief, as well as claims for damages and/or reimbursement of third party expenses, as well as for all costs of legal action (such as court and attorney's fees). The respective "member" is obliged to provide Perseus with all information without delay, truthfully and completely, in the event of such third-party claim,
f) "Members" are obliged to keep their login information and passwords secret and in particular, not to share them with unauthorized third parties and to protect them against access by unauthorized third parties. Passwords must be at least 8 characters in uppercase and lowercase letters, numbers, and special characters. Should unauthorized third parties become aware of the login information and/or passwords or should the login information and passwords have been lost by a "member" Perseus must be informed immediately. Perseus is entitled to block “member” login information immediately, if there is a reasonable suspicion that the same is being used by unauthorized persons. The affected "member" will be informed about this and will receive new access information.
g) "Members" are obliged to secure their data independently at all times.
h) Perseus is entitled to display, or have displayed, appropriate advertisements for its own purposes and for third parties as part of the free service in the "members area" such as using Google AdSense.
a) In principle, "members" of the PCSS acknowledge that 100% availability of the PCSS and the services offered therein is not IT-technically feasible. Perseus does not guarantee and/or warrant the availability of its free services. Likewise, no guarantee is given in this respect.
Liability of Perseus for Internet function or “member” Internet access or their capacity and other circumstances and events that are outside the control of Perseus, is excluded. To this extent, this also includes the functionality and effectiveness of third-party technologies as agreed.
Perseus nevertheless takes reasonable, technically feasible, state of the art and reasonably priced reasonable measures necessary for the availability of the PCSS and the services offered therein. The members have to counteract the risk of data loss due to system failures by regularly backing up their own data.
Perseus assumes no responsibility in this regard for the PCSS and the services offered therein being able to be used by the "members" at any time and/or without interruption. “Members” will be informed of unforeseen system failures in an appropriate form. Maintenance work is carried out, if possible and reasonable, outside normal business hours. If this is not possible and such maintenance exceeds a reasonable level, Perseus will inform the "members" in good time, beforehand.
b) Furthermore, users are cautioned and acknowledged that even 100% protection against any cyberattacks is not possible, as they are developed with the aim of continuously evolving, especially in technical and strategic terms, into information systems without being recognized by: also precautionary and safeguard measures taken in this regard are overcome or circumvented. Moreover, the quality and (consequently) effectiveness of measures to detect and ward off cyber attacks is regularly dependent on the situation and appropriate action of the respective employees on the part of the user.
Perseus, by providing PCSS-related services for cyber-attack detection and mitigation, therefore owes no success, to the extent that such services are the subject of the user's usage model, in the sense that any cyber-attack to which a user is exposed, always recognized or thwarted. In this respect, Perseus guarantees (without prejudice to the liability regulations under § 9 of these GTC) to render the services owed in this respect with the agreed content and to the extent agreed with the due care of a proper businessman according to the current state of the art and information with the aim of the relevant user to support the best possible quality and effectiveness in securing its information and communication technologies and infrastructure against cyber-attacks.
c) With regard to the sending of test phishing e-mails to "members" of the PCSS, it is hereby noted that such test phishing emails are created by Perseus and/or by third parties. In order to make them as realistic as possible, it is essential that they resemble the trademarks of third parties. Perseus does not consider use of third party trademarks or interference with third party intellectual property rights in this, nor does Perseus intend to do so, especially as the sending only takes place within the closed framework of the PCSS. Members of the PCSS are bound to secrecy with regard to the concrete execution. Furthermore, members of the PCSS are obliged to contact Perseus
with questions regarding the test phishing emails. § 5 lit. e) applies accordingly if a PCSS "Member" violates this provision and Perseus is thereby involved in a legal dispute with third parties.
a) Unless a different duration has been agreed, all use models within the framework of the PCSS are concluded for a period of at least one month. Deviating terms may apply in particular for partner models, as well as the use of additional service modules may lead to a change of previously valid term regulations. In this respect, the information which is communicated to the user in question at the time of his registration or that of the supplement of his usage model by further power modules with regard to his usage model or the further power module is decisive. A supplement of a usage model by (possibly further) service modules can therefore lead to an extension of the existing contract period; In case of doubt, the duration of the usage agreement is decisive for the duration of the usage agreement, for which the respective usage model was last supplemented.
b) All "membership models" in the PCSS will be completed after at least one month, unless otherwise agreed. "Memberships" in the PCSS automatically renew for a basic term of one month for another month or for a basic term of one to three years for another year, unless they are terminated in compliance with the respective ordinary notice period. In the case of a monthly "membership" term, the regular period of notice is 14 days before the end of the month, and with an annual or three-year "membership" 30 days before the end of the first term or extension period.
c) In the event that services from the range of services of the PCSS are still active or being used (e.g. in the area of FNOL) at the time of the effective date of a termination, the former "member" shall not be entitled to the continuation of these services by Perseus upon the
effective date of the termination. The situation is different if Perseus has reached an individual agreement with said former "member" of the PCSS regarding continuation of the specific services until their proper completion.
d) Furthermore, Perseus reserves the right to terminate "memberships" in the PCSS for good cause without notice. Such good causes exist when the continuation of a "membership" in the PCSS until the expiration of the ordinary period of notice, taking into account all circumstances of the individual case and weighing the interests of both parties is not reasonable for Perseus. Good cause for Perseus may be the legal or immoral conduct of the respective "member" and/or violations of obligations under § 5. Claims of the relevant "member" from chargeable service packages expire in this case without recompense. In addition, there is no entitlement to repayment of fees already paid in advance.
e) Terminations must be made in writing or in text form, such as by email to firstname.lastname@example.org.
f) At the end of the contract, the right of use of the "member" ends. Contents of the respective "member" are neither secured nor is there any right to surrender or other release of the content posted by him. The customer can back up his data at any time before the end of the contract (see § 6 c).
g) Insofar as the contractual service of Perseus is discontinued, the user's right to use expires completely at the time of cessation. Without prejudice to this, any rights of the user, which in the case due to these terms and conditions, or otherwise incidentally by law are due, are unaffected.
Perseus is liable, for whatever legal reason, within the scope of the statutory provisions, only in accordance with the following provisions:
a) Perseus is fully liable for damages resulting from injury to life, limb, or health, as well as for damage caused by intent or gross negligence on the part of the provider or one of its legal representatives or vicarious agents, as well as for damages due to non-compliance with a given guarantee or warranted characteristic or because of fraudulently concealed defects.
b) Perseus is liable, limited to the foreseeable damage for such damages typical for this type of contract, which are based on a slightly negligent violation of essential contractual obligations by Perseus or one of its legal representatives or vicarious agents. Essential contractual obligations are obligations whose fulfillment is essential for the proper execution of the contract in the first place and on the compliance of which the contractual partner may regularly rely. Perseus is not liable for other cases of slightly negligent behavior.
c) Liability for consequential and indirect damages is excluded.
d) The provisions of the Product Liability Act remain unaffected.
e) The provisions of § 8 a to d also apply to the personal liability of Perseus employees, representatives, bodies and vicarious agents. In the event that Perseus expressly assumes guarantees and in the event of mandatory statutory provisions, the aforementioned exclusions and limitations of liability shall not apply.
The aforementioned exclusions and limitations of liability do not apply insofar as Perseus has given an express guarantee or mandatory legal regulations require further liability of Perseus.
All trademarks and/or other proprietary rights to Perseus' offer, in particular the PCSS, are exclusive to Perseus and may not be used without the prior written consent of Perseus (textual form, such as email, is sufficient). Upon request, Perseus will provide each member
with a license to use the Perseus logo with usage guidelines. There is no right to complete such a contract. Also, no Perseus software may be copied, reverse-engineered, and/or otherwise altered, unless Perseus expressly agrees or the respective use is permitted by a statutory approval provision.
Paid "members" of the PCSC grant Perseus the right to publicly advertise the contractual relationship with a respective "member" using the logo(s) of the respective "member," in particular, via www.perseus.de.
a) Perseus is entitled to transfer all or part of its rights and obligations as provider of the PCSS to a third party with a notice period of 4 weeks.
b) Perseus is entitled to change these terms and conditions with effect for the future, in particular due to new technical developments, changes in case law and/or other equivalent reasons. The "members" of the PCSS will be informed by a notice in the login area of the PCSS or by email about such changes while maintaining a lead time of six weeks. If a "member" does not object within the specified period, his consent to the changed conditions shall be deemed to have been granted when the deadline expires. Perseus will particularly
point out the possibility of contradiction and the legal consequences of an omitted contradiction in the notification. The principle of § 3 e applies accordingly.
Perseus verarbeitet zum Zwecke der Leistungserbringung personenbezogene Daten der Nutzer grundsätzlich als für die Verarbeitung Verantwortlicher. In spezifischen Fällen agiert Perseus als Auftragsverarbeiter im Sinne von Art. 28 Datenschutzgrundverordnung DS-GVO (Datenverarbeitung im Auftrag). Sofern eine Datenverarbeitung im Auftrag erfolgt, schließen Perseus und der Nutzer dafür eine Vereinbarung zur Auftragsverarbeitung gem. § 28 Abs. 3 DS-GVO, deren Text Perseus zur Verfügung stellt. Dies kann elektronisch erfolgen.
Perseus, for the purpose of providing services, always processes users' personal data as the controller. In specific cases, Perseus acts as a processor within the meaning of Art. 28 of the General Data Protection Regulation GDPR (Data Processing on Behalf). If data processing takes place on the order, Perseus and the user agree to a contract processing agreement pursuant to Art. § 28 Abs. 3 GDPR, whose text Perseus provides. This can be done electronically.
a) Only German law applies. The application of the UN Sales Convention and conflict of laws rules of private international law is excluded. This applies to consumers according to. § 13 BGB insofar as not contrary to the mandatory statutory, especially European law, regulations.
b) To the extent permitted by law, Berlin is the exclusive place of jurisdiction for all disputes arising directly or indirectly from the contractual relationship.
Should provisions of these terms and conditions be or become wholly or partially invalid, this shall not affect the validity of the remaining provisions. Ineffective regulations are replaced by statutory law. This applies accordingly in the case of a regulatory gap.