General terms and conditions.

1.1 These Terms apply to all present and future contractual relationships between the Provider and the Customer concerning the services provided by CAVRIX in the areas of managed IT, cybersecurity and compliance.

1.2 These Terms apply exclusively to entrepreneurs within the meaning of Section 14 of the German Civil Code (BGB), legal entities under public law and special funds under public law within the meaning of Section 310 (1) BGB. The offering is not directed at consumers within the meaning of Section 13 BGB; the use of the services by consumers is excluded.

1.3 Differing, conflicting or supplementary terms and conditions of the Customer shall not become part of the contract, even if the Provider renders performance without reservation while being aware of such terms, unless the Provider has expressly agreed to their validity in text form.

1.4 Individual agreements made between the parties shall in any case take precedence over these Terms. A written contract or written confirmation by the Provider shall be decisive in this respect.

2.1 The Provider renders services in the areas of managed IT (in particular operation, monitoring, patch management and support), cybersecurity (in particular monitoring, threat defense and vulnerability management) and compliance (in particular support in implementing regulatory requirements). The specific scope of services results from the respective individual agreement and the service description referenced therein.

2.2 The Provider renders its services with the diligence of a prudent businessperson in accordance with the applicable state of the art. Unless expressly agreed otherwise, availability and response targets are non-binding objectives and do not constitute a warranty or guarantee.

2.3 The Provider is entitled to engage suitable subcontractors to render its services. This does not affect the Provider's responsibility for the proper rendering of the services.

2.4 The Customer shall provide the cooperation required for the rendering of the services in a timely, complete and free-of-charge manner, in particular by naming a contact person, granting necessary access and providing accurate information. Delays due to a failure to cooperate shall not be to the Provider's detriment.

3.1 Offers made by the Provider are non-binding unless expressly marked as binding. A contract is concluded by written acceptance of a binding offer, signature of an order form, written order confirmation by the Provider, or the unreserved commencement of performance at the Customer's instigation.

3.2 Unless otherwise agreed in the individual agreement, the initial contract term is twelve (12) months, commencing with the provision of the service. The contract is automatically renewed for further periods of twelve (12) months each, unless terminated by either party with a notice period of three (3) months to the end of the respective current term.

3.3 The right to extraordinary termination for good cause remains unaffected for both parties. Terminations require text form (Section 126b BGB); oral declarations of termination are ineffective.

4.1 The remuneration is determined by the prices stated in the respective individual agreement or in the Provider's current price list. All prices are exclusive of statutory value-added tax at the applicable rate.

4.2 Unless otherwise agreed, ongoing fees are invoiced annually in advance. Invoices are due for payment within ten (10) days of the invoice date without deduction.

4.3 The Customer falls into default upon expiry of the payment deadline even without a separate reminder. The Provider is entitled to charge default interest at the statutory rate (Section 288 BGB). In the event of significant payment default, the Provider is entitled, after prior written reminder, to suspend services until payment is made in full.

4.4 The Customer may only set off claims that are undisputed or have been finally established by a court. The Customer is entitled to a right of retention only on account of counterclaims arising from the same contractual relationship.

5.1 The Provider is liable without limitation for damage caused intentionally or through gross negligence, for damage arising from injury to life, body or health, under the German Product Liability Act, and to the extent of an expressly assumed guarantee.

5.2 In the case of slight negligence, the Provider is liable only for the breach of material contractual obligations (cardinal obligations) whose fulfilment is essential to the proper performance of the contract and on whose observance the Customer regularly relies. In such cases, liability is limited to the damage typically foreseeable at the time the contract was concluded.

5.3 Any liability beyond this in the case of slight negligence is excluded, in particular for loss of profit, indirect damage and consequential damage.

5.4 Liability for the loss of data is limited to the typical recovery effort that would have been incurred had the Customer carried out proper data backups in accordance with the state of the art. The Customer remains responsible for adequate data backups within its own sphere of responsibility.

5.5 The above limitations of liability also apply in favor of the Provider's legal representatives, employees and vicarious agents.

6.1 Each party shall treat confidential information of the other party as strictly confidential and use it exclusively for the purpose of performing the contract. This obligation applies for the duration of the contract and for five (5) years after the contract ends.

6.2 Insofar as the Provider processes personal data on behalf of the Customer, the parties shall conclude a separate data processing agreement pursuant to Art. 28 GDPR. Otherwise, the privacy policy of CAVRIX applies to the processing of personal data.

6.3 The Customer is responsible for the lawfulness of the transmission and processing of the personal data provided by the Customer.

7.1 The contract and these Terms are governed exclusively by the law of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods (CISG) and the conflict of laws rules of private international law.

7.2 The exclusive place of jurisdiction for all disputes arising out of or in connection with the contract or these Terms is Hamburg, Germany. However, the Provider is also entitled to bring an action at the Customer's general place of jurisdiction.

7.3 Amendments and supplements to these Terms as well as any waiver of contractual rights require text form (Section 126b BGB). This also applies to the waiver of the text form requirement itself.

7.4 Should any provision of these Terms be or become wholly or partly invalid, the validity of the remaining provisions shall remain unaffected. The parties shall replace the invalid provision with a valid provision that comes closest to its economic purpose.