General terms and conditions

for the provision of a cloud-based infrastructure for the management of IoT devices


of the company asvin GmbH - Schulze-Delitzsch-Str. 16 - 70565 Stuttgart
Germany Status: April 2021

Preamble


asvin GmbH (hereinafter referred to asvin) provides its commercial customers with a platform and toolbox as part of a Software as a Service (SaaS) model in a cloud-based infrastructure to support and secure their management of devices in the Internet of Things (hereinafter referred to as: IoT-devices) and to reduce the threat of cyber attacks.

On this platform (hereinafter: app.asvin.io), asvin offers five main services to its registered customers:
• Updates & Patches Management
• Rollout management of updates & patches
• Device - Fingerprinting
• Backup & Log History
• Device monitoring

1. scope


These general terms and conditions (GTC) apply to the contractual use of the services provided by asvin via the website app.asvin.io by commercial customers (entrepreneurs as defined by § 14 BGB).
Consumers in the sense of § 13 BGB cannot use the services of asvin.
These general terms and conditions apply exclusively to the contractual relationship between asvin and the customer. General terms and conditions of the customer do not apply. Confirmations of offers by the customer referring to his own general terms and conditions will not become part of the contract, unless they are expressly confirmed by asvin.

2. type and scope of service 2.1



2.1


asvin basically provides the following services to the customer:

• Risk minimization
Securing the security architecture and minimizing risks from cyber attacks.

• Cost reduction
IoT-devices operators (i.e. customers) save costs on developing and maintaining their own platform solutions by using the tools on app.asvin.io from asvin as SaaS.

• Transparent costs
With billing based on the number of registered IoT devices, costs remain transparent and reliable at all times.

• Worldwide protection
By using app.asvin.io, IoT devices can be provided with updates and patches at any time and any place.

asvin provides Customer with the software developed for the above services, the necessary databases and libraries as well as its own and its partners' networks and their services in their respective current version at the interfaces of the IT system provided for this purpose for data transfer for Customer for online use.

2.2


However, due to technical circumstances, asvin does not owe

- the establishment and maintenance of the data connection between the Customer's IT systems and its own IT systems or the designated interfaces required for the use of the Services;

- the permanent, unrestricted and trouble-free accessibility and operability of app.asvin.io, the platform itself or parts thereof, the tools, the underlying software and all its components and entities on the own IT systems, the networks of partners and those of the customer;

- the successful deployment of the processes initiated by the customer via the asvin.io platform for the maintenance of the IoT devices and their trouble-free functioning.

asvin draws the customer's attention to the fact that limitations or impairments of the services may occur which are beyond the control of asvin. This includes in particular actions of third parties not acting on behalf of asvin, technical conditions of the public and private networks, the services of the partners, which cannot be influenced by asvin, as well as force majeure. Also the hardware, software and technical infrastructure used by the customer may have an influence on the services of asvin. As far as such circumstances influence the availability or functionality of the services offered by asvin, this has no effect on the contractual conformity of the services and does not entitle to a reduction of the remuneration or the assertion of liability claims

2.3


The nature and scope of the specific services provided by asvin to Customer within the scope of the Services are set forth in the Agreement and the Service Description pursuant to Section 3. Customer's wishes with regard to technical and/or organizational individual services adapted to its needs can be taken into account - if feasible by asvin - upon separate agreement and conclusion of a separate contract.

3. bases of the contract 3.1


3.1


asvin concludes a contract with the customer, which consists of the following components:

• General description of services

The customer can register on the app.asvin.io platform and then log in to the platform. The customer receives assistance in configuring his IoT devices so that they can register fully automatically on app.asvin.io.

The customer receives an overview of the IoT devices registered in his workspace and can group them according to his wishes.

A separate area is available to the customer for uploading firmware and update files. He can group the uploaded files according to his own ideas.

For rollout planning, the customer can create rollouts. These can be executed immediately or on a schedule. Rollouts can be rolled out to device groups (see above). A file (see above) is assigned to the rollout, which is then delivered to the devices on request.

The service is subject to payment. Therefore, the customer can and must store payment data (credit card data) in the settings area, which will be used exclusively for the collection of the costs incurred.

3.2


Establishment of the business relationship and conclusion of the contract with the aforementioned components shall take place through an encrypted online process set up for this purpose.

Asvin will provide Customer with the logins and all information necessary for use as described in the General Description of Services.

4. rights of use


4.1


Asvin grants Customer the non-exclusive, non-transferable rights limited in time to the duration of the Agreement,

- to use the user interface of app.asvin.io, the Toolbox and its functions on the customer's own IT systems by his authorized employees (m./w./d.);

- to load the Customer's own software or source code in the form of firmware, updates, upgrades into the IoT devices covered by the Agreement via app.asvin.io;

- to make copies of digital products of asvin and software licensed for and by asvin, including (but not limited to) open source software, as required for the use of the Services.

The right of use of any source code created for the provision of the Services by asvin and/or its partners and/or third parties - including subsequent versions - shall always remain with them, in each case within the limits of §§ *69 a ff. UrhG.

4.2


Customer grants to asvin for the term of the agreement the non-exclusive, non-transferable rights, limited in time to the duration of the agreement, to

- Duplication and further processing (e.g. encryption) of the software developed by the customer for the maintenance of its equipment;

- Making available or distributing the software developed by the customer to IoT devices and technical partners or networks in the Internet of Things;

- Analysis and further processing of incoming and outgoing data streams from IoT devices and other IT systems, as well as from technical partners, as part of the provision of services, and forwarding of these data streams to the customer and to technical partners.

4.3


The customer shall ensure that its existing IT system or the software installed on it is free of conflicts within the meaning of copyright law and that valid licenses are available to the required extent for all software products.

5. cooperation of the customer


5.1


Customer is obliged to notify asvin immediately and as precisely as possible of any functional failures, malfunctions or impairments of the Platform and its components and tools. For this purpose an online form is available in app.asvin.io under "Support". Alternatively, such incidents can be sent by mail to support@asvin.io.

5.2


Upon notification, Customer shall designate asvin an IT administrator or technically experienced contact person familiar with Customer's IT systems to coordinate all technical and organizational requirements.

5.3


If technical standards or specifications for production must be complied with or approvals for the operation of the IoT devices, their hardware and software must be obtained, this is the sole responsibility of the customer, as is the possible fulfillment of information obligations vis-à-vis third parties, such as authorities.

The customer shall ensure that, in the interests of data security, app.asvin.io's proposed or already known

- administrative measures, such as training of its employees, access regulation or access control (authorization concept) and compliance with data protection requirements, as well as

- Technical measures such as emergency power supply systems, provision of backup systems, ensuring the safety of ongoing operations (ventilation, cooling, etc.) and regular data backups

be implemented.

6. data protection and data security


6.1


asvin only receives the following personal data during registration before the start of the contract and, if applicable, during the term of the contract:

- Name and contact details of the contact person at the customer;

- Name and contact details of other communication partners (such as: Clerk, IT Administrators) of the customer.

These data subjects have the rights resulting from the General Data Protection Regulation (GDPR).

6.2


The Services of app.asvin.io do not have the purpose of processing personal data of the Customer or the users of the Iot-devices or third parties. If and to the extent that Customer processes its own and/or third parties' personal data (such as: its users) on IT systems of asvin, a commissioned processing agreement shall be concluded, if applicable.
The functions set up on app.asvin.io also do not have the purpose of processing personal data of the customer or their users. Such data are routed during the execution of the processes initiated by the customer and are (temporarily) stored or temporarily processed in this context. No modification or knowledge of the data is taken, the use of app.asvin.io only serves the purpose of routing, deployment and support of the work to be performed by the customer on his IoT-devices.

6.3


asvin - as well as the customer - is obliged to observe the applicable data protection regulations.

This applies both to the protection of personal data of the customer, its employees (m./w./d.) and the data of the users, and to the protection of operating data of the IoT devices themselves, irrespective of any personal reference. Both contracting parties undertake to inform each other immediately of any loss of data and to cooperate with a view to determining the cause and remedying it.

Customer is obligated to create the necessary conditions under data protection law (e.g. necessary consents from its own customers) in order to enable asvin to provide its services in compliance with the law.

6.4


Information towards its own users has to be provided by the customer itself the rights to blocking etc. resulting from the GDPR are only effective in relation to the customer, in such a case asvin is ready to assist upon request of the customer and against payment.

6.5


For the purpose of providing the Services, Customer grants asvin the right to store and reproduce the data to be processed by asvin for Customer (in particular the personal data - without prejudice to the information in clause 6.2) within the scope of technical necessity. asvin is also entitled to keep such data in an IT system for data backup purposes. Furthermore, in order to eliminate malfunctions and to maintain the Services, asvin is entitled to make changes to the structure of the data or the data format.

6.6


asvin and customer are each independently obligated to back up their own data on a regular basis.

7. technical and organizational requirements for use


7.1


Customer will receive from asvin information on the technical and organizational requirements of its IT system necessary for the use of the Services.

If additional hardware and/or software is required by Customer for the use of asvin's services, Customer will be provided with corresponding specifications.

7.2


Customer is obliged to implement specifications and instructions of asvin with regard to a guarantee or improvement of the use or an improvement of the data security.

7.3


When using the Services, the following is prohibited:

- copy, translate, disassemble, decompile, reverse engineer or otherwise modify any part of the Service (except as described in the Documentation and to the extent permitted under the Documentation or applicable law),

- willfully or with gross negligence transmitting any content, data or information that is unlawful, harmful, threatening, malicious, infringing, harassing, tortious, defamatory, vulgar, obscene, libelous, invasive of another's privacy or right of publicity, hateful, or discriminatory toward any race or ethnic group, or otherwise objectionable;

- the willful or grossly negligent infringement of the rights of a natural or legal person to the respective intellectual property;

- willfully or through gross negligence interfering with or disrupting the software or systems over which the Services are hosted or other equipment or networks connected to the Service, or disregarding any requirements, procedures, policies or regulations for networks connected to the Services that have been brought to Customer's attention;

- circumventing any user authentication or security features of the Services or any associated host, network or account; unless authorized by asvin, using any application programming interface to access the Services other than the one provided for the Services;

- willful or grossly negligent use of the Services in violation of any applicable law; or authorizing any third party, other than the rights granted to Users under this Agreement, to use the user identifications, codes, passwords, procedures and user keys issued to or selected by Customer to access the Service.

The customer shall also ensure that its employees (m./w./d.) are informed of the aforementioned conduct to be refrained from and refrain from such conduct as far as possible.

8. remuneration and payment conditions


8.1


The fee for the use of the Services by the Customer is determined by the subscription (Free, Basic, Pro, Business, Enterprise) selected on app.asvin.io. The different services of the subscriptions can be viewed at https://asvin.io/solution/pricing/ The number of available devices is defined by all IoT devices that are not in the "Lobby" and have not been blacklisted. In other words, all devices that are in "Grouped" or "Ungrouped".

8.2


The customer grants asvin direct debit authorization, the debit will be made monthly based on the selected subscription (see 8.1).

asvin is entitled to price adjustments, about which the customer will be informed one month in advance by e-mail.

9. contract term


The term of the contract is:

3 months

from the conclusion of the contract.
The contract is extended by 3 months to the end of each quarter if it is not terminated with a notice period of

has been terminated in writing one month prior to expiry.
The contract may be terminated by either party without notice (extraordinary) if

there are serious reasons that make a continuation of the contract unreasonable, such as:

- Insolvency of a contractual partner;

- serious misconduct of a contractual partner for which a warning has been issued (such as: Violations of para. 7.3);

- non-existent licenses or violations of license terms;

- Default in payment despite due date and reminder.

transition and exit management


After termination of the contractual relationship, use of the customer's account and thus the services of app.asvin.io is no longer possible.

The migration of the customer's data stored or retained by app.asvin.io can be individually agreed with the customer; this post-contractual service is subject to a charge.

At the request of the customer, asvin will confirm that all data has been deleted from all storage media.
This does not affect data that must be kept for accounting reasons.

10. liability


10.1


asvin shall ensure that the tools provided have the functions described in the service description and that they are available for use by the customer as far as possible without interruption. Maintenance works on the platform are not interruptions.

The data used by the customer and any content used are the responsibility of the customer.

10.2


asvin shall only be liable for damages caused by the use of the Services, except in case of breach of fundamental contractual obligations, if and to the extent that asvin, its legal representatives or executives are guilty of intent or gross negligence.
For other vicarious agents asvin is only liable in case of intent and as far as they violate essential contractual obligations intentionally or by gross negligence. Except in case of intent or gross negligence of legal representatives, executives or intentional behavior of other vicarious agents, there is no liability for compensation of indirect damages, in particular for loss of profit or loss of data of customers or third parties.

Except in case of intent and gross negligence of asvin, its legal representatives and executives, liability is limited to the damage typically foreseeable at the time of conclusion of the contract.

The aforementioned exclusions and limitations of liability vis-à-vis entrepreneurs shall not apply in the event of the assumption of express warranties by asvin and for damages resulting from injury to life, body or health as well as in the event of mandatory statutory provisions, such as product liability provisions.

10.3


Liability shall not extend to such damage and/or disruptions caused by the fact that the Customer, its IT administrators, employees or otherwise authorized users in the contractual use of

- the generally known and common rules and specifications for the use of software

- The data specified in the manual, operating instructions and other documents according to the certificate of performance.

- the rules and specifications conveyed in a training course does not carry out or does so inadequately or incorrectly (operating errors).

10.4


Defects or functional impairments shall be remedied at the option of asvin by

- the installation of an improved version of the software

- by advice on how to eliminate or circumvent the effects of the error.

11. secrecy


asvin and customer are obliged

- business secrets, which are disclosed during the initiation and possibly subsequently in the course of the

- use of the Services and are identified as such, will not be disclosed to any third party. third parties;

the knowledge gained from the use of app.asvin.io and the Services as trade secrets to treat.

12. involvement of other technical service providers


asvin is entitled to engage other suitable service providers for the provision of the Services at any time. The contact person for the customer is always asvin.

13. Written form, applicable law, place of jurisdiction


The business relationship with the customer and the provisions of all contracts concluded with him are subject to German law. The UN Convention on Contracts for the International Sale of Goods is excluded.

If the customer is a merchant within the meaning of the German Commercial Code, a special fund under public law or a legal entity under public law, Stuttgart shall be the exclusive place of jurisdiction for all disputes arising.

14. Amendment of these GTC, binding nature of the contract


asvin reserves the right to change these GTC. Such a change will be communicated by asvin to all registered customers by e-mail to the e-mail address noted in the customer record. If the new GTC are not objected to within 14 days after notification or if the customer account continues to be used after this period has expired, they will be deemed accepted. Asvin will point this out again in the notification email. All transactions already in progress at the time the new terms and conditions come into effect remain unaffected by the change; these are subject to the terms and conditions in effect at the time the offer was entered. In case of objection the contractual relationship ends at the time the new terms and conditions come into effect.

The concluded contracts and these GTC shall remain effective in their remaining parts even if individual provisions are legally ineffective. The invalid provision shall be deemed to be replaced by a provision that comes as close as possible in economic terms to the meaning and purpose of the invalid provision in a legally effective manner. In the event of loopholes, the relevant statutory provision shall apply in a subsidiary manner.