AGB
ISMS for Confluence and RiskManager for Jira
General Terms and Conditions
Thank you for your interest in using our product “ISMS for Confluence” and/or “RiskManager for Jira” (hereinafter referred to as the “Software”). Our software supports companies in implementing an information security management system within the framework of using Atlassian’s Confluence™ wiki software. Its core function is to provide document templates for an information security management system, including guidance for customization.
Below you will find the terms and conditions of us, 3einhalb GmbH, Nägelsbachstraße 26, 91052 Erlangen (hereinafter the “Provider”), which apply to you as the customer (hereinafter “User”) when you acquire our software via the Atlassian Marketplace or third parties for download and installation on your own system (hereinafter the “Terms”).
§ 1 General Provisions
(1) The Provider’s terms apply exclusively to the download, installation, and use of the Software. Support services by the Provider are not included.
(2) The Provider’s terms are exclusive. Conflicting, additional, or deviating terms from the User do not become part of the contract unless the Provider has expressly agreed. These terms apply even if the Provider performs services without reservation despite knowing conflicting terms.
(3) The terms apply only if the User is an entrepreneur (§ 14 BGB), a public-law legal entity, or a special fund under public law.
§ 2 Subject Matter of the Contract
(1) The content and scope of the Provider’s services and the Software’s exact scope result from the respective service description or offer.
(2) The Provider grants the User the described Software, including related application documentation, as specified in the service description or offer in the designated language (hereinafter “Application Documentation”) (Software and Documentation hereinafter referred to as the “Contractual Objects”) under agreed usage terms.
(3) The User receives the Software as executable object code. The source code is not part of the contract.
(4) Unless otherwise agreed, the Software is delivered in the current version at delivery time.
(5) The performance description or offer exclusively determines the Software’s characteristics. The Provider is not obliged to deliver characteristics beyond this. The User cannot derive such obligations from public statements or advertising unless expressly confirmed by the Provider.
(6) Installation, configuration, and consulting services are not part of these terms and must be separately commissioned.
§ 3 Delivery; Force Majeure
(1) Delivery is effected by making the Software and Application Documentation available for download via the internet.
(2) Delays caused by force majeure—such as strikes or lockouts in third-party companies or the Provider’s own operations (only if lawful), official orders, legal prohibitions, general telecommunications disruptions, or other circumstances beyond the Provider’s control (hereinafter “force majeure”)—or circumstances within the User’s control (e.g., failure to provide necessary cooperation, delays caused by third parties attributable to the User) entitle the Provider to postpone the affected services for the duration of the hindrance plus a reasonable start-up period. If force majeure continues uninterrupted for more than three months, both parties are released from the performance obligation. Further statutory claims or rights of the Provider, particularly due to the User’s default in acceptance, remain unaffected.
(3) Claims by the User for damages or compensation for futile expenses in cases of delivery delay or impossibility are governed by § 10.
§ 4 User’s Cooperation and Information Obligations
(1) The User has informed themselves about the essential features of the Software and bears the risk of whether it meets their wishes and needs; in case of doubt, they should have sought advice from the Provider’s staff or qualified third parties before concluding the contract.
(2) The User is solely responsible for setting up a functional hardware and software environment—adequately dimensioned to handle the additional load from the Contractual Objects. The User requires a Confluence™ Server version marked as compatible. Additional components may be necessary depending on individual use.
(3) The User thoroughly tests the Software for defects and usability in their existing hardware and software configuration before use. This also applies to Software received under warranty or maintenance.
(4) The User follows the Provider’s instructions for installation and operation and regularly consults the Provider’s current notices at https://3einhalb.com/security-advisories-errata/ and incorporates them during operation.
(5) The Provider is entitled to verify whether the Contractual Objects are used in accordance with the contract. To this end, the Provider may request information from the User, especially about the duration and extent of use, and may inspect the User’s hardware and software. Access must be granted to the Provider during normal business hours.
(6) The User bears disadvantages and additional costs arising from violations of these obligations.
§ 5 Data Backup by the User; Liability for Data Loss
(1) The User shall take appropriate precautions in case the Software does not function properly, e.g., daily data backups, fault diagnosis, and regular review of data processing results. The User must perform a full backup of all system and application data immediately before any intervention or access by the Provider or authorized third parties. Backups must be stored securely to allow full data restoration at any time.
(2) Unless explicitly informed otherwise, the Provider assumes that all User data it may access is backed up.
(3) The Provider is not liable for data loss caused by the User’s failure to perform backups as required in paragraph (1), preventing data restoration with reasonable effort. Otherwise, § 11 applies.
§ 6 Usage Rights
(1) The Provider grants the User a simple, unlimited, non-transferable, and non-sublicensable right to use the Contractual Objects according to the service description or offer and these Terms. The Software may be used only on one Confluence™ installation.
(2) The User is not entitled to grant third parties any rights to the Software or its components, including sale, gifting, lending, renting, sublicensing, public reproduction, or making the Software publicly accessible.
(3) Copies of the Software may be made only to the extent necessary for proper contractual use. The User may create backup copies according to technical standards, which must be marked and bear copyright notices.
(4) The User may modify the Software only as legally permitted. The User must first allow the Provider to remedy defects before attempting repair. The User holds no additional rights over such modifications beyond the granted usage rights.
(5) Decompilation is permitted only within the limits of § 69e UrhG and only if the Provider fails to provide necessary interoperability information upon written request with reasonable notice.
(6) Updates, patches, bug fixes, or new releases provided as defect remedies replace previous versions and are subject to these Terms.
(7) Reproduction or modification of the Application Documentation is not permitted, except as allowed under paragraphs (4) and (5).
(8) The User receives access to documents (“Templates”) for information security management. Unless otherwise agreed, the User may reproduce, edit, distribute internally, and provide these Templates to employees to create and use management systems for their companies, including versioning. Distribution to third parties or affiliated companies, including subsidiaries, is prohibited.
If Templates must be shared with third parties in physical or electronic form, the User may distribute them in non-editable formats under contractual restrictions. Third parties storing Templates must be contractually bound to use them solely for cooperation with the User and delete them irrevocably after collaboration ends.
Copyright notices on Templates must not be removed or altered.
§ 7 Compensation
(1) The Provider supplies the Software to the User for a fee.
(2) The fee is specified in the Provider’s individual offer.
(3) Statutory VAT is not included and will be shown separately at the applicable rate on the invoice date.
(4) The Provider bears the cost of making the Software available online; the User bears the cost of retrieval.
(5) The Provider provides the Software download only after full payment of the agreed purchase price.
§ 8 Protection of Software, Application Documentation, and Templates
(1) Unless expressly granted to the User under this contract, all rights to the Contractual Objects (and all copies made by the User)—including copyrights, invention rights, technical protection rights—and rights to the Templates remain exclusively with the Provider. This also applies to modifications of the Contractual Objects and/or Templates by the Provider.
(2) The User shall carefully safeguard the provided Contractual Objects and Templates to prevent misuse. The User shall only make Contractual Objects accessible to third parties, whether unchanged or modified, with prior written consent from the Provider. Third parties do not include the User’s employees or persons present for contract-compliant use on the User’s premises.
(3) The User is not permitted to alter or remove copyright notices, markings, or control numbers of the Provider. If the User modifies the Contractual Objects, these notices and markings must be included in the modified version.
§ 9 Defects and Warranty
(1) The User must immediately notify the Provider of any defects in the Contractual Objects and/or Templates and grant access to documents clarifying the circumstances of the defect.
(2) Defects shall be remedied by free repair or replacement at the Provider’s discretion.
(3) The User may only claim damages as per § 10.
(4) Termination of the contract is only permissible after the Provider has had sufficient opportunity to remedy defects and has failed. Failure is assumed if remedy is impossible, seriously and definitively refused, unreasonably delayed, or otherwise unreasonable for the User.
(5) Termination due to minor impairments of contract use is excluded.
(6) The Provider is not liable for defects attributable to the User, e.g., errors or quality issues caused by inadequate input data, unless the User proves otherwise.
(7) The obligation to maintain does not include adapting the Software to changed conditions or technical/functional developments, such as IT environment changes, hardware or OS changes, adjustments to competing products, or compatibility with new data formats.
§ 10 General Liability
(1) The Provider is liable for damages or compensation for futile expenses as follows:
(a) Unlimited liability for intent or gross negligence. For simple negligence, liability is limited to damages arising from breach of essential contractual obligations (those essential for proper contract performance and regularly relied upon by the User) and limited to typical, foreseeable damages.
(b) Liability limitations in (a) do not apply to damages involving injury to life, body, or health, or liability under product liability laws.
(2) Limitations or exclusions of liability apply equally to the personal liability of the Provider’s legal representatives and agents.
§ 11 Confidentiality and Data Protection
(1) The contracting parties undertake to keep all confidential information and trade secrets (“Trade Secrets”) obtained during contract negotiation and execution confidential indefinitely and to use them only for purposes of fulfilling this contract. Trade Secrets include Contractual Objects and services provided under this contract.
(2) The User shall only make Contractual Objects accessible to employees and other third parties as necessary to exercise the granted usage rights. The User shall inform all persons granted access about the Provider’s rights and confidentiality obligations and obligate them in writing to maintain confidentiality and use information only within the scope of paragraph (1), unless other legal confidentiality obligations apply.
(3) These obligations do not apply to Trade Secrets that (i) were publicly known or known to the other party at disclosure; (ii) became publicly known without fault of the receiving party; (iii) were lawfully disclosed by third parties without confidentiality restrictions; (iv) were independently developed without using Trade Secrets; (v) must be disclosed by law or official order, provided the disclosing party promptly informs and assists the other party; or (vi) are permitted for use or disclosure by mandatory legal provisions or this contract.
(4) The Provider complies with data protection rules, especially when accessing the User’s operations or hardware/software, ensuring that agents comply and are bound to data secrecy before starting work. The Provider does not process personal data on behalf of the User. If the Provider’s access to User personal data cannot be excluded, the parties will conclude a data processing agreement.
§ 12 Export and Import Control
(1) The parties acknowledge that contract services may be subject to export and import restrictions. Permissions may be required, and use of software or related technology may be restricted in certain countries.
(2) The User shall comply with applicable export and import control laws of Germany, the EU, the United States, and other relevant regulations.
(3) The Provider’s contractual performance is subject to no obstacles from national or international export/import laws or other legal provisions.
§ 13 Final Provisions
(1) The User may only transfer rights and obligations under this contract to third parties with prior written consent from the Provider.
(2) Place of performance is the Provider’s registered office in Erlangen, Germany.
(3) If the User is a merchant (§ 1 HGB), public-law legal entity, or special public fund, the court of jurisdiction for disputes is Erlangen, Germany. The Provider may also file suit at the User’s location or any other permitted venue.
(4) The contract is governed exclusively by German law. The UN Convention on Contracts for the International Sale of Goods (CISG) does not apply.
(5) If any provisions are invalid, the validity of the remaining provisions remains unaffected.
(6) These terms are drafted in German and English. In case of discrepancies, the German version prevails.