Service agreement for “Hornetdrive”
As at 14 September 2015
§ 1 The subject of this contract
- Hornetdrive is a service of Hornetsecurity GmbH, Am Listholze 78, 30177 Hannover (hereinafter referred to as the “Provider” or “Hornetsecurity”).
- These terms and conditions apply for the contractual relationship between the Provider and the Principal regarding the use of the online data store Hornetdrive.
- The use of Hornetdrive is only permitted if the Principal accepts these terms and conditions.
§ 2 Concluding a contract
The contract on the use of Hornetdrive arises when a user account is set up for Hornetdrive, irrespective of whether the service is provided for a fee or free of charge (e.g. test account, guest account).
§ 3 Provider’s services
- Hornetdrive enables the secure storage and exchange of files in the Cloud. To this end customers can store documents and files in so-called drives or convert existing folders into drives.
- Users can create an unlimited number of their own drives in the Hornetdrive Cloud.
- Users and their invited guests can store files in the drives created by the user insofar as they are authorised according to the authorisations established by the user for the respective drive.
- Hornetsecurity will provide users with storage space in the Hornetdrive Cloud for this purpose. The maximum storage volume shall be in accordance with the user’s valid usage licence.
- When storing files in the drive, older versions of the same file will be deleted or continue to be stored in accordance with the settings selected for the drive by the user. The maximum number of stored versions which can be set is also dependent upon the type of user licence.
- All of the data stored in a user’s drives taken as a whole – including older versions still in storage – constitute the total storage volume used by the user in the Hornetdrive Cloud. Should the actual storage space used reach or exceed the licensed storage provided, no further data can be stored in the user’s drives.
- The customer shall receive the included data transfer volume corresponding to the license purchased. If necessary, this can be increased by upgrading the license.
- The data transfer volume shall be reset for each month.
- After reaching the included data transfer volume, additional data transfer is normally blocked for the current month. Exceeding the included data transfer volume shall cause the customer to be charged for the additional data transfer.
- Users and their invited guests can access the data stored in the Hornetdrive Cloud insofar as they are authorised according to the authorisations established by the user for the respective drive.
- The customer shall receive the non-exclusive right to use the Hornetdrive software client supplied by the provider on an unlimited number of devices. The right is non-transferable. All other software rights shall remain with the provider.
- Storage of and access to data in the Hornetdrive Cloud are exclusively possible via the Hornetdrive software clients. Data in the drives used by the user are synchronised automatically or manually with the user’s client system depending on the software version. The licence for the use of the respective Hornetdrive client software is included in the licence for the use of the Hornetdrive service.
- Data are encrypted in the software client before they are transferred to the Hornetdrive Cloud and decrypted after they have been downloaded from the Cloud. Every drive has its own key. Hornetsecurity has no access to the keys used to encrypt the data and the data stored in the Cloud. If the keys used to encrypt the data in the software client are lost, it will no longer be possible to access the data stored on the respective drive.
- Hornetdrive stores a backup of the keys used to encrypt data in encrypted form in the Hornetdrive Cloud (configurable). Additionally, Hornetdrive software clients locally store backups of the keys. Users are urgently recommended to regularly backup keys.
- In certain versions of the software client users can release individual files for download via the web link. After their release, these files are stored in unencrypted form in the Hornetdrive Cloud.
- Hornetsecurity shall make new versions of the software available via the internet server at irregular intervals. These may contain bug fixes and new features. The provider will inform the customer about the availability of new versions by using the appropriate means of contact (by e-mail, via app shops). The customer is personally responsible for using the latest version of the software. The obligation of ensuring that a Hornetdrive service feature functions properly shall only apply to the latest version of the software.
- Hornetsecurity provides support to authorised users insofar as its own systems and software are involved. Support for other manufacturers’ systems and software does not form part of this contract.
§ 4 Agent’s warranties
- The average annual availability of the Hornetdrive Cloud is 99.9%. Planned maintenance work is excluded. As far as possible, maintenance work will be carried out at night on weekends (CET).
- Data will be stored on two redundant storage devices. Redundancy will be restored within four hours upon failure of one storage device.
- Data in the Hornetdrive Cloud will be stored exclusively in encrypted form unless the user explicitly releases individual data for access via web link. Hornetsecurity has no access to encrypted data stored by users in the Hornetdrive Cloud.
- The storage of data in the Hornetdrive Cloud is located exclusively in secure data centres in Germany insofar as a storage location has not been established in another country at the explicit wish of the customer.
§ 5 Liability
- Hornetsecurity is liable for damages and compensation for wasted expenditure regardless of the legal basis only in accordance with the following rules:
a) Full liability is accepted in cases of deliberate intent or gross negligence.
b) Below the level of gross negligence, liability is accepted for the amount of foreseeable damage which should be prevented by the obligation to exercise due care but not for consequential damages such as wasted expenditure, savings which fail to materialise or loss of profits.
c) Hornetsecurity’s liability for all cases of damage in accordance with b) is limited per contractual year to the amount of the total annual remuneration paid in that year.
- Insofar as the customer becomes aware of faults or damage and fails to notify Hornetsecurity immediately, Hornetsecurity shall not be liable for such damage which could have been avoided if immediate notification had been given.
§ 6 Scope of use, prices and payments
- The Principal can use the service either for a fee (Business or Enterprise Licence) or free of charge (Guest Licence). Business and Enterprise Licences can be used for test purposes for 30 days free of charge.
- The performance scope of the licence used is shown in the currently applicable price-list.
- Payments shall be due for the relevant term in advance at the beginning of a contractual period.
§ 7 The term of the contract
- The contract for test licences expires automatically 30 days after the user account is set up.
- The contract for Guest Licences has an indefinite term. Guest Licences can be terminated by Hornetsecurity at any time giving 30 days’ notice.
- The contract for paid use is concluded for a period of 12 months. The contract expires automatically at the end of that period. In order to continue using the service, the Principal must again acquire a licence for one year before the end of the respective contractual period.
- After the end of the contract, data transmission or synchronisation between the devices will no longer be possible.
- Hornetsecurity is entitled to extraordinary termination of the in case of a misuse of its service.
- The contract can be terminated by the Principal at any time without giving reasons.
- The right to terminate the contract for good cause shall remain unaffected
- The data in the Provider’s systems will be stored for 30 days after the end of the contract, irrespective of the reason for the contract ending, to give the user the opportunity to secure the data. The data will then be deleted from the Provider’s systems.
- If the Principal again acquires a licence during the storage period (in accordance with section 8) after the end of the basic term of the contract (in accordance with section 3), its user account will be reactivated and the use of the functions of Hornetdrive will be made available again in accordance with the acquired licence.
- Irrespective of the status of the contract, the Principal can at any time demand the deletion of all the stored data, including its account data. After the deletion of that data, no further use will be possible and the contract will end when the deletion has been carried out.
- Payments for remaining time will not be refunded in the event of an early end of the contract (in accordance with sections 5, 6, 7 or 10).
§ 8 Miscellaneous
The laws of the Federal Republic of Germany apply. The place of jurisdiction is Hannover.
Data Protection Policy for “Hornetdrive”
As at: 14.09.2015
- Hornetdrive is a service provided by Hornetsecurity GmbH, Am Listholze 78, 30177 Hannover, Germany (hereinafter referred to as “Provider”).
- The protection of your personal data is important to us. This Data Protection Policy provides information on how and to what extent your data is processed in connection with the use of Hornetdrive. You may use the Hornetdrive service only if you agree to this Data Protection Policy.
- Your data is processed on the basis of the provisions of the German Federal Data Privacy Act and other provisions relating to data protection.
- Hornetdrive enables the User to store his data in a manner that is secure, multiply redundant and encrypted, and makes said data available for retrieval on various platforms. The data is stored, on the one hand, in a Hornetdrive cloud in multiply secured data centres and, on the other hand, on users’ various drive installations.
- As a matter of principle, the files stored in Hornetdrive are encrypted using an AES-256 algorithm before being uploaded onto the User’s end device. In turn, the keys are stored on and transferred to users’ systems solely in encrypted form. This ensures that unauthorised persons are never able to view these files in unencrypted form.
- In certain versions of the software client, Users can enable individual files to be downloaded via weblink. Once they have been enabled, these files are then stored in unencrypted form in the Hornetdrive cloud.
3. Type of data
The following data is collected, processed or used by Hornetsecurity for providing the Hornetdrive service.
- User’s access data: E-mail address and password (needed to run the service),
- Further data of the User: Name, tel. no., mobile no. (if stated by the User). This data allows the Users to communicate with each other and is not used by Hornetsecurity. This data is provided on a voluntary basis and is not necessary for running the service.
- Details of the drive installed by the User (needed to run the service): Name of the drive, size, access rights of other Users to the drive, scope of data transferred from and to the drive,
- Details of the drive devices used by the User with Hornetdrive (needed to run the service): Name of the device, device platform, installed Hornetdrive version, date/time of the first and last connection, IP address upon installation,
- Data stored by the User in the encrypted drives (User’s actual payload, not visible to Hornetsecurity due to encryption).
4. Scope and purpose of the intended collection, processing and use of data
- The Provider shall collect, process and/or use personal data solely for the purpose of providing the Hornetdrive service in accordance with the Service Agreement on which it is based (see tab “Service Agreement”).
- The data shall not be used by Hornetsecurity for any other purposes, e.g. own purposes, advertising, etc.
5. Third-party data processing
- The processing of the customer data shall be carried out strictly by Hornetsecurity. Basic services (data centre services, Internet connection, transport and installation of systems and data carriers) shall be contracted out to third parties; no personal data shall be transmitted to these third parties for this purpose.
- The data centres used are located in Germany. No data shall be transferred to third countries
6. Technical and organisational measures
- The Provider guarantees that it has taken all technical and organisational measures necessary for duly and properly carrying out the assigned task in accordance with Section 9 of the German Data Protection Act [BDSG].
- Since the data is encrypted before being uploaded in the Hornetdrive cloud, the Provider has no access to the uploaded payload and cannot gain access to said data by itself.
- The technical and organisational measures taken by the Provider are listed in the Appendix „Technical and organisational measures“ aufgeführt. These are constantly reviewed on a regular basis and adapted to technical advancements.
7. Right to information; revocation
- You entitled at any time to receive information on the personal data stored under your name, without stating a reason and at no expense.
- You may at any time have the data that has been collected by us blocked, amended or deleted and may object to the collection and storage of data.
- You may also, at any time and without stating a reason, revoke your consent for us to collect and use the data that was granted to us during the set-up of a test or licence account.
- Note: if data cannot be processed as per this Data Protection Policy, it may not be possible to use Hornetdrive.
8. Duration of data processing, deletion of data
- The term of contract is regulated in the Service Agreement on which it is based.
- The Agreement may be terminated by the User at any time without cause and the User may request that the data be deleted. Once the data has been deleted, it can no longer be used and with that deletion the Agreement ends. The extent to which payment obligations are hereby affected is regulated in the Service Agreement.
- Irrespective of the aforementioned provision, the data secrecy obligation, the non-disclosure obligation and any agreed retention periods shall continue to apply after the Agreement has ended.
- This Data Protection Policy shall be altered or amended where necessary. If we believe that these alterations are substantial or that they considerably limit your rights, we shall inform you of this accordingly by e-mail. By continuing to use Hornetdrive after said alterations have become effective, you hereby accept the amended Data Protection Policy and are bound to it.
- GermanDat law shall apply. Agreed place of jurisdiction is Hanover.