Common use of Contractual Performance Clause in Contracts

Contractual Performance. The characteristics of each DCS-T Certificate are defined by the current Certificate Description from DTAG at the time when each Individual Contract is concluded. A DCS-T Certificate shall be provided in the manner offered by DTAG at the time when each Individual Contract is concluded. This could involve sending a digital transmission using an encrypted PKCS#12 container, for instance, or making it available for DCS-T Certificate retrieval by software offered by DTAG for this purpose (such as ZenZefi). In the event of any questions in connection with a DCS-T Certificate, the User can contact an information source designated by DTAG. A DCS-T Certificate is issued either to a DCS-T Certificate Holder or to a User with assignment of a DCS- T Certificate Responsible. The User shall ensure that the provisions of these GTCs are followed by the DCS-T Certificate Holder or DCS-T Certificate Responsible, on whose behalf it has requested DCS-T Certificates. Any violations by DCS-T Certificate Holders or DCS-T Certificate Responsibles or authorized persons (see section 5.5) shall always be attributed to the User. If a DCS-T Certificate Holder or DCS-T Certificate Responsible violates the provisions of these GTCs, DTAG can prohibit the further use of the DCS-T Certificates in whole or in part. If a DCS-T Certificate is requested for one of the User’s sub- contractors, these provisions shall apply accordingly. In this case, the User shall particularly ensure by way of a contract that the User’s obligations based on the Framework Agreement and the respective Individual Contract have been passed on to the subcontractor beforehand. The use of DCS-T Certificates is only permissible at the User’s own sites, only within the scope of the intended purpose for the respective certificates, and only by the DCS-T Certificate Holder or under the supervision and responsibility of the respective DCS-T Certificate Responsible, with no private use permitted. For the use of DCS-T Certificates only devices with access protection and security mechanisms that meet the current DTAG requirements at the time when the certificate was issued are permissible. When using the DCS-T Certificates, the requirements of the norm ISO 27001 or acknowledged comparable norms (such as Automotive TISAX) and the DTAG security requirements as per Annex 2 of these GTCs (“Basic Security for DCS-T Certificates”) in accordance with the current state-of-the-art must be observed. In the event of any ambiguity, the User shall consult its contact partner at DTAG for clarification. Prerequisite for the handling of DCS-T Certificates is the use of software provided or explicitly approved by DTAG for this purpose (such as ZenZefi). The User must ensure that the security requirements are fulfilled, and shall demonstrate this by submitting a suitable security concept. Under no circumstances a DCS-T Certificate may be accessed by using software which was not provided or explicitly approved by DTAG (such as ZenZefi). Using DCS-T Certificates requires strict compliance with the obligations and definitions in these GTCs, both by the User and by any persons authorized by the User to work with the DCS-T Certificates. In addition to the DCS-T Certificate Holder and the DCS-T Certificate Responsible, authorized persons also include such natural persons who are required as per these GTCs to work with DCS-T Certificates and to interact with the necessary software for the use of DCS-T Certificates (“need-to-know principle”). If these requirements are not fulfilled or are no longer completely fulfilled, DTAG can prohibit the further use of DCS-T Certificates, in whole or in part, with immediate effect. The User shall ensure that the IT infrastructure used for handling the DCS-T Certificates, as well as access to the DCS-T Certificates, complies with DTAG’s current security requirements (see section 5.3). This also applies to connections through local networks and storage media. DTAG can make appropriate changes to the requirements named in section 6.1, and shall notify the User of any changes in a suitable manner. The changed version shall become binding two weeks after notification of the User. The User can only terminate the Framework Agreement as a whole, together with all of the Individual Contracts, within two weeks of receiving notice of a changed version, in writing, with immediate effect, if the User does not agree to the changes (special termination right). At the latest when a DCS-T Certificate is requested, the User shall ensure that all security precautions are fulfilled. The DCS-T Certificates and any associated information, as well as the content of this Framework Agreement, are to be treated strictly confidential. Any use of the DCS-T Certificates, information, and agreement content beyond the agreed purpose of the specific DCS-T Certificate issued shall always constitute a serious violation of DTAG’s company and trade secrets. This does not apply to passing on contractual content to group companies (see section 3.5) or subcontractors (see section 5.1) as far as the User is obligated to pass on the contractual obligations of these GTCs to a group company or a subcontractor. The User shall only entrust persons with access to DCS-T Certificates and with the use of the necessary software and systems, in which the DCS-T Certificates are used, who are required to use them according to these GTCs. The User shall prevent any handling of the DCS-T Certificates by persons who are not entrusted with such handling according to these GTCs. This particularly applies to personnel who are not assigned to the specific order that requires access to DCS-T Certificates and are correspondingly obligated to maintain confidentiality. Any possible access by third parties, who are not entrusted with the handling of DCS-T Certificates and the use of the necessary software for DCS-T Certificates, is strictly prohibited. Also strictly prohibited is any disclosure to third parties of the access information for systems and applications that a User is using for the handling of DCS-T Certificates. In addition, the User’s confidentiality obligations as agreed for the respective order placement shall apply as far as these requirements contain stricter or further extensive requirements than these GTCs. At DTAG’s request, the User shall provide unlimited, immediate and comprehensive information about all security and confidentiality measures relating to the handling of DCS-T Certificates, as well as compliance with and controlling of these. To this end, the User shall provide corresponding documentation and data along with explanations. Upon request, the User shall permit DTAG to review these security and confidentiality measures or to have them reviewed by third parties who are obligated to maintain confidentiality. Upon request, the User shall provide DTAG with the necessary audit reports as proof of appropriate security and confidentiality measures for subcontractors who have or could gain access to DCS- T Certificates. The User shall immediately provide DTAG with detailed information about any inadequate security or confidentiality measures and about any suspected violations of such measures, without being requested, first in text form and then in writing to the address designated by DTAG and the User shall, upon request, immediately provide any additionally requested information in this regard without limitation. This also applies to any foreseeable access or access attempts by third parties to devices for the use of DCS-T Certificates. The User shall immediately rectify any inadequacy of security or confidentiality measures and shall inform DTAG of corresponding measures immediately, first in text form and then in writing to the address designated by DTAG.