Bysoft Business Software Licensing Terms & Conditions

These Licensing Terms & Conditions (“TERMS”) contain the terms of use of the BYSOFT BUSINESS software (the “SOFTWARE”) (updates and upgrades included).

These TERMS form an integral part of the software licensing agreement (“SOFTWARE AGREEMENT”) entered into between Bystronic and the customer (“Customer” or “User”), it being understood that the term “User” as used herein also includes any of the Customer’s employees using the SOFTWARE.

For the purpose of these TERMS, “Bystronic” shall refer to Bystronic Laser AG or any of its affiliates who shall be deemed to be the sub-licensor of the SOFTWARE.

Bystronic Laser AG, Industriestrasse 21, 3362 Niederönz, Switzerland is the licensor (“Licensor”) of any SOFTWARE related to Bystronic which is installed or used locally on any User´s systems.

If Bystronic Laser AG as the Licensor does not itself enter into a SOFTWARE AGREEMENT with the Customer, it shall be treated as a third-party beneficiary with the right to claim directly any of its license rights against the Customer. For the avoidance of doubt, the Customer’s sole contractual partner is the Bystronic company defined in the SOFTWARE AGREEMENT.

By installing, using or accessing the SOFTWARE, the User accepts the TERMS contained herein. Should the User not accept the TERMS contained herein, the User shall not be entitled to use the SOFTWARE.

1. The SOFTWARE. Microsoft Dynamics 365 Business Central

1.1 The SOFTWARE is a Business Management extension of Microsoft Dynamics 365 Business Central specifically designed for sheet metal processing environments.

1.2 The SOFTWARE being an ad hoc custom business logic (code) integrated with Microsoft Dynamics 365 Business Central to modify or augment the standard behavior of the platform, the SOFTWARE shall require the previous deployment and licensing of Microsoft Dynamics 365 Business Central by the User.

1.3 Under certain circumstances and subject to previous agreement between the parties, Bystronic may provide the User with the appropriate license of use of Microsoft Dynamics 365 Business Central, previous acquisition from a Microsoft reseller. Unless otherwise expressly agreed, the User is the sole responsible of legally acquiring the appropriate license of use of Microsoft Dynamics 365 Business Central and installing such software. Unless otherwise provided by Microsoft, terms and conditions of Microsoft Dynamics 365 Business Central can be accessed on the Microsoft websites in their always current existing version. https://www.microsoft.com/en-us/download/details.aspx?id=56765

1.4 The User is herewith made aware and the User herewith accepts that by agreeing to these TERMS, the User implicitly also agrees to Microsoft’s terms and conditions for the use of Microsoft Dynamics 365 Business Central. The pertinent terms and conditions are substantially the following:

  • Microsoft Customer agreement
  • Universal license terms – For all software
  • Universal license terms – Online services
  • Microsoft Products and Services Data Protection Addendum (DPA)
  • Service Level Agreements (SLA) for Online Services
  • Modern Lifecycle Policy

Unless otherwise stated by Microsoft, the Microsoft terms can be accessed on the Microsoft websites in their always current existing version.

1.5 The use of the SOFTWARE may imply further costs and expenses for the User, such as those related to Cloud services. The User shall be solely responsible for its management, belonging to its private tenant of Microsoft.

1.6 Bystronic is not obligated to provide any support services for the SOFTWARE or any updates, unless otherwise expressly agreed. Any support or update provided is “as is”, “with all faults” and without warranty of any kind.

2. Use Rights and license conditions

2.1 The SOFTWARE is licensed, not sold. Bystronic hereby grants to User, in consideration of the license fee, a non-exclusive, non-transferable, revocable right to use the SOFTWARE (“LICENSE”).

2.2 The LICENSE may be perpetual or subscription-based. Type of licensing and, if any, specific terms of use depending thereon, shall be expressly referred to in the SOFTWARE AGREEMENT.

2.3 Permitted uses and restrictions also apply to any materials and documentations related to the SOFTWARE.

2.4 Without having validly accepted these TERMS, User must not install, copy or otherwise use or access the SOFTWARE on any computer or device.

2.5 The SOFTWARE shall only be used on User´s systems through which the SOFTWARE is rightfully installed.

2.6 Bystronic and the third parties, whose software and/or services are integrated into the SOFTWARE, are and shall remain the proprietors of all their respective copyrights, trademarks and other property rights and/or trade secrets.

2.7 The SOFTWARE is in particular protected by copyright laws and other intellectual property laws. User must not remove any copyright or other proprietary rights notice or any disclaimer and User shall reproduce on all copies made in accordance with these TERMS, all such notices and disclaimers.

2.8 User warrants to use the SOFTWARE only in accordance with the terms expressly agreed upon and these TERMS and to prevent access by unauthorized personnel or any third parties to the SOFTWARE, its output, or any confidential information. User further warrants not to provide for use, sublicense, rent or otherwise grant access to any third party, copy, further develop, edit, change, create derivatives or otherwise temper with the SOFTWARE or its output in whole or in part, as applicable.

2.9 User warrants that it will not try to decrypt any data files provided in connection with the SOFTWARE or to otherwise try to determine the source code thereof by any means (reverse engineering), including without limitation encouraging any third party to do so or supporting a third party in doing so. Any mandatory provisions and any applicable exemptions under applicable national law remain unaffected by the foregoing.

2.10 If Bystronic, at the Customer’s request, develops any customized or ad hoc applications that are not part of the standard functionalities of the SOFTWARE, the costs of such developments shall be borne by the Customer. The ownership and intellectual property rights of any customized or ad hoc SOFTWARE applications of this kind lie with Bystronic, unless otherwise agreed upon in writing between the involved Parties. The customized or ad hoc applications shall be deemed to become part of the SOFTWARE and be licensed to the Customer accordingl

3. Deployment on premises or cloud

3.1 The SOFTWARE has been developed in order to permit deployment on User´s premises or on Cloud.

3.2 The SOFTWARE uses Microsoft AzureTM cloud services (“Cloud Service”) to provide its services to User. User Data stored, processed and transmitted with Microsoft AzureTM cloud services are subject to the terms and conditions issued by Microsoft AzureTM (Microsoft Online Subscription Agreement and Service Level Agreement for Microsoft Online Services). Unless otherwise stated by Microsoft, the Microsoft terms can be accessed on the Microsoft websites in their always current existing version.

4. Maintenance services in case of subscription-based LICENSE

4.1 If the LICENSE is subscription-based the maintenance services (“Maintenance Services”) form part of the services package of the SOFTWARE.

4.2 The Maintenance Services include the following:

  • Availability of the always current prevailing version of the SOFTWARE and updates (e.g. bug-fixes) thereof.
  • Free access to the Licensor’s customer portal via the internet to use and download relevant instructions, documentation, tutorials and manuals pertaining to the SOFTWARE.
  • Update of the online documentation of the SOFTWARE.
  • […e.g. hotline].

4.3 In particular, the following services shall not be deemed Maintenance Services:

  • Any on-site maintenance services at the Customer’s sites.
  • Any maintenance services provided for hardware, networks or machines.
  • Maintenance services that become necessary following the use of the SOFTWARE on a different operating system than that stipulated by BYSTRONIC.
  • Maintenance services that become necessary following an unauthorised modification of the SOFTWARE source code by the Customer.
  • Maintenance services in terms of the interaction between SOFTWARE and other computer programs that are not the subject matter of the Licensor’s services.

4.4 The User is aware and accepts that the execution of Maintenance Services may temporarily affect the availability of the SOFTWARE or is likely to have temporarily a material negative impact upon the performance of the SOFTWARE.

4.5 The Maintenance Services will be provided for as long as the subscription-based LICENSE is in force and effect and as long as the respective subscription fees are paid by the Customer.

5. Maintenance services as of the second year (only for on premises deployment)

5.1 If the LICENSE is granted on perpetual basis, the maintenance services for the first year after purchasing the LICENSE form part of the services package of the SOFTWARE.

5.2 Subject to an agreement to the contrary, a separate maintenance agreement subject to costs may be concluded for the maintenance services between Bystronic and the Customer as of the second year after purchasing the LICENSE, if on premises installation has been agreed. These TERMS shall apply in addition to said maintenance agreement. In the event of any conflict pertaining to the SOFTWARE as such between these TERMS and the provisions of the maintenance agreement, as well as any general terms and conditions thereto, these TERMS shall prevail.

5.3 If the Customer does not conclude a maintenance agreement according to section 5.1, but purchases an additional license or product for its LICENSE, the Customer shall receive said additional license or product in the version corresponding to the originally purchased LICENSE (a version being identifiable by version number e.g. “Product “A” Version 2.0” or “Product “A” Version 3.0”), provided that such originally licensed SOFTWARE is still active.

5.4 If the Customer is desirous of entering into a maintenance agreement or receive the latest version of the SOFTWARE at a point in time when there is a newer version of the LICENSE of the respective SOFTWARE available than the Customer currently has, then the Customer must first purchase an upgrade to the current SOFTWARE version for all of its seats and modules. Once the Customer is on the latest LICENSE version, the maintenance agreement can be concluded.

6. User Personal Data. Ownership and right of use

6.1 The Customer, both for itself and its employees, takes notice of the fact and approves that through applications for the SOFTWARE, Bystronic may come into the possession of certain personal data of the User(s), e.g. name and email addresses (“User Personal Data”).

6.2 Personal information may be automatically collected and stored for a period of time for the purposes of monitoring, support and maintenance of the machine. This data may include machine-generated data and may be linked to user data. Other User Personal Data, and all rights therein, is owned by the User and may only be used by Bystronic for the purposes of their commercial relation, for statistical purposes, as contained herein, or as otherwise agreed between the Parties.

6.3 User warrants that any personal data supplied to Bystronic has been and will be collected and processed in accordance with the requirements of applicable data protection laws, as for example the EU General Data Protection Regulation (GDPR) effective from 25 May 2018. In return, Bystronic will collect and process any User Personal Data in accordance with the applicable data protection laws.

6.4 Bystronic maintains adequate administrative, physical and technical safeguards to protect User Personal Data from loss, misuse and unauthorized access, disclosure, modification and destruction in accordance with legal requirements. In light of the inevitable risks of data transmission over the Internet as well as the use of cloud services, Bystronic cannot guarantee full protection against any error occurring during the course of User´s Personal Data transmission, storage and processing that is beyond Bystronic’s reasonable control. Bystronic reserves the right to report incidents involving User´s Personal Data to authorities with jurisdiction over such incidents to the extent required by law.

6.5 Further details on how Bystronic may process User Data are set forth in the Data Processing Terms (see Annex). User agrees and consents to the processing of User´s Personal Data as herein specified.

7. Responsibility for the selection and use of the SOFTWARE

7.1 Unless otherwise expressly agreed, the SOFTWARE is provided “as is”.

7.2 User is responsible for the selection, installation, provisioning, monitoring, managing and control of the use of the SOFTWARE and for the output results to be achieved. User is obliged to make appropriate backups to prevent loss of data stored on the User´s systems in the case of malfunction of the SOFTWARE.

7.3 The SOFTWARE is designed for the exclusive use of duly trained personnel. User assumes sole responsibility as to the results to be achieved from the use of the SOFTWARE.

7.4 The SOFTWARE is not intended for the planning or operation of nuclear facilities, life support systems, aircrafts or other activities, where any failure of the SOFTWARE could lead to death, personal injury, severe physical or environmental damage.

7.5 User is responsible to acquire and maintain the appropriate hardware and/or infrastructure, on which the SOFTWARE will be installed, and is responsible to provide the communication capabilities required to run the SOFTWARE in accordance with these TERMS.

8. Acknowledgements and warranty limitations

8.1 The SOFTWARE is licensed “as is”. Bystronic makes no warranty that the SOFTWARE meets the requirements of the User.

8.2 User acknowledges that complex SOFTWARE is never wholly free from defects, errors and bugs, nor entirely free from security vulnerabilities. Bystronic gives no warranty or representation that SOFTWARE will be wholly free from any defects, errors and bugs, nor that it will entirely secure.

8.3 The sole obligation of Bystronic and sole right of the User under this product warranty is that reasonable endeavours shall be made to repair or replace the defective SOFTWARE. The circumvention or suppression of a defect shall also be deemed to be a permissible remedy.

8.4 If the replacement SOFTWARE does not work properly either or if (repeated) endeavours for repair are unsuccessful, Bystronic will refund the User the price paid for the SOFTWARE. In such case the defective SOFTWARE must be returned and shall no longer be used by the User.

8.5 Any warranty claims are in particular excluded in the following cases: (i) accident, damage, misuse or negligent use of the SOFTWARE, (ii) acts or omissions, for which Bystronic is not responsible, (iii) the use of the SOFTWARE in conjunction with products, materials or SOFTWARE not offered by Bystronic or not intended and/or designed for combination with the SOFTWARE; or (iv) in cases where the User has neglected to install and use all upgrades and updates to the SOFTWARE.

8.6 Bystronic cannot guarantee the correct function of other software or extensions of Microsoft Dynamics 365 developed by third parties, as Bystronic may not assure that the third party has developed its software according to the good practices required by Microsoft. Should any malfunction be observed in the SOFTWARE, it shall be considered to be due to an interference of a third party´s extension or software affecting the SOFTWARE. Any warranty claims shall also be excluded in such case.

8.7 User may have additional consumer rights under its local laws which these provisions may not change. To the fullest extent permissible under present laws, Bystronic excludes any warranties of merchantability, fitness for a particular purpose and non-infringement for its SOFTWARE

9. Limitations and exclusions of liability

9.1 As far as legally permissible, the liability of Bystronic and third parties, whose software may be integrated in the SOFTWARE, for all damage occurred during a subscription or perpetual term and on whatever legal basis (e.g. contract, tort, negligence) shall be limited to the amount of the license fee, which User paid for the SOFTWARE, or, as the case may be, the fee, which User paid for the corresponding subscription service or other support arrangement.

9.2 Under no circumstances shall Bystronic or third parties, whose software may be integrated in the SOFTWARE, be liable for special, indirect, accidental, punitive or consequential damages (including losses, which result from uselessness, data loss, loss of income, loss of profit, loss of goodwill or orders) or other damage, including for fines or similar, regardless of the legal basis for any claim which may arise as a result of defective performance of the SOFTWARE or other reasons connected to the SOFTWARE. This shall apply even where Bystronic or third parties, whose software may be integrated in the SOFTWARE, had been informed of the possibility of such damages.

9.3 Under no circumstances shall Bystronic be liable to the User for Bystronic’s failure to perform any of its obligations during any period in which such performance is delayed, rendered impractical or impossible due to Force Majeure, as this term is defined in the ICC Force Majeure Clause 2020. If a case of Force Majeure occurs, Bystronic will inform User of such occurrence in due course.

10. Export provisions

The SOFTWARE may contain software and technical data which are regulated by export control laws of the United States, Great Britain and / or other countries. User shall not directly or indirectly export or re-export the SOFTWARE without the approval of the relevant competent authorities of the User´s country of origin, of any other country concerned, nor without the written consent of Bystronic and the Licensor. User must comply with all domestic and international export laws and regulations.

11. Term and termination

11.1 Unless granted on the basis of a subscription, the LICENSE is granted to the Customer for an indefinite term in accordance with this section 11 and subject to the following provisions.

11.2 BYSTRONIC can, however, terminate the LICENSE in writing without notice (i) immediately and without giving prior warning upon breach of any of the restrictions on use as set out in section 2 of the present TERMS or (ii) if the Customer breaches any essential provision of the present TERMS and/or the SOFTWARE AGREEMENT and this breach is not remedied within fifteen (15) days of Bystronic giving notice thereof.

11.3 Upon termination of the LICENSE, the Customer must promptly and according to Bystronic’s instructions return or destroy all copies of the SOFTWARE and related documentation covered by the LICENSE.

11.4 With the end of the subscription (if any due to a subscription based LICENSE) and/or if the User does not fulfill its obligations to pay the license fee as laid down in the SOFTWARE AGREEMENT despite a reminder and granting of another payment period, the User’s right to use the SOFTWARE ends and Bystronic has the right to prevent any access to any data generated during the entire subscription term with immediate effect.

11.5 Those provisions which according to their meaning and purpose are intended to survive termination of the LICENSE shall remain in force unchanged after the termination of the LICENSE.

12. General Provisions

12.1 In the event that individual provisions of these TERMS or parts hereof should be or become inoperable or invalid, this shall not affect the validity of the remaining provisions. In place of the inoperable or invalid provision, or part thereof, the Parties shall insert a rule that corresponds as closely as possible to the economic intentions of the Parties at the time of signing.

12.2 These TERMS shall in all respects be governed by substantive Swiss law, subject to inalienable, mandatory provisions of local law. The rules of conflict of laws and the United Nations Convention on the International Sale of Goods (CISG), if the latter might be applicable at all, shall not apply.

12.3 Any dispute, controversy, or claim arising out of, or in relation to, the SOFTWARE AGREEMENT and/or these TERMS, including the validity, invalidity, breach, or termination thereof, shall be resolved by arbitration in accordance with the Swiss Rules of International Arbitration of the Swiss Chambers’ Arbitration Institution and the Association for IT Dispute Resolution (ITDR) Recommendations for Arbitration, both in force on the date on which the Notice of Arbitration is submitted in accordance with these Rules and Recommendations. The number of arbitrators shall be one. The seat of the arbitration shall be Zurich/Switzerland. The arbitral proceedings shall be conducted in English language.

12.4 The SOFTWARE AGREEMENT together with these TERMS establish the agreements, clauses and conditions of use among the Parties, which shall apply unless they may be contrary to mandatory law of the state, province or country of the User, morality or public order.

Annex: Data Processing Terms

1. Subject matter and duration of the Order

1.1 The subject matter of these Data Processing Terms (“Terms”) results from the SOFTWARE AGREEMENT and the TERMS entered into BYSTRONIC and the Customer/User and relates to the processing of User Personal Data (as defined in the TERMS and as further specified in section 2 below) by Bystronic.

1.2 The duration of these Terms corresponds to the duration of the contractual relation between the Parties under the SOFTWARE AGREEMENT and the TERMS.

1.3 Any defined terms with capital letters or starting with capital letters used and not specifically defined in this Annex shall have the meaning as laid down in the TERMS of which these Terms form an integral part.

2. Specification of the Terms or Contract Details

2.1 Where processing is to be carried out, Bystronic shall process the User Personal Data in such a manner that processing will meet the requirements of Swiss Federal Act on Data Protection (“FADP”) and, if applicable, additionally REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) and ensure the protection of the rights of the Data Subject.

2.2 Bystronic shall process the User Personal Data to comply with its obligations under the contractual relation and during the provision of services. Nature and purpose of processing of User Personal Data by Bystronic for the Customer/User are further defined in the SOFTWARE AGREEMENT and the TERMS.

2.3 The type of User Personal Data used is further defined in the SOFTWARE AGREEMENT and the TERMS and may include, depending on the SOFTWARE and/or services provided:

  • Name and contact details of Customer/User and third parties (if applicable)
  • Access Data (as defined in the SOFTWARE AGREEMENT)
  • User Data

2.4 The categories of data subjects comprise:

  • Customer/User
  • Employees of Customer/User
  • Third parties
  • Persons who may access or receive the User Personal Data
  • Employees of Bystronic
3. Details Technical and Organisational Measures

3.1 Bystronic shall establish the security in accordance with Article 8 FDAP and, as far as applicable, in accordance with Article 28 Paragraph 3 Point c, and Article 32 GDPR in particular in conjunction with Article 5 Paragraph 1, and Paragraph 2 GDPR. The measures to be taken are measures of data security and measures that guarantee a protection level appropriate to the risk concerning confidentiality, integrity, availability and resilience of the systems. The state of the art, implementation costs, the nature, scope and purposes of processing as well as the probability of occurrence and the severity of the risk to the rights and freedoms of natural persons within the meaning of Article 32 Paragraph 1 GDPR must be taken into account. [Details in Appendix 1 to these Terms (Technical and Organisational Measures].

3.2 The Technical and Organisational Measures in Appendix 1 are subject to technical progress and further development. In this respect, it is permissible for Bystronic to implement alternative adequate measures. In so doing, the security level of the defined measures must not be reduced

4. Rectification, restriction and erasure of data

4.1 Bystronic may not on its own authority rectify, erase or restrict the processing of User Personal Data that is being processed on behalf of the Customer/User, but only on documented instructions from the Customer/User.

4.2 Insofar as a Data Subject contacts Bystronic directly concerning a rectification, erasure, or restriction of processing, Bystronic will immediately forward the Data Subject’s request to the Customer/User.

4.3 Insofar as it is included in the scope of services, the erasure policy, ‘right to be forgotten’, rectification, data portability and access shall be ensured by Bystronic in accordance with documented instructions from the Customer/User.

5. Quality assurance and other duties of Bystronic

5.1 In addition to complying with the rules set out in these Terms, Bystronic shall comply with the statutory requirements referred to in Articles 19 to 24 FADP and, if applicable, to Articles 28 to 33 GDPR; accordingly, Bystronic ensures, in particular, compliance with the following requirements:

(i) A designated contact person of Bystronic for data protection questions will be provided to the Customer/User upon request.
(ii) Confidentiality in accordance with Article 9 Paragraph 2 FADP, and, if applicable, Article 28 Paragraph 3 Sentence 2 Point b, Articles 29 and 32 Paragraph 4 GDPR. Bystronic entrusts only such employees with the data processing who have been bound to confidentiality and have previously been familiarised with the data protection provisions relevant to their work. Bystronic and any person acting under its authority who has access to User Personal Data, shall not process that data unless on instructions from the Customer/User, which includes the powers granted in the SOFTWARE AGREEMENT, the TERMS and these Terms.
(iii) Implementation of and compliance with all Technical and Organisational Measures necessary for this Order in accordance with Article 9 Paragraph 2 FADP, and, if applicable, Article 28 Paragraph 3 Sentence 2 Point c, Article 32 GDPR [details in Appendix 1].
(iv) The Customer/User and Bystronic shall cooperate, on request, with the supervisory authority in performance of its tasks.
(v) The Customer/User shall be informed proactively of any inspections and measures conducted by the supervisory authority, insofar as they relate to these Terms. This also applies insofar as Bystronic is under investigation or is party to an investigation by a competent authority in connection with infringements to any Civil or Criminal Law, or Administrative Rule or Regulation regarding the processing of User Personal Data in connection with the processing of these Terms.
(vi) Verifiability of the Technical and Organisational Measures conducted by the Customer/User as part of the Customer’s/User´s supervisory powers referred to in section 7 of this Annex.

6. Subcontracting

6.1 Subcontracting for the purpose of this Agreement is to be understood as meaning services which relate directly to the provision of the services under the SOFTWARE AGREEMENT. This does not include ancillary services, such as telecommunication and hosting services, postal / transport services, maintenance and user support services or the disposal of data carriers, as well as other measures to ensure the confidentiality, availability, integrity and resilience of the hardware and software of data processing equipment. Bystronic shall, however, use reasonable endaevours to make appropriate and legally binding contractual arrangements and take appropriate inspection measures to ensure the data protection and the data security of the User Personal Data, even in the case of outsourced ancillary services.

6.2 The Customer/User agrees to the commissioning of subcontractors in accordance with Article 9 Paragraph 2 FADP, and, if applicable, Article 28 (1) sent. 1 of the GDPR. Bystronic shall inform the Customer/User of any intended changes concerning the addition or replacement of other subcontractors, thereby giving the Customer/User the opportunity to object to such changes.

7. Supervisory powers of the Customer/User

7.1 The Customer/User has the rights as further specified in Article 9 Paragraph 2 FADP, and, if applicable, Article 28 of the GDPR, after consultation with Bystronic.

7.2 If GDPR is applicable Bystronic shall ensure that the Customer/User is able to verify compliance with the obligations of Bystronic in accordance with Article 28 GDPR.

7.3 Bystronic may claim remuneration for enabling Customer/User inspections.

8. Communication in the case of infringements by Bystronic

8.1 Bystronic shall assist the Customer/User in complying with the obligations concerning the security of User Personal Data, reporting requirements for data breaches, data protection impact assessments and prior consultations, referred to in Articles 22 to 24 FADP and, if applicable, to Articles 32 to 36 of the GDPR. These include:

(i) Ensuring an appropriate level of protection through Technical and Organizational Measures that take into account the circumstances and purposes of the processing as well as the projected probability and severity of a possible infringement of the law as a result of security vulnerabilities and that enable an immediate detection of relevant infringement events.
(ii) The obligation to report a User Personal Data breach immediately to the Customer/User.
(iii) The duty to assist the Customer/User with regard to the Customer’s/User´s obligation to provide information to the Data Subject concerned and to immediately provide the Customer/User with all relevant information in this regard.
(iv) Supporting the Customer/User with its data protection impact assessment.
(v) Supporting the Customer/User with regard to prior consultation of the supervisory authority.

8.2 Bystronic may claim compensation for support services which are not included in the description of the services and which are not attributable to failures on the part of Bystronic.

8.3 Bystronic reserves the right to report FADP and GDPR incidents involving User Personal Data to authorities with jurisdiction over such incidents to the extent required by law.

9. Authority of the Customer to issue instructions

9.1 The Customer/User shall immediately confirm oral instructions (at the minimum in text form).

9.2 Bystronic shall inform the Customer/User immediately if he considers that an instruction violates Data Protection Regulations. Bystronic shall then be entitled to suspend the execution of the relevant instructions until the Customer/User confirms or changes them.

10. Deletion and return of User Personal Data

10.1 Copies or duplicates of the User Personal Data may need to be created for technical reasons in order to ensure the performance of the SOFTWARE offered.

10.2 After conclusion of the services, or earlier upon request by the Customer/User, at the latest upon termination of the SOFTWARE AGREEMENT and/or the TERMS respectively, Bystronic shall hand over to the Customer/User or – subject to prior consent – destroy all documents, processing and utilization results, and data sets related to the SOFTWARE AGREEMENT and/or the TERMS respectively that have come into its possession, in a data-protection compliant manner. The same applies to any and all connected test, waste, redundant and discarded material. The log of the destruction or deletion shall be provided on request. The right of Bystronic to anonymize User Personal Data and use this anonymized data for aggregate data purposes and as further specified in the SOFTWARE AGREEMENT and the TERMS shall remain unaffected.

Appendix 1 – Technical and Organisational Measures

1. Confidentiality

  • Physical Access Control
    No unauthorised access to Data Processing Facilities, e.g.: magnetic or chip cards, keys, electronic door openers, facility security services and/or entrance security staff, alarm systems, video/CCTV Systems
  • Electronic Access Control
    No unauthorised use of the Data Processing and Data Storage Systems, e.g.: (secure) passwords, automatic blocking/locking mechanisms, two-factor authentication, encryption of data carriers/storage media
  • Internal Access Control (permissions for user rights of access to and amendment of data)
    No unauthorised Reading, Copying, Changes or Deletions of Data within the system, e.g. rights authorisation concept, need-based rights of access, logging of system access events
  • Isolation Control
    The isolated Processing of Data, which is collected for differing purposes, e.g. multiple Customer support, sandboxing.
  • Pseudonymisation
    The processing of Customer Personal Data in such a method/way, that the data cannot be associated with a specific Data Subject without the assistance of additional Information, provided that this additional information is stored separately, and is subject to appropriate technical and organisational measures.

2. Integrity

  • Data Transfer Control
    No unauthorised Reading, Copying, Changes or Deletions of Data with electronic transfer or transport, e.g.: Encryption, Virtual Private Networks (VPN), electronic signature.
  • Data Entry Control
    Verification, whether and by whom Customer Personal Data is entered into a Data Processing System, is changed or deleted, e.g.: Logging, Document Management.

3. Availability and Resilience

  • Availability Control
    Prevention of accidental or wilful destruction or loss, e.g.: Backup Strategy (online/offline; on- site/off-site), Uninterruptible Power Supply (UPS), virus protection, firewall, reporting procedures and contingency planning.
  • Rapid Recovery

4. Procedures for regular testing, assessment and evaluation

  • Data Protection Management
  • Incident Response Management
  • Data Protection by Design and Default
  • Order or Contract Control

No third party data processing without corresponding instructions from the Customer, e.g.: clear and unambiguous contractual arrangements, formalised Order Management, strict controls on the selection of the Service Provider, duty of pre-evaluation, supervisory follow-up checks