1. Preamble
The Service Provider Merck KGaA, a company incorporated in Germany, whose registered office is at Frankfurter Str. 250, 64293 Darmstadt, Germany is the developer and operator of the Platform that is intended to enhance trust and traceability of products and processes by a concept of decentralized identity, making use of distributed ledger technology (if selected). Via the Platform the Service Provider provides the M-Trust Services for the User with certain hardware in the shape of security features (e.g., pigments, chips, etc.) and Reader Devices pursuant to these Terms of Use ("ToU").
As part of the Platform, the Service Provider also offers application programming interfaces ("APIs") and software development kits ("SDKs"), i.e., tools that can be used to integrate the Platform offering into the User's software systems and workflows.
The Platform enables the creation of a digital twin of real-world/physical objects (respectively products or product increments), by using several "anchoring" techniques intended to enable the User to securely identify physical objects with the security features selected by the User. The identification can be conducted by the User with the Reader Devices.
2. Subject Matter
The ToU including these ToU provides the complete legal and commercial terms of the User's use of the M-Trust Service.
The User shall access the Online Portal through a respective User Account in accordance and strict compliance with all applicable laws and regulations, including all applicable data protection laws, and the ToU. For the initial setup of the User Account for the Online Portal ("Onboarding Process"), the Service Provider shall provide the User via email with the respective Account Data (as defined below) and instructions how to complete the Onboarding Process and access the Online Portal.
The Service Provider may, at its sole discretion, modify the Onboarding Process (e.g., self-registration by the User and automatic receipt of Account Data) and shall inform the User about such modifications accordingly.
By providing the Asset Data and any other content to the Platform, the User grants the Service Provider and any person that directly or indirectly, controls, is controlled by or is under direct or indirect common control with the Service Provider ("Service Provider Affiliate") the permanent, irrevocable, worldwide, transferable,sublicensable right to use the Asset Data and other content for any purposes, including but not limited to the right to store, copy, modify, hold available for retrieval, combine with other data, make accessible and erase the Asset Data or other content on a permanent basis, and for any other uses currently known or unknown.
3. Free Trial Phase
The Service Provider may, at its sole discretion, offer a free trial phase to the User ("Free Trial"). The Service Provider determines the duration of the Free Trial at its sole discretion and informs the User before commencement of the Free Trial.
During the Free Trial, the User shall have access to the M-Trust Services as described in the ToU for the purpose of evaluating the suitability of the M-Trust Services for the User's needs.
Unless otherwise specified, the provisions of the ToU shall apply to the Free Trial accordingly.
The Free Trial shall be provided to the User free of charge, i.e. no Fees shall be due for the use of the M-Trust Services during the Free Trial.
Upon expiry of the Free Trial after 3 months, the User's subscription to the M-Trust Services will automatically convert to a paid subscription under the terms of the ToU, unless the User provides Notice to the Service Provider of their intention not to continue with a paid subscription at least 7 days prior to the end of the Free Trial. In this case, Clause 12 applies for the end of the Free Trial accordingly.
The Service Provider has the right to terminate the Free Trial at any time and for any reason, with immediate effect, without liability to the User. The Service Provider shall provide the User with reasonable prior notice of such termination where practicable. In this case, Clause 12 applies for the end of the Free Trial accordingly.
During the Free Trial, the Service Provider shall only be liable for intent and gross negligence. This limitation of liability shall not apply to any mandatory statutory liability, in particular to liability under the German Product Liability Act (Produkthaftungsgesetz), and liability for culpably caused injuries of life, body, or health.
4. Use of the Platform, Onboarding, Account Data
Use of the Platform is permitted only if (i) the User has accepted these ToU, and (ii) the User is properly registered for the Online Portal.
The User must take all reasonable precautions to protect its Account Data from unauthorised access. The User shall share the Account Data only with persons that necessarily have a need to know (e.g., due to their responsibilities within the organization of the User). Sharing of Account Data with third parties outside the organisation of the User is not permitted. If the User has reason to believe that unauthorized third parties have knowledge of the password of the Account Data, the User is required to change the password immediately through the respective feature on the Online Portal. If the User discovers or suspects misuse or other unauthorised use of the Account Data and/or the Platform by third parties, the User must inform the Service Provider accordingly without undue delay.
5. Functions of the Platform, Availability, Asset Data
Through the Platform, the User may use the M-Trust Services as described in detail on the Online Portal. At its discretion, the Service Provider may, without obligation, publish further information and updates regarding the functions of the Platform on the webpage of the Platform and/or via respective email notifications to the User from time to time.
The User shall provide by way of upload to the Online Portal data and other information identifying any Assets for the Purpose ("Asset Data") in accordance with all applicable laws and regulations and with the ToU.
The User acknowledges that the correctness and completeness of the Asset Data is of utmost importance for the proper functioning of the Platform. The User further acknowledges the decentralized, transparent nature of the Platform and that Asset Data (or any derivates therefrom) may thus be shared with third parties (including for example, other users of the Platform, certification bodies, government authorities, data spaces), subject to any applicable data protection laws or regulations.
In case of suspicion of incorrect, incomplete or illegal Asset Data in accordance with Clause 5, the Service Provider, at its sole discretion, has the right to remove such Asset Data and block the User Account without prior notice. The Service Provider shall be released from its contractual obligation to provide the M-Trust Services for the duration of any unresolved suspicion. The Service Provider may, without obligation, request the User to prove the correctness, completeness and/or legality of the Asset Data. Without prejudice to statutory retention obligations, the Service Provider shall not be required to create or keep backups of Asset Data uploaded to the Platform. This Clause 5.4 applies mutatis mutandis for any other personal and non-personal information (e.g., in relation to the identification of Users) provided by the User to the Platform.
Unless otherwise agreed between the Parties, the User is responsible for the implementation and maintenance of the IT systems required to access the Platform (e.g., internet connection, personal computers, Reader Devices). The Service Provider shall endeavour, without any legal obligation, to provide the Platform with an availability of 98% per month. The Platform's availability may be impaired, for example, by maintenance work or other influences. The User is not entitled to continuous availability and/or compensation for loss due to technical unavailability of the Platform for whatever legal reason.
The availability of the Platform may also be restricted due to disruptions caused by force majeure events, i.e., any events beyond the Service Provider's reasonable control, which wholly or partially prevent the Service Provider from performing its obligations under the ToU, including but not limited to major fires, explosions, floods, storms, insurrections, wars, earthquakes or strikes. In such cases, the Service Provider is entitled to restrict the M-Trust Services at its reasonable discretion.
6. Reader Devices; Transactions
The User is solely responsible to ensure that the Reader Device fulfils the required technical and regulatory
requirements to connect to the M-Trust Service at its own costs and expenses. Non-compliant Reader Devices are prohibited and shall be disconnected from the M-Trust Service either by the User or remotely by the Service Provider without undue delay.
The Service Provider provides the User only with the M-Trust Service in accordance with the ToU. The User is solely responsible for its contractual relationships with any third parties with whom the User transacts. The Service Provider is not, and shall not become, a party to any such agreements between the User and third parties, nor does the ToU provide for any rights to the benefit of such third parties (kein Vertrag zugunsten Dritter).
7. Intellectual Property Rights
All intellectual property rights, including but not limited to copyrights, patents, utility models, designs, trademarks and similar rights in and to the Platform (including but not limited to any copyrights or similar rights in design of the Online Portal as well as any texts, graphics and any other related works) are and shall remain either the property of the Service Provider, licensed to Service Provider or used by Service Provider in another legally permissible manner.
The User is not entitled to modify or have modified the Platform or make or have made any derivative works ("Improvements") thereof. If any User and its Affiliates (if applicable) breach such obligation, any intellectual property rights or similar rights in such Improvements shall be fully and exclusively vested in the Service Provider. The User hereby assigns, and procures User Affiliates to assign, any rights, title, and interest in such Improvements to the Service Provider. In case such assignment is not possible under applicable law, the User grants, and procures User Affiliates to grant, an exclusive, irrevocable, perpetual, sublicensable, worldwide, unrestricted right to use and modify such Improvements for any purposes and types of use (currently known or unknown).
The User grants the Service Provider a right to use any readily available data within the meaning of Art. 2 (17) of Regulation (EU) 2023/2854 that is non-personal data that the Service Provider lawfully obtains or can lawfully obtain from the M-Trust Services for the following purposes:
- providing User support and addressing service inquiries related to the M-Trust Services or Reader Devices;
- further developing M-Trust Services or Reader Devices;
- analysing the usage patterns and performance metrics of the M-Trust Services to improve user experience;
- conducting market research and analysis to identify trends and opportunities for new features or products.
The Service Provider shall not use such readily available data as defined in Clause 5.3 to derive insights about the economic situation, assets and production methods of, or the use by, the User in any other manner that could undermine the commercial position of the User on the markets in which the User is active.
8. Obligations of the User
The User shall cooperate and be responsible for its activities in relation to the Platform, in particular the Asset Data's full compliance with the User's obligations under these ToU, and with all applicable laws and regulations. The User guarantees careful control of all uploaded Asset Data and other content.
The User shall indemnify the Service Provider against all claims by third parties for loss or damage caused to third parties using the Asset Data or other content uploaded by or on behalf of the User and against any and all liability and damages which the Service Provider may suffer or incur as a result of the User breaching its obligations under the ToU or any applicable laws or regulations.
Unless otherwise permitted under the ToU, the User undertakes to refrain from the following activities:
- manipulating access rights that have been assigned to the User;
- using any device, software or routine to interfere or attempt to interfere with the proper working or circumvent, disable or otherwise compromise security features of the Platform;
- accessing all or any part of the Platform to build a product or service which competes with the Platform;
- licensing, selling, renting, leasing, transferring, assigning, distributing, displaying, disclosing, or otherwise
commercially exploiting, or otherwise making the Platform available to any third party except to authorised Users; - attempting to reverse compile, disassemble, reverse engineer, or otherwise reduce to human-perceivable form all or any part of the Platform;
- publishing or making accessible any Asset Data or other content to the Platform that: (i) infringes the Service Provider's rights or any third party rights such as, for example, industrial property rights or copyrights of third parties; (ii) contains trade secrets of third parties or is subject to a contractual or statutory duty of confidentiality; (iii) contains viruses, spyware, adware, trojan horses, worms, corrupt files, or other malicious software code designed to adversely affect the operation of the Platform software, hardware or networks; or (iv) contains personal data, unless such personal data may be included in Asset Data or other content in accordance with the Parties' contractual obligations in particular under the ToU, and with all applicable laws and regulations).
- using any device, software or routine to interfere or attempt to interfere with the proper working or circumvent, disable or otherwise compromise security features of the Platform;
Insofar as the User becomes aware of any breaches within the context of the use of the Platform, it shall report these to the Service Provider without undue delay.
Actions by the User intended to impede the functionality of the Platform or to render it non-functional are prohibited and may result in legal action under civil or criminal law by the Service Provider or the relevant public authorities. In particular, measures that may influence the physical and logical structure of the Platform are strictly prohibited.
9. Fees and Payment in Case Trial Phase of 3 Months is Exceeded
The Service Provider may change any Fee by at least ninety (90) days' prior notice to the User.
Sums stated to be payable under the ToU do not include any applicable value added tax or any import duties and other applicable taxes, which shall be paid by the User in addition, where applicable.
All amounts payable under the ToU are payable within thirty (30) days of receipt of an invoice. If the User fails to pay a sum on the due date for payment, the Service Provider may charge interest at the statutory default interest rate from the due date for payment until the date on which the obligation to pay the sum is discharged.
10. Liability
Unless otherwise agreed, the Service Provider's liability for damages caused by slight negligence, irrespective of its legal ground shall be limited as follows:
The Service Provider shall be liable up to the amount of the foreseeable damages typical for this type of contract due to a breach of material contractual obligations. The Service Provider shall not be liable due to a slightly negligent breach of any other duty of care applicable.
In any case, the Service Provider's total liability for damages per contract year shall not exceed the total amount of Fees paid by the User to the Service Provider in the relevant contract year under the ToU.
The aforesaid limitations of liability shall not apply to any mandatory statutory liability, in particular to liability under the German Product Liability Act (Produkthaftungsgesetz), and liability for culpably caused injuries of life, body, or health. In addition, such limitations of liability shall not apply if and to the extent the Service Provider has assumed a specific guarantee.
Clauses 10.1, 10.2 and 10.3 shall apply accordingly to the Service Provider's liability for wasted expenses.
The User shall be obliged to take adequate measures to avert and reduce damages.
11. Termination
Each Party can terminate the ToU at the end of the Initial Term and at the end of each Extension Period by giving Notice at least [three months prior] to the end of the then current term to the other Party.
The ToU shall terminate with immediate effect if the User rejects the latest version of the ToU in accordance with Clause 13.3, or if the User rejects a change of any Fee within two (2) weeks after receiving a respective notice by the Service Provider in accordance with Clause 9.
Each Party's right to terminate the ToU for good cause shall remain unaffected.
12. Consequences of Termination
Subject to Clause 11.2, each Party's further rights and obligations cease immediately on termination of the ToU, but termination does not affect a Party's accrued rights and obligations at the date of termination.
Notwithstanding the termination of the ToU, the User shall remain liable to pay to the Service Provider all sums accrued or due on or prior to the date of termination and Clauses 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20 of the ToU shall remain in full force and effect.
Upon the Service Provider's request, the User shall destroy and delete any materials made available by the Service Provider under or in connection with the ToU and shall certify in writing to the Service Provider that none of the materials and no copies or reproductions of all or part of them have been retained by the User or another person, subject to any statutory retention obligations. For the avoidance of doubt, this shall not apply to any Reader Devices made available to the User in connection with the Platform.
13. Further Development of the Platform and Changes to the Terms of Use
In case of any changes of the Platform, the Service Provider reserves the right to update these ToU accordingly.
The User shall be informed about any material changes to the ToU by email. The prevailing version of the ToU may be viewed and printed (printable version) on the Online Portal.
If the User rejects the updated ToU within the deadline set by the User, the ToU terminates automatically and the Service Provider may, without further notice, block or delete the User Account and related Users. In this case, the User must stop the use of the Platform immediately.
14. Confidentiality
Subject to Clause 14.2, during the Term and for a period of 5 years after its termination or expiry, neither Party shall disclose to any person any information or data that is disclosed by one Party to the other Party, or obtained or received by a Party as a result of performing its obligations under the ToU that is clearly designated as being confidential, or which by its nature should be treated as confidential, including trade secrets and information of commercial value ("Confidential Information"). Any information or data which is: (a) public knowledge or subsequently becomes public knowledge other than through a breach of the ToU, or (b) already known to the other Party or in the other Party's possession at the time of disclosure or subsequently comes lawfully into the other Party's possession from a third party shall not be considered Confidential Information.
Notwithstanding Clause 14.1, each Party may disclose the other Party's Confidential Information:
to its employees, officers, representatives, contractors, subcontractors, and/or advisers who need to know such information for the purposes of exercising such Party's rights or carrying out its obligations under or in connection with the ToU. Each Party shall ensure that its employees, officers, representatives, contractors, subcontractors, or advisers to whom it discloses the other Party's Confidential Information comply with this Clause 13 as if it were a party hereto, and
as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.
15. Data Protection
The Parties shall act on their own responsibility when processing personal data, i.e., as separate controllers. The User shall, and hereby expressly confirms that its Users and other personnel will, comply with applicable data protection laws.
16. Corporate Responsibility
The User shall conduct its business in accordance with the ToU, all applicable international, regional, national, and local laws, directives, regulations, ordinances, competent authorities' decisions and guidelines ("Applicable Laws") and adhere to the Code of Conduct available at https://www.merckgroup.com/en/company/contact-us/SCoC.html. The User confirms that it is familiar and warrants to comply with the provisions of the United States Foreign Corrupt Practices Act (FCPA), the UK Bribery Act (UKBA) and other applicable anti-bribery and anti-corruption laws (collectively including the User Code of Conduct, "Compliance Standards"). The User shall not take or permit any action that will either constitute a violation of or cause the Service Provider or the Service Provider Affiliates to be in violation of these Compliance Standards ("Improper Conduct"). The User shall select its subcontractors with the utmost care and use its best efforts to ensure that its subcontractors also comply with these Compliance Standards. The User shall comply with all periodic disclosures and certifications set forth in the User Code of Conduct. The Service Provider may, from time to time, at its sole discretion, require that the User signs a certification statement confirming that, in performing the services and/or delivering the products under the ToU, the User has complied with and will continue to comply with these Compliance Standards.
The User shall notify the Service Provider promptly in writing of any Improper Conduct. In addition to any other rights the Service Provider may have under the ToU, if (i) the User notifies the Service Provider of, or (ii) the Service Provider otherwise has reasonable suspicion of the occurrence of Improper Conduct, or (iii) the Service Provider may, at its sole discretion, conduct audits to confirm the User's compliance, then the Service Provider may, in not less than ten (10) business days, upon a written notice, review or have reviewed by an independent auditor the premises, books, and records of the User relevant for the audit for the purpose of verifying and identifying the Improper Conduct and assessing its impact on the Service Provider's business relationship with the User. At the sole discretion of the Service Provider, the User shall bear or reimburse any quantifiable damages/losses in relation to the Improper Conduct and all reasonable costs and expenses incurred in connection with an audit or review that identifies Improper Conduct. The User shall also cooperate in good faith if the Service Provider requires the User's support for the Service Provider's internal investigations.
If the User notifies the Service Provider, through the audit or otherwise, obtains sufficient evidence of Improper Conduct of the User or its subcontractors, the Service Provider may request from the User in writing to prepare and submit to the Service Provider a draft of the Corrective and Preventive Action Plan ("CAPA") in order to address the detected Improper Conduct. The User shall submit an initial draft of the CAPA within fifteen (15) business days after receipt of the Service Provider's request. The Service Provider shall review and amend the submitted draft CAPA if necessary. The approved CAPA shall be implemented by the User within a reasonable grace period, whereby it is understood that the timelines provided in the CAPA are deemed to be a reasonable grace period for the purposes of this Clause. Upon having requested a CAPA, the Service Provider reserves the right to suspend certain or all activities under the ToU until the User can demonstrate that the CAPA has been successfully implemented.
Without prejudice to any other termination rights in the ToU and without prejudice to the Service Provider's right to claim damages and indemnification, the Service Provider may terminate the ToU at no cost by serving written notice to the User with immediate effect, if (i) the User fails to comply with its obligations under the ToU and the User fails to rectify this non-compliance or if (ii) the User fails to implement the CAPA within the grace period or if (iii) the Service Provider, taking into account all the circumstances of the specific case and weighing the interests of both Parties, cannot reasonably be expected to continue the contractual relationship with the User, or considering the severity of the Improper Conduct, the Service Provider may terminate the ToU without requesting a CAPA from the User.
17. Trade Compliance
The User shall comply with the Export and Trade Restrictions Declaration attached as Appendix B.
18. General
The ToU and any document referred to in the ToU constitute the entire agreement, and supersede any previous agreement, between the Parties relating to the subject matter of the ToU.
A variation of the ToU is valid only if it is in writing and signed by or on behalf of each Party.
The failure to exercise or delay in exercising a right or remedy provided by the ToU or by law does not constitute a waiver of the right or remedy or a waiver of other rights or remedies. No single or partial exercise of a right or remedy provided by the ToU or by law prevents further exercise of the right or remedy or the exercise of another right or remedy.
The User is only entitled to assert a right of retention to the extent that the User's counterclaim is based on the same contract and is uncontested, ready for decision or has been finally adjudicated.
Should individual clauses of the ToU be wholly or partially invalid or unenforceable, this shall not affect the validity and effectiveness of the remaining parts of the ToU. Any other provisions of the ToU shall remain in full force and effect.
19. Assignment
The User may not assign or transfer or purport to assign or transfer a right or obligation under the ToU without having first obtained the Service Provider's written consent.
Each Party is entering into the ToU solely for its own benefit and not for the benefit of any other person.
20. Governing Law and Jurisdiction
The ToU shall be exclusively governed by the laws of the Federal Republic of Germany, to the exclusion of the UN Convention on Contracts for the International Sale of Goods. The exclusive place of jurisdiction for any and all disputes arising from or in connection with the ToU shall be Frankfurt am Main, Germany. Arbitration proceedings shall be excluded.
Appendix A – M-Trust Services
Summary of M-Trust Service Offerings
1. Console for Configuring User Solutions and Service Access
The M-Trust Service provides a console that enables project configuration, monitoring, and management of User solutions andservice access.
2. Listing and Management of M-Trust Reader Devices
The M-Trust Service provides a service for the listing and managing of User-owned M-Trust Reader devices.
3. Programming interfaces (APIs) for User Solution Implementation
The M-Trust Service offers a suite of services that consolidate various technical capabilities for the management of digitaltwins, leveraging decentralized ledgers and sign and verify digital assets.
4. Metering and Transaction Logging
The M-Trust Service provides a specialized service for metering and transaction tracking, empowering Users to gain insightsinto the performance of their solutions. This service equips Users with the tools to optimize their solutions, maximizeperformance, and capitalize on revenue-generating opportunities.
5. List of M-Trust functions:
a. Gemini Service
(i) Create Digital Twin
(ii) Update Digital Twin
- Update key material
- Update services
(iii) Verifiable Credential
(iv) Verifiable Presentation
b. Transaction Service
(i) Ledger Transaction
c. Signing Service
(i) Seal document
(ii) Verify sealed document
d. Metering Service
(i) Create Metering-Transaction
(ii) Metering Report
e. DID Lookup Service
(i) Get local Id for DID
(ii) Get DID for Local Id
Appendix B
Export and Trade Restrictions Declaration (hereinafter "Declaration")
The User shall conduct all business transactions or any other trade activity in view of products, technologies, or services only in fullaccordance with all applicable trade related restrictions within the scope and jurisdiction of the United Nations, the European Union,the United States and the country in which the User's business operations are geographically located. The User shall be responsibleto verify that no end-user of the products or recipient of technical data or economic advantages has been listed on any country's"denied parties" or "sanctioned parties" list of the United Nations, European Union, United States or the country where the User islocated ("Sanctioned List") and agrees not to sell, ship or otherwise transfer products, technologies, services or economicadvantages to military (including military hospitals), intelligence, or law enforcement party or entities or persons identified on, orowned or controlled by entities or persons identified on, any Sanctioned List or located in any country targeted by sanctions by theUnited Nations, European Union, or the United States.