1. Scope

1.1 These General Terms and Conditions ("GTC") of Libra Technology GmbH, registered in the commercial register of the Charlottenburg Local Court under 261006 B and with the business address Max-Urich-Straße 3, AI Campus, 13355 Berlin ("Libra") apply to the use of the digital Legal-Tech Software as a Service application ("Libra AI") based on Artificial Intelligence, which supports various legal tasks, depending on the version (tier) of Libra AI which is the subject matter of the agreement concluded with Customer. Change of the name of Libra AI may be applied by Libra at any time and does not require the change of the Agreement or these GTC.

1.2 Libra only concludes agreements for the use of Libra AI with entrepreneurs within the meaning of Section 14 of the German Civil Code (BGB) ("Customers") for provision to their employees (hereinafter uniformly referred to as "Users").

1.3 The language applicable to the conclusion of the agreement is German. Translations of these GTC into other languages are for information purposes only. In the event of contradictions, the German version shall prevail.

1.4 Deviating terms and conditions of the Customer shall not apply unless Libra expressly agrees to their validity in writing.

1.5 These GTC are an integral part of all agreements that Libra concludes with the Customer (as defined in the Agreement) for the services offered by Libra. They also apply to all future services or offers to the Customer, even if they are not separately agreed again.

2. Conclusion of the Agreement

   2.1 Customer interested in using Libra AI shall conclude an Agreement with Libra. To do this a Customer shall submit a binding offer specifying:

   1. version of Libra AI chosen by Customer according to current Libra portfolio;

   2. number of Users;

   3. price (Usage Fee);

   4. subscription period with the indication about autorenewal character of the subscription (Agreement);

   5. Customer’s contact and payment details;

   6. date of start of use of Libra AI;

   7. indication whether Agreement covers Libra AI free trial version or pilot (paid trial) version;

   8. acceptance of these GTC.
      (“Offer”).
      Conclusion of the Agreement is also possible by:
      Confirming by the Customer a corresponding Offer sent by Libra,
      The abovementioned activities may be executed in writing or in electronic form, including e-mail or through the website of Libra.

2.2 Upon acceptance/confirmation of the Offer, but at the latest upon granting access to Libra AI, Libra accepts the Offer and the agreement is concluded ("Agreement").
To avoid any misinterpretations Libra reserves that:

1. Agreement covers only that what is indicated in the Offer and Libra is not obliged to provide any products or services not specified in the Offer.

2. Versions of Libra AI may differ in terms of available functionalities, e.g., some features (like search) may be available provided that the minimum required content (“MCR”) is licensed by the Customer, as specified in the current Libra offer including these GTC communicated to the Customer.

3. In addition, versions of Libra AI may differ in terms of whether they are eligible for ancillary services such as an onboarding, as well as the form in which this onboarding is provided; therefore, unless otherwise specified in the Offer, onboarding is carried out as part of self-onboarding.

4. If the Agreement does not specify the version of Libra AI covered by its subject matter, it is assumed that the Agreement covers the basic, paid version of Libra AI.

5. if the Agreement does not specify the term and first subscription period of the Agreement, it is assumed that first subscription period lasts 12 months which autorenewals for another 12-month periods.

6. If Agreement does not specify the Usage Fee, the invoice issued by Libra determines Usage Fee.

2.3 These GTC are an integral part of the Agreement. Should provisions of these GTC contradict the information provided in the Agreement, the provisions of the Agreement shall take precedence over these GTC.

2.4 Products and services of third parties ("Third Party Products") that can be used by the Customer in connection with Libra AI or through functionalities available in Libra AI, if and to the extent Libra offers such option, on its own responsibility (i.e. for which the Customer must conclude its own user agreement or in which Libra services can be integrated) may be subject to additional terms and conditions of third party providers, for compliance with which the Customer is solely responsible. Libra has no influence on the proper provision and availability of these Third Party Products.

2.5 The Customer shall use APIs, (Application Programming Interfaces) and comparable services such as Add-ins provided by Libra, if any, from time to time in addition to Libra AI only in the manner intended, in particular to use Libra AI with Third Party Products. The APIs and comparable services such as Add-ins of Libra are considered part of Libra AI and are subject to the provisions of the Agreement, particularly these GTC and additional provisions that the Customer must accept, if any.

2.6. Unless otherwise specified in the Agreement, If Customer has concluded an Agreement covering Libra AI in version which requires MCR, this means that:

1. MCR is necessary for some Libra AI search features to be available; once MCR is not available anymore (e.g. license for MCR has expired) those features will be switched off; such action shall not be regarded as breach or non-execution or improper execution of the Agreement by Libra and Customer has no right for compensation nor reduction of the Usage Fee;

2. these features are available in Libra AI as long as the Customer has active license to use MCR;

3. such license is not a part of the Agreement and is not covered by it;

4. such license is granted under a separate agreement concluded by Customer with MCR provider (who can also be an affiliated company of Libra);

5. information about the features which require MCR to be switched on is specified by Libra and made available for Customer before conclusion of the Agreement;

6. Libra is not liable for the conclusion or execution of this separate agreement nor for making this license valid or this content (MCR) available.

3. Subject matter of the agreement and use of Libra AI

3.1 The subject matter of the Agreement is the provision of Libra AI for use by the Customer. Libra AI is made available to the Customer online via an internet browser. The Customer must ensure that it has a sufficient internet connection and the system requirements necessary for use, in particular with regard to an up-to-date operating system and supported browsers (Chrome, Firefox). The delivery of operating system and/or support of individual browsers is not Libra’s obligation and is not the subject of the Agreement.

3.2 Depending on its version specified in the Agreement, Libra AI offers various functionalities addressed to legal professionals, particularly law firms and corporate legal departments. By entering corresponding instructions in plain language ("Prompts") in Libra AI ("Customer Input"), the Customer can generate output in the form of text/files ("Libra Output"). This includes, for example, legal research or summaries and comparison versions of documents. The Customer can also upload documents to their User Account and save and edit these documents using Libra AI ("Customer Documents").Simultaneously, it is expressly stipulated that Libra AI is not intended to serve as a repository or archive for documents, nor as a document circulation or workflow management system.
The Customer is responsible for creating backups of the Customer Documents.

3.3 Libra AI integrates large language models ("LLMs") in the backend, among other things, which use generative artificial intelligence ("AI") to create content that is individually adapted to the Customer Input. As part of the service provision, Libra AI uses LLMs to make plausible predictions or generate Libra Output. The functionality of these technologies is based on the analysis of data in order to recognize statistical patterns and calculate probabilities for suitable output. The accuracy or truth of the Libra Output is not checked, as the generated content is based on the Customer Input, learned data and probability models and merely represents predictions. When using Libra AI, the Customer is therefore aware and agrees that the content generated as Libra Output cannot claim to be complete, correct or error-free.

3.4 Libra AI is set up in such a way that Customer Input that cannot be answered automatically by Libra AI (e.g. because they cannot access content and information provided by the Customer and therefore cannot process the corresponding information) are provided in Libra Output with a corresponding notice to the Customer. However, the Customer acknowledges that, due to the specific functioning of the technologies integrated in Libra AI, this measure cannot result in Libra Output containing only correct information.

3.5 Libra does not offer any legal services with Libra AI and is not intended to replace a professional legal assessment or decision-making process. Libra AI is intended solely to support the Customer in their independent legal work. Libra AI does not carry out a legal review of the individual case, but provides the Customer with samples and results, the legal review of which is the sole responsibility of the Customer for the application in the individual case.

3.6 In order to use Libra AI, Users must register with their e-mail address, accept separate terms of use, if applicable, and set up an account ("User Account").

3.7 Depending on the Agreement, a User of the Customer can manage the registration of users and manage it centrally in a registration and administration portal, providing all necessary information.

3.8 The Customer may use Libra AI only to the extent specified explicitly in the Agreement, including these GTC. Libra may temporarily block access to Libra AI for the Customer if this is absolutely necessary for technical reasons, if there are concrete indications that the Customer is in breach of legal regulations or obligations under the Agreement, is in default of payment of a fee or if this is necessary for compelling legal, judicial or official reasons. When deciding to block the access, Libra will take into account the legitimate interests of the Customer, in particular whether there are indications that the Customer is not responsible for the violation. Libra will restore the access as soon as the compelling technical reasons, the breach of the Agreement, the compelling legal, judicial or official reasons cease to apply or the default in payment has stopped.

4. Rights of use to Libra AI and the Libra Output

4.1 For the duration of the Agreement, Libra grants the Customer a non-exclusive, territorially unlimited, non-transferable and non-sublicensable license under which the Customer has right to use Libra AI for the Customer's internal business and operational purposes, according to Libra AI intended purpose and its documentation, within the number of Customer’s Users specified in the Agreement. Within this license the Customer has a right to make Libra AI available for use by Customer’s Users in accordance with these GTC.

4.2 The Agreement entitles the Customer to grant the agreed number of Users access to Libra AI in accordance with section 4.1. If a User leaves the Customer, the Customer may grant the right of use of a User to another User.

4.3 Any use beyond the provisions of the Agreement is not permitted. The Customer is obliged to ensure use within the agreed scope. This means in particular that the Customer must prevent unauthorized access to Libra AI by third parties by taking appropriate measures and precautions. To this end, the Customer shall require Users to comply with the conditions of use of Libra AI. If the Customer becomes aware of violations of the conditions for the use of Libra AI, he is obliged to immediately prevent further similar violations by taking appropriate measures and to inform Libra immediately of the violations and the measures taken.

4.4 Libra AI may only be used in the form provided by Libra and with the functions provided by Libra. Unless otherwise specified in the Agreement, Libra AI may not be reproduced, distributed or made available to third parties in any form, as a whole nor in fragments. In particular, the following is not permitted:

1. Any resale or transfer of Libra AI or parts thereof to third parties for commercial or non-commercial purposes (e.g. in the form of a proprietary platform or other service).

2. Any modification of Libra AI;

3. Any use of Libra AI that qualifies as a prohibited practice within the meaning of the Artificial Intelligence Act;

4. Any use of Libra AI that qualifies as a high-risk AI system within the meaning of the Artificial Intelligence Act;

5. the other actions listed in sections 4.5 and 7.2.

4.5 In particular, the Customer shall

1. not license, sublicense, sell, resell, lease, transfer, assign, distribute or otherwise use the Libra AI or make it available to third parties, e.g. grant unauthorized persons access to the Libra AI;

2. not modify, "hack" or otherwise attempt to gain unauthorized access to the Libra AI;

3. not use the Libra AI in any unlawful manner, including but not limited to violating the privacy rights of third parties;

4. not use the Libra AI to infringe any intellectual property rights, privacy rights or other rights of any other person or party;

5. not use Libra AI in any manner that interferes with or disrupts the integrity or performance of Libra AI and its components;

6. except as permitted by law, not attempt to decipher, decompile, reproduce, reverse engineer or otherwise discover the source code on which Libra AI is based, including any source code, object code, algorithms, methods, processes or techniques used or contained therein;

7. not use Libra AI to knowingly transmit, upload, link to, send or store viruses, malware, Trojan horses, time bombs or similar harmful software;

8. not use or attempt to use Libra AI in breach of the Agreement;

9. not alter or remove any logos or legal notices of copyright, trademark and similar rights;

10. not use Libra AI with other automated computer programs such as "bots", crawlers or similar technologies.

4.6 Libra (or its licensors and providers of Third Party Products, if any) shall remain the sole owner of all rights in the Libra Outputs, regardless of whether they are copyrightable, unless the Libra Output is solely demonstrably based on Customer Content. Insofar as the Output is subject to copyright or similar intellectual property protection that originates with the Customer or User, the Customer assigns to Libra all its rights, titles and interests in copyrights or similar intellectual property rights in relation thereto or grants Libra the exclusive rights of use that are unrestricted in terms of time, territory and content.

4.7 Libra grants the Customer the permanent, non-exclusive, non-transferable and non-sublicensable right to use the Libra Output for the purpose of processing the Customer's case or mandate. For this purpose, the Customer may reproduce and edit the Libra Output. Any commercialization of the Libra Output beyond the use for case or mandate processing is not permitted. In particular, it is not permitted to make the Libra Output available to third parties or to commercialize it in any other way outside of case or mandate processing.

4.8 If the Customer claims that the Libra Output used by him is not protected by Libra copyright, he must specifically state and prove this. In particular, it must be proven that the Libra Output was created exclusively through an autonomous production process without any creative human contribution and that the Output does not contain any works or protectable parts of works. The use of Libra AI as a supporting tool in the creation process does not preclude copyright protection.

4.9 The Customer is not entitled to use any content and/or databases, including the Libra Output, for commercial text and data mining. In this context, Libra reserves this right for itself in accordance with Section 44b (3) of the German Copyright Act (UrhG) or any successor provision.

5. Rights of use to Customer Documents and Customer Input

5.1 Libra warrants that Libra will not use Customer Documents and Customer Input for the training of Libra AI or any other AI and LLM. Exceptions to this are cases in which the Customer grants Libra a corresponding authorization to train with the Customer data. The declaration of authorization must be in text form.

5.2 The Customer grants Libra, insofar as this is appropriate and necessary for the intended use of Libra AI, the simple, spatially unrestricted rights of use, limited in time to the term of the Agreement, to the Customer-Input and Customer-Documents provided by him within the scope of the use of Libra AI for the aforementioned purposes.

6. Remuneration, billing

6.1 The Customer shall pay for the use of Libra AI the remuneration set out in the Agreement ("Usage Fee").

6.2 The Usage Fee is due in advance. The usage fee is payable 30 days after invoicing by Libra to the account notified to the customer by Libra. The fees stated in the Agreement are net, plus the applicable value added tax stated in the Agreement.

6.3 Libra can at its reasonable discretion adjust the prices for Libra AI at the beginning of every year during the term of the Agreement, taking into account general increases/decreases of costs and trends in the market.
An increase or reduction of the subscription fees may be considered if the costs for providing the services increase or decrease as a result of changes in wage, material, or other costs, such as without limitation, the cost of making Libra AI available to Customer, or if other changes in the energy-economic or legal framework conditions lead to a changed cost situation. Increases in one cost type may only be used to increase the fees to the extent that there is no offset by any declining costs in other areas. In the case of cost reductions, Libra must reduce the fees to the extent that these cost reductions are not offset by increases in other area. Libra shall provide the Customer with appropriate notice hereof at least four (4) weeks prior to applying the yearly price adjustment.
If the increase exceeds 5%, Customer shall be entitled to an extraordinary right of termination that it can exercise within three (3) weeks of receiving the information about price adjustment. If Customer does not terminate the existing Agreement within three weeks of receipt of the notice or otherwise does not declare its intention to do so, the new price shall be deemed to have been agreed.

7. Obligations of the Customer and indemnification

7.1 The Customer shall use the Libra AI only to the extent contractually agreed.

7.2 The Customer and Users shall not pass on their login data and shall not allow persons who are not authorized Users to access Libra AI. The Customer shall oblige Users to use Libra AI exclusively within the contractual scope and to protect and keep their access data safe from access by third parties. Access data may also not be passed on internally at the Customer. Unauthorized access must be reported to Libra immediately.

7.3 The Customer is obliged to ensure that Users only use their own User Accounts. The use of joint accounts, so-called shared accounts, and the sharing of access data to User Accounts is prohibited. If shared accounts are used or the access data of user accounts are shared and several persons use Libra AI via the same access, Libra may demand the total remuneration incurred within the last 12 months prior to the discovery of the violation as compensation. The Customer is at liberty to prove that the damages incurred were lower. Further claims remain unaffected.

7.4 The Customer is responsible for ensuring that the technical requirements for access to and use of Libra AI are met by the Users. This applies in particular to suitable hardware, operating system, internet connection and web browser, taking into account any technical specifications published by Libra.

7.5 The Customer is allowed to use Libra AI only in accordance to Agreement, including these GTC, and within the scope of Libra AI technical or technological capabilities, Libra AI’s intended purpose and type/character/intensity of use expected from a standard customer on the market of legal AI assistants/legal AI workspace providers; in particular, the Customer must refrain from any activity that is likely to impair and/or excessively burden the operation of Libra AI, the services offered and/or the underlying technical infrastructure and shall also oblige the Users accordingly (“fair use”). In case Libra introduces specific limits of use into its offer, such limits shall be specified in the Agreement and apply on top of the abovementioned fair use clause.

7.6 The Customer is responsible for the selection, review, validation and verification of the admissibility, appropriateness and accuracy as well as the type and content of the Customer Documents and the Customer Input. This includes, in particular and amongst others, compliance with professional and ethical regulations as well as the general provisions of the Criminal Code, data protection law and regulations for the protection of personal rights and intellectual property rights. The same applies to the completeness, reliability and quality of the content, data and information provided and to interpretations or conclusions drawn from the use of the services and/or work results.

7.7 The Customer is aware that the quality of the Libra Output depends to a large extent on the Customer Input and the Customer Documents. In addition, the Customer is aware that the LLMs underlying Libra AI and operated by third-party providers can also produce incorrect results in terms of content (in particular "hallucinations" whereby the AI system fills in missing knowledge without indicating this in the results, resulting in a credible but objectively incorrect statement without reservations). It is in the nature of the technology used and it is generally recognized that LLMs may also generate output that is incorrect, contrived or misleading. Libra therefore does not warrant that the Libra Output is accurate or complete in content or can be used by the Customer for the Customer's intended purpose.

7.8 The Customer shall, to the extent necessary, adequately inform and instruct the Users of Libra AI about the proper use of Libra AI and provide the Users with all legally required information. This applies in particular to data protection requirements and requirements of the Artificial Intelligence Act.
The Customer’s obligations described above in this Section 7 of GTC exist independently of any statutory obligations of the Customer, in particular those arising from Article 4 of the Act on Artificial Intelligence (i.e., Regulation (EU) 2024/1689 of the European Parliament and of the Council of June 13, 2024, laying down harmonized rules on artificial intelligence), as an “operator” of an artificial intelligence system within the meaning of Article 3 (4.) of the Artificial Intelligence Act.

7.9 The Customer shall indemnify Libra and its respective managing directors, employees and other servants against all claims of third parties in this respect, which are attributable to the fact that the Customer has culpably breached the obligations in the Agreement. This includes, in particular, damages resulting from the fact that Customer Documents or Customer Input provided by the Customer are not correct or complete in terms of content, or violate the rights of third parties or applicable law.

7.10 The Customer must immediately report malfunctions or malfunctions of Libra AI to Libra, stating the information known to him and useful for their detection.

7.11 The Customer acknowledges that it is the Customer's responsibility to evaluate the correctness, adequacy, accuracy or completeness of the Output, in particular by human review and correction of the Libra Output. The Customer acknowledges and agrees that it uses the results obtained through the use of Libra AI at its own risk. In particular, the Customer shall verify and ensure that it:

• does not use the Libra Output to develop, train or improve artificial intelligence or machine learning models;

• does not present the Libra Output as if it had been approved or reviewed by Libra;

• represents the Libra Output as a wholly man-made work;

• uses Libra AI for automated decision-making that has legal or similarly significant effects on individuals, unless it is done with appropriate human review and in accordance with applicable laws;

• Use Libra AI for any purpose or with any effect that is discriminatory, harassing, harmful or unethical.

8. Warranty

8.1 Reproducible deviations from the service description are deemed to be defects if they impair the value or suitability for the usual use described therein to a more than insignificant extent or if Libra was unable to effectively grant the Customer the rights required for the contractually agreed use. An insignificant defect shall not give rise to claims for defects.

8.2 Service descriptions are not to be understood as a guarantee or warranted quality without a separate written agreement.

8.3 If the Customer demands subsequent performance due to a defect, Libra has the right to choose between rectification, replacement delivery or replacement service. Subsequent performance shall take place within a reasonable period of at least two weeks. If the Customer has set a further reasonable period of grace after the first period has expired without result and this has also expired without result, or if a reasonable number of attempts at rectification, replacement delivery or replacement performance have been unsuccessful, the Customer may, subject to the statutory requirements, choose to terminate the Agreement extraordinarily or reduce the remuneration agreed in the respective Agreement and claim damages.

8.4 The Customer shall be entitled to claims for damages due to defects in accordance with Section 9.

8.5 Claims for defects shall become time-barred within 12 months if they are subject to the statute of limitations. This does not apply in the cases of clause 9.1.

9. Liability

9.1 Libra shall be liable without limitation:

1. for willful misconduct or gross negligence,

2. for injury to life, limb or health,

3. in accordance with the provisions of the Product Liability Act, and

4. insofar as Libra assumes a guarantee, to the extent of such a guarantee assumed by Libra.

9.2 Libra shall only be liable for damages caused by slight negligence in the event of a breach of a material contractual obligation, i.e. an obligation whose fulfillment is essential for the proper execution of the Agreement and on whose compliance the customer regularly relies and may rely (cardinal obligation), but limited to the damage reasonably to be expected at the time of conclusion of the contract.

9.3 Any further liability on the part of Libra is excluded.

9.4 Strict liability for initial defects in accordance with § 536a BGB or a successor regulation on the part of Libra is excluded.

9.5 The above limitation of liability also applies to the liability of a legal representative or vicarious agent of Libra.

10. Term, extension and termination

10.1 The Agreement term begins with the agreed commencement of use or, if no such commencement has been agreed, with the conclusion of the Agreement.

10.2 The term (first subscription period) is determined in the Agreement (12, 24 or 36 months).

10.3 The Agreement has an autorenewal character which means that the first subscription period defined in the Agreement (as 12, 24 or 36 months) is automatically extended by 12 month periods if the Customer or Libra does not terminate the Agreement with a notice period of 30 days to the end of the respective subscription period.
If the Agreement explicitly defines a monthly autorenewal subscription period, then each Party may terminate the Agreement with 14 days' notice to the end of the respective subscription period. This provision does not stipulate a sole legal basis for conclusion a monthly autorenewal Agreement – such monthly autorenewal Agreement must be regarded as an exception and is allowed only in case of mutual explicit statements of both Parties.

10.4 The right to extraordinary termination for good cause remains unaffected. Good cause for termination by Libra exists in particular if (1) insolvency proceedings are opened against the Customer's assets or rejected due to lack of assets or (2) the Customer enables a higher number of Users to use Libra AI than contractually agreed.

10.5 Terminations must be made in text form.

10.6 Upon termination of the Agreement, for whatever reason, the right of use and the Customer's access to Libra AI shall expire immediately.

11. Data protection; confidentiality; obligation to professional secrecy

11.1 For the processing of personal data of the Customer by Libra on behalf of the Customer, Libra and the Customer, are concluding the data processing agreement (“DPA”) which is attached to these GTC as Schedule 1 and which forms an integral part of the Agreement.

11.2 The parties shall treat as confidential, keep confidential and not disclose to third parties all information (including trade secrets) relating to the Agreement which is marked as confidential or the confidentiality of which is apparent from the circumstances, whether communicated in written, electronic, otherwise embodied or oral form, including but not limited to the Customer Documents and information relating to the technologies used, business operations and strategies, customers, pricing and marketing ("Confidential Information"). Excluded from this are consultants of the parties who are subject to a professional duty of confidentiality and the employees who have a "need to know" this information, whereby the confidentiality obligations for consultants of the parties and employees may not be less strict than agreed here. Notwithstanding the foregoing, Confidential Information shall not include information that the receiving party can prove: (a) was known to it prior to entering into the Agreement; (b) was disclosed to it by a third party without breach of a legal or contractual duty of confidentiality; (c) was or becomes publicly known through no fault of the receiving party; or (d) is required to be disclosed by a court or governmental order. The provisions of the law on the protection of business secrets shall remain unaffected.

11.3 The parties shall maintain appropriate confidentiality measures in order to store Confidential Information in an appropriate manner in accordance with recognized security standards in line with the current state of the art. The level of security may not be lower than for the customer's or Libra's own Confidential Information.

11.4 Libra is aware that Customer may be subject to professional confidentiality with regard to Customer Documents and Customers Input (e.g. the professional secrecy of lawyers). Libra undertakes to comply with the professional confidentiality. For the purpose of contractually securing this obligation of professional confidentiality, Libra and the Customer are concluding the “Confidentiality agreement for persons bound by professional secrecy” attached to these GTC as Schedule 2, which shall apply in addition to the confidentiality obligations regulated here and which forms an integral part of the Agreement.

11.5 Libra is entitled to use other natural or legal persons ("subcontractors") to fulfill its contractual obligations towards the Customer. If subcontractors are commissioned, Libra shall oblige the subcontractors who may come into direct or indirect contact with information of the Customer in the course of Libra's performance of the Agreement to maintain confidentiality in text form in accordance with this clause 11.

11.6 The duty of confidentiality shall continue for 5 years after termination of the contractual relationship.

11.7 Since Libra is a legal entity, the duty of confidentiality applies to the managing directors and employees of Libra who become aware of the third-party secrets in order to fulfill the contractual obligation to the Customer.

11.8 In addition, in order to fulfill the Agreement and/or to comply with legal and regulatory obligations and/or on the basis of its legitimate interest, Libra as controller may process the personal data of employees or managing directors ("contact persons") of the Customer (including, for example, first and last name, business address and telephone number) provided to it by the customer, in particular for the administration and monitoring of the business relationship with the Customer (creation of user accounts, administration of contracts, orders, subscriptions, invoicing, etc.). The Customer is obliged to inform the contact persons who are involved in the implementation of the contractual relationship that Libra processes their data and to what extent, using the information available at https://libratech.ai/de/data.

11.9 If Libra has received the Customer's e-mail address in connection with the conclusion of the Agreement and the Customer has not objected to this, Libra reserves the right to use the Customer's e-mail address for the purpose of direct advertising for its own similar goods and services. The Customer has the option to object to this use of his e-mail address at any time by sending an e-mail to the contact email address specified in the Agreement or on the website or via a link provided for this purpose in the e-mail sent, without incurring any costs other than the transmission costs according to the basic rates.

12. Offer of Libra AI, availability and updates

12.1 Libra endeavors to ensure trouble-free operation of Libra AI. This is naturally limited to services over which Libra has an influence and therefore Libra AI may not be available due to its maintenance, upgrades, updates, testing, bug fixing, or other technical activities. Libra will make proper effort to ensure that these activities are carried out outside standard working hours. Libra therefore draws the Customer's attention to the fact that there may be restrictions or impairments in the use of Libra AI that are beyond Libra's control. These include, in particular, actions by third parties not acting on behalf of Libra, technical failures beyond Libra's control and force majeure.

12.2 Libra is entitled, but not obliged, to change Libra AI during the term of the Agreement, in particular to adapt the service to technological progress. Libra reserves the right to update Libra AI without prior notice in order to offer the Customer a correspondingly optimized range of services, provided that the suitability of Libra AI for the agreed purpose is fundamentally maintained and the optimized offer is reasonable for the Customer, taking into account the interests of both parties. This also includes the addition of new functionalities, changes to the user interface and adjustments to the backend. The Customer is not entitled to the maintenance of functionalities not explicitly agreed in the Agreement that are not essential for the basic functionality of Libra AI.

12.3 Libra may also introduce new versions of Libra AI with extended and/or improved functions and offer them to the Customer free of charge or for an additional fee (hereinafter "Premium Functions"). Premium Functions may include, but are not limited to, the integration of third-party services. The prices and conditions for the respective Premium Functions shall be displayed to the Customer before the booking is concluded and shall be deemed to have been agreed as soon as the Customer confirms the booking. If individual Users activate premium functions, this applies for and against the Customer. Libra is entitled to offer Premium Functions in a free trial version.

12.4 Updates shall not result in the originally agreed functionalities no longer being available to the Customer or in originally agreed requirements only being fulfilled to a significantly limited extent.

12.5 In the event of updates, the Customer is not entitled to a rollback to a previous version of Libra AI.

13. Support and troubleshooting

13.1 Libra offers the Customer support at its own discretion. This shall be provided via the channels and contact details and times provided by Libra. As part of the support, reports of any technical faults are received and processed as far as possible.

13.2 Libra shall provide services with the care customary in the trade in accordance with recognized rules of technology. Libra shall remedy technical faults of Libra AI as quickly as possible in order to enable Libra AI to operate as uninterruptedly as possible.

13.3 The Customer shall notify Libra immediately of any technical faults affecting the operation of Libra AI, describing the specific fault. As far as possible, necessary and reasonable, the Customer shall assist in rectifying the fault.

14. Free trial version and Pilot (paid trial version)

14.1 Insofar as Libra grants the Customer access to Libra AI or a Premium Function for a specific or indefinite period of time (hereinafter "test phase") as a free trial version, the following provisions shall apply:

1. For the test phase, the free trial version of Libra AI is provided to the customer for use free of charge by way of loan.

2. For the test phase, Libra's liability shall be governed by Section 599 of the German Civil Code (BGB) or a successor provision, in deviation from Section 9 of these GTC; liability for defects shall be governed by Section 600 BGB or a successor provision.

3. During the test phase, the functional scope of Libra AI may deviate from the contractually guaranteed functions.

4. During the test phase the scope of the content available in Libra AI may deviate from the contractually agreed scope, in particular Customer may have access to broader content scope during test phase than during the term of the Agreement for paid version of Libra AI.

5. e. During the test phase, either party may terminate the contractual relationship at any time without giving reasons.

14.2 The test phase begins with the conclusion of the Agreement, but at the latest when access to Libra AI is granted to the Customer. Unless otherwise agreed for the duration of the test phase, it ends at the end of fourteen days from the start of the test phase.

14.3 After expiry of the Test Phase, the contractual relationship regarding the free use of Libra AI ends. Libra may grant the Customer the option of seamlessly transitioning from the trial phase to paid use of Libra AI. For this purpose, the Customer must make a corresponding booking. Libra can support the Customer in migrating further test accesses of other Users to the Customer's account. In case the Customer does not transition to paid use of Libra AI, the access to Libra AI will expire.

14.4 The Customer is prohibited from obtaining further trial versions after the free trial version has expired and from creating new accounts in order to circumvent this restriction.

14.5. The above provisions (except for 14.1 a. and b.) regarding free trials also apply to paid trials (Pilots), with the following exceptions:

1. Unless otherwise specified in the Agreement, Pilots last 5-6 weeks.

2. Pilot is subject to a fee (in accordance with the Agreement).

3. Pilot may include additional onboarding services, as determined by Libra's current offer and the Agreement.

15. Miscellaneous

15.1 Libra AI is subject to continuous further development. In particular, Libra may further develop and change the usage options. Further development or modification of Libra AI and/or the usage options may require changes to these GTC. Libra is therefore entitled to amend these GTC insofar as this is necessary to take into account further developments or changes to Libra AI or the usage options, to close any loopholes that may cause significant difficulties in the execution of the Agreement, or to comply with legal requirements. Such changes to the GTC should not put the Customer in a worse position than when the Agreement was concluded. The Customer shall be notified of such amendments to the GTC in text form at least six weeks before they are scheduled to take effect.

15.2 Libra also reserves the right to amend or supplement these GTC for other justified reasons. The changes or amendments shall be announced to the Customer in text form at least six weeks before they take effect. If the Customer does not agree with the changes, he may object to the changes in text form with a notice period of one week to the date on which the changes or additions are intended to take effect. If the Customer does not object, the changes or additions to the GTC shall be deemed to have been approved by the Customer. When notifying the Customer of the amendments or additions to the GTC, Libra shall specifically draw the Customer's attention to the intended significance of his behavior. If the Customer does not object in due time, the changes shall be deemed agreed and shall take effect on the date specified in the notice of changes.

15.3 Other amendments or additions to the Agreement must be made in text form in accordance with Section 126b of the German Civil Code (BGB) in order to be effective, whereby express reference must be made to the Agreement. This also applies to an agreement that deviates from this text form requirement. Section 15.4 remains unaffected.

15.4 The Customer is not entitled to transfer or assign the Agreement or rights arising from it without the prior written consent of Libra in accordance with § 126 BGB.

15.5 Should any provision of the Agreement be or become invalid, illegal or unenforceable, this shall not affect the validity, legality and enforceability of the remainder of the Agreement.

15.6 The Agreement shall be governed exclusively by the laws of the Federal Republic of Germany to the exclusion of the United Nations Convention on Contracts for the International Sale of Goods (CISG).

15.7 The exclusive place of jurisdiction for all disputes arising from or in connection with the Agreement is Berlin. Libra is also entitled to sue at the customer's place of business.

15.8 Customer agrees to use of Libra AI in compliance with all export controls and economic sanctions laws applicable to the Parties, including without limitation by not exporting or transferring Libra AI to, using Libra AI for the benefit of, or making Libra AI available for use by any person, entity or organization with whom E.U. or U.K. persons are otherwise prohibited from engaging in such transaction. Customer further represents and warrants that neither it nor any users provided access to Libra AI are identified on or as (a) U.S. Office of Foreign Assets Control Specially Designated Nationals List or the U.S. Department of Commerce’s Bureau of Industry & Security’s Denied Persons, Entity, Unverified Lists, or a military-intelligence end user as defined in 15 C.F.R. § 744.22(f), (b) UK HM Treasury Consolidated List of Sanctions Targets, (c) the EU Consolidated List of Persons, Groups, and Entities Subject to EU Financial Sanctions, or (d) any other applicable sanctions list, or (e) an entity or organization fifty percent or more owned, or controlled, or acting on behalf or at the direction of, whether directly or indirectly, individually or in the aggregate, any person(s) identified in subclauses (a) through (d). Libra shall have no obligation to make Libra AI available to any user or in any jurisdiction if doing so, in its reasonable discretion, would violate applicable law, and Libra shall have no liability upon written notice to the customer for withdrawing Libra AI from such user or jurisdiction in such event. This clause applies only to the extent that it is enforceable under the currently applicable laws, in particular Council Regulation (EC) No. 2271/96 ("European Blocking Regulation") and the Foreign Trade and Payments Ordinance and its successor regulations and laws.

15.9 Libra is entitled to transfer the Agreement concluded with the customer to a company affiliated with it in accordance with §§ 15 ff. AktG and to have any rights and obligations under the Agreement performed in whole or in part by third parties, in particular affiliated companies, or to assign them to third parties without the consent of the Customer being required.

16. Notification of unlawful content, content moderation

According to the Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services and amending Directive 2000/31/EC), Libra enables any person or entity to report the presence of specific information in the aforementioned service which such person or entity considers to be illegal content, in accordance with the provisions of the Digital Services Act, including Article 16 thereof.

Any person or entity, in particular the Customer and User, can report content that they consider to be unlawful by e-mail using the current contact information on our website, particularly in our imprint.

The report should contain at least the following information:

• a sufficiently reasoned explanation of why you consider the information in question to be illegal content,

• a clear indication of the exact electronic storage location of this information, such as the precise URL address or URL addresses, or, if necessary, further information relevant to the type of content and the specific type of hosting service to identify the illegal content,

• your name and email address or your organization, unless the information is deemed to relate to a criminal offence referred to in Articles 3 to 7 of Directive 2011/93/EU

• a statement that you or the entity has a good faith belief that the information and statements contained in the report are accurate and complete.

Each incoming report will be examined promptly, objectively and comprehensibly. If a violation is identified, the content in question will be removed or otherwise restricted. The reporting person will be informed of the decision taken and of any legal remedies.

All content moderation and usage restriction measures are carried out objectively, carefully and proportionately. In particular, the fundamental rights of users in accordance with the Charter of Fundamental Rights of the European Union are taken into account, especially the right to freedom of expression, freedom and pluralism of the media.

Schedule 1 to the GTC from Libra - Data Processing Agreement

1. Scope

This Data Processing Agreement (“DPA”) and its following schedules

Schedule 1 “Description of Personal Data Processing”
Schedule 2 “Technical and organizational measures”
Schedule 3 “List of sub-processors”

which are incorporated into this DPA, are subject to and made part of the “General Terms and Conditions” and complement the provisions of the Agreement with the Customer (as defined in the Agreement) as regards to the rights and obligations of the parties relating to the processing of personal data of the Customer by Libra (in the following also referred to as “Processor”) pursuant to article 28 of the GDPR. In the event of a conflict between this DPA and the related Agreement this DPA and its schedules shall prevail.

2. Subject matter

For the purpose of this DPA, Libra is the processor of personal data and Customer is the controller. The purpose of this DPA is to define the conditions under which processor is entitled, on behalf of controller, to carry out the processing of personal data as necessary to provide the services under the Agreement.
The details of the data processing (subject-matter, nature and purpose of the processing, type of personal data, categories of data subject etc.) are described in the Schedule 1 “Description of Personal Data Processing”. The duration of the data processing corresponds to the term of the Agreement.
If these clauses use the terms defined in Regulation (EU) 2016/679 are used in these clauses, these terms have the same meaning as in the relevant Regulation.

3. Customer’s obligations

3.1 As controller, Customer will ensure that any personal data provided to Processor by, or on behalf of, Customer has been collected lawfully, fairly and in a transparent manner to enable such personal data to be processed by the Processor. In particular, Customer is responsible for the lawfulness of the processing and must identify the legal basis for the processing.

3.2 Customer must provide Processor documented instructions relating to the data processing. Said instructions are contained in the agreement, this DPA and its schedules.
Customer may provide additional reasonable instructions to Processor, provided that these are within the agreed scope of the standard product. The Processor may refuse, defer, or propose an alternative to an instruction where compliance would materially impact the security, integrity, availability, or standard operation of the services, or would require disproportionate effort or cost. If the execution of an additional instruction requires the implementation of technical and organizational measures or other measures customized for Customer and this results in additional costs, the Processor shall inform Customer of these costs. The Processor will comply with the instructions only after receiving confirmation from Customer that Customer shall pay such additional costs. Customer’s instructions will be provided in writing (email sufficient) unless in the event of an emergency or other specific circumstance requiring spoken communication. Any unwritten instructions must be confirmed as soon as possible in writing by Customer and in any event no later than twenty-four (24) hours after the unwritten instructions have been given. In addition, when Customer is not located in the country where the Processor has its registered office, Customer shall inform the Processor about specific obligations that apply to the Processor under mandatory local laws applicable to Customer in order for the Parties to determine the appropriate actions.

3.3 Customer must provide information to the data subjects about the data processing activities as further detailed under the schedules of this DPA. Customer is responsible for responding to data subjects’ requests to exercise their rights. If it is not possible for Customer to obtain directly the information and data necessary for the processing of a data subject request to exercise their rights, Customer will request any necessary information and data to the Processor, who will assist, as far as possible, the Customer in fulfilling the obligation to comply with the requests to exercise the rights of the data subject.

4. Processor’s obligations

4.1 Unless required to do so by Union or Member State law to which the Processor is subject to, the Processor will process the personal data on behalf of the Customer only in accordance with the documented instructions of the Customer. This obligation to comply with Customer’s instructions is also applicable for the transmission of personal data to a third country or international organization.
The Processor shall immediately inform the Customer if, in its opinion, an instruction constitutes a violation of the applicable data protection law. In such a case, the Processor may suspend the provision of the services under the agreement and will not be required to follow the instruction in question until Customer’s instruction is clarified to the extent that it no longer violates the applicable data protection law. The Processor will also inform Customer if he is not, for any reason whatsoever, able to comply with an instruction from Customer.

4.2 The Processor shall ensure that persons authorized by the Processor to process the personal data on behalf of the Customer are bound to confidentiality or are under an appropriate statutory obligation of confidentiality and that such persons that have access to the personal data only process such personal data in compliance with the Customer 's instructions. In addition, if a sub-processor processes Customer data, provisions of Section 5 below shall apply.

4.3 The Processor shall implement technical and organizational measures within the scope of responsibility of the processor taking into account the nature, scope, context and purposes of the processing, the state of the art and the costs of implementation, as well as the risk for the data subjects. These technical and organizational measures are subject to change, particularly as a result of technical progress, and the Processor may modify the technical and organizational measures provided that the security of the services provided under the agreement and the agreed level of protection are not reduced. Customer confirms that the current technical and organizational measures, as listed in the attached Schedule 2 “Technical and organizational measures”, provide an appropriate level of protection for its personal data.

4.4 The Processor assists the Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 GDPR taking into account the nature of processing and the information available to the Processor, in particular shall:

(a) Keep a written record of the categories of processing activities carried out on behalf of the Customer if this obligation is applicable under Article 30 of the GDPR;

(b) notify the Customer without undue delay after the Processor becomes aware of a personal data breach impacting the personal data of the Customer. This notification will be sent by the processor via e-mail to the contact details provided by the Customer in the context of the conclusion of the Agreement and will contain all information available to the Processor, as per Article 33, 34 of the GDPR, to document the personal data breach.

(c) Inform the Customer:

1. about any legally binding request for disclosure of the personal data of the Customer by a law enforcement authority unless otherwise prohibited such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;

2. about any requests, inquiries, or complaints received directly from data subjects without responding to those requests unless it has been otherwise authorized in writing by the Customer to do so;

3. if the Processor is required pursuant to European Union or Member State law to which the Processor is subject to, process the personal data beyond the instructions from Customer before carrying out such processing beyond the instruction, unless that law prohibits such information on important grounds of public interest; such notification shall specify the legal requirement under such European Union or Member State law.

(d) On written request of the Customer or to the extent that the Processor is required to do so under the applicable data protection law, correct or erase the personal data of the Customer.

5. Sub-processors

5.1 The Customer gives the Processor the general written authorisation to engage sub-processors. The Customer acknowledges and accepts that (a) the Processors affiliates may be retained as sub-processors, including those identified in the “list of sub-processors” in Schedule 3; and (b) the Processor and its affiliates respectively may engage third party sub-processors in connection with the provision of the services, listed in Schedule 3 "List of sub-processors".

5.2 All sub-processors are required to abide by substantially the same obligations as the processor under this DPA. The processor shall remain liable to Customer for the failure of a sub-processor to perform in accordance with its obligations. Where an affiliate of the Processor is retained as a sub-processor, an intra-group data transfer agreement is in place within the group of the Processor to ensure that the sharing and where applicable, the transfer of personal data among the affiliates of the Processor, complies with the applicable data protection law. Where a third party is retained as a sub-processor, the Processor or its affiliates will ensure that such sub-processor agrees to a contract containing the applicable data protection obligations meeting the requirements of Article 28 and, where applicable, Chapter V of the GDPR as applicable, and the processor or its affiliates shall ensure that the third party sub-processor provides sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the applicable data protection law.

5.3 The Processor shall inform Customer of any change regarding the addition or replacement of a sub-processor, specifying the identity of the intended sub-processor and the processing activities being subcontracted ("Sub-processor Notice"). The Customer shall have fourteen (14) days following the Sub-processor Notice to submit its objections specifying the reason for objecting. If the Customer makes an objection within that period, the Processor will make reasonable efforts to accommodate changes in the services to avoid processing of personal data by the objected-to new sub-processor. If this is not possible, Customer may (i) confirm the sub-processor previously objected to or (ii) extraordinary terminate the agreement in whole or in part.

5.4 Furthermore, Sub-processors in third countries may only be engaged if the special requirements of Article 44 et seq. of the GDPR are met.

6. Inspections and audits

6.1 The Processor makes available to the Customer all information in its possession necessary to demonstrate compliance with the obligations provided for in this DPA. Additional information (except to the extent that it is confidential to the Processor or subject to trade secret) shall be provided to the Customer upon written request. If the above information is insufficient to enable the Customer to demonstrate that the Processor complies with its compliance obligations, the parties will agree on the terms of an additional inspection. The Customer hereby instructs the Processor to carry out the controls and audits at the sub-processors, and the Processor shall provide the Customer with the information concerning the sub-processors necessary to demonstrate compliance with the obligations referred to herein and in Article 28 GDPR.

6.2 Furthermore, in the event of inspections or other inquiries by a supervisory authority, the parties undertake to cooperate with each other and with the supervisory authority and to provide each other with the necessary information.

7. Effects of termination of the agreement

Upon termination of the agreement, for any reason whatsoever, the Processor shall, at the Customer’s option, delete all personal data or return them to the Customer and delete all existing copies unless the Processor is required to store such personal data under European Union or Member State law.

Schedule 1 “Description of Personal Data Processing”

1. Subject-Matter, Nature and Purpose

The subject-matter, nature and purpose of the data processing are defined in the agreement and, if applicable, the associated service description.

II. Type of personal data

As the controller, the Customer may enter or otherwise provide Customer data, including personal data, as part of the use of the services at its own discretion and to its own extent. The Processor has no knowledge of the exact personal data entered or provided by the Customer. The personal data processed may include in particular:

• Address data

• Bank details / billing information

• Employee data

• Qualification data

• Insurance data

• Personal performance data

• User data

• Usage data

• Usage history

• Communication data

• News content

• Contract data

• Contact details

• Master data

• Audio and voice data

• Where applicable, personal data may also include special categories of personal data.

III. Categories of data subjects

As the controller, the Customer may enter or otherwise provide Customer data, including personal data, as part of the use of the services at its own discretion and to its own extent. The Processor has no knowledge of the exact personal data entered or provided by the Customer. The categories of data subjects processed may include in particular:

• Shareholders and employees of the Customers,

• Clients and other contractual parties of the Customer and persons affected by the subject matter of the mandate such as e.g. family members, opposing parties, business partners, service providers/suppliers

• Other persons from whom the Customer provides data (e.g. parties to the proceedings, parties, lawyers on the other side, external colleagues involved in a case, experts, experts, witnesses)

Schedule 2 “Technical and organizational Measures”

1. Access control

Measures to prevent unauthorised persons from gaining access to data processing systems with which the personal data is processed and used.

Description:

• Security locks and access systems that only grant access to authorised persons.

• Video surveillance of access to the data processing systems.

• Security personnel who monitor physical access.

• Visitor logs to document access by non-employees.

II. System Access control

Measures to prevent data processing systems from being used by unauthorised persons.

Description:

• Use of user accounts with strong passwords and multi-factor authentication.

• Automatic blocking of user accounts after several failed login attempts.

• Regular review of access rights and adjustment in the event of changes to the employee role.

III. Data Access control

Measures that ensure that those authorised to use a data processing system can only access the data subject to their access authorisation and that personal data cannot be read, copied, changed or removed without authorisation during processing, use and after storage.

Description:

• Detailed authorisation concepts and role assignments in the IT systems.

• Data access only for important, logging of data access to detect unauthorised reading, copying, modification or removal processes.

• Use of encryption technologies to protect the data.

IV. Transfer control

Measures to ensure that personal data cannot be read, copied, altered or removed by unauthorised persons during electronic transmission or during their transport or storage on data carriers, and that it is possible to check and determine where personal data is to be transmitted by data transmission equipment.

Description:

• Secure transmission protocols such as HTTPS, SFTP or VPN.

• Encryption of data carriers and emails containing personal data. 10

• Logging and monitoring of all data transfers.

V. Input control

Measures that ensure that it is possible to subsequently check and determine whether and by whom personal data has been entered, modified or removed from data processing systems.

Description:

• Audit logs that document all entries, changes and deletions of data.

• Regular review of the log files by the IT security officers.

VI. Order control

Measures to ensure that personal data processed on behalf of the Client can only be processed in accordance with the Client’s instructions.

Description:

• Contracts for commissioned data processing that precisely define the Client’s instructions.

• Regular training of employees to ensure compliance with these instructions.

• Technical restrictions in the IT system that limit processing to the contractually defined purposes.

VII. Availability control

Measures to ensure that personal data is protected against accidental destruction or loss.

Description:

• Regular backups and redundant storage systems.

• Emergency plans and disaster recovery strategies.

• Protection against malware and viruses through the use of appropriate security software.

VIII. Separation requirement

Measures to ensure that data collected for different purposes can be processed separately.

Description:

• Logical separation of Customer data through Client separation in the software architecture.

• Use of containerisation technologies such as Docker to run applications in isolated environments.

• Physical separation from test, development and production environments.

IX. Data deletion

Measures to ensure that personal data is deleted as soon as the purpose of processing no longer applies and there are no longer any retention obligations.

Description:

• Automated erasure procedures that are activated on the basis of statutory retention periods.

• Secure erasure methods such as data overwriting or destruction of data carriers in accordance with DIN standards to prevent data restoration.

• Documentation of all deletion processes in the deletion log for traceability.

• The individual data entries made by the Customer on the libratech.ai platform and the resulting data outputs of the platform (e.g. as part of the chatbot or AI assistant functions) may only be stored by the Processor for the duration of the respective usage process. Insofar as data (e.g. contract documents) is saved by the users to the user profiles as part of the RAG functions, it will be permanently deleted by the processor on the platform as soon as the respective user deletes it in their profile or at the latest at the end of the Agreement. All input and output data or data saved by users may not be used for purposes other than the use of the platform initiated by the user.

X. Evaluation

Measures to verify and evaluate the effectiveness of technical and organisational measures to ensure the security of processing.

Description:

• Regular internal and external audits of security measures.

• Penetration tests and vulnerability analyses by external service providers.

• Ongoing evaluation and adaptation of TOMs to current safety standards.

Schedule 3 “List of sub-processors”

The current list of sub-processors is always available at: https://trust.libratech.ai/subprocessors

Telekom Deutschland GmbH
Landgrabenweg 149
53227 Bonn
Germany

(before T-Systems International GmbH
Hahnstr. 43d
60528 Frankfurt am Main
Germany)

[Hosting of the Processor’s legal tech platform, on which the Customer data is processed in a secure and scalable cloud environment.
The Open Telekom Cloud warrants data processing exclusively in data centres in Germany.]

Microsoft Ireland Operations Limited
One Microsoft Place
South County Business Park
Dublin 18
Ireland

[Provision of the Azure cloud in Europe
Mainly used as an LLM provider]

Amazon Web Services EMEA SARL
38 Av. John F. Kennedy
Luxembourg

[Provision of the AWS cloud in Europe
Mainly used as an LLM provider]

Google Cloud EMEA Limited
70 Sir John Rogerson’s Quay
Dublin 2
Ireland

[Provision of the Google cloud in Europe
Mainly used as an LLM provider]

DeepL SE
Maarweg 165
50825 Cologne
Germany

[Provision of translation software]

LDA Legal Data Analytics GmbH
Hochwaldstr. 26
81377 Munich
Germany

[Provision of an interface to publisher data from Otto Schmidt]

Libra Technology GmbH
(except when acting as direct processor of the Customer)

[Provision of the product “Libra AI” and related services]

Wolters Kluwer Technology B.V.

[Provision of internal (technical) support services]

Wolters Kluwer Global Business Services B.V.

[Provision of internal (technical) support and hosting services]

Wolters Kluwer Deutschland GmbH

[Provision of internal (technical) support and hosting services]

Schedule 2 to the GTC from Libra – Confidentiality agreement for persons bound by professional secrecy

In connection with the performance of the Agreement concluded between Libra and the Customer, Libra may, in the course of its activities, come into contact with information to which the Customer's obligation of professional secrecy applies. The professional duty of confidentiality for lawyers arises from Sections 43a, 43e BRAO, 2 BORA, for notaries from Sections 18 and 26a BNotO, for patent attorneys from Sections 39a and 39c PAO, for tax advisors from Sections 57, 62a StBerG and for auditors from Sections 43, 50a WPO.
With regard to this information, Libra undertakes to maintain confidentiality towards the Customer as follows:

1. Libra acts as a service provider in the professional activities of the customer, who is subject to professional confidentiality obligations, as a software provider and IT service provider. Libra shall maintain confidentiality regarding third-party secrets made available to Libra by the Customer, being aware of the criminal consequences of a breach of confidentiality pursuant to Section 203 of the German Criminal Code (StGB) (imprisonment for up to one year or a fine) and other applicable legal provisions.

2. The customer shall only allow Libra access to third-party secrets to the extent necessary for Libra to fulfill its contractual obligations. In return, Libra undertakes to only obtain knowledge of third-party secrets to the extent necessary for the fulfillment of its contractual obligations.

3. Libra is entitled to engage third parties (in particular subcontractors). When engaging third parties, Libra undertakes to oblige them in writing to maintain confidentiality, informing them of the criminal consequences of a breach of duty, insofar as they could gain knowledge of third-party secrets within the scope of their contractual activities within the meaning of this agreement.

4. Libra shall instruct the employees assigned to fulfill the contract with the customer in writing and oblige them to maintain professional secrecy, unless they are themselves bound to secrecy by law and/or professional regulations in accordance with Section 203 of the German Criminal Code (StGB). The instruction shall include, in particular, the criminal liability for a breach of the duty of confidentiality pursuant to Sections 203 (4) and 204 of the German Criminal Code (StGB).

5. The employees assigned by Libra to fulfill the contract with the customer

   • may only obtain knowledge of client secrets to the extent necessary to fulfill the contract with the Customer;

   • are obliged to maintain confidentiality regarding third-party secrets made available to them by the Customer;

   • are obliged to maintain confidentiality towards third parties regarding everything that becomes known to Libra in connection with the performance of the contract with the Customer; this applies in particular to information about the Customer's clients and mandates (client secrets), the fact that the Customer has been granted a specific mandate, the internal office conditions and the personal, economic, and tax circumstances of the Customer.

6. This confidentiality shall remain in force for as long as the Customer is subject to professional secrecy.

7. This confidentiality obligation applies to everyone and beyond the end of the contractual relationship with the customer.