General Terms & Conditions of Greenbone AG for the purchase of vulnerability management solutions by end customers
As of: 06 May 2025
1. Scope of application
1.1. The following General Terms and Conditions (hereinafter “GTC”) apply to all contracts concluded between an end customer (hereinafter “Customer”) and Greenbone AG (hereinafter “Greenbone”) for the purchase of vulnerability management solutions. They do not apply to contracts for the use of Greenbone Cloud Services.
1.2. Any terms and conditions of the customer deviating from these GTC shall not apply unless their validity has been expressly confirmed by Greenbone.
1.3. The offers in Greenbone’s online store are aimed exclusively at companies within the meaning of § 14 BGB (German Civil Code).
1.4. This agreement has been drafted in the German language and only the German version shall be legally binding (“reference language”). Any translations of this agreement into other languages are for convenience only and shall have no legal effect. In the event of any discrepancies or questions of interpretation, the German version shall prevail.
2. Definitions
2.1. “Product” within the meaning of these GTC is any vulnerability management solution, which usually consists of a hardware component or a virtual appliance and a time-limited subscription for the Enterprise Feed including maintenance service from Greenbone.
2.2. “Enterprise Feed” within the meaning of these GTC means access to a database operated by Greenbone, which is updated daily and contains information on possible vulnerabilities of computer infrastructure in order to regularly update a product with this information.
2.3. “Maintenance Service” within the meaning of these GTC means services offered by Greenbone as described in Section 8 of these GTC.
2.4. “Assets” within the meaning of these GTC are virtualsystems or physical devices with one or more network interfaces as well as containers and other virtual machines, even if they are not currently running, including digital twins of systems such as SBOMs. A network interface is identified by a MAC address and may have one or more IP addresses. A system or device can host one or more virtual systems, with each virtual system being considered an additional asset.
2.5. “Asset quota” is a contractually defined maximum number of assets for which a product may be used by the customer to check or monitor using the Enterprise Feed, whereby the specific number depends on the selected product.
3. Safety note
Scanning IT systems can lead to malfunctions of the scanned systems and the services running on them, including total failure, regardless of the depth of the scan. Purchased products may therefore only be used on critical systems in particular, the failure of which could pose a considerable risk to life and limb or to assets, after a prior risk assessment and under the supervision of trained specialist personnel.
4. Conclusion of purchase contracts and orders via the Greenbone online store
4.1. If the customer orders a product from Greenbone, he thereby submits an offer to Greenbone to conclude a purchase contract for the ordered product. Greenbone can accept the offer within 5 days by an express declaration to the customer. Sending the ordered goods or an invoice to the customer is equivalent to an express declaration of acceptance. If Greenbone has submitted a binding offer to the customer for the sale of a product, a purchase contract is concluded by the customer’s timely declaration of acceptance to Greenbone. For orders via Greenbone’s online store, the following provisions of Sections 4.2. to 4.5. apply in deviation hereof.
4.2.The purchase of products via Greenbone’s online store requires the customer to register and set up a user account. The customer is obliged to provide the data collected during registration truthfully and completely. If the data collected changes after registration, the customer must immediately update the information in his user account or – if this is not possible – immediately notify Greenbone of the changes. Upon successful registration, a user account is created for the customer, which he can access with the help of his user name and password (hereinafter referred to as “access data”). The customer must keep the access data secret and protected from access by unauthorized third parties. If the customer has lost the access data or if he realizes or suspects that his access data is being used by a third party, he must inform Greenbone immediately.
4.3. The presentation of the individual products within the online store does notn constitute a binding offer to conclude a contract.
4.4. If the customer completes an order process for a specific product by clicking on the button provided for this purpose, the customer submits a binding offer to conclude a purchase contract with Greenbone. The receipt of the offer will be confirmed by sending a confirmation of receipt by e-mail. Unless otherwise stated, this confirmation of receipt does not constitute acceptance of the offer. Notwithstanding the right to reject a customer without giving reasons, Greenbone declares the binding acceptance of the customer’s offer within 5 days after receipt of the order by an express declaration in the form of an order confirmation. Sending the ordered goods or an invoice to the customer is equivalent to an express declaration of acceptance.
4.5. The German and English languages are available in Greenbone’s online store for the conclusion of the contract. The essential content of the contract concluded between the customer and Greenbone results from these GTC as well as the specific information and order data transmitted in the course of the order. The GTC and the order data will be sent to the customer by Greenbone with the confirmation of receipt or the order confirmation. The information is stored by Greenbone, but is no longer accessible to the customer via the Internet. In Greenbone’s online store only the GTC in their current version are available.
5. Prices, payment
5.1. Unless otherwise stated, prices are quoted exclusive of any applicable VAT at the statutory rate. All prices are in EURO and are to be paid by the customer in EURO . In addition to the purchase price, the customer shall bear all taxes, customs duties and other official levies that may be incurred, with the exception of the income tax imposed on Greenbone by the Federal Republic of Germany, which result from the concluded contract or the agreed delivery.
5.2. Invoices will be sent electronically by e-mail shortly after or at the same time as the ordered goods are dispatched. The customer agrees to the electronic transmission of invoices.
5.3. All invoices from Greenbone are to be paid immediately upon receipt of the respective invoice. All invoice amounts are due for payment without deduction, a discount is not granted.
5.4. The statutory provisions shall apply to default of payment and the consequences of default.
5.5. The customer shall only be entitled to withhold payments due to any counterclaims or to offset against any counterclaims insofar as the counterclaims are not disputed by Greenbone or have been legally established.
6. Delivery
6.1. Deliveries shall only be made after the agreed remuneration has been paid.
6.2. Products to be delivered which are tangible items (“Goods”) shall be suitably packed for shipment in Greenbone’s standard shipping cartons, labeled for shipment and shipped to the Customer or a different delivery address specified by the Customer at the Customer’s expense and risk.
6.3. If a product does not contain a hardware component and can be obtained as a software download, Greenbone only sends the customer a personalized download link and the product must be downloaded from Greenbone’s server via the corresponding link.
7. Subscriptions to the Enterprise Feed from Greenbone
7.1. If a product is offered in a bundle with a subscription to Greenbone’s Enterprise Feed (herein-after referred to as “Bundle”), this subscription allows access to the Enterprise Feed for a limited period of time, depending on the product ordered and starting on the date of delivery of the product.
7.2. The bundle contains a specific access code that must be entered to gain access to the Enterprise Feed and is checked each time the product attempts to synchronize with the Enterprise Feed. The access code may be preconfigured on the product.
7.3. The access code is bound to the respective product. The customer is not entitled to pass on the access code to third parties or otherwise allow a third party to use it.
7.4. The subscription expires automatically at the end of its term and is not automatically renewed. If a customer wishes to continue using the Enterprise Feed, they must take out a new subscription with Greenbone. After termination of a subscription, the conclusion of a subsequent subscription is only possible retroactively to the end of the term of the original subscription, whereby the entire term from the end of the original subscription must be paid for by the customer.
8. Subscriptions for the Greenbone maintenance service
Each subscription for Greenbone’s Enterprise Feed that is part of a bundle (see section7) also provides access to Greenbone’s Maintenance Service. The Maintenance Service includes free access to all software updates for the product provided by Greenbone and may also include free access to major software upgrades if these upgrades are required to maintain the functionality and compatibility of the product. If the product contains a hardware component, the statutory warranty claims apply in the event of a defect.
9. Overuse, audits, subsequent remuneration
9.1. If an has been asset quota agreed, the following applies: The possibility of using a product is not limited to the agreed asset quota. If the asset quota is used up and the product is used for further assets, the customer may use the product beyond the contractually agreed scope (“overuse”). The customer is solely responsible for monitoring its scope of use. The customer is obliged to notify Greenbone immediately of any overuse and to acquire a sufficient additional contingent of assets in each case. Subject to the provision in Section 9.5, the obligation to pay compensation for overuse arises when the originally agreed asset quota is exceeded.
9.2. Greenbone is entitled to review the scope of use of the purchased product or the Enterprise Feed by the customer max. every six months (“Audit”). An Audit must be announced by Greenbone to the Customer in text form at least 30 days in advance and may only be carried out during normal business hours at the Customer’s place of business. If Greenbone does not carry out the audit itself, Greenbone may commission a third party bound to professional secrecy (e.g. auditor) to carry out the audit. The customer is obliged to support Greenbone to a reasonable extent in the performance of the audit and to grant Greenbone sufficient access to all information and data from which the actual scope of use of the purchased products can be traced.
9.3. As an alternative to an on-site audit, Greenbone may request the customer to provide Greenbone with meaningful information on the extent of the actual use of the purchased products by the customer by electronic means within a period of at least 30 days. As
an alternative to such transmission, the customer may grant Greenbone access to the relevant information stored on the customer’s system by means of electronic, secure remote access.
9.4. Greenbone is obliged to maintain confidentiality regarding the Customer’s business and trade secrets disclosed during an audit. The audit results must be kept secret and may only be used to enforce any claims for additional compensation by Greenbone.
9.5. If an audit reveals an overutilization by the customer, the customer shall be obliged to pay for the assets used in excess of the agreed scope in accordance with Greenbone’s current price list within 30 days of Greenbone’s subsequent invoice. The entitleme
nt to subsequent remuneration shall apply retroactively from the date of the last audit or the last order of an asset contingent by the customer prior to the announcement of the audit, whichever is the shorter. If the customer proves to Greenbone that the overutilization started at a later date, this date shall be decisive for the claim for retroactive compensation.
9.6. Costs incurred by the customer as a result of an audit shall be borne by the customer. Costs incurred by Greenbone as a result of an audit shall be borne by the Customer if the audit leads to a claim for additional remuneration by Greenbone in the amount of more than 5% of the remuneration for the purchase of the affected product including any additional quotas acquired prior to the audit, otherwise Greenbone shall bear the costs itself.
10. Retention of title
Greenbone retains title to goods delivered to the customer until the relevant order has been paid in full by the customer.
11. Returns
Greenbone will only accept returns of goods shipped by Greenbone (i) which exceed the quantity ordered by the customer, (ii) if the customer has informed Greenbone in writing within ten (10) days after receipt of the delivery about deviations of the delivered goods from the ordered goods, or (iii) which are made in accordance with section 12. of these GTC.
12. Warranty
12.1. Greenbone strives to continuously develop its own products and keep the Enterprise Feed up to date in order to be able to detect as many known or potential vulnerabilities of the scanned computer networks as possible with the help of the products. However, it is not technically possible to develop and operate a scanner that can always detect all known and potential vulnerabilities of a computer network. The customer can therefore not expect that all vulnerabilities will be detected with the help of Greenbone’s products and Greenb
one is not obliged to provide such a complete service and does not guarantee that certain known or potential vulnerabilities of the scanned systems will be reliably detected during a scan and reported to the customer. A continuously updated overview of Greenbone’s vulnerabilities covered by the products in connection with the Enterprise Feed is available on Greenbone’s website.
12.2. The customer is obliged to inspect delivered products for defects immediately upon receipt and, if a defect is found, to notify Greenbone immediately. If the Customer fails to notify Greenbone, the delivered products shall be deemed approved, unless the de
fect was not recognizable during the inspection. If such a defect is discovered later, it must be reported to Greenbone immediately after its discovery, otherwise the delivered product shall be deemed to have been approved also with regard to this defect.
12.3. In the event of a defect in the delivered product, the customer shall grant Greenbone a reasonable period of time to remedy the defect. Greenbone will, at its sole discretion, (i) repair the hardware component of the product (which may include providing a software update); (ii) replace the hardware component of the product or the entire goods; or (iii) issue a credit note for the amount paid by the Partner for the goods against return of the goods.
12.4. The warranty and the resulting claims under this section 12 shall not apply to (i) changes or modifications or additions to the goods made by parties other than Greenbone; (ii) use of the goods in a manner for which they were not designed or which does not comply with the appli-cable technical specifications; (iii) use or combination of the goods with other products not supplied or approved by Greenbone; (iv) atypical use or misuse of the Goods, including, but not limited to, accident, fire, water damage, earthquake, lightning, other acts of nature and other causes external to the Goods themselves; (v) installation of wiring, circuits, electrical wiring or equipment external to the Goods; (vi) failure to provide and continuously maintain adequate power, air conditioning and humidity control in accordance with the operational requirements for the Goods; or (vii) negligence of the Customer or any third party. If Greenbone determines that a warranty claim reported by the Customer falls within any of the above exceptions, the Customer will pay Greenbone for any services rendered at Greenbone’s then
current rates for such services.
13. Intellectual property rights
13.1. Intellectual property rights existing in the Products and Documentation and all related technical know-how (including, but not limited to, rights in patents and patent applications, copyrights and rights in relevant trade secrets) are and shall remain the exclusive intellectual property of Greenbone and its suppliers. The customer shall not do anything that jeopardizes, restricts or in any way impairs Greenbone’s rights with regard to the products and the documentation.
13.2. The customer shall not remove or alter any trademarks, trade names, copyright, patent or patent application notices or other notices, legends, symbols or labels affixed to or in the products or documentation supplied by Greenbone.
14. Liability
14.1. Greenbone shall be liable for damages of the customer in accordance with the statutory provisions if the damages were caused intentionally or by gross negligence, if they are the result of the non-existence of a guaranteed quality of the service, if they are based on a culpable breach of essential contractual obligations, if they are the result of a culpable injury to health, body or life, or if liability is provided for under the Product Liability Act. In the event of a merely Page 6 negligent breach of a material contractual obligation, Greenbone’s liability shall, however, be limited to such damages as are typically and foreseeably to be expected in the context of the provision of the agreed services. This limitation does not apply if damages are the result of injury to health, body or life.
14.2. Material contractual obligations are those contractual obligations whose fulfillment is essential for the proper execution of the contract and on whose compliance the customer may regularly rely, and whose breach on the other hand jeopardizes the achievement of the purpose of the contract.
14.3. Otherwise, Greenbone’s liability is excluded regardless of the legal grounds.
14.4. If Greenbone is liable for the loss of the customer’s data in consideration of the above provisions, the liability shall be limited to the typical recovery costs that would have been incurred even if the customer had made regular backup copies in accordance with the risks involved.
14.5. Greenbone shall not be deemed to be in culpable breach of duty if the use of a product by the customer causes malfunctions or failures of the customer’s systems or services, provided that the malfunction or failure is the result of the use of scanning technology that corresponds to the state of the art for corresponding scans or vulnerability analyses.
15. Data protection, data security
Greenbone may collect, process and use personal data of the customer. Information on data
processing and data protection can be found in Greenbone’s separate privacy policy.
16. Final provisions
16.1. Insofar as the transmission of declarations or information by Greenbone to the customer is provided for within the framework of the execution of a contract, this transmission shall generally take place by e-mail to the e-mail address provided by the customer.
16.2. Should individual provisions of this contract be or become invalid, the validity of the remaining provisions shall remain unaffected.
16.3. This contract and all agreements concluded between the parties on the basis of this contract shall be governed exclusively by the law of the Federal Republic of Germany. The application of the UN Convention on Contracts for the International Sale of Goods (CISG) is excluded.
16.4. If the customer is a merchant, a legal entity under public law or a special fund under public law, the exclusive place of jurisdiction for all claims arising from or in connection with an order placed with Greenbone or the concluded contract shall be Osnabrück, Germany. However, Greenbone may also sue the customer at his general place of jurisdriction.
You can also download our current General Terms and Conditions (GTC) as a PDF: Download GTC (PDF)
