1. Object and Purpose of the Agreement
The object and purpose of the Agreement is to incorporate the DocCheck Login-System into the websites of the Information Provider. The particular protected websites result from the entries made by the Information Provider in DocCheck CReaM (formerly: Webmaster Lounge).
2. Contractual Performance
2.1 DocCheck shall furnish an HTML code to the Information Provider that refers to the DocCheck Server. This Script checks the existence of a User Name Password Combination in the data base of a Web Server operated by DocCheck (“Password Server”).
2.2 If the User Name Password Combination transmitted by the script exists, the password server will direct to the browser that triggers the script, an Internet address that refers to a certain HTML page on the Information Provider’s server (non-public URL). If the User Name Password Combination does not exist, it will not be this internet address, but an error message that is transmitted.
2.3 The script can check individual or optional site-specific User Name Password Combinations and / or optional site-specific User Name Password Combinations.
2.4 Individual User Name Password Combinations are assigned to every single User personally by DocCheck. These Individual User Name Passwords are also valid on the web sites of all other Information Providers participating in the DocCheck System if they have admitted the professional or personal group, which the User belongs to, in their Site Policy (see § 3.1).
2.5 Before activating an individual User Name Password Combination, DocCheck will check the membership of Users in a certain group of professionals or persons by comparing the registration data with a document presented by the applicant. This document is a copy of the approbation document, of the physician’s identification card of a comparable document.
2.6 Site-specific User Name Password Combinations (so-called “Company Password”) are determined in DocCheck CReaM by the Information Provider himself or by third parties authorized by the Information Provider. It is the sole responsibility of the Information Provider to forward this information on the site-specific User Name Password Combinations to a group of Users he considers as being authorized. DocCheck will not perform any further verification of User Name Password Combinations. The Company Password shall apply only to the above websites of the Information Provider.
2.7 The Information Provider is aware of the fact that even after integration of the DocCheck HTML-Code on his sites, the availability of his non-public URL is possible in other ways (e.g. by guessing or by passing on of corresponding addresses), unless he installs an additional directory protection (session management or the like).
3. Authorized Group of Individuals
3.1 The group of Users that is meant to have access to a certain, non-public URL of a Website, is to be determined by the Information on his own responsibility (Site Policy). The Information Provider himself will accurately select the authorized groups of Users in DocCheck CReaM.
3.2 DocCheck assumes no responsibility for compliance of this selection with the applicable legal standards as far as the contents of the non-public URL are concerned, e.g. the applicable standards of the German Pharmaceuticals Advertising Law, or comparable bodies of legislation in other countries.
3.3 The Information Provider shall exempt DocCheck from any and all claims of indemnity that might result from an incorrect selection or selection not in compliance with the applicable legal standards.
3.4 The Information Provider shall deal with and process any objections made by Users against his Site Policy on his own.
4.1 DocCheck shall check as diligently as possible membership of the Users in the groups of professionals or persons outlined ("physicians", "pharmacists" etc.).
4.2 However, DocCheck cannot rule out the possibility that unauthorized third parties may, e.g. through deceit, falsification of documents or spying, catch a User Name Password Combination that gives them access to the non-public URL, the website of the Information Provider. Furthermore, DocCheck cannot rule out that DocCheck Users transmit links or bookmarks that allow unauthorized third persons having access to the non-public area of the Information Provider’s website.
4.3 In case of site-specific User Name Password Combinations, the Information Provider shall itself be responsible for the conscientious distribution of the User Name Password Combination. DocCheck does not assume any liability for compliance with the applicable legal standards by the group of persons who seek and gain access to the non-public URL through site-specific User Name Password Combinations. The Information Provider bears full responsibility.
4.4 DocCheck shall be held liable damages caused by itself or by its vicarious agents through gross negligence or wilful intent. In the event of a violation of essential contractual obligations, liability shall, in cases of simple negligence involving pecuniary damage or loss, be limited to foreseeable, direct damages / losses and shall be limited to an amount of Euro 5,000.00. In all other cases, liability shall be excluded.
5.1 DocCheck shall operate its password server as smoothly and continually as possible and shall in this way provide the authorized group of users with a continuous access to the protected areas of the Information Provider’s website. The Information Provider acknowledges and is aware of the fact that its non-public URL for Users of the DocCheck Password is not accessible as long as the password server is not in operation.
5.2 DocCheck shall guarantee operability of the system at 97 % on average of the calendar year. Any maintenance work that is scheduled or turns out to be necessary and that leads to downtimes and has been announced as a maintenance time frame beforehand, will be assessed as ‘available’.
5.3 DocCheck reserves the right to limit availability of its service at short notice after previous reasonable notification, in order to carry out maintenance work on the system, for example.
5.4 DocCheck undertakes to provide, in cases of failures of software and hardware components of the password server or in case of data line failures, replacement service within an adequate period of time, thus restoring operability without undue delay.
6. Data Protection
6.1 Both parties shall ensure that applicable data protection law, in particular the GDPR, is applied when processing personal data and that personal data is only processed in a lawful manner. Both parties shall also ensure that they have taken appropriate technical and organizational measures for data security. Each party is solely responsible for the data in their responsibility.
6.2 The User data obtained by DocCheck are subject to the applicable data protection law. DocCheck shall communicate or forward personal data of the User, such as address data or eMail addresses, with the User’s prior explicit consent to third parties exclusively (e.g. within the constraints of DocCheck Personal).
6.3 The User’s agreement to disclose data to the Information Provider within the constraints of DocCheck Personal shall be limited to the digital transfer of data exclusively. The precise scope of use of the data transferred (e.g. for CRM or market research purposes) shall be subject to the Information Provider’s obligation to mark and identify to the User the applicable national legal provisions on data protection and of the General Data Protection Regulation (GDPR) and to seek particular authorizations if required. The transfer of data via DocCheck Personal shall not constitute an agreement to process data or to send promotional or information material to the User’s eMail address.
6.4 DocCheck’s liability for the data transferred within the constraints of DocCheck Personal and subsequently stored by the Information Provider shall expire as of the time of transfer of the data to the Information Provider.
6.5 Doc Check shall exclusively provide anonymized statistics on the use of websites connected to DocCheck. Any establishment of personal User profiles revealing information on the User’s personal access habits shall be excluded.
6.6 The Information Provider agrees to the anonymous use by the Information Provider of the Information Provider’s Login-statistics - i.e. without mentioning any company name - for the establishment of performance comparisons.
6.7 Both parties are subject to the notification obligations resulting from Art. 33, 34 GDPR, insofar as the notification relates to processing operations which are the subject of this Agreement. The Parties shall inform each other without undue delay of any planned notification of personal data breaches to the supervisory authority and shall forward to each other without undue delay the information required to conduct the notification. The notification obligation only applies to the party who is responsible for the data.
7. Obligations of the Information Provider
7.1 The Information Provider undertakes to provide the offer for access to DocCheck in the public area of its website in a way that DocCheck Users can recognize the possibility of access via DocCheck immediately.
"Website" for the purposes of the license offer is defined on the basis of the following criteria: A website is a system that is recognised by the user as a stand-alone Internet presence, e.g. through an individual colour scheme and a coherent sitemap and navigation. The website can be reached under a (sub-)domain and is a technically independent entity. The user moves through this instance within the scope of a session.
7.2 The possibility of access via über DocCheck has to be provided with a DocCheck logo and an indication of the name of the “DocCheck Login” at minimum 20 pixel size, a link for a password application (https://www.doccheck.com/register) and for reset of the password (https://www.doccheck.com/reset-password-request) Logo patterns can be obtained from DocCheck.
7.3 The HTML Code provided by DocCheck must not be modified by the Information Provider as far as its function (target URL, parameters transferred etc.) is concerned. Reading and storing of User Name Password Combinations on the part of the Information Provider violates applicable law and is prohibited.
7.4 User Name Password Combinations have to be sent directly, i.e. without any detours, to the DocCheck Login server via the Information Provider’s own IT systems, and must have been encoded (https). The transfer has to be made via the POST method.
7.5 The Information Provider shall be obliged to inform DocCheck immediately in case suspicion of misuse of a User Name Password Combinations arises.
7.6 If the Information Provider places a cookie after verification by DocCheck, e.g. in order to facilitate access for the User within an interlinked system of several Internet websites, the cookie shall be valid only for one single User session (temporary cookie). Other cookies (e.g. life-time cookies) are not permissible.
7.7 The Information Provider undertakes not to use any other system for verification of the access authorization. This obligation shall not apply to the Information Provider’s own systems.
7.8 The Information Provider shall carefully accomplish the installation of the DocCheck HTML-code on its server system in accordance with the technical guidelines of DocCheck.
7.9 If the Information Provider uses services, in which personal data or a User-ID of DocCheck are transferred to the Information Provider with the explicit previous consent given by the User (e.g. DocCheck Personal), the Information Provider undertakes to treat the data and / or the User-ID in accordance with all applicable laws, in particular the national legal data protection provisions of the particular country and the General Data Protection Regulation (GDPR), and not to disclose any such data or information onto third parties without the User’s previous consent.
7.10 Responsibility for the proper treatment of User Data shall be transferred to the Information Provider as of the point in time of transfer of the User Data. The Information Provider shall indemnify and keep harmless DocCheck from any and all claims that might be asserted against DocCheck due to any non-contractual use of data or a violation of legal provisions on the part of the Information Provider or by any third parties commissioned.
7.11 The Information Provider undertakes to request the User’s consent to receive eMails according to the applicable legal requirements before getting in contact with the User by eMail.
7.12 The User shall at all times be entitled to revoke his / her consent to use his / her data towards the Information Provider and / or DocCheck. The Information Provider shall in this case be bound to cease and desist any further use of the data and to delete and destroy them immediately.
8. Term of the Agreement, Termination
8.1 The Agreement is concluded for an unlimited period of time. The Agreement may be terminated by either party hereto at 3 months prior notice to the end of year (delivery of the notice of termination in writing is required). Immediate termination for a grave and weighty reason shall remain unaffected thereby.
8.2 In particular, a grave and weighty reason for the termination of the Agreement by DocCheck shall be deemed to be:
9. Pricing and Payment
9.1 No payment obligations shall arise from this Agreement alone. During the term of the Agreement, the basic license shall be available to the Information Provider free of charge. Fee-based additional functions can be booked at any time by concluding individual purchase orders.
9.2 The term of payment shall be 14 days after receipt of a proper invoice, except as otherwise provided by contract between the parties hereto.
10. Choice of Law, Place of Performance, Other Provisions
10.1 The Agreement shall be subject to German law - under exclusion of the law of conflicts.
10.2 The Agreement’s place of performance shall be the corporate domicile of DocCheck.
10.3 Any disputes relating to this Agreement shall fall within the jurisdiction of the courts of Cologne.
10.4 The validity of any General Commercial Terms of the Information Provider shall be deemed as excluded.
10.5 No verbal ancillary agreements have been concluded. Any modifications or amendments to this Agreement shall be subject to the written form requirement. This shall likewise apply to the written form requirement itself.
10.6 In the event any provision of this Agreement should be or become ineffective or inoperable, the effectiveness or operability of the remaining provisions shall not be affected thereby. In the event of the ineffectiveness of any provision of this Agreement, the parties hereto commit themselves to come to a mutual agreement, the economic success of which shall be as close as possible to the intended economic success of the ineffective provision.
As of: 10/2022