The following Usage- and Licence Agreement of DocCheck Community GmbH, Vogelsanger Str. 66, 50823 Cologne, Germany, applies to all business customers & users of our DocCheck Login service (hereinafter referred to as ‘Contractual Partners’) when using the ‘DocCheck Login’ identification service, subject to individual contractual provisions.
This Usage- and Licence Agreement applies from the time a company account is set up to create a Login, for the entire duration of use of the Login service; this applies to both free and fee-based login licences. A Usage- and Licence Agreement is automatically concluded between the contractual partner and DocCheck Community GmbH (hereinafter referred to as ‘DocCheck’) upon the registration of a company account and the creation of a ‘DocCheck Login’ in accordance with the following conditions:
1. Contractual subject
1.1. DocCheck operates the ‘DocCheck Login’ identification service. HWG-protected (‘Heilmittelwerbegesetz‘, German Drug Advertising Act) content online may only be accessible to healthcare professionals (following ‘HCP‘). As an alternative to the time-consuming maintenance and installation of your own password protection, DocCheck offers the option of implementing the DocCheck Login. Verified HCP, who are members of the DocCheck Community (hereinafter referred to as ‘DocCheck users’), can access content ‘behind the login’ using their DocCheck access data. The Contractual Partner defines which DocCheck User groups have access to the Contractual Partner's content. The functionality of restricting the user groups to authorised HCPs (see ‘Authorised persons’, section 4 of these Terms of Use) can thus support the Contractual Partner in providing content in compliance with the HWG, provided that the login is technically correctly installed.
1.2. ‘DocCheck Login‘: The subject of this contract is the provision of the DocCheck Login service by DocCheck for one or more of the Contractual Partner's websites. By concluding this Usage- and Licence Agreement, the Contractual Partner specifies which websites (initially) are to be protected by the respective DocCheck Login. The creation of a company account to create a Login automatically leads to the conclusion of a Basic Licence that is not subject to a charge; additional features are available in chargeable licence types (for more information on the licence types, see section 3 of this Usage- and Licence Agreement). Logins can be managed by the Contractual Partner in ‘DocCheck CReaM’, defined in more detail in 1.3..
1.3. ‘DocCheck CReaM‘: The Contractual Partner manages its created Logins for the protected websites in ‘DocCheck CReaM’. In DocCheck CReaM, Logins can be created and configured and company and test passwords can be managed. In addition, the Contractual Partner can add or remove additional administrators in DocCheck CReaM and manage and edit the master data of their account.
1.4. If the contractual partner opts for chargeable features, these can be added manually by the Contractual Partner via the corresponding licence packages. Requests for chargeable features can be made via the contact forms available on our website and at any time via the e-mail address industry(at)doccheck.com. Further information on the licence packages can be found in sections 3, 4 and 5 of this Usage- and Licence Agreement.
2. Services of DocCheck
2.1. DocCheck provides the Contractual Partner with an HTML code that refers to a script on a web server operated by DocCheck. The HTML code is installed on the Contractual Partner's website by the Contractual Partner. ‘Website’ within the meaning of the licence package is defined on the basis of the following criteria: A website is a system that is perceived by the user as a self-contained internet presence, e.g. through an individual colour scheme and a coherent sitemap and navigation. The website can be accessed under a (sub-)domain and is a technically independent entity. The user moves through this instance as part of a session. DocCheck does not undertake any technical installation of the HTML code on the Contractual Partner's pages and only provides technical support in relation to the functionality of the Login Service itself.
2.2. The above script is used to check the user's access authorisation in the database of this web server (‘password server’) and thus enables the identification of a DocCheck user. If the user has been recognised as authorised, the password server transfers an Internet address to the browser that triggers the script, which refers to a specific HTML page on the server of the Contractual Partner (so-called ‘target URL’). As a rule, this is the HTML page that is to be protected by DocCheck Login and cannot be viewed by the public. If the user is not recognised as authorised, an error message is sent instead.
2.3. The script provided by DocCheck can verify both user-specific and optional site-specific access authorisation.
2.4. User-specific access authorisations are granted to an individual user personally by DocCheck (‘DocCheck user’). They are also valid on the websites of all other Contractual Partners participating in the DocCheck system, insofar as they have authorised the professional or personal group to which the DocCheck user belongs.
2.5. Site-specific access authorisations (so-called ‘company passwords’) are defined in DocCheck CReaM by the Contractual Partner itself or by third parties authorised by it (see 1.3. of this Usage- and Licence Agreement). They can be used, for example, for the login of employees and are brought to the attention of a user group authorised by the Contractual Partner on its own responsibility. DocCheck does not check these users. This company password defined by the Contractual Partner applies exclusively to the login-protected target URLs of the Contractual Partner and cannot be used for websites of other Contractual Partners participating in the DocCheck system. Within DocCheck CReaM, the Contractual Partner can also define so-called ‘test passwords’ in order to test the functions of the DocCheck login implementation on the Contractual Partner's pages.
2.6. Before activating a user-specific access authorisation for an external DocCheck Login, DocCheck checks whether the DocCheck user belongs to a specific professional or personal group by comparing the login data with a document submitted by the applicant. This document is a copy of the licence to practise medicine, a doctor's ID card or a comparable document as proof of membership of a professional or specialist group. If the verification of membership is successful, the DocCheck user will be activated for the external DocCheck Logins of Business Customers & Contractual Partners and can reach the underlying target URLs (depending on the site policy, see section 4 of this Usage- and Licence Agreement).
2.7. The Contractual Partner is aware that even after integration of the DocCheck Login (i.e. the HTML code provided) on its pages, the (non-public) target URL can still be reached by other means (e.g. by guessing or by passing on corresponding addresses) if no additional security (session management or similar) is set up by the Contractual Partner. The Contractual Partner is responsible for additional protection of the target URL.
3. Licence types
The creation of a company account for the creation of a Login by a Contractual Partner automatically leads to the conclusion of a Usage and Licence Agreement between the Contractual Partner and DocCheck. Within this Usage and Licence Agreement, a free Basic Licence can always be activated as standard; this does not apply to Basic-App-Licenses, see 3.5. Chargeable licences arise for the Contractual Partner in this contractual relationship only on request and after explicit booking of the respective licence type, see 1.4. of this Usage and Licence Agreement. The contract term and any cancellation periods can be found in section 4 of this Usage and Licence Agreement. Payment terms can be found in Section 5 of this Usage and Licence Agreement.
3.1. ‘Basic Licence‘: The Basic Licence automatically agreed between the parties upon registration as a Contractual Partner and creation of a Login offers the services listed in Section 2 of this Usage and Licence Agreement.
3.2. ‘Economy Licence‘: The Economy Licence is the first fee-based extension level of the Basic Licence and includes the additional features of parameter transfer, an OAuth2 Client Secret as well as the transmission of a pseudonymous Unique Key and the option of user routing based on the parameters of occupational group, country or language. Further information can be found in our Licence Brochure (‘Licensing & Pricing Details‘’).
3.3. ‘Business Licence‘: In addition to the features of the Basic & Economy Licence, the Business Licence includes the option of a personal user address and consent query (‘Personal’ function) and also enables specific access for employees of the Contractual Partner on the basis of individual access regulations, e.g. by checking the e-mail address domain. Further information can be found in our Licence Brochure (‘Licensing & Pricing Details‘’).
3.4. The ‘DocCheck Statistics’ function can be booked in addition to the licence types mentioned above. In addition to information on the logins per day, DocCheck Statistics offers pseudonymised detailed information on the users of the respective Login, such as the professional group, the specialist area, the origin or the Login frequency. More information on the DocCheck Statistics feature can be found here.
3.5 The Basic-, Economy- and Business- Licence types are also available as paid App Licences. A software development kit for the integration into a native app is provided for each of these licences. Further information on the scope and features of the app licences can be found in our Licence Brochure (‘Licensing & Pricing Details‘’).
4. Term & cancellation of this Usage and Licence Agreement
4.1. The term of the Usage and Licence Agreement concluded between DocCheck and the Contractual Partner begins when the Login is created and this Usage and Licence Agreement is accepted and runs automatically until the end of the calendar year (31.12.) in which the Usage and Licence Agreement is concluded. If the Contractual Partner or DocCheck does not terminate the agreement in due time with an ordinary notice period of 3 months to the end of the term, the term is always extended by a further calendar year from this point in time. Furthermore, the parties reserve the right to terminate the agreement without notice for good cause at any time.
4.2. Good cause for the termination of this Agreement without notice shall include, but not be limited to
5. Pricing and payments
5.1. The payment obligations associated with this Usage and Licence Agreement depend on the licence type booked by the Contractual Partner, see section 3 of this Usage and Licence Agreement. During the term of the contract, the Basic Licence is available to the Contractual Partner free of charge.
5.2. Request for additional functions that are subject to a charge (see 3.2 - 3.5 of this licence agreement) can be made via the contact forms available on our website or at any time via the email address industry(at)doccheck.com. An obligation to pay only arises upon final booking of the corresponding licences by the Contractual Partner. When booking a chargeable licence, the current licence prices at the time the contract is concluded apply for the current contract year.
5.3. As the provider, DocCheck reserves the right to adjust the current licence prices valid for the contract year at the turn of the year to the following contract year in line with changing market conditions, changes in procurement costs and current inflation trends. DocCheck endeavours to make price adjustments of a maximum of 5% (calculated on the net licence price currently agreed with the Contractual Partner). Price increases will be communicated to the Contractual Partner in text form in good time, but no later than four weeks before the end of the respective cancellation period. Price adjustments that exceed the amount of 5% (calculated on the net licence price currently agreed with the Contractual Partner) shall give the Contractual Partner a special right of termination.
5.4. The term of payment for chargeable licence types is 14 days after receipt of the proper invoice issued by DocCheck.
6. Authorised persons
6.1. By managing the DocCheck Login in DocCheck CReaM, the Contractual Partner independently defines which users have access to the target URL protected by DocCheck Login (‘Site Policy’). Restricting the authorised persons to HCP in accordance with the 'Heilmittelwerbegesetz' (German Drug Advertising Act) makes it technically possible to provide HWG-compliant content on the corresponding target URL. The Contractual Partner is responsible for checking the HWG conformity of the settings made and the correct administration of the site policy; DocCheck does not carry out a review or legal assessment of the site policy settings or the corresponding target URL.
6.2. In the case of site-specific access authorisations (‘company password’), the Contractual Partner itself is responsible for the conscientious management of the access authorisations it has defined. DocCheck Login does not verify or check groups of people or users who are granted access to the target URL via the Login by the Contractual Partner using site-specific access authorisations. The Contractual Partner itself is responsible for the administration and verification of the group of persons defined by it in legal and factual terms.
6.3. The Contractual Partner is solely responsible for any claims for damages, costs for legal defence or other claims arising from warnings, court or administrative offence proceedings or competition law infringements due to an incorrect setting or a setting that does not comply with the applicable legal standards, and DocCheck is indemnified by the Contractual Partner.
7. Obligations of the Contractual Partner
7.1. The Contractual Partner undertakes to offer DocCheck access in the public area of its website in such a way that DocCheck users can immediately recognise the access option to the target URL via the DocCheck Login. The access option via DocCheck must be provided with a DocCheck logo and the name of the ‘DocCheck Login’ in at least 20 pixels in size, a link to apply for a password (https://www.doccheck.com/register) and to reset the password (https://www.doccheck.com/reset-password-request). Logo templates can be requested from DocCheck. The Contractual Partner will carefully install the DocCheck HTML code on its server system in accordance with DocCheck's technical guidelines.
7.2. The HTML code provided by DocCheck may not be modified by the Contractual Partner in terms of its function (target URL, transferred parameters, etc.). The Contractual Partner is not permitted to read and save user-specific access authorisations and is prohibited from doing so. The user-specific access authorisations must be sent directly, i.e. without going through the Contractual Partner's own IT systems, and encrypted (https) to the DocCheck Login server. The transmission must be made using the POST method. The Contractual Partner is obliged to inform DocCheck immediately in the event of suspected misuse of a user-specific access authorisation.
7.3. The Contractual Partner is not authorised to set cookies that store the authentication status of the user in its own permanently available cookies (lifetime cookies) and thus enable or force a circumvention of the Login service or to use user data without the user's consent.
7.4. The Contractual Partner will not use any external (Login) system other than DocCheck to verify access authorisation. This obligation does not apply to the Contractual Partner's own systems. The Contractual Partner is aware that a breach of this contractual obligation may give DocCheck the right to terminate the contract without notice in accordance with section 4 of this contract.
7.5. The Contractual Partner undertakes to comply with all legal standards applicable to it, in particular those of the 'Heilmittelwerbegesetz' (German Drug Advertising Act) and the applicable data protection regulations, when using the DocCheck Login, any data processing carried out on its websites and/or the target URL and when designing its site policy. The Contractual Partner's attention is explicitly drawn to sections 8 and 9 and DocCheck's obligations and exclusions of liability arising therefrom.
8. Data Protection
8.1. Both parties shall ensure that the data protection regulations applicable to you, in particular those of the GDPR and the BDSG, are observed when processing personal data and that personal data is only processed in a lawful manner. Both parties shall also ensure that they have taken appropriate technical and organisational measures for data security. Each party is solely responsible for the data it collects or otherwise processes and informs the persons affected by the data processing independently and in full about the respective processing operations.
8.2.‘ DocCheck Personal‘: DocCheck only transfers personal data of its users, such as their full names or e-mail addresses, to third parties with their express consent. A transfer of data is technically only intended for the ‘DocCheck Personal’ function as part of a business licence (see 3.3.). The consent of the respective User to the transfer of their data to the Contractual Partner within the framework of DocCheck Personal relates exclusively to the digital transfer of the data; the consent of the User concerned is requested during the Login process on the Contractual Partner's website. The further administration and processing of the data takes place exclusively on the servers and under the responsibility of the Contractual Partner from the initial transfer of the user data in the Login process. The website operator is responsible for informing the user in the context of his data protection declaration or other information about the purposes and scope of the processing of his data after the transfer to the Contractual Partner within the framework of DocCheck-Personal. The management of the consent given by the user to these data processing operations on the Contractual Partner's websites (‘Consent Management’) is the sole responsibility of the Contractual Partner.
8.3. DocCheck only creates pseudonymised statistics on the use of the websites connected to DocCheck. Personal user profiles that provide information about the user's individual access habits are not created.
8.4. Both parties are subject to the notification obligations pursuant to Art. 33 and 34 GDPR, insofar as the notification relates to processing operations that are the subject of this agreement. The parties shall inform each other immediately of any planned notification of personal data breaches to the supervisory authority and shall immediately provide each other with the information necessary to carry out the notification. The notification obligation shall only apply to the party responsible for the data.
9. Liability & Warranty
9.1. DocCheck checks the affiliation of its users to the designated professional or personal groups (‘doctors’, ‘pharmacists’ etc.) with the greatest possible care. However, DocCheck cannot rule out the possibility of unauthorised third parties obtaining user-specific access data, e.g. by deception, falsification of documents or spying, which would enable them to access the Contractual Partner's non-public target URL. Furthermore, DocCheck cannot rule out the possibility of DocCheck users passing on links or bookmarks that allow unauthorised third parties access to the non-public area of a website / target URL of the Contractual Partner.
9.2. ‘Availability’: DocCheck operates its password server as uninterruptedly as possible and thus provides the authorised persons (see 6.) with continuous access to the protected areas of the Contractual Partner's target URL. The Contractual Partner is aware that his non-public target URL is not accessible to users of the DocCheck password as long as the password server is not in operation. DocCheck guarantees 97 % functionality of the system on average over the calendar year. Planned or necessary maintenance work that leads to downtime and has been communicated in advance as a maintenance window will be counted as available. DocCheck reserves the right to restrict the availability of its service at short notice - if possible after giving appropriate advance notice - e.g. in order to carry out maintenance work on the system.
9.3. DocCheck undertakes to procure replacements within a reasonable period of time in the event of failure of software and hardware components of the password server or line failures and to restore operational readiness as quickly as possible.
9.4. DocCheck is only liable for other damages within the scope of contract fulfilment caused by it or its vicarious agents in cases of gross negligence or intent. Excluded from this is liability for damages resulting from injury to life, limb or health. In the event of a breach of material contractual obligations, liability in cases of simple negligence for financial losses shall be limited to foreseeable, direct losses and to an amount of EUR 5,000. Liability is otherwise excluded.
10. Choice of law, place of fulfilment, miscellaneous
10.1. This contract is subject to German law - excluding the conflict of laws. The place of fulfilment of the contract is the registered office of DocCheck. Cologne is agreed as the place of jurisdiction.
10.2. The validity of any General Terms and Conditions of the Contractual Partner is excluded.
10.3. Verbal collateral agreements are not made. Amendments or additions to this contract must be made in writing to be effective. The amendment must be made in writing.
10.4. Should any provision of this contract be or become invalid or unenforceable, this shall not affect the validity or enforceability of the remaining provisions. In the event of the invalidity of a provision of this contract, the parties undertake to reach an amicable arrangement whose economic success corresponds as closely as possible to that of the invalid provision.
10.5. DocCheck reserves the right to make changes to this contract for justified reasons, for example for legal or regulatory reasons or to further develop or optimise existing features or to add additional features. DocCheck will notify all Contractual Partners of the changes immediately. If the Contractual Partner does not object to the amendment of the contract within one month of receipt of the notification of amendment, the amended Usage and Licence Agreement shall be deemed to have been accepted by the respective Contractual Partner. DocCheck will specifically draw the Contractual Partners' attention to this consequence of their behaviour in connection with an amendment to the Usage and Licence Agreement in the notification of amendment.
Last update: 06/2024
