FAQ
EULA rev. February 2019 CONFIDENTIAL Page 10 of 11
Except for cases of gross negligence and willful misconduct, in which statutory provisions apply, and unless a different warranty
period has been agreed in a particular case, claims for defects in Products shall become time-barred upon expiration of the warranty
period set forth in the Product Notice. To the extent the foregoing does not lead to a different period, warranty period shall be one
(1) year. Software warranty commences upon Delivery or notice of availability for electronic download.
In case of a defect notified to RSA, RSA shall, at its option, either remedy the defect or replace the affected Product. If RSA is
unable to effect such within a reasonable time and Customer has notified RSA in writing of the breach with the request to remedy
the defect within a reasonable time period to no avail (whereby Customer shall grant to RSA a reasonable number of attempts (but
no less than three) to cure the defect), then Customer has the right to reduce the remuneration or to rescind the purchase order for
the Product concerned. Customer is entitled to the foregoing rights also without setting a grace period if RSA has seriously and
definitely refused to cure a defect.
If Customer rescinds the purchase order, RSA shall refund the amount paid by Customer for the Product concerned as depreciated
on a straight line basis over a five (5) year period, upon return of such Product to RSA.
(iii) Lease Contracts. The provisions on statutory warranty for lease contracts (sec. 536 et seq German Civil Code (BGB)) shall not
apply.
5. Section 5.F, No Further Warranties: shall be deleted.
6. Section 8 Limitation of liability: shall be replaced in its entirety with:
8. LIMITATION OF LIABILITY. For all claims of Customer for damages under or in connection with this CSA or any quote
or order, whatever the legal basis (including liability for defects, other breaches of contract and tort) may be, the following shall
apply:
A. Unrestricted liability. In case of death or personal injury, in case of EMC’s gross negligence or willful misconduct, and in
case of claims under the German Product Liability Act (Produkthaftungsgesetz), RSA shall be liable to Customer according to
statutory law.
B. Restricted Liability. In all other cases, the following shall apply:
(i) RSA’s liability shall be limited to typical, foreseeable damages.
(ii) Unless a differing liability cap is expressly agreed otherwise, the typical foreseeable damages shall, for each damaging event,
not exceed the total price paid by Customer to RSA for the Products and Services (calculated on an annual basis in case of
ongoing Services to be provided for a period of more than one year) in relation to which such claim arises, but in any event not
less than 100.000,00 EUR and not more than 1.000.000,00 EUR.
(iii) RSA shall be liable to Customer only if RSA has breached a material contractual obligation (i. e. an obligation the
performance of which is essential to allow the implementation of the agreement, and the compliance with which Customer usually
may rely on).
(iv) RSA shall not be liable for any consequential or indirect damages to the extent such damages are untypical or unforeseeable.
C. Guarantees. RSA does not give a guarantee in relation to Products or Services (Beschaffenheitsgarantie) that would entail
an unlimited liability of RSA or a liability regardless of negligence or fault pursuant to the German Civil Code, except if an
unlimited liability and/or liability regardless of negligence or fault has been expressly agreed in writing. The mere use of terms
like “to guarantee”, “to ensure” or similar wording shall not be considered sufficient to establish such liability, but a binding
contractual commitment of RSA that is subject to the agreed limitation of liability.
D. Regular Back-ups. As part of its obligation to mitigate damages, Customer shall take reasonable data back-up measures. In
particular, Customer shall provide for a daily back-up process and back-up the relevant data before RSA performs any remedial,
upgrade or other works on Customer’s production systems. To the extent RSA’s liability for loss of data is not anyway excluded
under this Master Agreement, RSA shall in case of data losses only be liable for the typical effort to recover the data which would
have accrued if Customer had appropriately backed up its data.
E. Limitation Period. Except for claims relating to cases of unrestricted liability set forth in section A above (“Restricted
Liability”) the following applies: All claims for damages based on defects of Products or Services shall be time-barred 12 months
after delivery, except if the parties have agreed on a shorter warranty period. The limitation period for all other claims for damages
shall be eighteen (18) months after the cause of action accrues, unless statutory law provides for a shorter limitation period.
F. Suppliers. The foregoing limitations shall also apply in favor of RSA’s employees and Suppliers.
7. Section 12.F Governing Law: the following sentence shall be added: To the extent permitted by law, the courts of the city of
Frankfurt am Main shall be exclusively competent to rule on disputes arising out of or in connection with this CSA.
14. CUSTOMER OBLIGATIONS
A. Customer may not engage any third parties to conduct security audits of RSA Products without the prior written consent of RSA.
B. Customer agrees to comply with the RSA Security Vulnerability Reporting Policy, currently located at
https://www.dell.com/support/contents/us/en/04/article/product-support/self-support-knowledgebase/software-and-downloads/dell-
vulnerability-response-policy.
15 CLOUD AND HOSTING SERVICES
A. In the event Customer purchases cloud or hosting services from RSA with respect to an RSA Product, RSA shall provide such
services, subject to the applicable cloud or hosting services terms, available at:
https://www.rsa.com/en-us/company/standard-form-
agreements.