Conditions for using Deutsche Bank’s dbSecureEmail mailbox (“dbSecureEmail”)

1. Introduction

These conditions shall apply for the use of dbSecureEmail of Deutsche Bank AG and its affiliated companies (referred to below as “Bank”). dbSecureEmail offers the user the option of sending encrypted emails to the Bank and/or of receiving such emails from the Bank. Further information on the use of dbSecureEmail can be found in the instructions for using dbSecureEmail which can be downloaded from https://www.db.com/securemail (the “Instructions”).

2. Activating dbSecureEmail

To activate dbSecureEmail, the user shall receive an email containing the login data for the dbSecureEmail portal. Details of this can be found in the Instructions. When activating dbSecureEmail, the user shall ensure that he or she has an active reference email address and that the data specified is correct.

3. Functional scope of dbSecureEmail

The functions provided by dbSecureEmail consist of reading, answering and writing encrypted emails, uploading and downloading email attachments, and downloading encrypted emails to store them permanently on the user’s hard disk. The encrypted emails can only be sent between the Bank and the user, not to other recipients. The Bank does not provide any telecommunications services.

The Bank shall be able to temporarily deactivate dbSecureEmail at any time without prior notification for any purpose, including but not limited to, maintenance, updates and testing, as well as to enhance, reduce and/or change the service portfolio or contents of its web presence. The use of dbSecureEmail shall be free of charge.

4. Delivery

The encrypted messages sent in the context of dbSecureEmail shall serve solely to exchange information, unless otherwise agreed. dbSecureEmail messages to the Bank shall be treated in the same manner as email communications received via other email channels. For orders or other business-related notifications, the user must comply with the applicable associated agreements and conditions existing between the Bank and the user. Messages from the Bank to the user in the mailbox of dbSecureEmail shall be regarded as emails delivered to the user.

5. Liability

Claims of the user for damages shall be excluded unless they are claims of the user for damages resulting from fatality, physical injury or damage to health or the infringement of major contractual duties (essential duties) and liability for other damages based on wilful or grossly negligent behaviour of the Bank, its legal representatives or agents. Essential duties shall be those whose fulfilment shall be required to achieve the objective of these conditions. When essential duties are infringed, the Bank shall be liable only for foreseeable damages that are typical for the conditions and if at least caused by slight negligence, unless claims for damages by the user resulting in fatality, physical injury or damage to health are concerned in which case the damage is not limited. The aforementioned restrictions shall also apply for the legal representatives and agents of the Bank when claims are made directly against them.

The Bank shall not be liable for problems for which it is not responsible, for instance, particularly not for malfunctions caused by internet providers. Despite encryption, dbSecureEmail does not guarantee absolute security because the opportunity for third parties to gain knowledge of the content of emails and to manipulate them always theoretically exists on the internet. The user of dbSecureEmail shall be responsible for the content of the messages they send.

As the Bank offers a browser-based application, the user shall remain responsible for the security of his or her own system, including that the web browser is up to date and the use of virus scanners, etc. In addition, the user shall also be responsible for checking whether the use of any encryption technology is permissible in his or her country.

Furthermore, the user shall bear responsibility for his or her access information and must store this information securely. If the access information becomes known to a third party, or if it is suspected that a third party has gained knowledge of it, the user shall be obliged to notify the Bank of this without delay.

6. Data protection and archiving

The registration for using dbSecureEmail shall not automatically include legal consent to receive additional emails above and beyond the system’s dbSecureEmail notifications. The user data and user messages shall be saved up to the duration of the period in which he or she uses dbSecureEmail. dbSecureEmail is not an archiving tool. The messages shall be retained for the user only for a limited period. Details of this can be found in the Instructions.

7. Miscellaneous

The user or the Bank can cancel the use of dbSecureEmail at any time without specifying details or reasons for this. Cancellation must take place in writing or by email (when cancelled by the user, to dbsecureemail.support@db.com). After cancellation, the mails stored in the dbSecureEmail system can still be called up for a period of 90 days.

The Bank reserves the right to adjust these usage conditions at any time and for any reason, including as a result of changing legal and/or general technical conditions. The Bank shall present to the user any changes to these conditions for using dbSecureEmail in text form (including by dbSecureEmail or other email channels) at least two months before such changes come into force. The user shall then have the opportunity to object to the planned changes within these two months. The agreement of the user shall be regarded as having been granted if they have not submitted their objections before the time the changes come into force. The Bank shall expressly point out this deemed approval to the user once again in its offer.

The law of the Federal Republic of Germany shall apply for these conditions between the user and the Bank. Provided the user is a businessman, a legal entity under public law or a fund governed by public law, the legal venue for all disputes arising from contractual relationships between the user and the provider shall be Frankfurt am Main, Germany.