Service Level Agreement for Avira Managed Email Security of Avira - October 2011

  1. Scope of the Service Level Agreement

    1. This document describes the standard level of service rendered by Avira or its affiliated entities within the meaning of § 15 of the German Stock Corporation Act (AktG) for Customers of Avira Managed Email Security Services, including performance criteria, availability of services, action to be taken in cases of a service failure and response and repair times.
    2. This Service Level Agreement set out below (hereinafter referred to as "SLA") shall apply to all license agreements between Avira Operations GmbH & Co. KG, Kaplaneiweg 1, 88069 Tettnang, Germany (hereinafter referred to as “Avira”) and its Customers concerning the delivery of its Managed Email Security Services, in particular, the provision of Managed Services.
    3. Avira reserves the right to change, update, amend or modify this SLA at any time. Such changes will be transmitted to the Customer in writing (email will be sufficient). The Customer may object to the notified changes. If the Customer does not object to notified changes or any part thereof within four (4) weeks after receipt of the notification (hereinafter referred to as "Objection Period"), the notified changes are considered to be accepted unequivocally by the Customer. If the Customer objects to the notified changes within the Objection Period, the agreement will continue on the present Terms. Objections, notifications and other notices by the Customer to Avira shall be sent to the address at the end of this SLA.
  2. Objective and additional Definitions

    For all capitalized terms not defined below, the definitions of the Terms and Conditions of Avira apply.

    1. Email Scanning time - means the processing time of an email in the scanning process of Avira. It does not cover delivery times from and to Avira systems.
    2. False positive - means a wrong classification of a legitimate email message as spam or Malware by scanning techniques and, as a result, interfering with its delivery.
    3. Known Malware - means malware which is detectable with existing anti-virus software signatures known to the anti-virus software used as part of the Service.
    4. MyAccount - means web interface enabling the Customer to access and configure the Services with the aid of a Login.
    5. Office hours - means the hours from Monday to Friday between 8:00 AM and 5:00 PM, with the exclusion of official nationwide bank holidays in Germany. All times indicated are CET (GMT +1).
    6. Open relay - means an incorrectly configured email server enabling third parties to abuse this server.
    7. Repair time - means the time within Office hours measured by Avira between Avira receiving a notification of a failure by Customer and recovery of the Service by Avira.
    8. Scheduled maintenance - means maintenance work performed by Avira or its subcontractors to its own network, data center, servers and resources.
    9. Service Availability - means the amount of time expressed as a percentage during which the Service is available for the Customer over a defined period.
    10. Service failure - means an interruption of the delivery of Services and Deliverables excluding Scheduled maintenance.
    11. Spam filtering - means a security measure that helps to reduce the amount spam that enters the email system.
  3. Service levels

    The Managed Email Security Services shall generally perform to the levels as set forth below:

    Service Availability (per year) 99,9%
    Email scanning time (of average email size) 3 seconds
    Spam filtering 99,9%*
    Malware detection 100% of Known Malware
    False positive rate 0,00001%*
    Repair time According to severity levels as noted in clause 7 below
    * use of default settings
  4. Communication

    Customers can communicate with the Avira Support via E-mail to support@avira.com or telephone during Office hours:

    0049/(0)1805/2684847 (14 cents a minute from a German landline. Max. 42 Cents a minute for calls from the German mobile network.)
  5. Maintenance

    1. Scheduled maintenance resulting in an interruption of Service lasting longer than 5 minutes will be reported to the Customer by email at least 48 hours prior to Scheduled maintenance by indicating the following:
      1. time of maintenance
      2. estimated interruption length (in time) and
      3. estimated severity level of interruption.
    2. To the extent possible, Scheduled maintenance resulting in an interruption of Service lasting longer than 5 minutes will be conducted between 7:30 PM and 7:00 AM.
  6. Service failure and reporting process

    1. The Customer will immediately notify Avira of a Service failure and Avira will inform the Customer in return about the nature of the Service failure and the estimated repair time.
    2. The Customer is required to provide all reasonable and necessary assistance needed to restore the Service.
    3. Avira will inform the Customer as soon as possible if the failure has no relation to the Services provided by Avira.
    4. Avira will notify the Customer once the Service failure has been remedied.
  7. Repair time and Service failure classes

    Avira will endeavour to remedy the failure as soon as possible according to the protocol as outlined in the table below.

    Severity 1 Critical error Critical Major Service failure which completely interrupts the Service. 95% of all reported incidents will be resolved within 2 Office hours
    Severity 2 Significant error Substantial Service failures severely interrupting the Service or leading to major delays. 85% of all reported incidents will be resolved within 4 Office hours
    Severity 3 Moderate error Standard Service failures with no or negligible influence on email scanning and delivery. 75% of all Service failures will be resolved within 8 Office hours
    Severity 4 Minor error Requests for information with reference to Services. 65% of all reported incidents will be resolved within 8 Office hours
  8. Data Privacy

    1. Avira and the Customer undertake to comply with data protection laws.
    2. If necessary, a separate agreement is concluded on commissioned data processing.
  9. Exclusion

    1. This SLA does not apply in the following cases:
      1. Scheduled maintenance
      2. the failure is related to services which are not functions of the Managed Service
      3. the failure occurs due to incorrect use or mismanagement by the Customer, including, without limitation, an “open relay”; or
      4. the failure is caused by deliberate actions or omissions of the Customer or third parties.