Terms of Use for Porsche Partner Network (PPN)

Terms of Use
for
Porsche Partner Network (PPN)
Version 2.4 Date: 26 Jan. 06
This version replaces all prior versions of this document.
Dr. Ing. h.c. F. Porsche AG
(hereinafter “Porsche”)
Porscheplatz 1
70435 Stuttgart
GERMANY
Page 1 of 6

Preamble
PPN is a service infrastructure of Porsche that allows Users of Partner Organizations to access
specific IT Systems of Porsche using a secure connection over the Internet. The degree of access
to these systems depends on the particular access rights assigned to the individual User. Porsche
aims at providing its Partner Organizations with an easy to use and cost effective way for
electronic communication and data provision.
Porsche as well as its Partner Organizations are required to use PPN in a responsible way. This
relates especially to IT security as sensitive information and functions will be offered over this
infrastructure. PPN related information like User account information (PPN Certificates,
Usernames and passwords) and administrational processes are to be treated confidentially.
1. Object and Scope of the Document
The Terms of Use for PPN describe the rules and responsibilities for authorized Porsche
Importers and authorized Porsche Dealers using the PPN to access information and business
functions on Porsche IT Systems. They are binding for any organization whose employees or
other agents use the PPN no matter for which purpose.
2. Definition of Terms
Account Information Username, Password and PPN Certificate required to access PPN as an
authorized User.
PPN Certificate A PPN Certificate in this context is an electronic ID card downloaded to a
Partner Organization’s PC that establishes the credentials of a User
when opening a PPN connection. It is issued by the certification authority
of Porsche.
Partner Organization Authorized Dealer, Workshop or other partner that is acknowledged by
Porsche to be part of the Porsche Sales Organization.
PPN PPN is the short form of Porsche Partner Network, the Data Network
connecting Partner Organizations in the Porsche Sales Organization to
relevant Porsche IT Systems.
PPN Coordinator The PPN Coordinator is located at the Partner Organization and
administers all PPN User access at that or subordinate organizations.
The PPN Coordinator’s actions in using the PPN Administration tool
and/or granting PPN and other Porsche System access are binding on
the Partner Organization.
PPN Manager The PPN Manager is located at Porsche and manages all subordinate
PPN Coordinators.
Terms of Use for PPN Date: 26 Jan. 06 Page 2 of 6
Version 2.4

3. PPN Utilization
3.1. PPN may be used only for purposes related to the business of Porsche. The Partner
Organizations are liable for any abuse of the provided information, systems and functions,
especially against the interests of Porsche that occur in their sphere of influence or that are
executed using a system or PPN account assigned to an employee or agent of the Partner
Organization. The Partner Organizations are also liable for damages that result of a violation
of their due diligence.
3.2. PPN may only be used by employees or other agents of Partner Organizations that have
been assigned an individual User account by Porsche. Sharing of User accounts between
multiple persons or the propagation of User account information is not permitted.
3.3. Information and functions provided by PPN may not be made available to any third parties
by a Partner Organization for any reason. This does not include information that was meant
by Porsche to be distributed to certain interest groups by the Partner Organization.
3.4. PPN certificates may only be used on office PCs of the Partner Organization. The Partner
Organization must ensure that its employees do not install PPN certificates on private or
public PCs.
3.5. Porsche may provide employees or agents of the Partner Organization with the ability to
also access PPN from their private PCs without a PPN Certificate but with limited
functionality that does not include business transactions. The User may not access PPN
from PCs available to the public.
4. Duties of Partner Organizations
4.1. The Partner Organization must ensure that every PPN User of its organization accesses
PPN with the User account individually assigned to the User by Porsche.
4.2. All Users must be informed about their responsibilities using PPN by the PPN Coordinator.
The IT Security Guidelines for PPN provided by Porsche must be distributed to every User.
In the event that Users are not able to understand the document because of language
problems, the Partner Organization must make sure that the content is personally explained
to them.
4.3. The Partner Organization must ensure that its PPN Users do not store their account
information at publicly accessible places, especially nearby their computers or in databases
(also applicable for handhelds).
4.4. The executive management of the Partner Organization must assign a PPN Coordinator to
act on behalf of of the Partner Organization.
4.5. The Partner Organization must ensure that the provision of User access rights to Porsche
systems does not conflict with the interests of either Porsche or the Partner Organization.
Access rights administered by the Partner Organization should only be given to systems
necessary for each User’s job description and must be removed in the event the User is no
longer in a position that requires those access rights.
Terms of Use for PPN Date: 26 Jan. 06 Page 3 of 6
Version 2.4

4.6. In the event a User is no longer in a position at the Partner Organization in which it is
necessary to have access to PPN, the Partner Organization (PPN Coordinator) must
deactivate the account immediately. The request for deletion must be done within the online
PPN Administration Tool. In the event there is no PPN Coordinator at the Partner
Organization, the User must request the deletion of the account directly by the responsible
PPN Manager.
4.7. PPN Certificates for PCs no longer used at the Partner Organisation must be immediately
deactivated using the online PPN Administration tool. In the event there is no PPN
Coordinator at the Partner Organization, the Partner Organization must address the request
directly to the responsible PPN Manager.
4.8. Should the Partner Organization suspect that an unauthorized person has obtained account
information (e.g. Passwords, PPN Certificates) for PPN, the PPN Coordinator of the Partner
Organization must request a new password and/or certificate using the online PPN
Administration Tool. In the event there is no PPN Coordinator at the Partner Organization,
the Partner Organization must address the request directly to the responsible PPN
Manager.
4.9. The Partner Organization must undertake suitable measures to prevent unauthorized
persons from taking over control of a PC or Notebook that is logged in to PPN or from
tracking User actions. This comprises physical access as well as remote access, especially
from the Internet. The relevant IT security guidelines to comply with are described in a
separate document.
4.10. PPN Certificates issued by Porsche in any form and via any media may not be copied or
handed to persons who are not authorized by Porsche to use PPN.
4.11. PPN Certificates stored on PCs or Notebooks no longer used by authorized persons for
accessing PPN must be removed irrecoverably from these devices. This applies particularly
to any devices that will be sold or no longer be under constant physical control of the
Partner Organization.
Terms of Use for PPN Date: 26 Jan. 06 Page 4 of 6
Version 2.4

5. Exclusion of Warranty and Liability
Porsche has employed state of the art Internet security and encryption technology in order to
ensure the highest level of security possible. However, no network or system can be made 100 %
secure. Therefore, any warranty or liability of Porsche or any other claims in connection therewith
against Porsche for any reason whatsoever are excluded. Porsche shall not be liable for any loss
or damage that results from the use, performance or availability of the PPN infrastructure.
Furthermore, as the public Internet is used as communication platform, Porsche has no control of
the communication path, and therefore, is not able to guarantee a certain quality of service.
Porsche is also not liable for any damages that result from lost or manipulated data transmitted
over the PPN infrastructure.
No warranties, whether express or implied, including but not limited to the implied warranties of
merchantability or fitness for a particular purpose, are made. In no event will Porsche be liable to
Partner Organizations or any other party for any incidental or consequential damages that may
arise from use of the PPN.
6. Other Conditions
6.1. The fact that Porsche provides the PPN infrastructure does not support any claim of a
Partner Organization to be given access to it.
6.2. Porsche may end the PPN infrastructure service without prior notice because of business
reasons or force majeure. If possible, Porsche will advise the Partner Organization within an
adequate period of time prior to the discontinuation.
6.3. Changes and supplements to this Document can only be made in writing and will be
released in a new version replacing all older ones.
6.4. New versions of these terms become effective when made available through the PPN online
interface. There is no need for a separate notification. The existence of a newer version
automatically leads to a replacement of all older versions.
6.5. A Partner Organization may terminate the usage of PPN at any time with five working days
notice by written letter or fax to the PPN Manager so that all of its User accounts can be
disabled. The liability to keep all PPN related information confidential continues also after
the termination of the usage for a period of three (3) years.
6.6. In the event a Partner Organization violates one or more regulations of these terms and
conditions for PPN, Porsche may, in its sole discretion and without prejudice to any other
rights it may have, deactivate all User accounts of the Partner Organization immediately
without prior notice.
6.7. Should a provision in this agreement be found to be invalid, the validity of the remaining
provisions in the agreement shall remain unaffected. The invalid provision shall be replaced
by a provision, which, in a legally acceptable manner, comes closest to realizing the
economic purpose intended by the invalid provision.
Terms of Use for PPN Date: 26 Jan. 06 Page 5 of 6
Version 2.4

6.8. These Terms of use are governed by the laws of the Federal Republic of Germany without
regard to conflict of laws rules. The place of fulfilment for all obligations arising from these
terms of use and the sole place of jurisdiction is Stuttgart, Germany.
Terms of Use for PPN Date: 26 Jan. 06 Page 6 of 6
Version 2.4

IT Security Guidelines
for
Porsche Partner Network (PPN)
Version 1.1 Date: 26 Jan. 06
This version replaces all prior versions of this document.
Dr. Ing. h.c. F. Porsche Aktiengesellschaft
(hereinafter “Porsche”)
Porschestrasse 15 – 19
71634 Ludwigsburg
Germany
Page 1 of 3

Preamble
It is of great interest for Porsche that PPN Users work in a secure IT environment. Our
common business should not be affected by computer viruses, unauthorized access to
systems, manipulation of data by third parties or instability of data communication.
For this reason, Porsche has established these IT security guidelines to enable the
Porsche Partners keeping a high level of IT security in their day-to-day work.
In case there are any uncertainties regarding IT security, the Partner IT administrator
should be able to help the user. Please contact the responsible PPN Manager for further
information.
1. Anti Virus Software
IT security rules in brief:
Users may not
• share their PPN account,
• save or store their password on the PC,
• use a PPN Certificate on a private or public PC or
• leave their PC unlocked when away.
The Partner Organisation has to ensure that
• PCs are protected from viruses,
• a firewall protects the PC or network from external
access and
• physical access to PCs is limited to Partner personnel.
The PCs used for PPN access must have an Anti Virus Software installed with actual virus
definitions. Otherwise it is possible that data may be deleted or manipulated. It is also
possible that the user spreads a virus to other people’s computers. A virus may also allow
other people to track the user’s action or to use their computer to take unwanted action.
2. Connection to the Internet
The connection to the Internet must be protected by an up to date firewall. This can either
be a special device or a piece of software installed on the users computer.
IT Security Guidelines for PPN Date: 26 Jan. 06 Page 2 of 3
Version 1.1

3. Usernames and Passwords
The most vital part to prevent unauthorized use of Porsche information systems is the
personal identification of the user. If somebody else gets to know the username and
password of the user or gets a copy of the user’s certificate, they may undertake
unwanted actions using these credentials. To prevent this, the user may not store their
username and password for PPN and other systems at publicly accessible places or in
databases. Users must not use the “remember password” function of their
browser. If written down, username and password must not be stored in the
same place and never at the user’s PC or display.
4. Configuration of the IT security components
Every component (Anti Virus Software, Firewall, etc.) that protects the user from IT
security risks is only as good as its configuration. In case there are doubts about one or
several settings of the components, involve your responsible IT administrator.
5. Sharing of user accounts
To access PPN via Internet every user must have a personal user account. Joint usage of
one account by two or more people is strictly prohibited. This is not only an IT security
measure for Porsche but also for the user as nobody else should be able to undertake
actions with their user credentials.
6. Access to the users computer
If Users leave their desk, they must always disconnect from PPN or block their computer
as other people may use their PPN connection while they are away.
7. Sharing of a Computer
If Users share a computer with colleagues, all of them need to use their own user account
to access PPN via Internet. This requires a separate user request and setup for each
person.
8. PPN Certificates
PPN certificates may only be used on workplaces of the Partner Organisations but not on
private or public PCs.
IT Security Guidelines for PPN Date: 26 Jan. 06 Page 3 of 3
Version 1.1