Terms & Conditions

General Terms and Conditions iMATRIX GmbH

These general terms and conditions ("GTC") regulate the contractual relationship between iMATRIX GmbH ("provider") and its customers (hereinafter referred to as "customer"). By completing the registration form and ordering a user account ("iMATRIX account") on the provider's website, the customer unconditionally accepts the following provisions. The provider reserves the right to subsequently change or supplement the GTC. These changes only become part of the contract if the customer does not object within 14 days of becoming aware of them. The current version of the GTC is published on the provider's website (https://www.imatrix.ai/general-terms-of-use).

iMATRIX GmbH offers companies and agencies the provision of services in the field of information and communication technology (consulting, development, production, sales, support, IT services, training, maintenance); Arranging of business relationships and orders in the field of digital communication, graphics and IT services; holdings; Management of assets, in particular acquisition, financing, construction, management and sale of real estate; Acquisition, management and exploitation of intellectual property rights.

1. Subject of the contract

Using the iMATRIX software (hereinafter referred to as "imatrix"), the provider mainly offers Software as a Service (SaaS) services over the Internet in the field of business software. In addition, the provider provides other services in various areas (hereinafter collectively referred to as "services"). The exact scope and conditions of the services are shown in the current service description on the provider's website. The contract includes in particular:

a) the provision of the iMATRIX software for use via the Internet;
b) the storage of customer data ("data hosting");
c) the provision of various add-ons as a supplement to the iMATRIX software. Some add-ons are offered by the provider itself, others by third parties. The add-ons can be ordered or set up either directly in the iMATRIX account or in the provider's app marketplace.

2. Licensing of Software

2.1. During the term of this contract, the provider enables the customer to use the current version of the iMATRIX software over the Internet against payment. The software is stored on a server that is accessible to the customer via the Internet.
2.2. The provider will continuously develop the software and improve it through regular updates and upgrades. The exact range of functions of the current version is described in the service description on the provider's website.
2.3. The provider regularly monitors the functionality of the software and, if technically possible, corrects any software errors.

3. Granting of Licenses to Use the Software

3.1. During the period of validity of the contract, the provider grants the customer the non-exclusive and non-transferable right to use the iMATRIX software properly in accordance with the agreed scope of services.
3.2. The customer may neither reproduce nor edit the software unless this is expressly permitted in the current service description on the website or approved in writing by the provider. In particular, it is prohibited to install the software temporarily or to store it on data carriers (with the exception of the main memory) of the hardware used by the customer.
3.3. The customer is not entitled to make the software available to third parties for a fee or free of charge. Any form of making the software available to third parties is expressly prohibited unless this is expressly permitted in the current service description on the website or approved in writing by the provider.
3.4. The customer undertakes to structure his contractual relationships with third parties in such a way that unauthorized use of the software by third parties is effectively prevented.

4. Hosting of Data

4.1. The provider provides the customer with a certain storage space on a server (see service description) to save his data on it. If the existing storage space is not sufficient, the provider will inform the customer in good time. If the customer does not order additional storage space for a fee, no more data will be stored that exceed the available storage space.
4.2. The provider guarantees that the stored data can be called up via the Internet in accordance with the technical possibilities.
4.3. The customer may not pass on the provided storage space either partially or completely to third parties for use against payment or free of charge.
4.4. The customer undertakes not to save any content on the storage space that violates applicable law or agreements with third parties.
4.5. The provider takes appropriate measures within the technical possibilities to prevent data loss and to prevent unauthorized third party access to customer data. To this end, regular backups are carried out, data is checked for viruses and firewalls are installed.
4.6. The customer remains the sole owner of the data and can request the release of individual or all data from the provider during the contract period, without the provider having a right of retention. The data is transmitted to the customer via a data network in a format used by the provider. The customer is not entitled to the software required to use the data. The provider can demand reasonable compensation for the release of the data.
4.7. After the end of the contract, the customer has the right to demand the surrender of his data in accordance with point 4.6 for one month. The provider is not obliged to store the customer data beyond this period or to ensure the release. If a customer requests the release of data after the one-month period has expired and the data is still available from the provider, the provider releases the data as soon as the actual costs incurred have been paid.

5. Use of Subcontractors

5.1. In order to fulfill the contractual services, the provider can call in subcontractors or third parties, especially for software programming. In the case of a permissible consultation, the provider ensures that the officers are carefully instructed.
5.2. The warranty and liability for subcontractors or third parties is excluded by law as far as possible.

6. Working with Third Party Providers/Trustee Partners

6.1. The customer can grant a third party, such as his trustee, access to his iMATRIX account to enable the exchange of data. The customer retains full control over the access rights and can restrict or deny the access of the third party at any time.
6.2. The provider also allows the trustee to open an iMATRIX account and manage access rights. The Trustee may grant, limit or deny these rights to any third party. In exceptional cases, however, the provider reserves the right to pass on certain data to authorized third parties.
6.3. By granting access rights to third parties, the customer agrees that the provider may make all released data available to the authorized person. The provider assumes no responsibility for the data processing by the authorized person, e.g. the trustee.

7. Third Party Addons

7.1. The provider provides an interface ("API") for communication with third-party software. This gives the customer the opportunity to integrate various additional packages or offers from third parties ("add-ons") via the iMATRIX software. The customer can order the add-ons in the provider's app marketplace. The customer can also grant other third-party providers permission to use the interface to their iMATRIX account. It applies that a contractual relationship regarding the use of third-party add-ons is established exclusively between the customer and the third-party provider, unless expressly agreed otherwise.
7.2. If access rights are required for the use of an add-on, the customer expressly agrees to grant all necessary access rights by ordering or integrating the add-on. The provider is then entitled to make all necessary customer data available to the third-party provider or to allow access to it. The customer retains full control over the third-party provider's access rights to his data at all times and can restrict or deny access at any time. The customer also agrees that the provider or the third party exchanges data when using other add-ons.
7.3. Any warranty and liability for the third-party add-ons is expressly excluded. The provider assumes no responsibility for data processing by the third party.
7.4. Regardless of other assurances, the provider reserves the right to partially or completely restrict access to the API for individual or all customers for important reasons. An important reason exists in particular if data is migrated through the interface that damages the provider or overloads the infrastructure.
7.5. By ordering the add-on, the customer declares his consent to the terms and conditions and the data protection declaration of the respective third-party provider.

8. Third Party Advice

8.1. The Provider offers its customers the opportunity to use third-party consulting services. The authorization to use these services is determined according to the current service description on the provider's website. The consulting services can be offered on the basis of insurance contracts between the provider and the third party providers, but not exclusively.
8.2. In order to verify the customer's eligibility and to provide the third party with the necessary contact information, the following data is transmitted to the third party:

a) name/company of the company,
b) address (street, zip code, city, address supplements),
c) concluded contracts between the provider and the customer,
d) telephone number(s),
e) email address(es).

8.3. Customers are required to provide evidence of their entitlement to receive the Consulting Services at any time upon request from the Third Party Provider. You are responsible for allowing access to the Consulting Services only to employees who are authorized to do so (e.g. by providing the third party provider's phone number).
8.4. The customer obtains the consulting services exclusively from the third-party provider. Any claim for performance by the customer exists exclusively against the third-party provider. There is never a consulting or insurance contract between the provider and the customer.
8.5. The provider reserves the right to restrict or terminate the consulting services for individual customers at any time for important reasons. An important reason exists in particular if the offer is used in a quarrelsome or excessive manner.
8.6. By accepting the terms and conditions, customers declare their consent to the general terms and conditions and the data protection declaration of the respective third-party provider.


9.1. The provider will respond to customer inquiries about the iMATRIX software and other services as quickly as possible within the business hours published on its website, either by telephone or in writing by e-mail. Please note that support for third-party software and services (e.g. add-ons) is excluded from this.

10. Impairment of accessibility

10.1. Adjustments, changes and additions to the provider's SaaS services, as well as measures to identify and rectify malfunctions, will only lead to a temporary interruption or impairment of availability if this is necessary for technical reasons.
10.2. The basic functions of the iMATRIX software are regularly monitored and maintained. In the event of serious errors (e.g. if the use of the iMATRIX software is no longer possible or is significantly restricted), maintenance is usually carried out within 2 hours after the customer has become aware of it or has been notified. The provider will inform the customer in good time about planned maintenance work and carry it out as quickly as possible. The provider strives for high availability of the iMATRIX software.
10.3. The third-party services discussed in this section are excluded from the uptime guarantees. In particular, the provider cannot guarantee the availability of add-ons that are the responsibility of third parties.

11. Customer Obligations

11.1. The customer must only use the SaaS services for the agreed purpose. He is solely responsible for the Content that he and his Furnished Users create, transmit or use using the SaaS Services. The customer is responsible for the necessary system requirements (especially hardware and software) for using the iMATRIX software. The customer himself is responsible for entering and maintaining his data and information required to use the SaaS services, without prejudice to the provider's responsibility for data backup.
11.2. The customer is obliged to check his data and information for viruses and other harmful components before entering them and to use appropriate virus protection programs.
11.3. The customer must take appropriate measures to prevent unauthorized access by third parties to the software. The customer is obliged to inform its employees about existing intellectual property rights and to ensure that these are observed. In particular, employees are instructed not to make copies of the software or pass on access data to third parties.
11.4. Before the customer uses the SaaS services for the first time, he must generate a "User ID" and a password, which are required for access to the iMATRIX account. The customer is obliged to keep his "User ID" and password secret and not make them accessible to third parties. Customer must notify Provider immediately of any unauthorized use or security breach. In such cases, the provider will reset the customer's "User ID" and password.
11.5. The customer is obliged to take all measures that he deems necessary to ensure the security of data, software and network connections. In particular, Customer should change its password on a regular basis, at least every sixty (60) days.
11.6. The customer must always keep the information in his iMATRIX account up to date, in particular personal information such as home address, e-mail address and telephone number(s).
11.7. After termination of the contractual relationship, the customer is responsible for backing up his data. The provider is entitled to irrevocably delete all data one month after the end of the contract.
11.8. If the customer violates his obligations according to the terms and conditions or other contractual provisions, the provider has the right to temporarily or permanently restrict or block the iMATRIX account and access to all services.

12. Fee

12.1. The customer is obliged to pay the provider the agreed fee plus/incl. VAT according to its subscription or the corresponding service description.
12.2. Unless otherwise agreed in writing, the fee is to be paid in advance.
12.3. The provider will send the customer an invoice for the agreed fee to the email address provided for the billing address.
12.4. The provider reserves the right to adjust the fees and/or service content at any time by notifying the customer in writing. Reasons for these changes can be technical progress and further development of the software. If the customer cannot accept the changes to the changed tariffs and if these represent a worsening of the conditions from the customer's point of view, he has the right to extraordinary termination. Notice of termination must be given within 14 days after the changes take effect.
12.5. In the event of a delay in payment, the provider is entitled to temporarily block the iMATRIX account and restrict access to the services. During the blocking, the agreed fee remains due in full. Access will be reactivated once outstanding invoices have been settled.

13. Warranty / Liability

13.1. The provider guarantees the functionality and operational readiness of the SaaS services in accordance with the provisions of these GTC.
13.2. The customer undertakes to indemnify the provider from all claims by third parties based on the data stored by him and to reimburse the provider for all costs that arise due to possible violations of the law.
13.3. The provider has the right to block the storage space immediately if there is a reasonable suspicion that the stored data is illegal or violates the rights of third parties. Such a suspicion exists in particular if courts, authorities or other third parties inform the provider about it. The provider informs the customer immediately about the blocking and the reason for it. The ban will be lifted as soon as the suspicion has been completely eliminated.
13.4. Within the framework of the legal provisions, the provider excludes any liability towards the customer or third parties, including the fulfillment of contractual and non-contractual obligations and the loss of data, even in the event of negligence. This exclusion of liability also applies to damages that arise directly or indirectly through the use of the iMATRIX software.
13.5. If the provider calls in assistants to fulfill its contractual obligations, it ensures that these are adequately instructed. Otherwise, warranty and liability are excluded to the extent permitted by law, including intent and gross negligence.
13.6. In all cases, regardless of the liability basis, the provider's liability is limited to the amount of the monthly license fee for the last twelve months before the damage occurred.
13.7. The warranty and liability for software and services from third-party providers, such as add-ons, consulting services or bank interfaces, is excluded to the extent permitted by law.

14. Duration of Agreement

14.1. The contractual relationship begins with the registration and order by the customer.
14.2. The contractual relationship is concluded for an indefinite period. Therefore, the respective subscription (monthly subscription, annual subscription, etc.) is automatically extended by a further billing period as long as the contractual relationship has not been terminated in accordance with the provisions of this section.
14.3. The parties have the right to terminate the contractual relationship by giving one month's notice to the end of the current billing period of the respective subscription (monthly subscription, annual subscription, etc.). We reserve the right to make other agreements regarding the notice period (particularly as part of special offers).
14.4. Form of termination: The termination must be made online in the customer's iMATRIX account. After termination, the customer receives an e-mail from the provider with a confirmation link. As soon as this confirmation has been received by the provider, the iMATRIX account will be blocked after the one-month notice period at the end of the respective billing period. The receipt of the cancellation confirmation by the provider is decisive for the time of cancellation.
14.5. The parties reserve the right to terminate the contract immediately for important reasons. An important reason for the provider can exist in particular if:

a) the customer becomes insolvent or the bankruptcy proceedings are discontinued due to a lack of assets;
b) the customer is in arrears with payment obligations from this contractual relationship to the extent of at least one month's fee and after a reminder with a period of two weeks was reminded without success;
c) the customer intentionally violates legal regulations or encroaches on the copyrights, industrial property rights or naming rights of third parties;
d) the customer seriously violates obligations under the GTC or other contractual provisions;
e) the customer uses the services for criminal, illegal or ethically questionable activities.

14.6. In the event of the death of the owner of a sole proprietorship, the provider is generally entitled to release the data of the sole proprietorship to authorized persons (in particular family members, trustees). This release depends on proof of a legitimate interest (e.g. succession planning, distribution of inheritance, etc.). The Provider can also grant an authorized person access to the iMATRIX account of the individual company concerned or transfer the account to this person (e.g. heirs) after presentation of appropriate proof. However, if the entitlement is doubtful or several parties make different claims, the provider can refuse to release data or further steps.

15. Notices

15.1. Unless otherwise provided by law, all communications must be made in writing or by email to the address specified by the Customer in the iMATRIX account or to the (email) address specified on the Provider's website. The customer is obliged to report changes of address (including the e-mail address) immediately or to update them in the iMATRIX account. Otherwise, notices sent to the last address given will be deemed to have been effectively served.

16. Privacy

16.1. By accepting these GTC, the customer declares his agreement with the data protection declaration and the order processing contract of the provider in their currently valid version. These documents are permanently available on the provider's website. The customer confirms that he is aware of these documents.
16.2. The customer hereby expressly agrees to the exchange of data between the provider iMATRIX GmbH. iMATRIX GmbH is committed to secrecy and compliance with applicable data protection laws.

17. Intellectual Property Rights

17.1. All rights to the intangible assets, in particular to the iMATRIX software and the website in connection with the SaaS services, remain the property of the provider.

18. Confidentiality Obligation

18.1. The provider will treat information that becomes known to him in the course of the preparation, implementation and fulfillment of this contract, in particular business or trade secrets of the customer, confidentially and will not pass this information on to unauthorized third parties without the customer's consent. This obligation applies to all third parties, unless the disclosure of information is necessary for the proper fulfillment of the provider's contractual obligations.
18.2. The customer authorizes the provider to name the customer as a reference and to use general information about the agreed contract in an appropriate manner for marketing, public relations and sales purposes. However, the provider will contact the customer before publication and the customer can only revoke the consent for good cause.

19. Newseltter Tools "Principles for the provision of our services"

19.1 With our software and its functions, we only provide you with a technical basis for the purposes to be covered by you within the limits of the services purchased (see in particular the service description at https://www.marketing-mailing.com). We assume no responsibility for the actions performed with our software or for the content processed with our software. For all actions you carry out with our software and processed content, the legal regulations, agreements and contracts that you conclude with your customers, partners, employees etc., with whom you use our software or for whom you use our software, apply exclusively.
19.2 You must not allow any third party to use our Services for commercial purposes.
19.3 We reserve the right to change or adapt our services and the documents and attachments related to them, taking your interests into account, provided that we do not violate our contractually assumed main service obligations towards you. We will only make essential modifications and settings that change the contractual relationship with you in a negative way with your consent. If this is not achieved and we have to make the corresponding modification or adjustment because we are changing our business model or this is necessary for technical reasons, both parties have the right to terminate this contract extraordinarily.
19.4 In the event of force majeure, we are released from our obligation to provide the services for the corresponding period if it is actually not possible for us to provide the service. Fire, explosion, flood, war, blockade, embargo, pandemic and industrial action for which we or a subcontractor are not responsible are considered force majeure.
19.5 You are responsible for the actions of your users and are responsible for them as you are for your own actions.
19.6 Links or functionality in our software may take you to third party websites and software that are not operated by us and for which we are not responsible. Such links or functionalities are either clearly marked or recognizable by a change in the address line of the browser or a change in the user interface.
19.7 We are entitled, after giving legitimate reasons, to refuse access to our software and to block or exclude you as a customer or your users or to terminate the contract extraordinarily if we receive repeated complaints about you or if the specifications from the contract and these GTC, other requirements communicated by us or compliance with legal regulations are repeatedly disregarded by you. We will inform you about this immediately and give you the opportunity to comment. Before a complete blocking or a complete exclusion, we will inform you about this 10 days in advance, stating the appropriate reasons. If you remove the reason that led to the rejection, blocking or exclusion, we will consider resuming your services on our platform.

20. Hosting and Mailing

20.1. If the customer does not pay his last reminder, his hosting account will be blocked for 10 days. To activate the account again, an advance payment of CHF 200 is required. If the customer does not leave a written message with iMATRIX GmbH after a further 10 days (a total of 20 days after the first blocking), the data will be permanently deleted and cannot be restored. In this case, iMATRIX GmbH is not liable for any damage that could result from the loss of data.
20.2. It is not permitted to send mass e-mails (newsletters) from the iMATRIX Management Server. In the event of a violation of this regulation, the affected domain hosting will be blocked immediately. In order to activate the hosting again, an advance payment of CHF 200 is required. If this regulation is repeatedly violated, the domain hosting will be completely blocked by the iMATRIX server and all data will be removed from the server. In this case, iMATRIX GmbH is not liable for any damage caused by the loss of data.

21. Severability Clause

21.1 If provisions in this contract are or become invalid or void, the validity of the remaining provisions shall remain unaffected. The invalid or void provision is to be replaced by a new provision that comes as close as possible to the invalid or void provision in a legally permissible manner and has a comparable economic meaning and effect. The same procedure applies if a contractual gap becomes apparent.

22. Governing Law and Jurisdiction

22.1 This contract is governed by Swiss law, excluding conflict of laws and international agreements, including questions of formation and validity. The exclusive place of jurisdiction for all disputes in connection with this contract, including questions regarding the formation, validity, invalidity, binding nature, implementation, amendment or addition, violation or termination of this contract, is at the seat of the provider.

Last update: July 27, 2023


Order processing contract iMATRIX GmbH

The order processing contract regulates the data protection obligations between iMATRIX GmbH (provider) and its customers (client) and refers to the General Terms and Conditions and the DSE. It applies to all activities in which the provider's employees or commissioned third parties process the client's personal data. The data protection officer of the provider can be reached at support@imatrix.ai for all data protection-related questions.

1. Object of the order, duration and specification of the order processing

1.1. The subject and duration of the order as well as the type and purpose of the processing are generally based on the General Terms and Conditions (GTC), provided that the following provisions do not result in any further obligations.
1.2. The exact object, type and purpose of the order processing are specified in the order processing contract.

2. Responsibility & Scope

2.1. The provider carries out the processing of personal data on behalf of the client. The scope of this processing is specified in the terms and conditions on the provider's website.
2.2. The client is solely responsible for compliance with the legal provisions on data protection, in particular with regard to the legality of data transmission to the provider and the legality of data processing.
2.3. By filling out the registration form and ordering a user account ("iMATRIX account") on the provider's website, the client gives the provider the corresponding instructions for data processing. The client can supplement, change or revoke his instructions via his iMATRIX account or by notifying the provider. Instructions not provided for in the GTC will be treated as a request to change the service. Oral instructions are to be followed immediately in writing or by corresponding actions in the client's iMATRIX account.

3. Duties & Obligations of the Provider

3.1. The provider only processes personal data of data subjects within the framework of the contractual relationship in accordance with the terms and conditions and the AVV, unless there is a legally regulated exception.
3.2. The provider designs its internal organization in such a way that it meets the requirements of data protection. He takes technical and organizational measures to protect the client's data that comply with the legal requirements. These measures ensure the confidentiality, integrity, availability and resilience of the systems and services related to the processing. The client is informed about these measures and is responsible for ensuring that an appropriate level of protection is guaranteed for the data to be processed.
3.3. The specific measures may include alternative appropriate measures in accordance with technical progress and further development, as long as the agreed security level of this AVV is not undershot.
3.4. If possible, the provider supports the client in fulfilling data protection requirements and claims of data subjects as well as in complying with data protection obligations, if this has been agreed. According to the terms and conditions, the provider has the right to demand an appropriate expense allowance for this.
3.5. The provider's employees commissioned with processing the data and other third parties working for the provider process the data exclusively within the framework of the contractual relationship in accordance with the General Terms and Conditions and the AVV and are obliged to maintain secrecy.
3.6. If the provider becomes aware of a breach of the protection of personal data, it will take appropriate measures to protect the data and to mitigate any possible adverse consequences for the data subjects. Provider also fully complies with all applicable data breach notification requirements.
3.7. The provider guarantees compliance with all applicable data protection regulations and regularly checks the effectiveness of the technical and organizational measures to ensure the security of the processing.
3.8. The provider processes and stores personal data only for the duration of the existing contractual relationship between him and the client. At the instruction of the customer and within the framework of the instructions, the contractual data will be corrected or deleted. This does not apply to data that must be processed further due to legal regulations or compelling internal purposes. The provision and the corresponding remuneration of the data are regulated in the General Terms and Conditions.

4. Tasks & Obligations of the Client

4.1. The client should inform the provider immediately in writing or via the iMATRIX account of errors or irregularities in relation to data protection regulations in the order results.
4.2. The client gives the provider the contact person for data protection issues during the contractual relationship, if this differs from the named contact person.
4.3. The customer is solely responsible for informing the persons affected by the data processing with regard to possible data use, processing and transfer by the provider in accordance with the provisions of the General Terms and Conditions and this AVV. If data subjects do not agree to the planned data processing, it is the client's responsibility to delete the relevant data in their iMATRIX account.
4.4. By accepting the terms and conditions, the client expressly agrees to the transfer of his data to iMATRIX GmbH and providers. The client releases the provider from any possible claims. The consent of the persons concerned to the data transfer is the responsibility of the client.

5. Data Subject Requests

5.1. If a data subject sends requests for correction, deletion or information to the provider, the provider will refer the data subject to the client, provided that it is possible to assign the data subject's request to the client. The provider forwards the request of the person concerned to the client within a reasonable period of time. The provider can support the client with data protection claims of a data subject according to his possibilities. In this case, the provider is entitled to demand an appropriate expense allowance. The provider is not liable if the client does not answer the request of the person concerned, does not answer it correctly or does not answer it in a timely manner.

6. Verification options

6.1. The provider demonstrates the fulfillment of the obligations specified in section vis-à-vis the customer by providing suitable evidence, e.g. through a self-audit and/or certification.
6.2. If inspections by the client or an auditor commissioned by the client are required (e.g. within the framework of the GDPR), these will be carried out during normal business hours, with prior notice and taking into account a reasonable lead time so as not to disrupt operations. The provider can make the performance of such inspections dependent on timely registration and the signing of a confidentiality agreement on the data of other customers and the implemented technical and organizational measures. If the auditor commissioned by the client is in a competitive relationship with the provider, the provider can reject this and propose a neutral person. If necessary, the client can be charged for the costs associated with the inspection, especially if no irregularities were found.
6.3. If a data protection supervisory authority or another official supervisory authority of the client wishes to carry out an inspection, the provisions in Section 6.2 apply accordingly. In this case, signing a confidentiality agreement is not required if this supervisory authority is subject to professional secrecy or a statutory duty of confidentiality, the breach of which constitutes a criminal offence.

7. Subcontractors (other processors)

7.1. The provider can call in subcontractors to fulfill the contractual services. The commissioning of subcontractors as processors by the provider is permitted, provided that they in turn meet the requirements of the present AVV. The provider makes appropriate agreements with the subcontractors to ensure appropriate data protection and information security measures. Subcontractors who do not have access to customer data or do not process personal data as processors are excluded from this section. A current list of subcontractors acting as processors is available on the following website: https://www.imatrix.ai/commissioning-contract/
7.2. The client agrees that the provider uses the subcontractors specified on the provider's website. Before engaging further subcontractors, the provider informs the client by updating his website. The overview on the website must be updated at least 14 days before it is consulted. The client regularly checks the overview. The client can object to the change for good cause within 14 days of becoming aware of it. If there is no objection within this period, the consent to the change is deemed to have been granted. In the case of a relevant data protection reason and if an amicable solution between the parties is not possible, the provider has a special right of termination.

8. Information Obligations

8.1. If the client's data at the provider is endangered by seizure, confiscation, insolvency or composition proceedings or other events or measures by third parties, the provider must inform the client immediately. The provider will also promptly inform the relevant parties that the data is solely owned and owned by the client.

9. Liability

9.1. Sealing regulations are defined according to the relevant provisions in the General Terms and Conditions.

10. Miscellaneous

10.1 Otherwise, the provisions of the General Terms and Conditions apply. In the event of inconsistencies between the GCU and the GTC, the provisions in the GTC shall prevail. If individual parts of the AVV are ineffective, this has no influence on the effectiveness of the GTC and the remaining provisions of the AVV.

11. Subject, Purpose & Scope

Purpose and scope of the order:
Processing of the customer's personal data in the course of his use of the provider's services as part of Software as a Service.

Type of purpose of the intended data processing:
The personal data transmitted by the client are processed by the provider as part of the software as a service. The provider processes this data in accordance with the terms and conditions and the corresponding service descriptions on the provider's website, including order management, contact management (CRM), project management, accounting, warehouse management, etc.

Type of personal data:
The specific ones are based on the information provided by the client. These can include in particular (depending on the order):

  • Name, contact details and address
  • gender and date of birth
  • Financial information and payment details - professional and educational information
  • Communication history and correspondence
  • Usage data and activities on the platform
  • Other information necessary for the provision of the Services

Categories of data subjects:
The specific categories of persons concerned depend on the data transmitted by the client. These can include in particular (depending on the order):

  • Employees of the client (including applicants and former employees)
  • Service providers of the client
  • Customers of the client
  • Contact details of contact persons
  • Interested parties of the client

Data Deletion, Blocking and Correction
Requests for deletion, blocking and correction should be addressed to the client. The other regulations on this subject are contained in the General Terms and Conditions and the present AVV.

12. Technical and organizational measures (TOM)

The following technical and organizational measures (TOM) are crucial for data processing.

01. Laying of security areas

  • Realization of an effective access protection
  • Definition of authorized persons
  • Management and documentation of personal access authorizations over the entire life cycle
  • Access logging
    Surveillance of the rooms outside of the closing times

02. Access Control

  • Definition of authorized persons
  • Management and documentation of personal authentication media and access authorizations
  • Automatic and manual access lock
  • Secured transmission of verification secrets (credentials) on the network
  • Access logging

03. Access Control

  • Assignment of minimum authorizations
  • Verification and documentation of access authorizations for individuals
  • Logging of data access

04. Transfer Control

  • Secured interfaces, untransmitted security of the oldest bestvecurity gateways on the network devices of the systems
  • Data Guide and Annihilation Objects
  • Data protection-compliant deletion or destruction procedure

05. Input control

  • Automatic recording of input permissions
  • Logging of entries

06. Order control

  • Documentation of permissions to the data
  • Logging of the entries made

07. Availability control

  • Backup and restore concept
  • Storage and management of backups
  • Emergency planning and preparation
    Review of emergency measures

08. Separation requirement

  • Ensure data-saving data collection
  • Ensure separate processing of the data

Last update: July 27, 2023