Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
These general terms and conditions for vendors and/or affiliates are divided into the following parts:
PART I - General Terms and Conditions for Vendors -
these apply if you wish to offer products as a vendor via CopeCart Pro.com;
PART II - General Terms and Conditions for Affiliates -
these apply if you wish to advertise our Vendors' products as an Affiliate;
PART III - General rules for Vendors and Affiliates -
these apply to both Vendors and Affiliates;
PART IV - Order processing by Vendors;
PART V - Order processing by CopeCart Pro.
The parties agree to the definitions and interpretation in this GTC:
Interpretation
1.1. CopeCart Pro Ltd. provides entrepreneurially active natural and legal persons (suppliers, dealers, sellers, vendors, service providers, creators, etc.) with the possibility of various conversion checkouts, through which they can offer products and services for sale and manage activities and sales transactions with end customers. In sales transactions, CopeCart Pro Ltd (the company, we, our, ours, our etc.) acts exclusively as a service provider in the processing of online transactions for products and services between a Vendor as a supplier ("you", "you", "your", "yours" etc.) and customers as end customers. The following General Terms and Conditions (GTC) govern the use of our platform copecart-pro.com and all services to be provided by us.
1.2. The General Terms and Conditions of Use of the Platform as between the Company and the Vendors is an express term of relationship, that the Company is fully indemnified from any claim by any third party in relation to the products, the platform, any alleged breach of copyright, Intellectual Property, or know-how.
1.3. Our performance obligations include the activities and services listed below:
1.3.1. We offer you the opportunity to publish your product(s) ("Product") or your service(s) ("Service") on the copecart-pro.com platform, to register them, to offer them for sale and to advertise the checkout. In relation to the end customer, you always act in your own name as the seller or provider of your service, based on your own general terms and conditions, as well as Privacy Policy and thus remain "Merchant of Record".
1.3.2. The acceptance of the end customer's declaration of intent to conclude the contract on your behalf. The rejection of the end customer's offer to conclude the contract on their behalf if a payment service provider rejects the customer's payment due to a lack of creditworthiness.
1.3.3. The rejection of the end customer's offer to conclude the contract on their behalf if they or their place of residence violate applicable sanctions laws and regulations under applicable EU, US or UK law.
1.3.4. The submission or performance of all other legally binding declarations and actions in connection therewith, including the confirmation sent to the end customer in text form of the conclusion of the sales transaction and the issuing of the invoice, whereby in the case of cross-border sales transactions, VAT shall be charged at the applicable rate.
1.3.5. The receipt of the agreed consideration from end customers in your name by our payment service provider and forwarding by them to you after deduction of our fee.
1.3.6. The mediation between you and the debt collection service provider co-operating with us, including the transmission of the information necessary for the purpose of debt collection.
1.3.7. From time to time the Company may alter the price plan associated with the provision of the Services. Notice of not less than 30 days shall be given to the Vendors of this any proposed change in price plans.
1.4. You can use our services for the application of your (potential) Affiliates. The Affiliate may also use affiliate marketing within the scope of the possibilities granted by copecart-pro.com. Affiliate marketing is an internet-supported form of distribution in which you provide your distribution partners (affiliates) with advertising material that the affiliate can use on their websites or for advertising purposes via other channels such as keyword advertising or email marketing.
Within the scope of the possibilities granted by Copecart-Pro.com, you may grant third parties (so-called affiliates) the opportunity to advertise products offered by you. If you wish to grant such advertising opportunities, you undertake to provide only truthful, non-misleading information that enables the advertising measure to be implemented in accordance with the law.
2.1. In order to avail of the Platform services, the Vendor must register in accordance with the registration process contained in the platform.
2.2. Registration as a vendor is only possible for natural persons and legal entities operating as businesses. To register, you must provide truthful information. We are entitled to obtain proof of the accuracy of this information and of your entrepreneurial status by means of suitable evidence. We are also authorised to reject an application for registration without giving reasons.
2.3. If your details change, you must update them immediately on our website.
2.4. Without prejudice to the terms of clause 2.2 herein, no registration of a Vendor can take place If the Vendors registered place of business violates and applicable sanctions list countries under EU, US or UK Law.
3.1. From time to time the Company may require the Vendors to interact with third party providers. Examples, include but are not limited to, the use of a third-party payment service platform.
4.1. We will act for you based on these "General Terms and Conditions for Vendors" if you register on our platform CopeCart-Pro.com and agree to the validity of these "General Terms and Conditions for Vendors" by clicking the button to proceed & finalise the registration.
4.2. The condition for concluding a contract for the use of our services is that you successfully complete the hosted KYC process of our payment service provider.
4.3. A further condition of concluding a contract for the use of our services is that your place of business does not violate applicable sanctions laws and regulations under applicable EU, US or UK law.
5.1. For all sales that you make using our services, we receive a commission of 3.9%+1€ for each transaction, which our payment service provider deducts from the consideration received from the end customer in our favour and pays to us. The basis for calculating the commission is the gross invoice amount in euros (invoice value plus VAT). The gross invoice amount is the consideration to be paid by the end customer in euros after any discounts have been taken into account. Additional costs, e.g. for freight, postage, insurance, etc. are not part of the consideration to be paid by the end customer for the purpose of calculating the commission due to us.
5.2. Normally 80% of your turnover will be paid out to you via our payment service provider after expiry of the 14-day cancellation period to which the end customer is entitled. The remaining amount will be released for payment after a further 40 days. The payout will be made based on the information provided by you on our website data set. Objections to our statement must be notified to us no later than 14 days after the statement date. Thereafter, the amount paid out shall be deemed to have been approved.
5.3. Payments are only made from an amount of 50 euros per remuneration payment and, irrespective of the amount, upon termination of the contract in accordance with the due date provision.
5.4. The remuneration to be paid to each of your affiliates is paid by our payment service provider on your behalf to the affiliate(s) in the currency of the brokered transaction at the exchange rate at the time of the end customer order. Depending on the currency, additional charges may apply.
5.5. The share to be paid to your joint venture partner(s) from your joint venture agreement(s) is paid by our payment service provider in your name and for your account in the currency of the brokered transaction at the exchange rate applicable at the time of the end customer order. Depending on the currency, additional charges may apply.
5.6. We provide a detailed monthly statement of the payments received by our payment service provider, our deducted receivables due and the amount of remuneration paid to affiliates and joint venture partners. A positive balance will be settled by our payment service provider no later than 15 days after receipt of payment in the currency of the brokered transaction at the exchange rate at the time of the end customer order by transfer to the account specified by you
5.7. Remuneration that is due to a breach of the provisions. The benefits paid under this contract or for which it subsequently transpires that the conditions for their accrual were not met are subject to reclaim.
6.1. Once you have registered, you can create products on the platform whose checkouts you can then use for your end customers.
6.2. We decide at our own discretion whether to publish them on our platform.
6.3. You are the supplier of the products created. The sales transaction is concluded directly between you as the retailer and the buyer ("end customer").
6.4. There is no right to claim that your product or all your products are published and/or advertised via our platform.
6.5. In addition, we provide you or the Affiliates with technical functions for the sale of the products at our discretion, which also enable sales on other websites or via other channels (e.g. telephone sales).
6.6. If, at our discretion, we are of the justified opinion that you are in breach of the provisions of this contract and therefore prohibit us from publishing your products and legally brokering the product, we will block access to your products and inform you of this blocking and the reasons for it.
6.7. You guarantee that your products are available within the European Union and may be placed on the market and offered and fulfil all relevant legal requirements. The corresponding obligation also applies to all other countries in which your products are offered.
6.8. If you would like to use our platform to sell or broker a product, you are obligated to provide all information requested by us in the corresponding input mask. This includes the following information in particular:
6.8.1. Name of the product;
6.8.2. Selling price;
6.8.3. Product description;
6.8.4. Availability and term of the contract;
6.8.5. Shipping costs if applicable;
6.8.6. Information required by law that must be observed when advertising the product;
6.8.7. Texts and images for free promotion of the product;
6.8.8. Legally correct classification of the product, for example with regard to the validity of the Distance Learning Protection Act and the right of cancellation for consumers, i.e. in particular whether it concerns digital content or digital services or a product with regard to which special features exist in relation to the right of cancellation.
6.9. You must update your products immediately after any changes and must comply with legal requirements at all times. You will inform us immediately if one of your products does not fulfil the legal requirements or the requirements of this contract or if third parties claim this or an infringement of their rights.
6.10. You are liable for incorrect or incomplete information provided
6.11. or data. Therefore, please check that all the required information has been entered and is correct after you have set up your product. The information you provide enables us to provide our services to you and end customers in compliance with the law.
6.12. If you provide us with information, data and, if applicable, other content, you transfer to us free of charge the worldwide rights to use these for the purpose of implementing this contract in online and offline media.
7.1. The Company shall provide access to the Platform for the Vendor in accordance with the terms of this agreement and comply with its obligations set out therein so that all the Services can be provided in accordance with the terms of this Agreement. Without prejudice to the foregoing, the Company shall, as part of the Services:
7.1.1. be responsible for managing and effecting the configuration, customization, integration and delivery of the Platform on an end-to-end basis;
7.1.2. regularly monitor the performance of all tasks referred to Platform;
7.1.3. proactively work to identify and resolve any problems encountered, in order to ensure the timely completion of each task;
7.1.4. be responsible for undertaking all configuration work which is required in relation to the delivery of the Platform;
7.1.5. ensure that it has completed all of the required development and internal testing; and
7.1.6. do all things necessary (including working cooperatively with any Vendor), such that the Company can commence providing the Platform to the Vendor and their End Users.
7.2. If the Company becomes aware at any time that it will not or is unlikely to provide the services as outlined above, it shall promptly report the same to Vendor providing (in reasonable detail) the reasons for and root cause of the delay and its proposed mitigating actions and shall, deploy all reasonable resources to eliminate or mitigate any delay.
8.1. With effect from date upon which the Vendors registration is completed and accepted by the Company, in its sole discretion, the Company shall provide and make the Platform available in accordance with the provisions of this Agreement, Good Industry Practice and all Applicable Laws.
8.2. The Vendor shall have the right to use (and to allow its End Users to use) the Services in accordance with the terms and conditions of this Agreement.
8.3. The Company will make reasonable efforts to ensure that any scheduled maintenance to the Platform is implemented outside of core business hours. In the event of the Company needing to undertake works within core business hours the Company shall make all reasonable efforts to facilitate the Vendor as much as possible in order for such works to be undertaken at the most convenient time possible. The Company shall make all reasonable efforts to ensure that any scheduled maintenance causes minimum disruption to Customer and Customer’s End Users.
9.1. The Company shall be entitled to improve or update the Platform without Customer’s prior consent where such improvement or update is necessary to:
9.1.1. fix a material defect, bug or error;
9.1.2. remedy a known or foreseeable security vulnerability; or
9.1.3. comply with Applicable Laws,
9.2. A change to the Platform effected pursuant to clause 9 shall be scheduled maintenance for the purpose of this Agreement.
9.3. Without prejudice to clause 9, in the event that the Company wishes to make major and mandatory changes regarding the fee structure or functionality, the Company shall submit a Change Notification to Customer describing the change in appropriate detail; including a complete description of any changes to functionality or characteristics of the Platform (if any), the time that it will take to perform the proposed changes and a binding statement of any proposed change to the Fees as a result of any such change.
9.4. The Vendor shall have 7 days to issue a notice of termination of this agreement if they do not agree with the changes in clause 9.3. to be made to the Platform and provide 28 days (from the final day of the notice of termination) of their intention to terminate the agreement.
9.5. The Company shall provide the Support Services and any and all technical support required under this Agreement in respect of the Cloud Services throughout the Term and shall not declare any aspect of the Cloud Services to be end of life or end of support without the prior written consent of Customer.
10.1. The Company shall make all reasonable efforts to ensure that the Services at all times meet the required Service Levels which in their determination are required in order to fulfil their obligations under these CTC’s.
10.2. The Company will keep the Service Levels under review and where it is reasonable to conclude that either the Service Levels should be increased or that Service Levels should be applied to a part or parts of the Services not subject to Service Levels at the time of considering, the Service Levels shall be increased or a new Service Level introduced, as appropriate.
11.1. If your product can be sent by us in digital form or made accessible via a link, you must provide us with the corresponding content or access when you place the product at our disposal
11.2. We are authorised to grant end customers access to these products in accordance with the options offered by you or to provide them and to permit permanent storage. This includes the the right of reproduction, making available to the public, making available on demand, distribution and reproduction by means of all technical and organisational means. Commercial forms of utilisation and distribution: Insofar as it is technically necessary for the fulfilment of the contract or required for commercial exploitation, we are entitled to process the product to the extent necessary.
11.3. If a product is a digital product, the following regulations apply, which, in the event of contradictions, take precedence over the other provisions of your GTC:
11.3.1. An end customer who is a consumer ("consumer end customer") may request the provision of the product immediately after conclusion of the contract. You must provide the corresponding services immediately. If you do not fulfil this obligation, the consumer end customer may terminate the contract with you.
11.3.2. You have digital products in accordance with the legal requirements to be provided. The offering of digital products that do not fulfil these requirements is not permitted. If you are of the opinion that it is not possible to offer your product in accordance with the above-mentioned regulations, you must inform us accordingly and not allow us to offer the product.
11.3.3. Statutory rights of recourse against you remain unaffected by this General Terms and Conditions remain unaffected.
12.1. Two vendors can enter a joint venture for a product in accordance with the functions offered by us. The applicant for the establishment of a joint venture is the vendor offering the product (the "Applicant"). The Applicant shall remain our contractual partner for the respective product in accordance with these Terms and Conditions. However, a reduction of the consideration due to the Applicant from the sale of the Product shall be agreed in accordance with the application for the establishment of the joint venture. We are entitled to reject such an application without giving reasons.
12.2. With the establishment of the joint venture, the claim of the vendor is reduced by the amount which the vendor named by the applicant ("beneficiary") is entitled to.
12.3. We are not a party to the contract that the applicant and the beneficiary enter for the purposes of the joint venture.
13.1. The following product categories may not be offered:
13.1.1. Sexually offensive products;
13.1.2. Alcohol, tobacco and medication;
13.1.3. Products that discriminate against third parties on the basis of race, gender, religion, nationality, disability, sexual orientation or age;
13.1.4. Products that infringe third-party rights, in particular trademarks, patents or other I.P. rights
13.1.5. Products of which there are statutory advertising bans or restrictions
13.1.6. Products that might only be sold to end customers after an age check has been carried out (e.g. FSK 18 content)
13.1.7. Any product which has been held to be illegal or is missing authorization by the Vendor
14.1. Before publishing your product, you must first go through the identification procedure (Know Your Customer - KYC) provided by our payment service provider. This procedure is similar to the Identification procedure that banks regularly require from their customers to prevent money laundering and ensures that you or your company (natural or legal person) can be identified as the seller and is/are the authorised payee. Before publishing your product, you must also provide proof of your entrepreneurial status and the payment of VAT by you or your exemption from VAT (small business regulation). If, due to the location of your company, further proof is required in order to be able to make payments to you (e.g. to prevent money laundering), these documents must also be submitted to us in advance.
14.2. Insofar as we are obliged to pay taxes or duties for fees payable to you the remuneration to be paid to them is reduced by the amount of accordingly, and we will make the corresponding payments to the competent authority. Otherwise, you alone are responsible for the proper taxation of your income.
15.1. When creating a product on our platform, you must state truthfully and in accordance with the statutory provisions which personal data of an end customer you require from us to be able to provide our services to your end customers in the context of the sales business. If we transmit personal data of an end customer to you in this respect, you may only process this data to fulfil this purpose or if you are otherwise legally authorised to process it. If you act as a processor for us in this respect, the order processing contract applies.
15.2. You are also prohibited from processing the personal data of end customers in violation of data protection regulations, and violations of this provision shall entitle us to terminate the contractual relationship with you without notice. Further claims remain unaffected.
15.3. You are only authorised to use the personal data of end customers for advertising purposes if the legal requirements are met. The transmission of contact data by us cannot be used to derive the authorisation to use this data for advertising purposes, e.g. e-mail newsletters, without the necessary requirements being met. If we inform you that one of your customers has given us their consent to receive a newsletter from you by email, we will not verify this opt-in by means of a double opt-in. We therefore recommend that you carry out a double opt-in independently to be able to provide the evidence required by the jurisdiction for the granting of an opt-in. Otherwise, you may not be able to prove that a customer has effectively consented to receiving promotional emails.
15.4. Insofar as we offer you the opportunity to use the data provided to you to utilise personal data of end customers for other Internet offers (e.g. newsletter tools), it is your responsibility to create the data protection basis for this transfer and to conclude any necessary agreements between you and the recipient of the data.
We authorise you to use the name "CopeCart Pro" or "CopeCart-Pro.com" only to the extent necessary to indicate in a customary manner that a product can be purchased via CopeCart-Pro.com. Any other use of our trademarks requires our prior authorisation.
If, at our discretion, we offer you the option of transferring data from your account to services offered by third parties or receiving data from them, we are not ourselves the provider of these services and are not responsible for them.
You shall hold harmless, defend and fully indemnify us against any claims, proceedings, damages, costs, expenses or liabilities whatsoever arising out of or relating to your use of this website and the Platform.
The following General Terms and Conditions for Affiliates (together in Part II: "you", "you", "your", "yours", etc.) govern the conclusion and content of the contract between you as an Affiliate and a Vendor who uses the services of CopeCart-Pro.com and for whom you act as an Affiliate. In this respect, there is no contractual relationship between you and us. By agreeing to participate in the platform as an user, you acknowledge that you have read these terms in conjunction with the terms of the General Terms and Conditions as between the Company and the Vendor and that you are satisfied that you understand same and agree to be bound by them.
2.1. The prerequisite for your activity as an affiliate is your registration on CopeCart-Pro.com.
2.2. Registration as an affiliate is only possible for entrepreneurial natural and legal persons. For the registration you are obligated to provide truthful information. You can cancel your registration at any time with a notice period of one week. If your details change, you must update them immediately on our website.
2.3. We are entitled to verify their entrepreneurial status as well as the to have the accuracy of their details verified by suitable evidence. We are also authorised to reject and / or delete an application for registration without giving reasons.
3.1. We will act for you on the basis of these "General Terms and Conditions for Affiliates" if you register on our platform CopeCart-Pro.com and agree to the validity of these "General Terms and Conditions for Affiliates" by clicking the button to proceed & finalise the registration.
3.2. One condition of the conclusion of the contract for the use of our services is that you successfully complete the hosted KYC process of our payment service provider.
3.3. Further conditions for the conclusion of a contract for the use of our services is that your place of business does not violate applicable sanctions laws and regulations under applicable EU, US or UK law.
4.1. Your claim to remuneration is not against us, but against the vendor. You are not entitled to remuneration if you are both an affiliate and a vendor of the same product.
4.2. You have a commission agreement with the relevant vendor for all sales you make with end customers using our services. Our payment service provider pays the resulting commission to you by deducting it from the consideration paid by the end customer. A positive balance will be settled by our payment service provider no later than 15 days after receipt of payment in the currency of the brokered transaction at the exchange rate at the time of the end customer order by transfer to the account specified by you. The basis for determining your remuneration is our billing system. You are entitled to provide proof to the contrary.
4.3. 80% of your commission will be refunded after the end customer's 14-day right of cancellation will be paid to you via our payment service provider. The remaining amount will be returned to you after a further 40 days. Payment is made on the basis of the data you have entered on our website. Any objections to our statement must be notified to us no later than 14 days after the statement date. Thereafter, the payout amount is deemed to be authorised.
4.4. Payouts are only made from an amount of 50 euros per remuneration payment and, irrespective of the amount, upon termination of the contract in accordance with the due date provision.
4.5. Remuneration that is due to a breach of the provisions. The benefits paid under this agreement or for which it subsequently transpires that the conditions for their accrual were not met are subject to reclaim.
In addition, you acknowledge that, from time to time, you may need to utilise the services of third-party providers, such as payment facilitation services. You acknowledge that you have satisfied yourself as to their appropriateness for use and that by agreeing to buy products on their platform you will be bound by the terms of use (or otherwise) for such third-party providers.
You must provide an e-mail address at which we can reach you at all times and for which incoming e-mails will be acknowledged within one working day and not answered automatically. In addition, a phone number at which we can reach you is recommended to provide.
2.1. We are authorised to block accounts of Vendors and Affiliates and to suspend their products if we are of the opinion that they violate laws or the provisions of this contract to such an extent that we cannot reasonably be expected to continue to operate the account.
2.2. We will inform the person concerned about the blocking of the account immediately, stating the reasons.
3.1. The Company holds no liability whatsoever in respect of the merchantability of the products marketed on the platform by the Vendors.
3.2. In particular you acknowledge and accept that your relationship with the Company is as a third-party user of a platform service only and that you have no right or claim against the Company whatsoever.
3.3. Save in respect of death or personal injury caused by the negligence of either Party, breach of this Agreement by virtue of fraud or wilful default or any indemnified claim, the Company’s liability for any Claim whether in contract, tort (including negligence) or otherwise, for any loss or damage, arising out of or in connection with this Agreement or otherwise shall in no case exceed one hundred per cent (100%) of the Fees paid by the Vendor to it under this Agreement during the twelve (12) months preceding the date on which the Claim arose in respect of any event or series of connected events provided always that the Company shall not in any circumstances be liable for:
3.3.1. loss of profits;
3.3.2. loss of business;
3.3.3. depletion of goodwill or similar losses;
3.3.4. loss of anticipated savings;
3.3.5. loss of time; and any special, incidental, indirect or consequential damages including damages or costs incurred.
4.1. The contract shall be governed solely by the law of the State of Ireland. Private international law shall not apply insofar as it can be waived.
4.2. The sole place of jurisdiction for all disputes in connection with this agreement is our registered office. We shall also be entitled to sue our contractual partner at one of its statutory places of jurisdiction in to make use of it.
Should individual provisions of these General Terms and Conditions be or become invalid in whole or in part, this shall not affect the validity of the remaining provisions, unless the omission of individual clauses would place a contracting party at such an unreasonable disadvantage that it can no longer be reasonably expected to adhere to the contract.
If the performance by either Party of any of its obligations under this Agreement (except a payment obligation) is delayed or prevented by circumstances beyond its reasonable control, that Party will not be in breach of this Agreement because of that delay in performance. However, if the delay in performance is more than 3 months, the other Party may terminate this Agreement with immediate effect by giving not less than 5 days written notice to that Party.
This Agreement is personal to the Parties and neither Party may assign, transfer, sub-contract or otherwise part with this Agreement or any right or obligation under it without the prior written consent of the other Party (such consent not to be unreasonably withheld or delayed). Either Party may freely assign this Agreement to an Affiliate of the Party who is capable of fully performing the obligations of the Party seeking to assign this Agreement.
1.1. CopeCart Pro Ltd (for this Part IV "Principal") has personal data processed by the Vendor (for this Part IV "Contractor") for the purpose of carrying out cover transactions (the respective "Main Contract") on behalf of the principal. In order to execute the main contract, the Client commissions the Contractor with commissioned processing in accordance with Art. 28 GDPR, insofar as the legal requirements for this are met. In the event of contradictions, this order processing contract shall take precedence over the main contract.
1.2. Terms used in this contract are to be understood in accordance with their definition in the EU General Data Protection Regulation. In this sense, the Client is the "Controller" and the Contractor is the "Processor". Insofar as declarations are to be made "in writing" in the following, the written form pursuant to Section 126 BGB is meant. Otherwise, declarations may also be made in another form, provided that appropriate verifiability is guaranteed.
Nature and purpose of the processing. The processing is of the following nature: collection, recording, organisation, structuring, storage, adaptation or alteration, cross-selling, upselling, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data. The processing serves the following purpose: contract fulfilment, contract processing. Data subjects are affected by the processing.
3.1. Object. The contractor undertakes the following processing:
3.2. General personal data:
3.2.1. the name
3.2.2. the date and place of birth
3.2.3. or the place of residence of a person
3.3. Identification numbers
3.4. Online data
3.5. The processing is based on the main contracts existing between the parties.
3.6. Duration: Processing begins on the date of conclusion of the respective main contract and continues indefinitely until this contract or the main contract is terminated by one of the parties.
4.1. The Contractor shall process personal data exclusively as contractually agreed or as instructed by the Client, unless the Contractor is legally obliged to process it in a certain way. If such obligations exist for the Contractor, the Contractor shall notify the Client of these prior to processing, unless notification is prohibited by law. Furthermore, the Contractor shall not use the data provided for processing for any other purposes, in particular not for its own purposes.
4.2. The Contractor confirms that it is aware of the relevant general data protection regulations. It shall observe the principles of proper data processing.
4.3. The Contractor undertakes to maintain strict confidentiality during processing.
4.4. Persons who may gain knowledge of the data processed in the order must undertake in writing to maintain confidentiality, insofar as they are not already subject to a relevant confidentiality obligation by law.
4.5. The Contractor warrants that the persons employed by it for processing have been familiarised with the relevant provisions of data protection and this contract before the start of processing. Appropriate training and sensitization measures shall be repeated at regular intervals. The Contractor shall ensure that persons deployed for order processing are appropriately instructed and monitored on an ongoing basis with regard to the fulfilment of data protection requirements.
4.6. In connection with the commissioned processing, the Contractor shall support the Client in drawing up and updating the list of processing activities and in carrying out the data protection impact assessment. All necessary information and documentation must be kept available and forwarded to the Client immediately upon request.
4.7. If the Client is subject to inspection by supervisory authorities or other bodies or if data subjects assert rights against it, the Contractor undertakes to support the Client to the extent necessary, insofar as the processing in the order is affected.
4.8. The Contractor may only provide information to third parties or the data subject with the prior consent of the Client. The Contractor shall forward any enquiries addressed directly to it to the Client without delay.
4.9. Where required by law, the Contractor shall appoint a competent and reliable person as data protection officer. It must be ensured that there are no conflicts of interest for the authorised representative. In cases of doubt, the client may contact the data protection officer directly. The Contractor shall inform the Client immediately of the contact details of the data protection officer or explain why no officer has been appointed. The Contractor shall inform the Client immediately of any changes in the person or internal tasks of the authorised representative.
4.10. The order processing shall generally take place within the EU or the EEA. Any relocation to a third country may only take place with the express consent of the client and under the conditions contained in Chapter V of the General Data Protection Regulation and in compliance with the provisions of this contract.
4.11. If the Contractor is not established in the European Union, it shall appoint a responsible contact person in the European Union in accordance with Art. 27 of the General Data Protection Regulation. The contact details of the contact person as well as any changes in the person of the contact person must be communicated to the Client without delay.
5.1. The Contractor shall notify the Client immediately of any breaches of personal data protection. Reasonable suspicions of this must also be reported. The notification must be sent to an address specified by the Client within 24 hours of the Contractor becoming aware of the relevant event. It must contain at least the following information:
5.2. A description of the nature of the personal d a t a breach, including, where possible, the categories and approximate number of data subjects concerned, the categories concerned and the approximate number of personal data records concerned;
5.2.1. the name and contact details of the data protection officer or other contact point for further information;
5.2.2. A description of the likely consequences of the personal data breach;
5.2.3. A description of the measures taken or proposed to be taken by the Contractor to address the personal data breach and, where appropriate, measures to mitigate its possible adverse effects
5.3. Significant disruptions in the fulfilment of the order as well as violations of data protection regulations or the provisions of this contract by the Contractor or the persons employed by it must also be reported immediately.
5.4. The Contractor shall inform the Client immediately of any inspections or measures by supervisory authorities or other third parties, insofar as these are related to order processing.
5.5. The Contractor warrants to support the Client in its obligations under Art. 33 and 34 of the General Data Protection Regulation to the extent necessary
6.1. The data security measures described in Appendix 1 are defined as binding. They define the minimum owed by the Contractor. The description of the measures must be so detailed that a knowledgeable third party can recognise beyond doubt at any time what t h e minimum owed should be on the basis of the description alone. Reference to information that cannot be taken directly from this agreement or its annexes is not permitted.
6.2. The data security measures may be adapted in line with technical and organisational developments as long as they do not fall below the level agreed here. The Contractor shall immediately implement any changes required to maintain information security. Changes must be notified to the client without delay. Significant changes must be agreed between the parties.
6.3. If the security measures taken do not or no longer meet the Client's requirements, the Contractor shall notify the Client immediately.
6.4. The Contractor warrants that the data processed in the order will be strictly separated from other data stocks.
6.5. Copies or duplicates shall not be made without the client's knowledge. This does not apply to technically necessary, temporary copies, provided that any impairment of the level of data protection agreed here is excluded.
6.6. The processing of data in private residences is only permitted with the prior written consent of the Client in individual cases. If such processing takes place, the Contractor shall ensure that a level of data protection and data security corresponding to this contract is maintained and that the Client's rights of control specified in this contract can also be exercised without restriction in the private residences concerned. The processing of data on behalf of the Client using private devices is not permitted under any circumstances.
6.7. Dedicated data carriers that originate from the client or are used for the client shall be specially labelled and are subject to ongoing administration. They must be stored appropriately at all times and must not be accessible to unauthorised persons. Inputs and outputs are documented.
6.8. The Contractor shall provide regular evidence of the fulfilment of its obligations, in particular the complete implementation of the agreed technical and organisational measures and their effectiveness. The proof shall be provided to the Client every 12 months at the latest without being requested to do so and otherwise at any time upon request. Proof can be provided by means of approved codes of conduct or an approved certification procedure.
7.1. The commissioning of subcontractors is only permitted with the written consent of the client in individual cases.
7.2. Consent is only possible if the subcontractor has been contractually bound to data protection obligations that are at least comparable to those agreed in this contract. Upon request, the client shall be given access to the relevant contracts between the contractor and the subcontractor.
7.3. The rights of the client must also be able to be effectively exercised vis-à-vis the subcontractor. In particular, the client must be authorised to carry out inspections of subcontractors or have them carried out by third parties at any time to the extent specified here.
7.4. The responsibilities of the contractor and the subcontractor must be clearly delineated.
7.5. Further subcontracting by the subcontractor is not permitted.
7.6. The Contractor shall carefully select the subcontractor, paying particular attention to the suitability of the technical and organisational measures taken by the subcontractor.
7.7. The forwarding of data processed in the order to the subcontractor is only permitted if the contractor has documented that the subcontractor has completely fulfilled its obligations. The Contractor shall submit the documentation to the Client without being requested to do so.
7.8. The commissioning of subcontractors who do not exclusively provide processing services from the territory of the EU or the EEA is only permitted if the conditions set out in Part IV Sections 4.10. and 4.11. of this Data Protection Regulation are observed. In particular, it is only permitted if and as long as the subcontractor offers appropriate data protection guarantees. The contractor shall inform the client which specific data protection guarantees the subcontractor offers and how proof of this can be obtained.
7.9. The Contractor shall carry out an appropriate review of the subcontractor's compliance with its obligations on a regular basis, at least every 12 months. The audit and its results must be documented in such a meaningful way that they are comprehensible to a competent third party. The documentation takes the form of an audit made available in the system, which is carried out by the Vendor in the form of a self-audit.
7.10. If the subcontractor fails to fulfil its data protection obligations, the contractor shall be liable to the client for this.
7.11. At present, the subcontractors specified in Annex 2 with name, address and order content are engaged in the processing of personal data to the extent specified therein and authorised by the Client. The Contractor's other obligations to subcontractors set out herein shall remain unaffected.
7.12. Subcontracting relationships within the meaning of this contract are only those services that are directly related to the provision of the main service. Ancillary services such as transport, maintenance and cleaning as well as the use of telecommunication services or user services are not covered. The Contractor's obligation to ensure compliance with data protection and data security in these cases remains unaffected.
8.1. The client is solely responsible for assessing the permissibility of the commissioned processing and for safeguarding the rights of data subjects.
8.2. The client shall issue all orders, partial orders or instructions in documented form. In urgent cases, instructions may be issued verbally. The client shall confirm such instructions in writing without delay.
8.3. The Client shall inform the Contractor immediately if it discovers errors or irregularities in the inspection of the order results.
8.4. The Client shall be entitled to monitor the Contractor's compliance with the provisions on data protection and the contractual agreements to an appropriate extent itself or through third parties, in particular by obtaining information and inspecting the stored data and the data processing programmes as well as other on-site checks. The persons entrusted with the inspection shall be granted access and inspection by the Contractor to the extent necessary. The Contractor shall be obliged to provide the necessary information, demonstrate processes and provide the evidence required to carry out an inspection.
9.1. The client reserves the right to issue comprehensive instructions regarding the processing of the order.
9.2. The Client and the Contractor shall name the persons exclusively authorised to issue and accept instructions in Annex 3.
9.3. In the event of a change or long-term absence of the named persons, the other party must be informed immediately of any successors or representatives.
9.4. The Contractor shall notify the Client immediately if, in its opinion, an instruction issued by the Client violates statutory provisions. The Contractor shall be entitled to suspend the implementation of the relevant instruction until it is confirmed or amended by the person responsible at the Client.
9.5. The Contractor shall document any instructions issued to it and their implementation.
The tasks and measures of the contractor within the scope of order processing are carried out free of charge. No remuneration shall be paid.
11.1. The Client may terminate the main contract and this Agreement at any time without notice ("extraordinary termination") in the event of a serious breach by the Contractor of data protection regulations or the provisions of this Agreement, if the Contractor is unable or unwilling to carry out a lawful instruction of the Client or if the Contractor refuses to fulfil the Client's control rights in breach of contract.
11.2. A serious breach exists in particular if the Contractor does not or has not fulfilled the obligations specified in this Agreement, in particular the agreed technical and organisational measures, to a significant extent.
11.3. In the event of insignificant violations, the Client shall set the Contractor a reasonable deadline for remedial action. If the remedy is not provided in time, the client shall be entitled to extraordinary cancellation as described in this section.
11.4. The Contractor shall reimburse the Client for all costs incurred by the Client as a result of the premature termination of the main contract or the premature termination of the main contract.
12.1. Upon termination of the contractual relationship or at any time at the request of the Client, the Contractor shall either destroy the data processed in the order or hand it over to the Client at the Client's discretion. All existing copies of the data shall also be destroyed. The destruction must be carried out in such a way that it is no longer possible to restore even residual information with reasonable effort. Physical destruction shall be carried out in accordance with DIN 66399, whereby at least protection class 2 shall apply.
12.2. The Contractor is obliged to ensure the immediate return of the goods. cancellation for subcontractors as well.
12.3. The Contractor shall provide proof of proper destruction and submit it to the Client without delay.
12.4. Documentation that serves as proof of proper data processing shall be retained by the Contractor beyond the end of the contract in accordance with the respective retention periods. The Contractor may hand them over to the Client at the end of the contract in order to discharge the Client.
13.1. The Contractor shall bear the burden of proof that damage is not the result of a circumstance for which it is responsible, insofar as the relevant data was processed by it under this Agreement. As long as this proof has not been provided, the Contractor shall indemnify the Client against all claims asserted against the Client in connection with the commissioned processing. Under these conditions, the Contractor shall also reimburse the Client for all legal defense costs incurred.
13.2. The Contractor shall be liable to the Client for damage culpably caused by the Contractor, its employees or the subcontractors commissioned by it to perform the contract or by the subcontractors it deploys in connection with the provision of the commissioned contractual service.
13.3. Part IV clauses 13.1. and 13.2. shall not apply if the damage was caused by the correct implementation of the commissioned service or an instruction issued by the client.
13.4. The Principal does not hold any warranties, assurances or recommendations in relation to the Contractor’s products, their suitability for sale or any other ancillary claim and holds no liability in respect of the products for sale in any way.
14.1. The Contractor shall only correct, delete or block data processed within the scope of the order in accordance with the contractual agreement made or in accordance with the Client's instructions.
14.2. The Contractor shall comply with the corresponding instructions of the Client at all times and also beyond the termination of this contract.
For each culpable breach of an obligation arising from this data processing agreement, the Contractor undertakes to pay the Client a contractual penalty, the determination of which is at the reasonable discretion of the Client and which is subject to judicial review in the event of a dispute. Claims exceeding the contractual penalty remain unaffected. The contractual penalty has no influence on other claims of the client.
To ensure an adequate level of data protection when transferring personal data to third countries, CopeCart Pro Ltd. uses the standard contractual clauses approved by the European Commission. These clauses regulate the processing of personal data by our processors and ensure compliance with the data protection regulations of both the EU and the respective third country. We also refer to our General Terms and Conditions and our Privacy Policy.
17.1. Both parties are obliged to treat as confidential all knowledge of business secrets and data security measures of the other party obtained in the course of the contractual relationship, even after termination of the contract. If there is any doubt as to whether information is subject to the confidentiality obligation, it shall be treated as confidential until it has been released in writing by the other party.
17.2. If the Client's property is jeopardised by third-party measures (such as seizure or confiscation), by insolvency or composition proceedings or by other events, the Contractor must inform the Client immediately.
17.3. Additional agreements must be made in writing.
17.4. The defense of the right of retention within the meaning of § 273 BGB is excluded with regard to the data processed in the order and the associated data carriers.
17.5. Should individual parts of this agreement be invalid, this shall not affect the validity of the remainder of the agreement.
The order-related technical and organizational measures to ensure data protection and data security, which the contractor must at least set up and maintain on an ongoing basis, are set out below. The aim is to guarantee in particular the confidentiality, integrity and availability of the information processed in the order.
Confidentiality (Art. 32 para. 1 lit. b GDPR)
18.1. Access Control: No unauthorised access to data processing systems, e.g. magnetic or chip cards: Magnetic or chip cards, keys, electric door openers, plant security or gatekeepers, alarm systems, video systems;
18.2. Access control: No unauthorised system use, e.g. (secure passwords, automatic locking mechanisms, two-factor authentication, encryption of data carriers: (secure) passwords, automatic locking mechanisms, two-factor authentication, encryption of data carriers;
18.3. Access control: No unauthorised reading, copying, modification or removal within the system, e.g: Authorisation concepts and needs- based access rights, logging of access;
18.4. Separation control Separate processing of data collected for different purposes, e.g. multi-client capability, sandboxing;
18.5. Pseudonymisation (Art. 32 para. 1 lit. a GDPR; Art. 25 para. 1 GDPR) The processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to appropriate technical and organisational measures;
Integrity (Art. 32 para. 1 lit. b GDPR)
18.6. Transmission control. No unauthorised reading, copying, modification or removal during electronic transmission or transport, e.g. encryption, virtual private networks (VPN), electronic signature: Encryption, Virtual Private Networks (VPN), electronic signature;
18.7. Input control Determining whether and by whom personal data has been entered, changed or removed in data processing systems, e.g. logging, document management: Logging, document management;
Availability and resilience (Art. 32 para. 1 lit. b GDPR)
18.8. Availability control Protection against accidental or wilful destruction or loss, e.g. backup strategy (online/offline; on-site/off-site): Backup strategy (online/offline; on-site/off-site), uninterruptible power supply (UPS), virus protection, firewall, reporting channels and emergency plans;
Rapid recoverability (Art. 32 para. 1 lit. c GDPR);
18.9. Data protection management;
18.10. Incident response management;
18.11. Data protection-friendly default settings (Art. 25 para. 2 GDPR);
No commissioned data processing within the meaning of Art. 28 GDPR without corresponding instructions from the client, e.g: Clear contract design, formalised order management, strict selection of the service provider, obligation to convince in advance, follow-up checks.
Marketing MBA, Office 1906 Jumeirah Business Centre 3, Cluster Y, Jumeirah Lake Towers, Dubai, United Arab Emirates. rp@aiv.group (CEO Raoul Plickat)
20.1. Tools and programmes used by the sub-provider that process personal data:
20.1.1. Slack Technologies Limited: Salesforce Tower 60 R801, North Dock Dublin Ireland privacy@slack.com
20.1.2. Monday.com: MondayCom Ltd, 6 Yitzhak Sadeh Street, Tel Aviv-Yafo, 677750 https://monday.com/helpcenter/
20.1.3. Notion: Hendrik Beck & Sascha Rehbock GbR, Hanauer Str.3, 61118 Bad Vilbel info@getgamma.app
20.1.4. Google: Google Workspace Google Analytics Google Tag Manager Google Ireland Limited Gordon House, Barrow Street Dublin 4 Ireland support- deutschland@google.com
20.1.5. Zoom: Zoom Video Communications, Inc. 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA privacy@zoom.us
20.1.6. Calendly: Calendly LLC,1315 Peachtree St NE, Atlanta, GA 30309, USA privacy@calendly.com
20.1.7. WebinarJam: 7660 Fay Ave Ste H184, La Jolla, California, 92037, United States support@webinarjam.com
20.1.8. Close CRM: Elastic Inc, PO Box 1145, Jackson, WY 83001, USA dpo@close.com
20.1.9. Keeping: Katsu Ventures LLC, 90 State Street, Suite 700, Albany, NY 12207 support@keeping.com
20.1.10. Active Campaign: Active Campaign LLC, 1 N Dearborn St Fl 5, Chicago, Illinois, 60602, United States help@activecampaign.com
20.1.11. WebSMS: LINK Mobility Austria GmbH, Brauquartier 5/13, 8055 Graz, AUSTRIA office.at@linkmobility.com
20.1.12. Slido: Cisco Systems, Inc, Legal department, 170 West Tasman Dr, San Jose, CA 95134 USA support@slido.com
20.1.13. Jotform: Jotform Inc. 4 Embarcadero Centre, Suite 780, San Francisco CA 94111 support@jotform.com
20.1.14. WebFlow: WebFlow Inc, 398 11th Street, Floor 2, San Francisco, CA 94103 support@webflow.com
20.1.15. clickfunnels: Clickfunnels LLC, 3443 W Bavria St, Eagle, Idaho 83616, US support@clickfunnels.com
20.1.16. funnelcockpit: Denis Hoeger Caballero, Nobelstr- 3-5, 41189 Mönchengladbach, Germany support@funnelcockpit.com
20.1.17. Kajabi: Kajabi LLC, 333 El Camino Real Ste 200 Tustin California 92780, US support@kajabi.com
20.1.18. AcademyOcean: Netpeak Group Ltd, 43 Cherni Vrah bld, Sofia, Bulgaria gdpr@netpeak.net
20.1.19. CopeMember: CopeMember Technology Ltd, Gialousas 63, 3071 Limassol, Cyprus info@copemember.com
20.1.20. CopeCart Pro: CopeCart Pro Ltd. Ground Floor, 71 Lower Baggot Street, Dublin 2, Co. Dublin, D02 P593, Ireland
20.1.21. matomo: Matomo Ltd, 150 Willis St, Mount Victoria, 6011, New Zealand privacy@matomo.org
20.1.22. cookiebot: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark mail@cookiebot.com
20.1.23. Hotjar: Hotjar Ltd, Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141 Malta support@hotjar.com
20.1.24. Zapier: Zapier, Inc. 548 Market St. #62411. San Francisco, CA 94104- 5401, USA contact@zapier.com
20.1.25. vimeo: Vimeo Inc, 330 W 34th St Fl 5, New York City, New York, 10001, USA support@vimeo.com
20.1.26. vidalytics: Vidalytics LLC, 340 S Lemon Ave, Walnut, California, 91789,USA hi@vidalytics.com
The following persons are authorised to issue and receive instructions:
The controller pursuant to Art. 4 No. 7 GDPR
The contractor currently has an external data protection officer: Williams-Connect Management Janko Williams Straße der Jugend 18 14974 Ludwigsfelde kontakt@williams-connect.eu
1.1. The Vendor (for the purposes of this Part V "Client") has CopeCart- Pro Ltd (for the purposes of this Part V "Contractor") process personal data on its behalf on the basis of the contract for the use of the copecart- pro.com platform (the "Main Contract"). For this purpose, the parties enter into this Data Processing Agreement, which takes precedence over the Main Agreement in the event of contradictions. Order processing in this sense by the Contractor exists insofar as the Contractor uses copecart- pro.com processes personal data for which the contractor is the controller within the meaning of Art. 4 GDPR.
1.2. Data of the client and its customers are affected. This includes, in particular, names, addresses, communication data, behavioural data, contract data and payment data.
2.1. The client is the controller within the meaning of Art. 4 No. 7 GDPR for the purposes of commissioned processing. It is responsible for compliance with the statutory provisions on data protection, in particular for the lawfulness of the transfer of data to the contractor and for the lawfulness of data processing by the contractor.
2.2. The client has the right at any time to issue instructions supplementing the main contract regarding the type, scope and procedure of the processing of personal data. Instructions must be issued via the copecart-pro.com website, as far as possible, otherwise in text form. Instructions that are not covered by the contract for the use of copecart-pro.com are subject to a fee, insofar as a fee is customary.
2.3. The Contractor shall inform the Client immediately in text form if, in its opinion, an instruction issued by the Client violates statutory regulations. As long as the parties have not resolved the Contractor's concerns, the Contractor shall be entitled to suspend the implementation of the instruction in question. If the parties are unable to reach an agreement and the Client adheres to its instruction, the Contractor shall be entitled to terminate this contract with a reasonable notice period, which shall not be less than two weeks. If, in this case, the main contract cannot be executed, the Client shall be entitled to terminate it if the main contract can only be cancelled by means of a written notice. Implementation of the unlawful instruction could be carried out and this was not recognizable to either party when the contract was concluded.
2.4. If the Contractor is of the opinion that it cannot comply with an instruction of the Client for technical reasons, it shall inform the Client of this in text form and coordinate further action with the Client.
3.1. The Client shall be entitled to all control rights, in particular inspections, which are necessary to fulfil its obligations in accordance with the provisions of the GDPR. The right of inspection must be exercised with a reasonable period of notice and during the Contractor's normal business hours. In order to reduce the impact of inspections on its business operations, the Contractor is authorised to combine them with those of other clients, insofar as this is reasonable for the Client (e.g. joint inspection dates, which are carried out within a reasonable period of time). The Client shall ensure that inspections are only carried out to the extent necessary so as not to disproportionately disrupt the Contractor's business operations.
3.2. The client is authorised to transfer the exercise of the control rights to a third party commissioned by the client. If the third party is in a competitive relationship with the Contractor, the latter shall have the right to object to its activities.
3.3. The Contractor shall co-operate in the exercise of the inspection rights to the extent necessary. It may make inspections by the Client dependent on the signing of a customary and appropriate confidentiality agreement, insofar as this is necessary to protect its business secrets in accordance with the statutory provisions.
3.4. For the services to be provided under this clause, the Contractor shall be entitled to reasonable remuneration based on the time spent, unless it is responsible for the inspection or it is an inspection carried out or ordered by a supervisory authority. The Contractor may not make the provision of the services owed by it dependent on the Client recognising and/or paying a certain remuneration in advance.
The Client must inform the Contractor immediately, stating the reasons, if it discovers errors or irregularities in the results of the order or with regard to the Contractor's activities with regard to the provisions of this contract or the GDPR.
5.1. Any processing of personal data shall be carried out exclusively in accordance with the provisions of the main contract and any instructions issued by the client. This also applies to the transfer of personal data to a third country or an international organisation. This Part V Section 5.1. shall not apply if the Contractor is obliged to process the data by the law of the Union or the Member States to which it is subject; in such a case, the Contractor shall notify the Client of these legal requirements prior to processing, unless the law in question prohibits such notification due to an important public interest.
5.2. The Contractor confirms that it is not legally obliged to appoint a company data protection officer. It shall appoint a contact person for the Client in its place for all matters relating to data protection and the implementation of this contract.
5.3. The Contractor shall oblige the persons authorised to process the personal data to maintain confidentiality, unless they are already subject to an appropriate statutory duty of confidentiality. The scope of the obligation must be proportionate to the data processed and the consequences of any breach of the protection of personal data. It must also relate to all personal data that the contractor processes for the client. The content and the fact of the obligation must be demonstrated to the client upon request. Any further obligations arising from a separate confidentiality agreement concluded between the parties shall remain unaffected by this.
5.4. The Contractor shall provide the Client with a list of its order processing procedures upon request. It must inform the Client of any subsequent changes in text form without being requested to do so.
5.5. The Contractor shall support the Client in complying with the obligations set out in Art. 32 to 36 GDPR, taking into account the type of processing and the information available to it. To this end, it shall in particular provide the services provided for in this contract.
5.6. If necessary, the Contractor shall support the Client in carrying out a data protection impact assessment in accordance with Art. 35 GDPR and shall provide the Client with all information and evidence required for this from its sphere. The Contractor shall be obliged accordingly if the Client must carry out a prior consultation with a supervisory authority in accordance with Art. 36 GDPR. For the services to be provided under this Part V Section 3.4, the Contractor shall be entitled to reasonable remuneration based on the time required. The Contractor may not delay the provision of the services owed by it. This does not make the fulfilment of the contract dependent on the client recognising and/or paying a certain remuneration in advance.
5.7. At the justified request of the Client, the Contractor shall provide the Client with all necessary information to prove compliance with the obligations incumbent on the Contractor under Article 28 GDPR.
5.8. Should the Client's data at the Contractor be jeopardised by seizure, confiscation, insolvency or composition proceedings or by other events or measures by third parties, or if corresponding measures have been taken, the Contractor shall inform the Client of this immediately and comprehensively, unless it is not permitted to do so by law. Furthermore, the Contractor is obliged to inform all relevant third parties in this respect that the data is personal data for which the Client is the controller and that the Contractor itself is only acting as a processor.
6.1. The Contractor shall take all measures required in accordance with Art. 32 GDPR, in particular suitable technical and organisational measures, to ensure a level of protection appropriate to the risk of data processing. It shall demonstrate compliance with these requirements to the Client by suitable means at the latter's request.
6.2. The Contractor is authorised to adapt to changed technical or legal circumstances. The Contractor shall inform the Client immediately of any changes that may mean a reduction in the level of protection.
7.1. The Contractor shall use sub-processors for the processing, which shall be notified to the Client.
7.2. The Contractor shall inform the Client in text form of any changes to the commissioning of subcontracted processors. The Client may object to the change within a period of two weeks from receipt of the information. The Contractor shall not implement the change before the expiry of the objection period. In the event of an objection, the Contractor shall be entitled to terminate the order processing contract with a notice period of at least one month, provided that the change would have been reasonable for the Client and the objection is unreasonable for the Contractor. Reasonableness for the client is given if the change would not have caused any disadvantages for him and in particular if it had been ensured that the requirements of this contract and the GDPR would have continued to be complied with when implementing the change. Unreasonableness for the contractor is given if it provides its order processing services as an essentially uniform process for a large number of clients and individual deviations in the sub-processors are not easy for the contractor to implement (e.g. all clients use the same, standardised software platform).
7.3. The Contractor shall comply with the conditions set out in paragraphs 2 and 4 of Art. 28 GDPR for any sub-processors. It shall also ensure that the contractual agreements otherwise made with the Client in this respect and any supplementary instructions of the Client are also complied with by the sub-processors. He must provide evidence of this to the client upon request.
8.1. The Contractor shall, to the extent permissible, inform the Client immediately of any inspection activities and measures of a (supervisory) authority insofar as they relate to this contract. This applies in particular if an authority investigates the contractor in the context of administrative offence or criminal proceedings relating to the commissioned processing.
8.2. Insofar as the client, for its part, is subject to an inspection under (supervisory) misdemeanour or criminal proceedings, a liability claim by a data subject, or a third party or any other claim in connection with the commissioned processing of the Contractor, the Contractor shall support the Client to the extent necessary. For the services to be provided in this respect, the Contractor shall be entitled to a reasonable fee based on the time spent, unless and insofar as it is not responsible for the corresponding control, etc. The Contractor may not make the provision of the services owed by it dependent on the Client recognising and/or paying a certain remuneration in advance.
The Contractor shall not be entitled to any separate remuneration for the services provided by it under this contract, unless otherwise agreed in this contract.
The term of this contract is based on the term of the main contract. It can only be cancelled separately from the main contract for good cause, unless this contract or mandatory statutory provisions stipulate otherwise.
11.1. After completion of the provision of the processing services, the Contractor shall either delete or return all personal data at the Client's discretion and delete the existing copies, unless there is an obligation to store the personal data under Union law or the law of the Member States to which the Contractor is subject. The Contractor shall confirm to the Client that the deletion has been carried out in accordance with the Client's instructions.
11.2. The client has the right to check the complete and contractual return and deletion of the data at the contractor.
11.3. Any right of retention of the Contractor with regard to the processed data and the associated data carriers is otherwise excluded.
The liability of the parties shall be governed by the agreements in the main contract. The direct liability of the parties to a data subject under statutory data protection provisions remains unaffected.
13.1. The Contractor shall be obliged to notify the Client in text form of any breach of data protection regulations, the agreements made and/or the instructions issued without delay, at the latest 24 hours after first becoming aware of it. The corresponding notification shall contain at least the following information:
13.1.1. A description of the nature of the breach, including, where possible, the type and amount of data involved and categories of data subjects;
13.1.2. The name and contact details of the data protection officer or other contact point for further information;
13.1.3. A description of the likely consequences of the personal data breach;
13.1.4. A description of the measures taken or proposed to be taken by the controller to address the personal data breach and, where appropriate, measures to mitigate its possible adverse effects;
13.2. Any necessary notification to a supervisory authority or information of data subjects shall be the sole responsibility of the Client. The Contractor shall co-operate in this to the extent necessary.
13.3. The Contractor is further obliged to immediately clarify the breach to the extent necessary and to provide the Client with corresponding documentation. The documentation shall include a description of the measures taken by the Contractor to prevent further breaches and why it is of the opinion that the measures taken are sufficient to fulfil the requirements of this contract and the statutory provisions.
14.1. The Contractor shall, to the extent possible and reasonable, support the Client with appropriate technical and organisational measures to comply with its obligation to respond to requests to exercise the rights of data subjects referred to in Chapter 3 of the GDPR. For this purpose;
14.2. The Client shall inform the Contractor in text form which support action of the Contractor it requires and to provide the Contractor with the data required to fulfil the request. If a party requires further information from the other party, it shall inform the other party immediately in text form. The Contractor shall provide its assistance within a reasonable period of time so that the Client can meet the deadlines incumbent upon it. The Contractor shall inform the Client immediately, stating the reasons, if it is unable to provide the requested assistance.
14.3. If a data subject should contact the Contractor directly to exercise the rights to which they are entitled under Chapter 3 of the GDPR, the Contractor shall refer them to the Client, insofar as it is possible to assign them to the Client. If it is not possible for the Contractor to identify the data subject and the Contractor is not directly obliged to the data subject as the controller under Chapter 3 of the GDPR, the Contractor shall inform the data subject that it is acting as a processor for third parties and that it cannot identify the third party with regard to the data subject. If and to the extent that the contractor is itself obliged to the data subject as the controller under Chapter 3 of the GDPR, the fulfilment of the corresponding obligations is the sole responsibility of the contractor as the controller.
14.4. The Contractor shall be entitled to reasonable remuneration based on the time required for the services to be provided for the Client in accordance with this Part V, Section 3.4. The Contractor may not make the provision of the services owed by it dependent on the Client recognising and/or paying a certain remuneration in advance.