the
envivo.io GmbH
Adalbert-Stifterweg 30
85570 Markt Schwaben
Germany
These general terms and conditions apply to all contracts between envivo.select GmbH (hereinafter referred to as the contractor) and the client for the use of the online-based software envivo. Deviating general terms and conditions of the Client shall not be recognised by the Contractor – subject to express consent.
The offer is aimed exclusively at companies.
The contractor does not conclude contracts with consumers or private individuals. Unless otherwise agreed, all prices are net prices plus VAT. the statutory value added tax. A right of withdrawal is not granted.
The Contractor offers the envivo software to the Customer for use via the Internet against payment. The content provided within envivo is continuously developed. The scope and type of further development are based on the legally required framework and are at the discretion of the contractor. There is no entitlement to specific functions.
In order to use the services of envivo, the customer must first create a customer account (conclusion of contract). Within the scope of the registration the client has to answer the requested information truthfully and to choose a package suitable for him.
After successful registration, the client can use the software within the scope of the package booked by him.
The Contractor shall be entitled to publicly present the cooperation for the purpose of self-promotion in an appropriate manner using the Client's logo and to advertise the business relationship with the Client.
The use of envivo is compensated by a fixed monthly, quarterly or annual flat rate. For the provision of services going beyond this (effort-related services), invoicing shall be based on the time spent. For the rest, prices and terms of payment are to be taken from the offer and depend on the package booked in each case.
The following terms of payment shall apply to the contracts between the Contractor and the Client:
Fees for continuing obligations with periodically recurring payments (in particular the flat rates in the sense of item 3) are due monthly or annually in advance by the 1st working day of the beginning month/quarter/year, depending on the package selected, and for new customers on the day the contract is concluded. Due and paid fees for not fully used or started months (e.g. due to cancellation) will not be refunded; legally mandatory refund claims – esp. for the use of the service – will not be refunded. due to mandatory liability, withdrawal, rescission or warranty for defects – remain unaffected. Charges for effort-related services within the meaning of Item 3 shall be due after the end of the calendar month in which the services were rendered.
Payment is made by credit card (VISA, Mastercard) or by Paypal. In the case of credit card payments, the credit card deposited by the customer shall be debited with the agreed fee immediately after the due date as defined in the previous paragraph.
If a payment method fails, the customer's account will be blocked unless the customer asserts justified objections or rights of retention against the claim(s). The block will be lifted as soon as the fee owed has been paid or a deferral has been agreed. The blocking does not affect the term of the contract and does not release the customer from his obligation to pay.
Double payments or other overpayments will be credited to the customer's billing account and offset against the next billing due. If this settlement does not occur (e.g. in the case of termination) or the next settlement is more than 6 weeks in the future (e.g. in the case of annual payments), the customer can demand repayment within 6 weeks.
Refunds are generally made via the same payment method as the payment(s) in question (e.g. credit to credit card, PayPal or bank account). If the original payment method is no longer available (e.g. because the bank account has been closed), it is the customer's responsibility to notify us of this in good time.
The additional costs (e.g. chargeback fees) of a failed payment will be charged to the customer unless the customer is not responsible for them; the customer is at liberty to prove that no or a lesser loss has been incurred.
Invoices and other communications within the meaning of this clause shall be sent to the customer by e-mail. Invoices are formatted as PDF documents.
The contractor is entitled to assign due claims against the customer arising from this contractual relationship to third parties.
Unless otherwise provided, the term of the contract shall be determined by the payment frequency chosen by the customer. The term for contracts with annual payment is therefore one year (annual package); the term for contracts with monthly payment is one month (monthly package). Annual packages can be cancelled with a notice period of one month to the end of the term. Monthly packages can be cancelled until the last day of the month in question.
Cancellations can be made in writing or in text form (e.g. by e-mail, contact form or letter). If the contract is not terminated in due time, it is automatically extended by the originally booked term. The term begins with the activation of the envivo customer account.
The right to extraordinary termination without notice for good cause remains unaffected. For the Contractor, good cause justifying extraordinary termination of this Service Agreement shall be deemed to exist in particular if the Customer fails to perform a required act of cooperation for the performance of this Service Agreement within a reasonable period of time determined by the Contractor, books a package that is not permitted for his company or uses the software for several companies without having booked a corresponding tariff. A reason for extraordinary termination without notice also exists if the client is at least 7 working days in arrears with the payment of a due instalment or part thereof.
The Contractor shall be liable without limitation for any legal reason in the event of intent or gross negligence, intentional or negligent injury to life, limb or health, on the basis of a guarantee promise, unless otherwise regulated in this respect, or on the basis of mandatory liability.
If the Contractor negligently breaches a material contractual obligation, liability shall be limited to the foreseeable damage typical for the contract, but not more than EUR 50,000, unless liability is unlimited pursuant to the preceding paragraph. Material contractual obligations are obligations which the contract imposes on the Contractor according to its content in order to achieve the purpose of the contract, the fulfilment of which makes the proper performance of the contract possible in the first place and on the observance of which the Client may regularly rely.
Otherwise, any liability on the part of the contractor is excluded.
The above liability provisions shall also apply with regard to the Contractor's liability for its vicarious agents and legal representatives.
The Customer shall indemnify the Contractor against any claims of third parties – including the costs of legal defence in their statutory amount – which are asserted against the Contractor on the basis of actions of the Customer which are contrary to law or to the contract.
Both parties shall observe the applicable data protection provisions, in particular those valid in Germany, and shall oblige their employees deployed in connection with the contract to observe data secrecy in accordance with Section 5 of the German Federal Data Protection Act (BDSG), insofar as they are not already generally obliged to do so.
If the customer collects, processes or uses personal data itself or through the contractor, it shall be responsible for ensuring that it does so in accordance with the applicable data protection laws, in particular those of the Federal Republic of Germany. data protection regulations and, in the event of a breach, shall indemnify the Contractor against claims by third parties.
The law of the Federal Republic of Germany shall apply to the contracts between the Contractor and the Client.
If the client has no general place of jurisdiction in Germany, the parties agree that Munich shall be the place of jurisdiction for all disputes arising from this contractual relationship. Exclusive places of jurisdiction remain unaffected.
The Contractor shall be entitled to amend these General Terms and Conditions for factually justified reasons (e.g. changes in jurisdiction, legal situation, market conditions or corporate strategy) and subject to a reasonable period of notice. Existing customers will be notified by e-mail no later than two weeks before the change takes effect. If the existing customer does not object within the period set in the notice of change, his consent to the change shall be deemed to have been given. The notification of the intended amendment of these GTC will refer to the deadline and the consequences of the objection or its absence.
BETWEEN
– in the following: Client
AND
Envivo.select GmbH
Marketplace 25
85570 Markt Schwaben
– hereinafter: Order taker –
1.1
The subject of this contract is the processing of personal data on behalf of the contractor (Art. 28 DSGVO). The person responsible in the sense of Art. 4 No. 7 DSGVO is the client. The order details can be found in Appendix 1.1.2.
The processing of the contractual personal data outside the European Union is only permitted if the legal requirements of Art. 44 et seq. DSGVO are given and the client has agreed.1.3
The Contractor may aggregate the data provided by the Client and additionally obtained in the course of its performance of services for purely statistical purposes and publish statistics therefrom without naming the Client and in its own name. This is limited to exclusively anonymised, aggregated data without any personal reference.
2.1
The term of this contract is based on the term of the main contract. Where processing operations continue to be carried out after the termination of the main contract, that contract shall continue to apply to the processing operations concerned. An ordinary termination of the present contract independent of the main contract is not permitted. The right of extraordinary termination without notice for good cause remains unaffected.
3.1
The Client shall have a comprehensive right to issue instructions to the Contractor regarding the type, scope and modalities of data processing. The Contractor shall inform the Client without delay if it is of the opinion that an instruction of the Client violates statutory provisions. If an instruction is issued whose legality the Contractor substantially doubts, the Contractor shall be entitled to temporarily suspend its execution until the Client again expressly confirms or amends it. If there is a possibility that the Contractor will be exposed to a liability risk by following the instruction, the execution of the instruction may be suspended until the liability in the internal relationship has been clarified.3.2
Instructions must always be given in writing or in an electronic format (e.g. by e-mail). Verbal instructions are permissible in justified individual cases and shall be confirmed by the Client immediately in writing or in an electronic format. The confirmation shall expressly state the reasons why no written instruction could be given. The Contractor shall record the person, date and time of the verbal instruction in an appropriate form.3.3
At the request of the Contractor, the Client shall appoint one or more persons authorised to issue instructions. The contractor must be informed immediately of any changes in personnel.
4.1
The Client shall be entitled to check compliance with the statutory and contractual provisions on data protection and data security to the necessary extent before the start of data processing and regularly during the term of the contract. The client shall ensure that the control measures are proportionate and do not affect the contractor's operations more than necessary.4.2
The results of the checks and instructions shall be recorded by the contracting authority in an appropriate manner.
5.1
The processing of the contractual data by the Contractor shall be carried out exclusively on the basis of the contractual agreements in conjunction with any instructions issued by the Client. Any processing that deviates from this is only permitted on the basis of mandatory European or member state legal provisions (e.g. in the case of investigations by law enforcement or state protection authorities). Where processing is necessary on grounds of mandatory law, the contractor shall notify the contracting authority thereof prior to the processing, unless the law in question prohibits such notification on grounds of substantial public interest.5.2
The Contractor shall ensure that the persons authorised to process the personal data have committed themselves to confidentiality or are subject to an appropriate statutory duty of confidentiality (Art. 28 para. 3 lit. b DSGVO). The persons concerned may not have access to the personal data provided by the contracting authority before they have submitted to the obligation of confidentiality.5.3
In the case of maintenance, remote maintenance and/or IT error analysis, access to the client's data is to be avoided wherever possible. If data access is unavoidable, the client must limit data access to the minimum.
6.1
The contractor has defined appropriate technical and organisational measures to ensure an adequate level of protection. The measures described there were selected in compliance with the requirements of Art. 32 DSGVO. The Contractor shall review and adapt the technical and organisational measures as required and / or on an ad hoc basis.6.2
The technical and organisational measures are documented on the following website office.envivo.io/security6.3
Insofar as services are provided in the area of maintenance, remote maintenance and/or IT fault analysis, the following provisions shall apply in addition:6.4
Contractor employees shall use appropriate identification and encryption procedures. Before carrying out the work, the Client and the Contractor shall agree on any necessary data backup measures.6.5
All services shall be documented and recorded by the contractor.6.6
Active data (productive data, e.g. data of the customer, network data for the provision of the customer's telecommunication service) may only be used at the express request of the customer and only for error analysis purposes. This data may only be used on the equipment provided by the client or on equipment of the contractor that has been previously approved by the client for this purpose. Active data may not be copied in text form onto mobile storage media (PDAs, USB memory sticks or similar devices) without the express consent of the client.
7.1
The Contractor shall notify the Client in accordance with. Art. 28 para. 3 lit. e GDPR in its obligations to protect the rights of data subjects under Chapter III, Art. 12 – 22 GDPR. This applies in particular to the provision of information and the deletion, correction or restriction of personal data. The Contractor shall also inform the Client in accordance with. Art. 28 para. 3 lit. f DSGVO with its obligations according to Art. 32 – 36 DSGVO (in particular notification obligations). The scope of these obligations to assist shall be determined on a case-by-case basis, taking into account the nature of the processing and the information available to the contractor.
8.1
The Contractor is entitled to use subcontractors (subprocessors). The Contractor shall provide information on existing subcontractor relationships via the following website: office.envivo.io/security8.2
If the Contractor intends to use further subcontractors, it shall notify the Client of this in good time – but no later than two weeks – prior to their use in written or electronic form. The client has two weeks after this notification to object to the involvement of the subcontractor(s). If no objection is raised within this period, the use of the subcontractor(s) shall be deemed to have been approved. In the event of an objection, the subcontractors concerned may not be used. Objections shall only be admissible if the Client has reasonable grounds to believe that the use of the subcontractor would restrict data security or data protection, jeopardize compliance with statutory or contractual provisions and/or be contrary to other legitimate interests of the Client; the relevant grounds for suspicion shall be attached to the objection.8.3
Subcontractors shall be selected by the Contractor in compliance with the statutory and contractual requirements. All contracts between the processor and the sub-processor (subcontracts) must comply with the statutory provisions on the processing of personal data on behalf; this concerns in particular the implementation of appropriate technical and organisational measures in accordance with Art. 32 GDPR in the subcontractor's business. Ancillary services used by the contractor to carry out its business activities do not constitute subcontracting relationships within the meaning of Art. 28 GDPR. Ancillary activities in this sense are, in particular, telecommunications services without any specific reference to the main service, postal and transport services, maintenance and user service as well as other measures which are intended to ensure the confidentiality and/or integrity of the hardware and software and which have no specific reference to the main service. However, the Contractor shall also ensure compliance with the statutory data protection standards (in particular by means of corresponding confidentiality agreements) for these third-party services.8.4
All contracts between the Contractor and the Sub-processor (sub-contracts) shall comply with the requirements of this Contract and the statutory provisions relating to the processing of personal data on behalf of the Contractor.8.5
The commissioning of subcontractors in third countries is only permitted if the legal requirements of Art. 44 et seq. DSGVO are met and the client has given its consent.8.6
Active data (productive data, e.g. data of the customer, network data for the provision of the customer's telecommunication service) may only be used at the express request of the customer and only for error analysis purposes. This data may only be used on the equipment provided by the client or on equipment of the contractor that has been previously approved by the client for this purpose. Active data may not be copied in text form onto mobile storage media (PDAs, USB memory sticks or similar devices) without the express consent of the client.
9.1
Violations of this contract, of the client's instructions or of other provisions of data protection law shall be notified to the client without delay; the same shall apply in the event of a corresponding justified suspicion. This obligation applies irrespective of whether the breach was committed by the Contractor itself, a person employed by it, a sub-processor or any other person used by it to perform its contractual obligations.9.2
If a data subject, an authority or any other third party requests the Contractor to provide information, rectification, restriction of processing or deletion, the Contractor shall forward the request to the Customer without delay; in no case shall the Contractor comply with the data subject's request without the Customer's instruction / consent.9.3
The Contractor shall inform the Client without delay if supervisory actions or other measures of an authority are imminent, which could also affect the processing, use or collection of the personal data provided by the Client. In addition, the Contractor shall inform the Client without delay of any events or measures taken by third parties which could endanger or impair the data covered by the contract.
10.1
After completion of the contractual data processing or after termination of this contract, the Contractor shall delete or return all personal data at the discretion of the Client, provided that there is no longer any legal or contractual obligation to store the data in question (e.g. statutory retention periods).
11.1
The contractor is obliged for an unlimited period and beyond the end of this contract to treat the personal data obtained within the framework of the present contractual relationship as confidential. The Contractor undertakes to familiarise its employees with the relevant data protection provisions and rules on the protection of secrets and to oblige them to maintain confidentiality before they commence their activities with the Contractor.
12.1
The Contractor shall not be liable vis-à-vis the Client in the internal relationship if the data processing/measure giving rise to liability was carried out as a result of an instruction from the Client. The same applies to measures that have been agreed with the client (e.g. TOMs in accordance with Art. 32 GDPR). It shall also be deemed to be a vote if a provision in this Agreement has been inserted at the request of the Principal.12.2
The client shall ensure that the original collection of the data processed under the contract is lawful. In particular, he must obtain any necessary consents completely and correctly. If a claim is made against the Contractor in the external relationship due to a breach of this obligation, the Client shall be liable to it in the internal relationship and shall indemnify it against any damage incurred.12.3
In all other respects, the statutory liability provisions (in particular Art. 82 DSGVO) shall remain unaffected.
13.1
Amendments to this Agreement and any ancillary agreements must be in writing or electronic form and must clearly indicate that they are intended to amend or supplement these Terms and Conditions and what amendment or supplement they are intended to effect.13.2
Should the GDPR or other legal regulations referred to change during the term of the contract, the references here shall also apply to the respective successor regulations.13.3
Should individual parts of this agreement be or become invalid, this shall not affect the validity of the remaining provisions.
1.This contract includes (if applicable in connection with the main contract) the following services: Provision of a cloud-based system (envivo) as a Software as a Service (SaaS) solution.2.The following types of data are regularly processed as part of the contractual provision of services:2.1Master data such as name and address2.2Contact data (telephone, e-mail)2.3Customer data2.4Invoice data2.5Order data2.6Payment data3The group of persons affected by the data processing is as follows:3.1Contact person / company representative3.2Employees3.3Customers3.4Potential customers
