Terms and Conditions (T&C) of CopeCart Pro Ltd.

Terms and Conditions (T&C) of CopeCart Pro Ltd.

Terms and Conditions (T&C) of CopeCart Pro Ltd.

These general terms and conditions for vendors and/or affiliates are divided into the following sections:

PART I - General Terms and Conditions for Vendors -
these apply if you want to offer products as a vendor through CopeCart Pro.com

PART II - General Terms and Conditions for Affiliates -
these apply if you want to advertise the products of our vendors as an affiliate;

Part III - General Rules for Vendors and Affiliates -
these apply to both vendors and affiliates;

Part IV - Order Processing by Vendors

Part V - Order Processing by CopeCart ProThe parties agree on the following definitions and interpretations in these

T&Cs:
Applicable Laws
means, in the applicable regions:
all laws, regulations, or other subordinate legislation;
and policies, guidelines, or industry codes of regulators responsible for a party or its assets, resources, or businesses (whether legally binding or not), applicable to the services, the platform, and/or the provision of the services or to which any party is subject;

Business Day
is a day that is not a Saturday, Sunday, or legal public holiday in the Republic of Ireland;

Start Date
means the date of this agreement;

Confidential Information
refers to all information, however conveyed or presented, relating to the business, affairs, operations, processes, budgets, pricing policies, product information, strategies, developments, trade secrets, know-how, personnel, customers, and/or suppliers of the disclosing party, along with any information derived by the receiving party from such information, and any other information that is expressly designated as confidential by either party (whether marked as "confidential" or not) or ought reasonably to be considered confidential;

Data Protection Laws
refers to all applicable laws on the processing, protection of privacy, and/or use of personal data applicable to any of the parties or the services, including the General Data Protection Regulation, the Data Protection Acts 1988 to 2018; any laws implementing or supplementing those laws; any laws that amend, extend, re-enact, consolidate, or replace any of the aforementioned laws; and any guidance, guidelines, and codes of conduct issued by the relevant data protection supervisory authorities relating to such data protection laws (whether legally binding or not);

Data Protection Authorities
refers to any supervisory authority, data protection authority, or body responsible for the application of data protection laws;

End User
refers to any person authorized by you as the vendor to use the services, including employees, agents, and consultants of the customers;

Fees
refers to the charges payable under this agreement;

Good Industry Practice
means, in relation to any company and any circumstance, the standard of professionalism, skill, care, diligence, and foresight that might reasonably be expected from a company engaging in the same type of activity under the same circumstances;

Services
refers to the configuration, demonstration, integration, migration, and/or customization services provided by the provider in relation to the platform;

Intellectual Property Rights
means copyrights, patents, rights to inventions, trademarks, service marks, trade names, design rights, rights to layout, database rights, rights to data, semiconductor topography rights, mask works, utility models, domain names, rights in computer software, and all similar rights of any nature and, in each case: (i) whether registered or not, (ii) including any applications for protection or registration of such rights, (iii) including any extensions and renewals of such rights or applications, (iv) whether existing, contingent, or future, and (v) wherever they exist;

Malicious Code
refers to any program or code that may prevent, impair, or otherwise adversely affect the operation, reliability, performance, or security of programs, computers, systems, software, code, data, or other information (including viruses, worms, trojan horses, spyware)

Customer Data
means any data, information, and content, either: provided by the customer or an end-user to the provider in accessing, using, or receiving the services or otherwise provided in connection with this agreement; strictly and solely for: the provision of the services for the benefit of the customer or its end-users; or the customer's or its end-users' access to the services; and customer confidential information, in the possession or under the control of the supplier, any direct or indirect subcontractor of the supplier, or any employee of the supplier;

Customer Defaults
means a failure or delay by the customer in fulfilling its obligations and/or responsibilities;

Personal Data
has the meaning given in the applicable data protection laws;

Platform
refers to the IT infrastructure, code/coding, know-how, domain hosting, design, and other facilities utilized to enable the company to own, control, and operate a website, including for the purpose of transmitting contributor's content and selling products, goods, and services on the website;

Proposed Date for the Commencement of Service(s)
means the date on which the vendor's application is accepted by the company at its sole discretion.

Protected Data
refers to personal data received by or for the customer or its end-users in connection with fulfilling the supplier's obligations under this agreement;

Service Hours
24 hours of the day;

Service Levels
is the performance level required from the supplier;

Services/Service(s)
means: (a) the services along with the fulfilment of all other obligations of the supplier under this agreement, which may each be adjusted from time to time in accordance with this agreement;

Update
means any new version of the platform and/or the services made available to correct errors or bugs in the platform and/or the services, including separate hotfixes, maintenance patches, or bug fixes;

VAT
means Irish value-added tax, any other tax levied in its place, and any equivalent or similar tax levied outside of Ireland.

Interpretations
- a reference to this agreement includes its schedules and appendices (if any);
- a reference to a "party" includes that party's successors and permitted assigns;
- The table of contents and the headings of paragraphs, clauses, schedules, or other items in this agreement are for convenience only and do not affect their interpretation; Words in the singular include the plural and vice versa;
- all words following "includes", "including", "in particular", or similar words are to be understood as illustrative and do not limit the meaning of the preceding words, terms, definitions, or descriptions;
- The term "written" or "in writing" includes any method by which words are reproduced in a legible and non-transitory form;
- a reference to legislation is a reference to that legislation as amended, extended, re-enacted, or consolidated from time to time;
- a reference to legislation includes all subordinate legislation made from time to time under that legislation;
- and a reference to an Irish proceeding, remedy, lawsuit, court, officer, legal document, status, doctrine, term, or matter in relation to any other jurisdiction than Ireland shall be deemed to be a reference to what most closely approximates to the Irish equivalent in that other jurisdiction.‍

These terms and conditions for vendors and/or affiliates are divided into the following sections:

PART I - General Terms and Conditions for Vendors -
these apply if you wish to offer products as a vendor via CopeCart Pro.com

PART II - General Terms and Conditions for Affiliates -
these apply if you wish to promote our vendors' products as an affiliate;

Part III - General Rules for Vendors and Affiliates -
these apply to both vendors and affiliates;

Part IV - Order Processing by Vendors

Part V - Order Processing by CopeCart ProThe parties agree on the following definitions and interpretations in these

terms and conditions:
Applicable Laws
means applicable in the respective regions:
all laws, regulations, or other subordinate legislation;
and policies, guidelines, or industry codes of regulatory authorities that are applicable to any party or its assets, resources, or business (irrespective of whether they are legally binding or not), which apply to the services, the platform and/or the provision of the services or to which either party is subject;

Business Day
is a day that is not a Saturday, Sunday, or a public holiday in the Republic of Ireland;

Start Date
means the date of this agreement;

Confidential Information
means all information, regardless of how it is communicated or represented, which relates to the business, affairs, operations, procedures, budgets, pricing policies, product information, strategies, developments, trade secrets, know-how, personnel, customers, and/or suppliers of the disclosing party, together with all information that the receiving party derives from such information, as well as all other information that is expressly identified as confidential by a party (irrespective of whether it is marked as “confidential” or not) or which should reasonably be considered confidential;

Data Protection Laws
means all applicable laws regarding the processing, protection of privacy, and/or use of personal data applicable to either party or the services, including: the General Data Protection Regulation, data protection laws from 1988 to 2018; any laws that implement or supplement these laws; any laws that replace, extend, re-enact, consolidate, or amend any of these laws, and any guidance, guidelines, and codes of conduct issued by relevant data protection supervisory authorities related to these data protection laws (whether legally binding or not);

Data Protection Supervisory Authorities
refers to any supervisory authority, data protection authority or entity responsible for the application of data protection laws;

End Consumer
means any person authorized by you as a vendor to use the services, including employees, agents and advisors of the customers;

Fees
means the fees payable under this agreement;

Good Industry Practice
means, in relation to any business and any circumstance, the standard of professionalism, skill, care, prudence, and foresight that can be expected from a business performing the same type of activity under the same circumstances;

Services
means the configuration, demonstration, integration, migration, and/or customization services provided by the supplier in relation to the platform;

Intellectual Property Rights
means copyright, patents, rights to inventions, trademarks, service marks, trade names, design rights, rights to get-up, database rights, rights to data, semiconductor topography rights, mask works, utility models, domain names, rights to computer software and all similar rights of any kind and, in each case: (i) whether or not they are registered, (ii) including all applications for protection or registration of such rights, (iii) including all renewals and extensions of such rights or applications, (iv) whether existing, contingent, or future, and (v) wherever they exist.

Malicious Code
refers to any programs or codes that may prevent, impair, affect the reliability, destroy, damage, interrupt, corrupt, or have undesirable effects on programs, computers, systems, software, codes, data or other information (including any viruses, worms, trojan horses, spyware)

Customer Data
means all information, data, and content either: provided by the customer or an end-user to the supplier when accessing, using, or receiving the services or otherwise in connection with this agreement; specifically and exclusively for: the provision of services in favor of the customer or its end-users; or the customer's or its end-users' access to the services; and Confidential Information of the customer that is in the possession or control of the supplier, a direct or indirect subcontractor of the supplier, or an employee of the supplier;

Customer Default(s)
means a failure or delay by the customer in fulfilling its obligations and/or responsibilities;

Personal Data
has the meaning set out in the applicable data protection laws;

Platform
means the IT infrastructure, the code/coding, the know-how, the domain hosting, the design, and other arrangements used to enable the company to own, control, and operate a website, inter alia, for the purpose of transmitting the content of contributors and selling products, goods, and services on the website;

Proposed Date for Commencement of Service(s)
means the date on which the vendor's application is accepted by the company at its sole discretion.

Protected Data
means personal data received from or on behalf of the customer or its end-users, or otherwise obtained in connection with the supplier's fulfillment of its obligations under this agreement;

Service Times
24 hours a day;

Service Levels
is the level of performance required from the supplier;

Services/Service(s)
means: (a) the services along with the fulfillment of all the supplier's other obligations under this agreement, which may be amended from time to time in accordance with this agreement;

Update
means any new version of the platform and/or services provided to correct errors or bugs in the platform and/or services, and includes any separate hotfixes, maintenance patches, or bug fixes;

VAT
means the Irish value-added tax, any other tax levied in its place, and any equivalent or similar tax levied outside of Ireland.

Interpretations
- a reference to this agreement includes its schedules and annexes (if any);
- a reference to a “party” includes the successors and permitted assigns of that party;
- The table of contents and headings of paragraphs, sections, schedules, or other parts in this agreement are for convenience only and do not affect interpretation; Words in the singular include the plural and vice versa;
- all words following “includes”, “includes”, “including”, “in particular” or similar words and expressions are to be construed as illustrative and do not limit the meaning of words, phrases, terms, definitions, or descriptions preceding those words;
- The term “written” or “in writing” includes any method of reproducing words in a visible and non-transitory form;
- a reference to legislation is a reference to that legislation as amended, extended, re-enacted, or consolidated from time to time;
- a reference to legislation includes all subordinate legislation made from time to time under that legislation;
- and a reference to an Irish action, remedy, court proceeding, tribunal, officer, legal document, legal status, legal doctrine, legal term, or matter shall be construed, in respect of any jurisdiction other than Ireland, as a reference to the closest equivalent in that jurisdiction to the Irish counterpart.‍

  1. Subject of the Contract
    1.1. CopeCart Pro Ltd. offers entrepreneurial natural and legal persons (vendors, merchants, sellers, service providers, creators, etc.) the opportunity to use different conversion checkouts through which they can offer products and services for sale and manage activities and sales transactions with end customers. In sales transactions, CopeCart Pro Ltd. (the company, we, our, us, etc.) acts solely as a service provider in handling online transactions for products and services between a seller as a vendor ("you", "your", etc.) and customers as end customers. The following General Terms and Conditions (GTC) govern the use of our platform copecart-pro.com and all services to be provided by us.
    1.2. The General Terms and Conditions for platform use between the company and vendors explicitly provide that the company is fully indemnified against any claims by third parties concerning liability for products, the platform, alleged infringement of copyright, intellectual property, or know-how.
    1.3. Our service obligations include the activities and services listed below:
    1.3.1. We provide you the opportunity to publish, register, offer for sale, and promote your product(s) ("Product") or service(s) ("Service") on the copecart-pro.com platform. In relation to the end customer, you always act in your own name as the seller or provider of your service, based on your own general terms and conditions as well as privacy policies, thus remaining "Merchant of Record".
    1.3.2. Acceptance of the end customer's declaration of intent to conclude the contract in your name. Rejection of the end customer's offer to conclude the contract in his name if a payment service provider refuses the customer's payment due to lack of creditworthiness.
    1.3.3. Rejection of the end customer's offer to conclude the contract in his name if he or his residence violates applicable sanctions laws and regulations under current EU, US, or UK law.
    1.3.4. Making all other legally binding declarations and actions in this context, including sending the confirmation of the completion of the sales transaction in text form to the end customer and issuing the invoice, whereby in cross-border sales transactions, VAT is calculated at the applicable rate.
    1.3.5. Receipt of the agreed remuneration from end customers in your name by our payment service provider and forwarding by him to you after deduction of our fee.
    1.3.6. Mediation between you and the cooperating debt collection service provider, including transmission of the information required for collection purposes.
    1.3.7. The company can change the price plan associated with providing the services from time to time. Any proposed change to the price plan must be communicated to vendors at least 30 days in advance.
    1.4. You can use our services to promote your (potential) affiliates. The affiliate may engage in affiliate marketing within the possibilities granted by copecart-pro.com. Affiliate marketing is an internet-based form of distribution in which you provide your sales partners (affiliates) with promotional material that the affiliate can use on his websites or for advertising purposes via other channels such as keyword advertising or email marketing. Within the possibilities granted by Copecart-Pro.com, you can give third parties (so-called affiliates) the opportunity to advertise the products you offer. If you wish to grant such advertising opportunities, you agree to make only truthful, non-misleading statements that enable the lawful execution of the advertising measure.

  2. Registration
    2.1. In order to use the platform's services, the vendor must register according to the registration procedure provided on the platform.
    2.2. Registration as a vendor is only possible for natural and legal persons who are acting as businesses. To register, you must provide truthful information. We are entitled to require suitable proof of the accuracy of this information and your business status. We are also entitled to reject a registration application without stating reasons.
    2.3. If your data changes, you must update them promptly on our website.
    2.4. Notwithstanding the provisions in clause 2.2, registration of a vendor cannot take place if the vendor's registered business address violates applicable sanction lists under EU, US, or UK law.

  3. Collaboration with Third-Party Providers
    3.1. From time to time, the company may require vendors to collaborate with third-party providers. Examples include the use of a third-party payment service platform.

  4. Contract Conclusion
    4.1. We will act for you on the basis of these "General Terms and Conditions for Vendors" when you register on our platform CopeCart-Pro.com and agree to be bound by these "General Terms and Conditions for Vendors" by clicking the button to continue & complete registration.
    4.2. A prerequisite for concluding a contract for using our services is that you successfully complete the hosted KYC process of our payment service provider.
    4.3. Another prerequisite for concluding a contract for using our services is that your business address does not violate applicable sanctions laws and regulations under current EU, US, or UK law.

  5. Payment Processing and Compensation
    5.1. For all sales you make via our services, we receive a commission of 3.9%+1€ for each transaction, which our payment service provider deducts from the consideration received from the end customer in our favor and pays it to us. The basis for calculating the commission is the gross invoice amount in euros (invoice value plus VAT). The gross invoice amount is the remuneration payable by the end customer in euros after taking into account discounts. Additional costs, such as freight, shipping, insurance, etc., are not part of the consideration payable by the end customer for calculating the commission we are entitled to.
    5.2. In general, 80% of your revenue will be paid out through our payment service provider after the expiry of the 14-day withdrawal period granted to the end customer. The remaining balance will be released for payment after a further 40 days. Payment is based on the data provided by you on our website. Objections to our billing must be communicated to us no later than 14 days after the bill was issued. After that, the amount is considered approved.
    5.3. Payouts only occur above an amount of 50 Euro per compensation settlement and, regardless of the amount, upon termination of the contract according to the due date regulation.
    5.4. The compensation payable to each of your affiliates is paid by our payment service provider in your name to the affiliate in the currency of the mediated transaction at the exchange rate applicable at the time of the end customer order. Additional fees may apply depending on the currency.
    5.5. The share payable to your joint venture partner from your joint venture agreement(s) is paid by our payment service provider in your name and for your account in the currency of the mediated transaction at the exchange rate applicable at the time of the end customer order. Additional fees may apply depending on the currency.
    5.6. We provide a monthly detailed statement of payments received by our payment service provider, deductions of outstanding claims owed by us, and the amount of compensation paid to affiliated companies and joint venture partners. A positive balance will be offset by our payment service provider within 15 days of payment receipt in the currency of the mediated business at the exchange rate at the time of the end customer order by transfer to the account specified by you.
    5.7. Compensation based on a breach of provisions. Services paid under this contract or where it subsequently becomes apparent that the conditions for them were not met can be reclaimed.

  6. Offering of Products and Services, Transfer of Rights
    6.1. Once registered, you can create products on the platform, the checkout of which you can use for your end customers.
    6.2. We decide at our discretion whether we publish these products on our platform.
    6.3. You are the provider of the created products. The sale transaction is concluded directly between you as the merchant and the buyer ("end customer").
    6.4. There is no claim that your product or all products will be published and/or advertised via our platform.
    6.5. Furthermore, we provide you or the affiliates technical functions for selling the products at our discretion, which also allow sales on other websites or through other channels (e.g. telephone sales).
    6.6. Should we come to a justified conclusion at our discretion that you violate the provisions of this contract and thus prevent us from legally publishing your products and legally mediating the product, we will block access to your products and inform you of this blockade and the reasons for it.
    6.7. You guarantee that your products are available within the European Union, can be marketed and offered, and meet all applicable legal requirements. The corresponding obligation also applies to all other countries where your products are offered.
    6.8. If you wish to use our platform to sell or mediate a product, you are required to provide all information requested by us in the corresponding input form. This includes specifically the following information:
    6.8.1. Name of the product;
    6.8.2. Sales price;
    6.8.3. Description of the product;
    6.8.4. Availability and duration of the contract;
    6.8.5. Any shipping costs that may be incurred;
    6.8.6. Legally required information that must be observed when advertising the product;
    6.8.7. Texts and images for free advertising for the product;
    6.8.8. Legally correct classification of the product, e.g. regarding the applicability of the distance education protection law and the right of withdrawal for consumers, i.e. in particular, whether it is digital content or digital services, or a product with peculiarities regarding the right of withdrawal.
    6.9. You are required to promptly update your products after each change and must comply with legal requirements at all times. You will inform us immediately if any of your products do not meet legal requirements or the requirements of this contract or if third parties claim this or an infringement of their rights.
    6.10. You are liable for incorrect or incomplete information or data. Please therefore check after setting up your product whether all required information has been entered and is correct. The information provided by you enables us to provide our services to you and the end customers in compliance with the law.
    6.11. If you provide us with information, data, and if applicable, other content, you grant us worldwide rights free of charge to use them for the purpose of executing this contract in online and offline media.

  7. Provision of Platform Services
    7.1. The company provides the vendor with access to the platform under the conditions of this agreement and fulfills its obligations set out therein to ensure that all services can be provided in accordance with the conditions of this agreement. Notwithstanding the foregoing, the company, as part of the services:
    7.1.1. …will be responsible for managing and carrying out the configuration, customization, integration, and provisioning of the platform on an end-to-end basis;
    7.1.2. …will regularly monitor the execution of all tasks mentioned on the platform;
    7.1.3. …proactively work to identify and resolve any issues to ensure timely completion of each task;
    7.1.4. …will be responsible for carrying out all configuration tasks required in connection with the provisioning of the platform;
    7.1.5. …ensure that it has completed all necessary development and internal testing; and
    7.1.6. …do everything necessary (including collaborating with a vendor) to provide the company with the platform to the vendors and end users.
    7.2. If at any time the company realizes that it cannot provide the services as described above or expects not to be able to provide them, it will inform the vendor promptly, stating (with reasonable detail) the reasons and causes for the delay as well as the proposed remedial actions, and allocate all reasonable resources to resolve or mitigate the delay.

  8. Ensuring Platform Services
    8.1. From the date the vendor's registration is completed and accepted by the company at its discretion, the company provides the platform in accordance with the provisions of this contract, good industry practice, and all applicable laws and makes it available.
    8.2. The vendor has the right to use the services in accordance with the conditions of this contract (and allow its end users to use them).
    8.3. The company undertakes all reasonable efforts to ensure that all planned maintenance work on the platform is carried out outside of normal business hours. If the company has to perform work within business hours, it will make all reasonable efforts to assist the vendor as far as possible to ensure that this work can be performed at as convenient a time as possible. The company makes all reasonable efforts to ensure that planned maintenance work interferes as little as possible with the customer and its end-users.

  9. Changes to Platform Services
    9.1. The company is entitled to upgrade or update the platform without prior customer approval if such an upgrade or update is necessary to:
    9.1.1. rectify a substantial defect, error, or mistake;
    9.1.2. address a known or foreseeable security vulnerability; or
    9.1.3. comply with applicable laws,
    9.2. A change to the platform according to paragraph 9 is considered planned maintenance within the meaning of this contract.
    9.3. Notwithstanding clause 9, the company, if it wishes to make essential and/or fundamental changes to the fee structure or functionality, will send the customer a change notice describing the change in reasonable detail, including a complete description of any changes to the functionality or features of the platform (if any), the time required to carry out the proposed changes, and a binding statement regarding the proposed changes to fees as a result of such change.
    9.4. The vendor has 7 days to terminate this contract if it does not agree with the changes to the platform under clause 9.3 and must communicate its intention to terminate the contract within 28 days (from the last day of the withdrawal period).
    9.5. During the entire contract period, the company provides the support services and any technical support that is required under this contract regarding the cloud services, and cannot declare any aspect of the cloud services as no longer available or no longer supported without the prior written consent of the customer.

  10. Service Levels
    10.1. The company undertakes all reasonable efforts to ensure that the services at all times meet the required service levels necessary to fulfill its obligations under these GTC according to its discretion.
    10.2. The company will continuously review the service levels, and if it reasonably concludes that either the service levels should be adjusted or that service levels should be applied to parts or segments of the services for which no service levels applied at the time of review, the service levels will be adjusted or a new service level implemented.

  11. Distribution of Digital Products
    11.1. If your product can be delivered digitally by us or accessed via a link, you must provide us with the relevant content or access when you supply the product to us.
    11.2. We are entitled to provide the end customers with access to these products according to the possibilities offered by you or allow their permanent storage. This includes the rights of reproduction, public access, provision on demand, dissemination, and reproduction using all technical and organizational means. Commercial exploitation and distribution forms: As far as technically necessary or economically required for contract performance, we are entitled to process the product to the required extent.
    11.3. If a product is a digital product, the following provisions apply, which take precedence over other provisions of your GTC in the event of conflicts:
    11.3.1. An end customer who is a consumer ("consumer end customer") can request immediate delivery of the product after contract conclusion. You must provide the corresponding services promptly. If you fail to comply with this obligation, the consumer end customer can terminate the contract with you.
    11.3.2. You have digital products that are provided in compliance with legal requirements. Offering digital products that do not meet these requirements is not permitted. If you believe that it is not possible to offer your product according to the above regulations, you must notify us and not allow us to offer the product.
    11.3.3. Statutory rights of recourse against you remain unaffected by these General Terms and Conditions.

  12. Joint Ventures of Vendors
    12.1. Two vendors can establish a joint venture partnership for a product by utilizing the functionalities of our platform. The applicant for establishing a joint venture is the vendor of the product (the "applicant"). The applicant remains our contractual partner for the respective product according to these terms. However, a reduction in the consideration owed to the applicant from the sale of the product must be agreed upon per the application to establish the joint venture. We are entitled to reject such an application without stating reasons.
    12.2. With the establishment of the joint venture, the applicant's payment claim is reduced by the claim of the vendor(s) named by the applicant ("beneficiary").
    12.3. We are not involved in the contract concluded by the applicant and the beneficiary for the purposes of the joint venture.

  13. Prohibited Products
    13.1. The following product categories are not allowed to be offered:
    13.1.1. Sexually explicit products;
    13.1.2. Alcohol, tobacco, and medications;
    13.1.3. Products that discriminate against third parties on the basis of ethnicity, gender, religion, nationality, disability, sexual orientation, or age;
    13.1.4. Products that infringe third-party rights, especially trademarks, patents, or other protective rights; products for which there are legal advertising bans or restrictions;
    13.1.5. Products that may only be sold to end customers after age verification (e.g. FSK 18 content);
    13.1.6. Any product classified as illegal or for which the vendor has not granted permission

  14. KYC, Taxes, and Obligations
    14.1. Before publishing your product, you must first undergo the identification process (Know Your Customer - KYC) offered by our payment service provider. This procedure is similar to the identification process that banks regularly require from their customers to prevent money laundering and ensure that you or your company (natural or legal person) can be identified as the seller and authorized payment recipient. Before publishing your product, you must also provide proof of your entrepreneurial status and payment of VAT by you or exemption from VAT (small business regulation). If additional proof is required due to your company's location to enable payments to you (e.g. to prevent money laundering), these documents must also be submitted in advance.
    14.2. Insofar as we are obligated to pay taxes or duties for remuneration to be paid to you, the compensation to be paid to you will be reduced by the corresponding amount, and we will make the appropriate payments to the responsible authorities. Otherwise, you are solely responsible for properly taxing your income.

  15. Data Protection, Use of Customers for Advertising Purposes, Double-Opt-In
    15.1. When creating a product on our platform, you must truthfully and in accordance with legal requirements specify which personal data of an end customer you require from us in order to serve your end customers within the scope of the distribution business with our services. If we provide you with personal data of an end customer in this context, you may only process these data to fulfill this purpose or if you are otherwise legally authorized to process them. If you act as a processor for us in this context, the processing agreement applies.
    15.2. You are prohibited from processing personal data of end customers in violation of privacy regulations, and violations of this provision entitle us to terminate the relationship with you without notice. Further claims remain unaffected.
    15.3. You may only use the personal data of end customers for advertising purposes if the legal requirements are met. The transmission of contact data by us does not authorize you to use this data for advertising purposes, such as email newsletters, without satisfying the necessary conditions. If we inform you that one of your customers has given us consent to receive a newsletter from you by email, we will not verify this opt-in using a double-opt-in method. We therefore recommend that you conduct a double-opt-in yourself to provide the evidence required by case law for obtaining an opt-in. Otherwise, you may not be able to prove that a customer actually consented to receive advertising emails.
    15.4. Where we offer you the opportunity to use the data provided for other internet offers (e.g., newsletter tools), it is your responsibility to establish the legal basis for this transfer and, if necessary, conclude any necessary agreements between you and the recipient of the data.

  16. Use of "CopeCart Pro" or "CopeCart-Pro.com"
    We authorize you to use the name "CopeCart Pro" or "CopeCart-Pro.com" only to the extent necessary to normally indicate that a product can be purchased through CopeCart-Pro.com. Any other use of our brands requires our prior approval.

  17. Third-Party Services
    If we offer you, at our discretion, the opportunity to transfer data from your account to services provided by third parties or receive data from them, we are not the provider of these services ourselves and are not responsible for them.18. IndemnificationYou hold us harmless, defend us, and fully indemnify us from all claims, proceedings, damages, costs, expenses, or liabilities arising from your use of this website and the platform or in connection with it.‍

PART II - General Terms and Conditions for Affiliates

  1. Subject Matter and Definitions
    The following General Terms and Conditions for Affiliates (collectively in Part II: "You", "Your", "Yours", etc.) govern the conclusion and content of the contract between you as an affiliate and a vendor who uses the services of CopeCart-Pro.com and for whom you work as an affiliate. A contractual relationship between you and us does not come into effect to this extent. By agreeing to participate in the platform as a user, you confirm that you have read these terms in conjunction with the General Terms and Conditions between the company and the vendor and that you are satisfied that you understand them and agree to be bound by them.

  2. Registration, Modification, and Deletion of a Registration
    2.1. A prerequisite for your activity as an affiliate is your registration on CopeCart-Pro.com.
    2.2. Registration as an affiliate is only possible for entrepreneurial natural and legal persons. You are obliged to provide truthful information for the registration. You can terminate your registration at any time with one week's notice. If your details change, you must update them promptly on our website.
    2.3. We are entitled to verify your entrepreneurial status as well as to check the accuracy of your information through suitable evidence. We are also entitled to reject and/or delete a registration application without providing reasons.

  3. Conclusion of the Contract
    3.1. We will act for you based on these "General Terms and Conditions for Affiliates" when you register on our CopeCart-Pro.com platform and agree to the validity of these "General Terms and Conditions for Affiliates" by clicking the button to proceed & complete the registration.
    3.2. A condition for the conclusion of the contract for using our services is that you successfully complete the hosted KYC process of our payment service provider.
    3.3. Another requirement for concluding a contract for using our services is that your business location does not violate applicable sanctions laws and regulations under current EU, US, or UK law.

  4. Payment Processing and Compensation
    4.1. Your claim for compensation is not against us but against the vendor. You have no claim for compensation if you are simultaneously a partner and seller of the same product.
    4.2. For all sales you make to end customers through our services, you have a commission agreement with the respective vendor. Our payment service provider pays the resulting commission to you by deducting it from the consideration paid by the end customer. A positive balance will be settled by our payment service provider no later than 15 days after receipt of payment in the currency of the mediated transaction at the exchange rate at the time of the end customer's order by transfer to the account you specified. The basis for determining your compensation is our billing system. You are entitled to provide counter-evidence.
    4.3. 80% of your commission will be refunded to you after purchase by the end customer. A 14-day cancellation right will be paid to you through our payment service provider. The remaining amount will be paid to you after an additional 40 days. Payment will be made based on the data you entered on our website. Any objections to our billing must be communicated to us no later than 14 days after the billing date. Thereafter, the payout amount is considered approved.
    4.4. A payment will only be made from an amount of 50 euros per compensation settlement and regardless of the amount upon termination of the contract in accordance with the maturity regulation. Compensation due to a violation of the provisions. Services paid under this agreement or for which it is subsequently revealed that the prerequisites for claiming them were not met may be reclaimed.

  5. Cooperation with Third-Party Providers
    5.1. Furthermore, you acknowledge that from time to time you must avail the services of third-party providers, such as payment service providers. You confirm that you have convinced yourself of the suitability of these services and that by agreeing to purchase products on their platform, you are bound by the terms of use (or others) of these third-party providers.

PART II - General Terms and Conditions for Affiliates

  1. Subject Matter and Definitions
    The following General Terms and Conditions for Affiliates (collectively in Part II: "You", "Your", "Yours", etc.) govern the conclusion and content of the contract between you as an affiliate and a vendor who uses the services of CopeCart-Pro.com and for whom you work as an affiliate. A contractual relationship between you and us does not come into effect to this extent. By agreeing to participate in the platform as a user, you confirm that you have read these terms in conjunction with the General Terms and Conditions between the company and the vendor and that you are satisfied that you understand them and agree to be bound by them.

  2. Registration, Modification, and Deletion of a Registration
    2.1. A prerequisite for your activity as an affiliate is your registration on CopeCart-Pro.com.
    2.2. Registration as an affiliate is only possible for entrepreneurial natural and legal persons. You are obliged to provide truthful information for the registration. You can terminate your registration at any time with one week's notice. If your details change, you must update them promptly on our website.
    2.3. We are entitled to verify your entrepreneurial status as well as to check the accuracy of your information through suitable evidence. We are also entitled to reject and/or delete a registration application without providing reasons.

  3. Conclusion of the Contract
    3.1. We will act for you based on these "General Terms and Conditions for Affiliates" when you register on our CopeCart-Pro.com platform and agree to the validity of these "General Terms and Conditions for Affiliates" by clicking the button to proceed & complete the registration.
    3.2. A condition for the conclusion of the contract for using our services is that you successfully complete the hosted KYC process of our payment service provider.
    3.3. Another requirement for concluding a contract for using our services is that your business location does not violate applicable sanctions laws and regulations under current EU, US, or UK law.

  4. Payment Processing and Compensation
    4.1. Your claim for compensation is not against us but against the vendor. You have no claim for compensation if you are simultaneously a partner and seller of the same product.
    4.2. For all sales you make to end customers through our services, you have a commission agreement with the respective vendor. Our payment service provider pays the resulting commission to you by deducting it from the consideration paid by the end customer. A positive balance will be settled by our payment service provider no later than 15 days after receipt of payment in the currency of the mediated transaction at the exchange rate at the time of the end customer's order by transfer to the account you specified. The basis for determining your compensation is our billing system. You are entitled to provide counter-evidence.
    4.3. 80% of your commission will be refunded to you after purchase by the end customer. A 14-day cancellation right will be paid to you through our payment service provider. The remaining amount will be paid to you after an additional 40 days. Payment will be made based on the data you entered on our website. Any objections to our billing must be communicated to us no later than 14 days after the billing date. Thereafter, the payout amount is considered approved.
    4.4. A payment will only be made from an amount of 50 euros per compensation settlement and regardless of the amount upon termination of the contract in accordance with the maturity regulation. Compensation due to a violation of the provisions. Services paid under this agreement or for which it is subsequently revealed that the prerequisites for claiming them were not met may be reclaimed.

  5. Cooperation with Third-Party Providers
    5.1. Furthermore, you acknowledge that from time to time you must avail the services of third-party providers, such as payment service providers. You confirm that you have convinced yourself of the suitability of these services and that by agreeing to purchase products on their platform, you are bound by the terms of use (or others) of these third-party providers.

Part III - General Provisions for Vendors and Affiliates

  1. Communication
    You must provide an email address where we can reach you at any time and where incoming emails are confirmed within one business day and not automatically answered. In addition, it is recommended to provide a phone number where we can reach you.

  2. Suspension of Accounts
    We have the right to suspend accounts of vendors and partners and suspend their products if we believe that they are violating laws or the provisions of this contract to such an extent that it is unreasonable for us to continue to operate the account. We will inform the affected person immediately with reasons for the account suspension.

  3. Our Liability
    3.1. The company assumes no liability for the marketability of the products marketed by vendors on the platform.
    3.2. In particular, you acknowledge and accept that you are only related to the company as a third-party user of a platform service and that you have no rights or claims against the company.
    3.3. Except in the case of death or personal injury caused by negligence of either party, breaches of this agreement due to fraud or willful default, or claims for damages, the company's liability for any claims, whether arising from contract, tort (including negligence), or otherwise for losses or damages arising from or in connection with this agreement or otherwise, shall in no case exceed one hundred percent (100%) of the fees paid by the vendor under this contract during the twelve (12) months prior to the date on which the claim arose, relating to an event or a series of related events, provided always that the company shall under no circumstances be liable for:
    3.3.1. Loss of profits;
    3.3.2. Loss of business opportunities;
    3.3.3. Diminution of goodwill or similar losses;
    3.3.4. Loss of anticipated savings;
    3.3.5.  Wasted time; and
    3.3.6. Any special, incidental, indirect, or consequential damages, including incurred damages or costs.

  4. Applicable Law and Jurisdiction
    4.1. The contract is exclusively subject to the law of the State of Ireland. International private law does not apply insofar as it is waivable.
    4.2. The exclusive place of jurisdiction for all disputes arising in connection with this contract is our registered office. We are also entitled to take legal action against our contractual partner at one of their statutory places of jurisdiction to make use of them.

  5. Severability Clause
    If individual provisions of these general terms and conditions are or become wholly or partly ineffective, the validity of the remaining provisions shall not be affected, unless the elimination of individual clauses would unreasonably disadvantage one contracting party to such an extent that adherence to the contract can no longer be reasonably expected of them.

  6. Force Majeure
    If a party delays or prevents the performance of one of its obligations under this agreement (except for a payment obligation) due to circumstances beyond its control, this shall not constitute a breach of this agreement as it constitutes a delay in performance. However, if the delay in performance exceeds 3 months, the other contracting party may terminate this agreement with immediate effect by giving the other contracting party at least 5 days prior written notice.7. SubcontractsThis agreement is individualized for the parties, and neither party may assign, transfer, subcontract, or otherwise divide this agreement or any right or obligation under this agreement without the prior written consent of the other party (which shall not be unreasonably withheld or delayed). Each party may freely assign this agreement to an affiliate of the party that is capable of fully fulfilling the obligations of the party wishing to assign this agreement.

Part III - General Provisions for Vendors and Affiliates

  1. Communication
    You must provide an email address where we can reach you at any time and where incoming emails are confirmed within one business day and not automatically answered. In addition, it is recommended to provide a phone number where we can reach you.

  2. Suspension of Accounts
    We have the right to suspend accounts of vendors and partners and suspend their products if we believe that they are violating laws or the provisions of this contract to such an extent that it is unreasonable for us to continue to operate the account. We will inform the affected person immediately with reasons for the account suspension.

  3. Our Liability
    3.1. The company assumes no liability for the marketability of the products marketed by vendors on the platform.
    3.2. In particular, you acknowledge and accept that you are only related to the company as a third-party user of a platform service and that you have no rights or claims against the company.
    3.3. Except in the case of death or personal injury caused by negligence of either party, breaches of this agreement due to fraud or willful default, or claims for damages, the company's liability for any claims, whether arising from contract, tort (including negligence), or otherwise for losses or damages arising from or in connection with this agreement or otherwise, shall in no case exceed one hundred percent (100%) of the fees paid by the vendor under this contract during the twelve (12) months prior to the date on which the claim arose, relating to an event or a series of related events, provided always that the company shall under no circumstances be liable for:
    3.3.1. Loss of profits;
    3.3.2. Loss of business opportunities;
    3.3.3. Diminution of goodwill or similar losses;
    3.3.4. Loss of anticipated savings;
    3.3.5.  Wasted time; and
    3.3.6. Any special, incidental, indirect, or consequential damages, including incurred damages or costs.

  4. Applicable Law and Jurisdiction
    4.1. The contract is exclusively subject to the law of the State of Ireland. International private law does not apply insofar as it is waivable.
    4.2. The exclusive place of jurisdiction for all disputes arising in connection with this contract is our registered office. We are also entitled to take legal action against our contractual partner at one of their statutory places of jurisdiction to make use of them.

  5. Severability Clause
    If individual provisions of these general terms and conditions are or become wholly or partly ineffective, the validity of the remaining provisions shall not be affected, unless the elimination of individual clauses would unreasonably disadvantage one contracting party to such an extent that adherence to the contract can no longer be reasonably expected of them.

  6. Force Majeure
    If a party delays or prevents the performance of one of its obligations under this agreement (except for a payment obligation) due to circumstances beyond its control, this shall not constitute a breach of this agreement as it constitutes a delay in performance. However, if the delay in performance exceeds 3 months, the other contracting party may terminate this agreement with immediate effect by giving the other contracting party at least 5 days prior written notice.7. SubcontractsThis agreement is individualized for the parties, and neither party may assign, transfer, subcontract, or otherwise divide this agreement or any right or obligation under this agreement without the prior written consent of the other party (which shall not be unreasonably withheld or delayed). Each party may freely assign this agreement to an affiliate of the party that is capable of fully fulfilling the obligations of the party wishing to assign this agreement.

Part IV - Order Processing by Vendors

  1. Introduction, Scope, Definitions
    1.1. CopeCart Pro Ltd (for this Part IV "Client") allows personal data to be processed by the Vendor (for this Part IV "Contractor") for the purpose of conducting business (the respective "Main Contract") on behalf of the Client. To execute the Main Contract, the Client commissions the Contractor with order processing pursuant to Art. 28 GDPR, provided that the legal requirements are met. In the event of contradictions, this data processing contract takes precedence over the Main Contract.
    1.2. The terms used in this contract are to be understood according to their definitions in the EU General Data Protection Regulation. In this sense, the Client is the "Data Controller" and the Contractor is the "Data Processor." Where declarations are to be made "in writing" below, this refers to the written form as per § 126 BGB. Otherwise, declarations can also be made in another form, provided that verification is ensured.

  2. Nature and Purpose of Data Collection, Processing, or Use
    2.1. Nature and purpose of processing. The following processing activities are involved: collecting, recording, organizing, structuring, storing, adapting or altering, cross-selling, upselling, retrieving, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing, or destroying of data. The processing serves the following purpose: contract fulfillment, contract execution. Data subjects are affected by the processing.

  3. Subject and Duration of Processing
    3.1. Subject of processing. The Contractor undertakes the following processing:
    3.2. General personal data:
    3.2.1. Name
    3.2.2. Date and place of birth
    3.2.3. or the domicile of a person
    3.3. Identification numbers
    3.4. Online data
    3.5. The processing takes place based on the main contracts existing between the parties.
    3.6. Duration: The processing begins on the date of the conclusion of the respective main contract and runs indefinitely until this contract or the main contract is terminated by one of the parties.

  4. Obligations of the Contractor
    4.1. The Contractor processes personal data exclusively according to the contractual agreements or instructions of the Client unless the Contractor is legally obligated to process them in a specific manner. If such obligations exist for the Contractor, they must inform the Client before processing, unless informing is legally prohibited. Furthermore, the Contractor may not use the data provided for processing for other purposes, particularly not for their own purposes.
    4.2. The Contractor confirms that they are aware of the relevant general data protection regulations. They will observe the principles of proper data processing.
    4.3. The Contractor undertakes to maintain the strictest confidentiality when handling.
    4.4. Persons who can access the data processed on behalf must commit in writing to confidentiality, unless they are already subject to a corresponding obligation of secrecy by law.
    4.5. The Contractor ensures that the persons involved in processing are familiarized with the relevant data protection provisions and this contract before processing commences. The Contractor ensures that the personnel employed for order processing are adequately instructed with respect to fulfilling data protection requirements and are continuously monitored.
    4.6. In connection with order processing, the Contractor supports the Client in the creation and updating of the processing activities register and in conducting the data protection impact assessment. All necessary information and documentation must be provided and delivered to the Client without delay upon request.
    4.7. If the Client is subject to an audit by supervisory authorities or other entities, or if affected persons assert rights against them, the Contractor undertakes to support the Client to the necessary extent, insofar as the processing on behalf is concerned.
    4.8. The Contractor may only provide information to third parties or the data subject with the prior consent of the Client. The Contractor will immediately forward inquiries directed at them to the Client.
    4.9. Where required by law, the Contractor must appoint a competent and reliable person as the data protection officer. It must be ensured that no conflicts of interest exist for the officer. In cases of doubt, the Client may contact the data protection officer directly. The Contractor promptly provides the Client with the contact details of the data protection officer or explains why no data protection officer was appointed. The Contractor promptly informs the Client of any changes in the person or in the internal tasks of the officer.
    4.10. Order processing generally occurs within the EU or EEA. Transfer to a third country may occur only with the express consent of the Client and under the conditions of Chapter V of the General Data Protection Regulation as well as compliance with the provisions of this contract.
    4.11. If the Contractor is not established in the European Union, they appoint a responsible contact person in the European Union in accordance with Art. 27 of the General Data Protection Regulation. The contact details of the representative and any changes in the representative must be communicated to the Client without delay.

  5. Notification Obligations
    5.1. The Contractor must inform the Client without delay about breaches of the protection of personal data. Reasoned suspicions must also be reported. The notification must be sent to an address specified by the Client within 24 hours after the Contractor becomes aware of the respective incident. It must include at least the following information:
    5.1.1. A description of the nature of the personal data breach, including, where possible, the categories of data protection concerned and the approximate number of data subjects affected, the affected categories, and the approximate number of affected personal data records;
    5.1.2. The name and contact details of the data protection officer or other contact point for further information;
    5.1.3. A description of the likely consequences of the personal data breach;
    5.1.4. A description of the measures the Contractor has taken or proposes to address the personal data breach, including, where applicable, measures to mitigate its possible adverse effects.
    5.2. Significant disruptions in order fulfillment and violations by the Contractor or its agents against data protection regulations or the provisions of this contract must also be reported without delay.
    5.3. The Contractor promptly informs the Client about inspections or measures by supervisory authorities or other third parties, to the extent they relate to order processing.
    5.4. The Contractor assures to support the Client in fulfilling its obligations under Art. 33 and 34 of the General Data Protection Regulation as far as necessary.

  6. Technical and Organizational Measures
    6.1. The data security measures described in Appendix 1 are defined as binding. They define the minimum owed by the Contractor. The description of the measures must be so detailed that a knowledgeable third party can recognize at any time, based solely on the description, what minimum is owed. A reference to information that cannot be directly taken from this agreement or its annexes is not permissible.
    6.2. The data security measures may be adapted to the technical and organizational development as long as they do not fall below the level agreed here. Changes necessary to maintain information security must be implemented by the Contractor without delay. Changes must be communicated to the Client promptly. Significant changes must be coordinated between the parties.
    6.3. If the security measures taken do not or no longer meet the Client's requirements, the Contractor must inform the Client immediately.
    6.4. The Contractor guarantees that the data processed on behalf are kept strictly separate from other data inventories.
    6.5. Copies or reproductions may not be made without the knowledge of the Client. This does not apply to technically necessary, temporary copies, provided that impairment of the agreed data protection level is excluded.
    6.6. Processing of data in private residences is only permissible with prior written consent from the Client in individual cases. If such processing occurs, the Contractor ensures that a level of data protection and data security corresponding to this agreement is maintained and that the Client's control rights mentioned in this contract can be exercised unrestrictedly in the private residences concerned. Data processing on behalf of the Client using private devices is not permissible under any circumstances.
    6.7. Dedicated data carriers originating from or used for the Client must be specially marked and are subject to ongoing management. They must always be properly stored and not accessible to unauthorized persons. Inputs and outputs are documented.
    6.8. The Contractor must regularly, at least every 12 months, prove fulfilment of their obligations, particularly the complete implementation of the agreed technical and organizational measures and their effectiveness. Proof must be provided to the Client either every 12 months or any time upon request. Proof may be provided through approved codes of conduct or an approved certification process.

  7. Relationships to Subcontractors
    7.1. The commissioning of subcontractors is only permitted with the written consent of the Client in each individual case.
    7.2. Consent is only possible if the subcontractor is contractually obligated to comparable data protection obligations, at least equivalent to those agreed in this contract. Upon request, the Client shall have access to the corresponding contracts between the Contractor and the subcontractor.
    7.3. The rights of the Client must also be effectively exercisable against the subcontractor. In particular, the Client must be authorized at any time to conduct checks at the subcontractors, to the extent specified herein, or have them carried out by third parties.
    7.4. The responsibilities of the Contractor and subcontractor must be clearly delineated.
    7.5. The further transfer of subcontracting services by the subcontractor within the scope of another subcontract is not permissible.
    7.6. The Contractor selects the subcontractor carefully, paying particular attention to the adequacy of the subcontractor's technical and organizational measures.
    7.7. The transfer of data processed on behalf to the subcontractor is only permitted if the Contractor has documented that the subcontractor has fully fulfilled its obligations. The Contractor must provide the documentation unsolicited to the Client.
    7.8. The commissioning of subcontractors, who do not exclusively provide processing services within the EU or EEA, is only permissible if the conditions laid down in Part IV Sections 4.10 and 4.11 of this Data Protection Regulation are met. It is permissible only if and as long as the subcontractor provides adequate data protection guarantees. The Contractor will inform the Client about what specific data protection guarantees the subcontractor provides and how proof thereof can be provided.
    7.9. The Contractor must regularly conduct, at least once every 12 months, an adequate review of the subcontractor's compliance with its obligations. The audit and its results must be documented so comprehensively that they are intelligible to a knowledgeable third party. Documentation occurs through an audit available in the system, conducted by the Contractor in the form of a self-audit.
    7.10. If the subcontractor does not meet its data protection obligations, the Contractor is liable to the Client for this.
    7.11. Currently, the subcontractors listed in Appendix 2 with name, address, and order content are engaged in processing personal data within the scope mentioned there by the Client. The other obligations of the Contractor towards the subcontractors mentioned herein remain unaffected.
    7.12. Only those services directly associated with the provision of the main service are considered subcontracts within the meaning of this contract. Ancillary services such as transport, maintenance, and cleaning as well as the use of telecommunications services or user services are not included. The Contractor's obligation to adhere to data protection and data security remains unaffected in these cases.

  8. Rights and Obligations of the Client
    8.1. The Client is solely responsible for assessing the permissibility of order processing and for safeguarding the rights of the data subjects.
    8.2. The Client issues all orders, partial orders, or instructions in documented form. In urgent cases, instructions may also be issued orally. The Client must promptly confirm such instructions in writing.
    8.3. The Client must promptly inform the Contractor if they detect errors or irregularities when checking the order results.
    8.4. The Client is entitled to monitor compliance with data protection regulations and the contractual agreements by the Contractor to a reasonable extent, in particular by obtaining information and inspecting the stored data and data processing programs, as well as other on-site checks. The persons entrusted with the control must be granted access and insight to the necessary extent by the Contractor. The Contractor is obliged to provide the information necessary to conduct an inspection, represent processes, and furnish proof.

  9. Instructions
    9.1. The Client reserves the right to issue comprehensive instructions for the order processing.
    9.2. The Client and Contractor name in Appendix 3 the persons authorized to issue and receive instructions.
    9.3. In case of a change or long-term absence of the named persons, the other party must be informed without delay about any successors or representatives.
    9.4. The Contractor will notify the Client without delay if an instruction from the Client, in their opinion, violates legal regulations. The Contractor is entitled to suspend the execution of the respective instruction until it is confirmed or amended by the responsible person of the Client.
    9.5. The Contractor documents the instructions issued to them and their implementation.

  10. Service Provisions
    The tasks and measures of the Contractor as part of order processing are carried out free of charge. No remuneration is paid.

  11. Special Right of Termination
    11.1. The Client may terminate the main contract and this contract at any time without notice ("extraordinary termination") if the Contractor severely violates data protection regulations or the provisions of this contract if the Contractor cannot or is unwilling to follow a lawful instruction from the Client, or if the Contractor unreasonably refuses to fulfill the Client's control rights.
    11.2. A serious breach is deemed to exist, in particular, if the Contractor does not fulfill or has not fulfilled the obligations outlined in this contract, especially the agreed technical and organizational measures, to a significant extent.
    11.3. In the case of minor breaches, the Client must set a reasonable deadline for remedying the breach. If the remedy does not take place in time, the Client has the right to extraordinary termination under the terms of this section.
    11.4. The Contractor reimburses the Client for all costs incurred due to the premature termination of the main contract or this contract.

  12. Termination of the Order
    12.1. Upon termination of the contractual relationship or at any time at the Client's request, the Contractor will destroy or hand over to the Client the data processed on behalf according to the Client's choice. All existing copies of the data are also to be destroyed. Destruction must be carried out so that restoration, even of residual information, is not possible with reasonable effort. Physical destruction must follow DIN 66399, with at least protection class 2 applying.
    12.2. The Contractor must ensure the immediate return of the goods equally for subcontractors.
    12.3. The Contractor must provide and promptly present proof of proper destruction to the Client.
    12.4. Documentation that serves to prove proper data processing must be retained by the Contractor according to the respective retention periods beyond the contract's end. The Contractor can hand them over to the Client at the end of the contract to relieve the Client.

  13. Liability
    13.1. The Contractor bears the burden of proof that damage is not due to a circumstance attributable to them, as far as the concerned data were processed by them under this contract. As long as this proof is not provided, the Contractor shall indemnify the Client from all claims asserted against the Client in connection with order processing. Under these conditions, the Contractor also reimburses the Client for all legal defense costs incurred.
    13.2. The Contractor is liable to the Client for damages caused culpably by the Contractor, their employees, or subcontractors commissioned by them or used by them within the scope of fulfilling the contract.
    13.3. Part IV clauses 13.1. and 13.2. do not apply if the damage is caused by the proper execution of the ordered service or an instruction of the Client.
    13.4. The Client makes no warranties, representations, or recommendations regarding the products of the Contractor, their suitability for sale, or any other auxiliary claims and assumes no liability concerning the products to be sold.

  14. Provisions on Correction, Deletion, and Blocking of Data
    14.1. The Contractor corrects, deletes, or blocks the data processed under the order only according to the contractual agreement made or by instruction of the Client.
    14.2. The Contractor must follow the respective instructions of the Client at any time and beyond the termination of this contract.

  15. Contractual Penalty
    For each culpable violation of an obligation under this data processing contract, the Contractor undertakes to pay the Client a contractual penalty whose determination is at the reasonable discretion of the Client and is subject to judicial review in case of a dispute. Claims that go beyond the contractual penalty remain unaffected. The contractual penalty has no influence on other claims of the Client.

  16. Transfer to Third Countries
    To ensure an adequate level of data protection when transferring personal data to third countries, CopeCart Pro Ltd uses the standard contractual clauses approved by the European Commission. These clauses regulate the processing of personal data by our processors and ensure compliance with the data protection requirements of both the EU and the respective third country. We also refer to our General Terms and Conditions and our Privacy Policy.

  17. Miscellaneous
    17.1. Both parties are obliged to treat all knowledge of trade secrets and data security measures of the other party obtained during the contractual relationship as confidential even after the termination of the contract. If there is doubt whether information is subject to confidentiality obligations, it shall be treated confidentially until released in writing by the other party.
    17.2. If the Client's property is threatened by measures of third parties (e.g., seizure or confiscation), by insolvency or settlement proceedings, or by other events, the Contractor must inform the Client without delay.
    17.3. Additional agreements must be made in writing.
    17.4. The right to withhold in the sense of § 273 BGB is excluded concerning the data processed on behalf and the associated data carriers.
    17.5. If individual parts of this agreement are invalid, this does not affect the validity of the rest of the agreement.

  18. Appendix 1 – Technical and Organizational Measures
    The order-related technical and organizational measures to ensure data protection and data security, which the Contractor must at least establish and maintain continuously, are listed below. The aim is, in particular, to ensure the confidentiality, integrity, and availability of the information processed on order.
    Confidentiality (Art. 32 para. 1 lit. b GDPR)
    18.1. Access control: No unauthorized access to data processing systems, e.g., magnetic or chip cards: magnetic or, keys, electric door openers, security services or receptionists, alarm systems, video systems;
    18.2. Access control: No unauthorized use of systems, e.g., (secure) passwords, automatic lock mechanisms, two-factor authentication, encryption of data carriers: (secure) passwords, automatic lock mechanisms, two-factor authentication, encryption of data carriers;
    18.3. Access control: No unauthorized reading, copying, altering, or removal within the system, e.g., authorization concepts and needs-based access rights, logging access;
    18.4. Separation control separate processing of data collected for different purposes, e.g., multi-tenancy, sandboxing;
    18.5. Pseudonymization (Art. 32 para. 1 lit. a GDPR; Art. 25 para. 1 GDPR) the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without using additional information, provided that the additional information is kept separately and is subject to appropriate technical and organizational measures;
    Integrity (Art. 32 para. 1 lit. b GDPR)
    18.6. Transfer control No unauthorized reading, copying, modification, or removal during electronic transmission or transport, e.g., encryption, virtual private networks (VPN), electronic signature: encryption, virtual private networks (VPN), electronic signature;
    18.7. Input control determination of whether and by whom personal data is entered, changed, or removed in data processing systems, e.g., logging, document management: logging, document management;
    Availability and Load Capacity (Art. 32 para. 1 lit. b GDPR)
    18.8. Availability control protection against accidental or deliberate destruction or loss, e.g., backup strategy (online/offline; on-site/off-site): backup strategy (online/offline; on-site/off-site), uninterruptible power supply (UPS), antivirus protection, firewall, notification routes and emergency plans;
    Fast Recoverability (Art. 32 para. 1 lit. c GDPR);
    18.9. Privacy Management;
    18.10. Incident Response Management;
    18.11. Privacy-friendly default settings (Art. 25 para. 2 GDPR);

  19. Order Control
    19.1. No processing of data in the sense of Art. 28 GDPR without corresponding instruction by the Client, e.g., clear contract design, formalized order management, strict selection of service provider, obligation of persuasion in advance, follow-up checks.

  20. Appendix 2 – Subcontractors
    Marketing MBA, Office 1906 Jumeirah Business Centre 3, Cluster Y, Jumeirah Lake Towers, Dubai, United Arab Emirates. rp@aiv.group (CEO Raoul Plickat)
    20.1. Tools and programs used by the subcontractor processing personal data:
    20.1.1. Slack Technologies Limited: Salesforce Tower 60 R801, North Dock Dublin, Ireland privacy@slack.com
    20.1.2. Monday.com: MondayCom Ltd, 6 Yitzhak Sadeh Street, Tel Aviv-Yafo, 677750 https://monday.com/helpcenter/
    20.1.3. Notion: Hendrik Beck & Sascha Rehbock GbR, Hanauer Str.3, 61118 Bad info@getgamma.app
    20.1.4. Google: Google Workspace Google Analytics Google Tag Manager Google Ireland Limited Gordon House, Barrow Street Dublin 4 Ireland deutschland@google.com
    20.1.5. Zoom: Zoom Video Communications, Inc. 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA privacy@zoom.us
    20.1.6. Calendly: Calendly LLC,1315 Peachtree St NE, Atlanta, GA 30309, USA privacy@calendly.com
    20.1.7. WebinarJam: 7660 Fay Ave Ste H184, La Jolla, California, 92037, United States support@webinarjam.com
    20.1.8. Close CRM: Elastic Inc, PO Box 1145, Jackson, WY 83001, USA dpo@close.com
    20.1.9. Keeping: Katsu Ventures LLC, 90 State Street, Suite 700, Albany, NY 12207 support@keeping.com
    20.1.10. Active Campaign: Active Campaign LLC, 1 N Dearborn St Fl 5, Chicago, Illinois, 60602, United States help@activecampaign.com
    20.1.11. WebSMS: LINK Mobility Austria GmbH, Brauquartier 5/13, 8055 Graz, AUSTRIA office.at@linkmobility.com
    20.1.12. Slido: Cisco Systems, Inc, Legal Department, 170 West Tasman Dr, San Jose, CA 95134, USA support@slido.com
    20.1.13. Jotform: Jotform Inc. 4 Embarcadero Centre, Suite 780, San Francisco CA 94111 support@jotform.com
    20.1.14. WebFlow: WebFlow Inc, 398 11th Street, Floor 2, San Francisco, CA 94103 support@webflow.com
    20.1.15. Clickfunnels: Clickfunnels LLC, 3443 W Bavria St, Eagle, Idaho 83616, US support@clickfunnels.com
    20.1.16. funnelcockpit: Denis Hoeger Caballero, Nobelstr- 3-5, 41189 Mönchengladbach, Germany support@funnelcockpit.com
    20.1.17. Kajabi: Kajabi LLC, 333 El Camino Real Ste 200 Tustin California 92780, US support@kajabi.com
    20.1.18. AkcademyOcean: Netpeak Group Ltd, 43 Cherni Vrah bld, Sofia, Bulgaria gdpr@netpeak.net
    20.1.19. CopeMember: CopeMember Technology Ltd, Gialousas 63, 3071 Limassol, Cyprus info@copemember.com
    20.1.20. CopeCart Pro: CopeCart Pro Ltd. Ground Floor, 71 Lower Baggot Street, Dublin 2, Co. Dublin, D02 P593, Ireland
    20.1.21. Matomo: Matomo Ltd, 150 Willis St, Mount Victoria, 6011, New Zealand privacy@matomo.org
    20.1.22. cookiebot: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark mail@cookiebot.com
    20.1.23. Hotjar: Hotjar Ltd, Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St. Julian's STJ 3141 Malta support@hotjar.com
    20.1.24. Zapier: Zapier, Inc. 548 Market St. #62411. San Francisco, CA 94104- 5401, USA contact@zapier.com
    20.1.25. vimeo: Vimeo Inc, 330 W 34th St Fl 5, New York City, New York, 10001, USA support@vimeo.com
    20.1.26. vidalytics: Vidalytics LLC, 340 S Lemon Ave, Walnut, California, 91789, USA hi@vidalytics.com‍

  21. Appendix 3 – Authorized Persons
    The following persons are authorized to issue and receive instructions: The person responsible for processing within the meaning of Art. 4 No. 7 GDPR22. Appendix 4 – Data Protection Officers
    The Contractor currently has an external data protection officer: Williams-Connect Management Janko Williams Straße der Jugend 18 14974 Ludwigsfelde contact@williams-connect.eu‍

Part IV - Order Processing by Vendors

  1. Introduction, Scope, Definitions
    1.1. CopeCart Pro Ltd (for this Part IV "Client") allows personal data to be processed by the Vendor (for this Part IV "Contractor") for the purpose of conducting business (the respective "Main Contract") on behalf of the Client. To execute the Main Contract, the Client commissions the Contractor with order processing pursuant to Art. 28 GDPR, provided that the legal requirements are met. In the event of contradictions, this data processing contract takes precedence over the Main Contract.
    1.2. The terms used in this contract are to be understood according to their definitions in the EU General Data Protection Regulation. In this sense, the Client is the "Data Controller" and the Contractor is the "Data Processor." Where declarations are to be made "in writing" below, this refers to the written form as per § 126 BGB. Otherwise, declarations can also be made in another form, provided that verification is ensured.

  2. Nature and Purpose of Data Collection, Processing, or Use
    2.1. Nature and purpose of processing. The following processing activities are involved: collecting, recording, organizing, structuring, storing, adapting or altering, cross-selling, upselling, retrieving, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing, or destroying of data. The processing serves the following purpose: contract fulfillment, contract execution. Data subjects are affected by the processing.

  3. Subject and Duration of Processing
    3.1. Subject of processing. The Contractor undertakes the following processing:
    3.2. General personal data:
    3.2.1. Name
    3.2.2. Date and place of birth
    3.2.3. or the domicile of a person
    3.3. Identification numbers
    3.4. Online data
    3.5. The processing takes place based on the main contracts existing between the parties.
    3.6. Duration: The processing begins on the date of the conclusion of the respective main contract and runs indefinitely until this contract or the main contract is terminated by one of the parties.

  4. Obligations of the Contractor
    4.1. The Contractor processes personal data exclusively according to the contractual agreements or instructions of the Client unless the Contractor is legally obligated to process them in a specific manner. If such obligations exist for the Contractor, they must inform the Client before processing, unless informing is legally prohibited. Furthermore, the Contractor may not use the data provided for processing for other purposes, particularly not for their own purposes.
    4.2. The Contractor confirms that they are aware of the relevant general data protection regulations. They will observe the principles of proper data processing.
    4.3. The Contractor undertakes to maintain the strictest confidentiality when handling.
    4.4. Persons who can access the data processed on behalf must commit in writing to confidentiality, unless they are already subject to a corresponding obligation of secrecy by law.
    4.5. The Contractor ensures that the persons involved in processing are familiarized with the relevant data protection provisions and this contract before processing commences. The Contractor ensures that the personnel employed for order processing are adequately instructed with respect to fulfilling data protection requirements and are continuously monitored.
    4.6. In connection with order processing, the Contractor supports the Client in the creation and updating of the processing activities register and in conducting the data protection impact assessment. All necessary information and documentation must be provided and delivered to the Client without delay upon request.
    4.7. If the Client is subject to an audit by supervisory authorities or other entities, or if affected persons assert rights against them, the Contractor undertakes to support the Client to the necessary extent, insofar as the processing on behalf is concerned.
    4.8. The Contractor may only provide information to third parties or the data subject with the prior consent of the Client. The Contractor will immediately forward inquiries directed at them to the Client.
    4.9. Where required by law, the Contractor must appoint a competent and reliable person as the data protection officer. It must be ensured that no conflicts of interest exist for the officer. In cases of doubt, the Client may contact the data protection officer directly. The Contractor promptly provides the Client with the contact details of the data protection officer or explains why no data protection officer was appointed. The Contractor promptly informs the Client of any changes in the person or in the internal tasks of the officer.
    4.10. Order processing generally occurs within the EU or EEA. Transfer to a third country may occur only with the express consent of the Client and under the conditions of Chapter V of the General Data Protection Regulation as well as compliance with the provisions of this contract.
    4.11. If the Contractor is not established in the European Union, they appoint a responsible contact person in the European Union in accordance with Art. 27 of the General Data Protection Regulation. The contact details of the representative and any changes in the representative must be communicated to the Client without delay.

  5. Notification Obligations
    5.1. The Contractor must inform the Client without delay about breaches of the protection of personal data. Reasoned suspicions must also be reported. The notification must be sent to an address specified by the Client within 24 hours after the Contractor becomes aware of the respective incident. It must include at least the following information:
    5.1.1. A description of the nature of the personal data breach, including, where possible, the categories of data protection concerned and the approximate number of data subjects affected, the affected categories, and the approximate number of affected personal data records;
    5.1.2. The name and contact details of the data protection officer or other contact point for further information;
    5.1.3. A description of the likely consequences of the personal data breach;
    5.1.4. A description of the measures the Contractor has taken or proposes to address the personal data breach, including, where applicable, measures to mitigate its possible adverse effects.
    5.2. Significant disruptions in order fulfillment and violations by the Contractor or its agents against data protection regulations or the provisions of this contract must also be reported without delay.
    5.3. The Contractor promptly informs the Client about inspections or measures by supervisory authorities or other third parties, to the extent they relate to order processing.
    5.4. The Contractor assures to support the Client in fulfilling its obligations under Art. 33 and 34 of the General Data Protection Regulation as far as necessary.

  6. Technical and Organizational Measures
    6.1. The data security measures described in Appendix 1 are defined as binding. They define the minimum owed by the Contractor. The description of the measures must be so detailed that a knowledgeable third party can recognize at any time, based solely on the description, what minimum is owed. A reference to information that cannot be directly taken from this agreement or its annexes is not permissible.
    6.2. The data security measures may be adapted to the technical and organizational development as long as they do not fall below the level agreed here. Changes necessary to maintain information security must be implemented by the Contractor without delay. Changes must be communicated to the Client promptly. Significant changes must be coordinated between the parties.
    6.3. If the security measures taken do not or no longer meet the Client's requirements, the Contractor must inform the Client immediately.
    6.4. The Contractor guarantees that the data processed on behalf are kept strictly separate from other data inventories.
    6.5. Copies or reproductions may not be made without the knowledge of the Client. This does not apply to technically necessary, temporary copies, provided that impairment of the agreed data protection level is excluded.
    6.6. Processing of data in private residences is only permissible with prior written consent from the Client in individual cases. If such processing occurs, the Contractor ensures that a level of data protection and data security corresponding to this agreement is maintained and that the Client's control rights mentioned in this contract can be exercised unrestrictedly in the private residences concerned. Data processing on behalf of the Client using private devices is not permissible under any circumstances.
    6.7. Dedicated data carriers originating from or used for the Client must be specially marked and are subject to ongoing management. They must always be properly stored and not accessible to unauthorized persons. Inputs and outputs are documented.
    6.8. The Contractor must regularly, at least every 12 months, prove fulfilment of their obligations, particularly the complete implementation of the agreed technical and organizational measures and their effectiveness. Proof must be provided to the Client either every 12 months or any time upon request. Proof may be provided through approved codes of conduct or an approved certification process.

  7. Relationships to Subcontractors
    7.1. The commissioning of subcontractors is only permitted with the written consent of the Client in each individual case.
    7.2. Consent is only possible if the subcontractor is contractually obligated to comparable data protection obligations, at least equivalent to those agreed in this contract. Upon request, the Client shall have access to the corresponding contracts between the Contractor and the subcontractor.
    7.3. The rights of the Client must also be effectively exercisable against the subcontractor. In particular, the Client must be authorized at any time to conduct checks at the subcontractors, to the extent specified herein, or have them carried out by third parties.
    7.4. The responsibilities of the Contractor and subcontractor must be clearly delineated.
    7.5. The further transfer of subcontracting services by the subcontractor within the scope of another subcontract is not permissible.
    7.6. The Contractor selects the subcontractor carefully, paying particular attention to the adequacy of the subcontractor's technical and organizational measures.
    7.7. The transfer of data processed on behalf to the subcontractor is only permitted if the Contractor has documented that the subcontractor has fully fulfilled its obligations. The Contractor must provide the documentation unsolicited to the Client.
    7.8. The commissioning of subcontractors, who do not exclusively provide processing services within the EU or EEA, is only permissible if the conditions laid down in Part IV Sections 4.10 and 4.11 of this Data Protection Regulation are met. It is permissible only if and as long as the subcontractor provides adequate data protection guarantees. The Contractor will inform the Client about what specific data protection guarantees the subcontractor provides and how proof thereof can be provided.
    7.9. The Contractor must regularly conduct, at least once every 12 months, an adequate review of the subcontractor's compliance with its obligations. The audit and its results must be documented so comprehensively that they are intelligible to a knowledgeable third party. Documentation occurs through an audit available in the system, conducted by the Contractor in the form of a self-audit.
    7.10. If the subcontractor does not meet its data protection obligations, the Contractor is liable to the Client for this.
    7.11. Currently, the subcontractors listed in Appendix 2 with name, address, and order content are engaged in processing personal data within the scope mentioned there by the Client. The other obligations of the Contractor towards the subcontractors mentioned herein remain unaffected.
    7.12. Only those services directly associated with the provision of the main service are considered subcontracts within the meaning of this contract. Ancillary services such as transport, maintenance, and cleaning as well as the use of telecommunications services or user services are not included. The Contractor's obligation to adhere to data protection and data security remains unaffected in these cases.

  8. Rights and Obligations of the Client
    8.1. The Client is solely responsible for assessing the permissibility of order processing and for safeguarding the rights of the data subjects.
    8.2. The Client issues all orders, partial orders, or instructions in documented form. In urgent cases, instructions may also be issued orally. The Client must promptly confirm such instructions in writing.
    8.3. The Client must promptly inform the Contractor if they detect errors or irregularities when checking the order results.
    8.4. The Client is entitled to monitor compliance with data protection regulations and the contractual agreements by the Contractor to a reasonable extent, in particular by obtaining information and inspecting the stored data and data processing programs, as well as other on-site checks. The persons entrusted with the control must be granted access and insight to the necessary extent by the Contractor. The Contractor is obliged to provide the information necessary to conduct an inspection, represent processes, and furnish proof.

  9. Instructions
    9.1. The Client reserves the right to issue comprehensive instructions for the order processing.
    9.2. The Client and Contractor name in Appendix 3 the persons authorized to issue and receive instructions.
    9.3. In case of a change or long-term absence of the named persons, the other party must be informed without delay about any successors or representatives.
    9.4. The Contractor will notify the Client without delay if an instruction from the Client, in their opinion, violates legal regulations. The Contractor is entitled to suspend the execution of the respective instruction until it is confirmed or amended by the responsible person of the Client.
    9.5. The Contractor documents the instructions issued to them and their implementation.

  10. Service Provisions
    The tasks and measures of the Contractor as part of order processing are carried out free of charge. No remuneration is paid.

  11. Special Right of Termination
    11.1. The Client may terminate the main contract and this contract at any time without notice ("extraordinary termination") if the Contractor severely violates data protection regulations or the provisions of this contract if the Contractor cannot or is unwilling to follow a lawful instruction from the Client, or if the Contractor unreasonably refuses to fulfill the Client's control rights.
    11.2. A serious breach is deemed to exist, in particular, if the Contractor does not fulfill or has not fulfilled the obligations outlined in this contract, especially the agreed technical and organizational measures, to a significant extent.
    11.3. In the case of minor breaches, the Client must set a reasonable deadline for remedying the breach. If the remedy does not take place in time, the Client has the right to extraordinary termination under the terms of this section.
    11.4. The Contractor reimburses the Client for all costs incurred due to the premature termination of the main contract or this contract.

  12. Termination of the Order
    12.1. Upon termination of the contractual relationship or at any time at the Client's request, the Contractor will destroy or hand over to the Client the data processed on behalf according to the Client's choice. All existing copies of the data are also to be destroyed. Destruction must be carried out so that restoration, even of residual information, is not possible with reasonable effort. Physical destruction must follow DIN 66399, with at least protection class 2 applying.
    12.2. The Contractor must ensure the immediate return of the goods equally for subcontractors.
    12.3. The Contractor must provide and promptly present proof of proper destruction to the Client.
    12.4. Documentation that serves to prove proper data processing must be retained by the Contractor according to the respective retention periods beyond the contract's end. The Contractor can hand them over to the Client at the end of the contract to relieve the Client.

  13. Liability
    13.1. The Contractor bears the burden of proof that damage is not due to a circumstance attributable to them, as far as the concerned data were processed by them under this contract. As long as this proof is not provided, the Contractor shall indemnify the Client from all claims asserted against the Client in connection with order processing. Under these conditions, the Contractor also reimburses the Client for all legal defense costs incurred.
    13.2. The Contractor is liable to the Client for damages caused culpably by the Contractor, their employees, or subcontractors commissioned by them or used by them within the scope of fulfilling the contract.
    13.3. Part IV clauses 13.1. and 13.2. do not apply if the damage is caused by the proper execution of the ordered service or an instruction of the Client.
    13.4. The Client makes no warranties, representations, or recommendations regarding the products of the Contractor, their suitability for sale, or any other auxiliary claims and assumes no liability concerning the products to be sold.

  14. Provisions on Correction, Deletion, and Blocking of Data
    14.1. The Contractor corrects, deletes, or blocks the data processed under the order only according to the contractual agreement made or by instruction of the Client.
    14.2. The Contractor must follow the respective instructions of the Client at any time and beyond the termination of this contract.

  15. Contractual Penalty
    For each culpable violation of an obligation under this data processing contract, the Contractor undertakes to pay the Client a contractual penalty whose determination is at the reasonable discretion of the Client and is subject to judicial review in case of a dispute. Claims that go beyond the contractual penalty remain unaffected. The contractual penalty has no influence on other claims of the Client.

  16. Transfer to Third Countries
    To ensure an adequate level of data protection when transferring personal data to third countries, CopeCart Pro Ltd uses the standard contractual clauses approved by the European Commission. These clauses regulate the processing of personal data by our processors and ensure compliance with the data protection requirements of both the EU and the respective third country. We also refer to our General Terms and Conditions and our Privacy Policy.

  17. Miscellaneous
    17.1. Both parties are obliged to treat all knowledge of trade secrets and data security measures of the other party obtained during the contractual relationship as confidential even after the termination of the contract. If there is doubt whether information is subject to confidentiality obligations, it shall be treated confidentially until released in writing by the other party.
    17.2. If the Client's property is threatened by measures of third parties (e.g., seizure or confiscation), by insolvency or settlement proceedings, or by other events, the Contractor must inform the Client without delay.
    17.3. Additional agreements must be made in writing.
    17.4. The right to withhold in the sense of § 273 BGB is excluded concerning the data processed on behalf and the associated data carriers.
    17.5. If individual parts of this agreement are invalid, this does not affect the validity of the rest of the agreement.

  18. Appendix 1 – Technical and Organizational Measures
    The order-related technical and organizational measures to ensure data protection and data security, which the Contractor must at least establish and maintain continuously, are listed below. The aim is, in particular, to ensure the confidentiality, integrity, and availability of the information processed on order.
    Confidentiality (Art. 32 para. 1 lit. b GDPR)
    18.1. Access control: No unauthorized access to data processing systems, e.g., magnetic or chip cards: magnetic or, keys, electric door openers, security services or receptionists, alarm systems, video systems;
    18.2. Access control: No unauthorized use of systems, e.g., (secure) passwords, automatic lock mechanisms, two-factor authentication, encryption of data carriers: (secure) passwords, automatic lock mechanisms, two-factor authentication, encryption of data carriers;
    18.3. Access control: No unauthorized reading, copying, altering, or removal within the system, e.g., authorization concepts and needs-based access rights, logging access;
    18.4. Separation control separate processing of data collected for different purposes, e.g., multi-tenancy, sandboxing;
    18.5. Pseudonymization (Art. 32 para. 1 lit. a GDPR; Art. 25 para. 1 GDPR) the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without using additional information, provided that the additional information is kept separately and is subject to appropriate technical and organizational measures;
    Integrity (Art. 32 para. 1 lit. b GDPR)
    18.6. Transfer control No unauthorized reading, copying, modification, or removal during electronic transmission or transport, e.g., encryption, virtual private networks (VPN), electronic signature: encryption, virtual private networks (VPN), electronic signature;
    18.7. Input control determination of whether and by whom personal data is entered, changed, or removed in data processing systems, e.g., logging, document management: logging, document management;
    Availability and Load Capacity (Art. 32 para. 1 lit. b GDPR)
    18.8. Availability control protection against accidental or deliberate destruction or loss, e.g., backup strategy (online/offline; on-site/off-site): backup strategy (online/offline; on-site/off-site), uninterruptible power supply (UPS), antivirus protection, firewall, notification routes and emergency plans;
    Fast Recoverability (Art. 32 para. 1 lit. c GDPR);
    18.9. Privacy Management;
    18.10. Incident Response Management;
    18.11. Privacy-friendly default settings (Art. 25 para. 2 GDPR);

  19. Order Control
    19.1. No processing of data in the sense of Art. 28 GDPR without corresponding instruction by the Client, e.g., clear contract design, formalized order management, strict selection of service provider, obligation of persuasion in advance, follow-up checks.

  20. Appendix 2 – Subcontractors
    Marketing MBA, Office 1906 Jumeirah Business Centre 3, Cluster Y, Jumeirah Lake Towers, Dubai, United Arab Emirates. rp@aiv.group (CEO Raoul Plickat)
    20.1. Tools and programs used by the subcontractor processing personal data:
    20.1.1. Slack Technologies Limited: Salesforce Tower 60 R801, North Dock Dublin, Ireland privacy@slack.com
    20.1.2. Monday.com: MondayCom Ltd, 6 Yitzhak Sadeh Street, Tel Aviv-Yafo, 677750 https://monday.com/helpcenter/
    20.1.3. Notion: Hendrik Beck & Sascha Rehbock GbR, Hanauer Str.3, 61118 Bad info@getgamma.app
    20.1.4. Google: Google Workspace Google Analytics Google Tag Manager Google Ireland Limited Gordon House, Barrow Street Dublin 4 Ireland deutschland@google.com
    20.1.5. Zoom: Zoom Video Communications, Inc. 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA privacy@zoom.us
    20.1.6. Calendly: Calendly LLC,1315 Peachtree St NE, Atlanta, GA 30309, USA privacy@calendly.com
    20.1.7. WebinarJam: 7660 Fay Ave Ste H184, La Jolla, California, 92037, United States support@webinarjam.com
    20.1.8. Close CRM: Elastic Inc, PO Box 1145, Jackson, WY 83001, USA dpo@close.com
    20.1.9. Keeping: Katsu Ventures LLC, 90 State Street, Suite 700, Albany, NY 12207 support@keeping.com
    20.1.10. Active Campaign: Active Campaign LLC, 1 N Dearborn St Fl 5, Chicago, Illinois, 60602, United States help@activecampaign.com
    20.1.11. WebSMS: LINK Mobility Austria GmbH, Brauquartier 5/13, 8055 Graz, AUSTRIA office.at@linkmobility.com
    20.1.12. Slido: Cisco Systems, Inc, Legal Department, 170 West Tasman Dr, San Jose, CA 95134, USA support@slido.com
    20.1.13. Jotform: Jotform Inc. 4 Embarcadero Centre, Suite 780, San Francisco CA 94111 support@jotform.com
    20.1.14. WebFlow: WebFlow Inc, 398 11th Street, Floor 2, San Francisco, CA 94103 support@webflow.com
    20.1.15. Clickfunnels: Clickfunnels LLC, 3443 W Bavria St, Eagle, Idaho 83616, US support@clickfunnels.com
    20.1.16. funnelcockpit: Denis Hoeger Caballero, Nobelstr- 3-5, 41189 Mönchengladbach, Germany support@funnelcockpit.com
    20.1.17. Kajabi: Kajabi LLC, 333 El Camino Real Ste 200 Tustin California 92780, US support@kajabi.com
    20.1.18. AkcademyOcean: Netpeak Group Ltd, 43 Cherni Vrah bld, Sofia, Bulgaria gdpr@netpeak.net
    20.1.19. CopeMember: CopeMember Technology Ltd, Gialousas 63, 3071 Limassol, Cyprus info@copemember.com
    20.1.20. CopeCart Pro: CopeCart Pro Ltd. Ground Floor, 71 Lower Baggot Street, Dublin 2, Co. Dublin, D02 P593, Ireland
    20.1.21. Matomo: Matomo Ltd, 150 Willis St, Mount Victoria, 6011, New Zealand privacy@matomo.org
    20.1.22. cookiebot: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark mail@cookiebot.com
    20.1.23. Hotjar: Hotjar Ltd, Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St. Julian's STJ 3141 Malta support@hotjar.com
    20.1.24. Zapier: Zapier, Inc. 548 Market St. #62411. San Francisco, CA 94104- 5401, USA contact@zapier.com
    20.1.25. vimeo: Vimeo Inc, 330 W 34th St Fl 5, New York City, New York, 10001, USA support@vimeo.com
    20.1.26. vidalytics: Vidalytics LLC, 340 S Lemon Ave, Walnut, California, 91789, USA hi@vidalytics.com‍

  21. Appendix 3 – Authorized Persons
    The following persons are authorized to issue and receive instructions: The person responsible for processing within the meaning of Art. 4 No. 7 GDPR22. Appendix 4 – Data Protection Officers
    The Contractor currently has an external data protection officer: Williams-Connect Management Janko Williams Straße der Jugend 18 14974 Ludwigsfelde contact@williams-connect.eu‍

Part V - Contract Processing by CopeCart-Pro Ltd.

  1. Subject of the Contract
    1.1. The Vendor (for the purposes of this Part V "Client") has CopeCart-Pro Ltd. (for the purposes of this Part V "Contractor") process personal data on their behalf based on the contract for the use of the copecart-pro.com platform (the "Main Contract"). For this purpose, the parties enter into this data processing agreement, which takes precedence over the Main Contract in the event of contradictions. Commissioned processing in this sense by the Contractor occurs to the extent that the Contractor processes personal data via copecart-pro.com for which the Contractor is the controller within the meaning of Art. 4 GDPR.
    1.2. The data concerned are the client’s and their customers’ data. This particularly includes names, addresses, communication data, behavioral data, contract data, and payment data.

  2. Client’s Responsibility and Right to Issue Instructions
    2.1. The client is the data controller within the meaning of Art. 4 No. 7 GDPR for the purposes of processing. They are responsible for compliance with legal data protection regulations, particularly for the legality of data transmission to the Contractor and for the legality of data processing by the Contractor.
    2.2. The customer has the right to issue instructions supplementary to the Main Contract at any time regarding the type, scope, and procedure of personal data processing. Instructions must be issued via the copecart-pro.com website, if possible, otherwise in text form. Instructions not covered by the contract for the use of copecart-pro.com are subject to a fee provided a customary fee is usual.
    2.3. The Contractor shall inform the client immediately in writing if, in their opinion, an instruction by the client violates legal provisions. As long as the parties have not resolved the Contractor’s concerns, the Contractor is entitled to suspend the execution of the relevant instruction. If the parties cannot agree and the client insists on their instruction, the Contractor is entitled to terminate this agreement with an appropriate notice period not shorter than two weeks. If, in this case, the Main Contract cannot be executed, the client is entitled to terminate if the Main Contract can only be annulled by written notice. The implementation of the unlawful instruction is possible without this being apparent at the conclusion of the contract to any of the parties.
    2.4. If the Contractor considers that they cannot comply with an instruction of the client for technical reasons, they shall inform the client in text form and coordinate the further procedure with the client.

  3. Client’s Right to Inspect
    3.1. The client has all control rights, particularly inspections, required to fulfill their obligations under the GDPR. The control right must be exercised with reasonable notice and during the Contractor's normal business hours. To minimize the impact on their business operations, the Contractor may combine these inspections with those of other clients, as far as this is reasonable for the client (e.g., joint inspection appointments conducted within a reasonable time frame). The client must ensure that the inspections are only carried out to the extent necessary to avoid disproportionately disrupting the Contractor's business operations.
    3.2. The client is entitled to delegate the exercise of control rights to a third party commissioned by the client. If the third party is in a competitive relationship with the Contractor, the latter has the right to object to their activities.
    3.3. The Contractor shall assist in the exercise of audit rights to the necessary extent. They may make the client's access contingent on the signing of a customary and reasonable confidentiality agreement, if required to protect their business secrets under the legal provisions.
    3.4. For services to be provided under this clause, the Contractor is entitled to reasonable compensation based on time and effort unless they are responsible for the inspection or it is an inspection conducted or ordered by a supervisory authority. The Contractor may not make the provision of services owed by them dependent on the client recognizing and/or paying a specific fee in advance.

  4. Obligations of the Client
    The client must immediately inform the Contractor, providing reasons, if they identify errors or irregularities in the order's results or concerning the Contractor's activities concerning this agreement or the GDPR provisions.

  5. Obligations of the Contractor
    5.1. The processing of personal data is exclusively in accordance with the provisions of the Main Contract and any instructions issued by the customer. This applies also to the transfer of personal data to a third country or an international organization. This Part V section
    5.1. does not apply if the Contractor is obliged to process data by Union or Member State law to which they are subject; in such a case, the Contractor must inform the client of these legal requirements prior to processing unless the relevant law prohibits such notification due to important public interest.
    5.2. The Contractor confirms that they are not legally obliged to appoint a Data Protection Officer. Instead, they appoint a contact person of the client for all matters of data protection and the execution of this agreement.
    5.3. The Contractor must obligate persons authorized to process personal data to confidentiality, provided they are not already subject to a corresponding legal obligation of confidentiality. The scope of the obligation must be reasonably proportional to the data processed and the consequences of any potential breach of personal data protection. It must also refer to all personal data the Contractor processes for the client. The Contractor must prove the content and the fact of the obligation to the client upon request. Further obligations under a separate confidentiality agreement concluded between the parties remain unaffected.
    5.4. The Contractor must provide the client with a report of their order processing upon request. The Contractor must inform the client of subsequent changes in text form without being asked.
    5.5. The Contractor supports the client in complying with Art. 32 to 36 GDPR, taking into account the nature of processing and the information available to them. To this purpose, they particularly provide the services stipulated in this contract.
    5.6. The Contractor will assist the client, as needed, in conducting a data protection impact assessment in accordance with Art. 35 GDPR and provide the client with all necessary information and evidence from their sphere. The Contractor is similarly obligated if the client must conduct a prior consultation of a supervisory authority pursuant to Art. 36 GDPR. For services to be provided under this Part V paragraph 3.4, the Contractor is entitled to reasonable compensation based on time and effort. The Contractor must not delay the provision of the services they owe. This does not make contract fulfillment dependent on the client recognizing and/or paying a specific fee in advance.
    5.7. Upon reasonable request from the client, the Contractor shall provide the client with all necessary information to demonstrate compliance with the Contractor’s obligations under Article 28 GDPR.
    5.8. Should the client’s data held by the Contractor be endangered by seizure, confiscation, insolvency, or settlement proceedings, or by other third-party events or measures, the Contractor shall inform the client thereof immediately and comprehensively, unless legally prohibited. Additionally, the Contractor is obliged to inform all relevant third parties in this context that these are personal data for which the client is the responsible body and the Contractor is only acting as a processor on behalf.

  6. Security of Processing
    6.1. The Contractor shall take all necessary measures according to Art. 32 GDPR, especially appropriate technical and organizational measures, to ensure a level of protection appropriate to the risk of data processing. They must demonstrate compliance with these requirements to the client upon request.
    6.2. The Contractor is permitted to adapt to changing technical or legal circumstances. The Contractor will promptly inform the client of changes that may result in a reduction of the protection level.

  7. Subcontractors
    7.1. The Contractor employs subcontractors for processing, who must be communicated to the client.
    7.2. The Contractor informs the client in text form of changes in the commissioning of processors. The client may oppose the change within two weeks after receiving the information. The Contractor will not implement the change before the opposition period expires. In the case of an objection, the Contractor is entitled to terminate the data processing contract with a notice period of at least one month, provided the change would have been reasonable for the client, and the objection is unreasonable for the Contractor. Reasonableness for the client exists if the change would not have brought disadvantages and, in particular, if it is ensured that, during the implementation of the change, the requirements of this agreement and the GDPR continue to be met. Unreasonableness for the Contractor exists if they provide data processing services as a substantially uniform process for numerous clients and individual deviations with subcontractors are not easily implementable for the Contractor (e.g., all clients use the same standardized software platform).
    7.3. The Contractor must ensure compliance with the provisions of paragraphs 2 and 4 of Article 28 GDPR for any subcontractors. They also ensure that contractual agreements between the contractor and client regarding this matter and any additional instructions from the client are also observed by subcontractors. This must be demonstrated to the client upon request.

  8. Actions of Supervisory Authorities
    8.1. The Contractor will inform the client, as permitted, immediately about control activities and measures by a (supervisory) authority, to the extent they relate to this agreement. This applies especially if an authority investigates the Contractor within the scope of an administrative offence or criminal proceedings related to data processing.
    8.2. To the extent that the client is themselves subjected to a (supervisory) administrative or criminal scrutiny, a claim for liability by an affected person or third party, or any other claim related to the Contractor’s data processing, the Contractor supports the client to the necessary extent. For services to be provided, the Contractor is entitled to reasonable compensation based on time and effort, unless they are not responsible for the respective control etc. The Contractor may not make the provision of their owed services dependent on the client recognizing and/or paying a specific fee in advance.

  9. Compensation of the Contractor
    The Contractor is not entitled to separate compensation for services provided under this contract, unless otherwise agreed in this contract.

  10. Contract Duration
    The duration of this agreement is based on the duration of the Main Contract. It can only be terminated separately from the Main Contract for good cause, unless this agreement or mandatory legal provisions stipulate otherwise.

  11. Consequences of Termination
    11.1. After termination of the processing services provision, the Contractor shall delete or return all personal data, at the client’s option, and delete existing copies, unless there is an obligation to retain personal data under Union or Member State law to which the Contractor is subject. The Contractor shall confirm to the client that the deletion has been carried out following the client’s instructions.
    11.2. The client has the right to verify the complete and contractually compliant return and deletion of data at the Contractor's site.
    11.3. Furthermore, the Contractor's right of retention to processed data and associated data carriers is excluded.

  12. Liability
    The liability of the parties is determined by the agreements in the Main Contract. The immediate liability of the parties towards an affected individual according to legal data protection provisions remains unaffected.

  13. Violation of Data Protection Provisions, Agreements, or Instructions
    13.1. The Contractor shall inform the client immediately, but no later than 24 hours after becoming aware, in text form, of violations of data protection provisions, agreements made, and/or instructions issued. The corresponding notification must include at least the following information:
    13.1.1. A description of the nature of the breach, including, if possible, the type and volume of the data affected and the categories of the data subjects affected;
    13.1.2. Name and contact details of the data protection officer or another contact point for further information;
    13.1.3. A description of the likely consequences of the personal data protection breach;
    13.1.4. A description of the measures taken or proposed by the data controller to rectify the personal data protection breach and, where appropriate, measures to mitigate its possible negative effects;
    13.2. The client alone is responsible for any necessary notification to a supervisory authority or informing affected individuals. The Contractor will assist to the necessary extent.
    13.3. Furthermore, the Contractor is obliged to investigate the breach immediately to the necessary extent and provide the client with appropriate documentation. The documentation must include a description of measures the Contractor has taken to prevent further breaches and why they believe the measures taken are sufficient to meet this agreement’s and legal requirements.

  14. Rights of Data Subjects
    14.1. The Contractor supports the client, as far as possible and reasonable, with appropriate technical and organizational measures to fulfill their obligation to respond to requests for exercising the rights of data subjects according to Chapter 3 GDPR. For this purpose;
    14.2. The client must inform the Contractor in text form of which support service of the Contractor they need and provide the Contractor with the data necessary to fulfill the requirement. If one party requires further information from the other party, they will notify the other party in writing promptly. The Contractor will provide their cooperation within a reasonable time so that the client can meet their deadlines. The Contractor will inform the client immediately, with reasons, if they cannot provide the requested assistance.
    14.3. Should a data subject contact the Contractor directly to exercise their rights under Chapter 3 of the GDPR, the Contractor will refer them to the client, as far as it is possible to assign them. If the Contractor cannot identify the data subject, and if the Contractor is not directly obligated towards the data subject as the data controller according to Chapter 3 of the GDPR, the Contractor will inform the data subject that they operate as a processor on behalf of third parties and cannot identify the third party in relation to the data subject. If and to the extent the Contractor themselves are obligated to the data subject as the data controller pursuant to Chapter 3 of the GDPR, fulfilling such obligations lies solely with the Contractor as the data controller.
    14.4. The Contractor is entitled to reasonable compensation based on the time and effort required for services to be provided for the client under this Part V, section 3.4. The Contractor may not make the provision of their owed services dependent on the client recognizing and/or paying a specific fee in advance.

Part V - Contract Processing by CopeCart-Pro Ltd.

  1. Subject of the Contract
    1.1. The Vendor (for the purposes of this Part V "Client") has CopeCart-Pro Ltd. (for the purposes of this Part V "Contractor") process personal data on their behalf based on the contract for the use of the copecart-pro.com platform (the "Main Contract"). For this purpose, the parties enter into this data processing agreement, which takes precedence over the Main Contract in the event of contradictions. Commissioned processing in this sense by the Contractor occurs to the extent that the Contractor processes personal data via copecart-pro.com for which the Contractor is the controller within the meaning of Art. 4 GDPR.
    1.2. The data concerned are the client’s and their customers’ data. This particularly includes names, addresses, communication data, behavioral data, contract data, and payment data.

  2. Client’s Responsibility and Right to Issue Instructions
    2.1. The client is the data controller within the meaning of Art. 4 No. 7 GDPR for the purposes of processing. They are responsible for compliance with legal data protection regulations, particularly for the legality of data transmission to the Contractor and for the legality of data processing by the Contractor.
    2.2. The customer has the right to issue instructions supplementary to the Main Contract at any time regarding the type, scope, and procedure of personal data processing. Instructions must be issued via the copecart-pro.com website, if possible, otherwise in text form. Instructions not covered by the contract for the use of copecart-pro.com are subject to a fee provided a customary fee is usual.
    2.3. The Contractor shall inform the client immediately in writing if, in their opinion, an instruction by the client violates legal provisions. As long as the parties have not resolved the Contractor’s concerns, the Contractor is entitled to suspend the execution of the relevant instruction. If the parties cannot agree and the client insists on their instruction, the Contractor is entitled to terminate this agreement with an appropriate notice period not shorter than two weeks. If, in this case, the Main Contract cannot be executed, the client is entitled to terminate if the Main Contract can only be annulled by written notice. The implementation of the unlawful instruction is possible without this being apparent at the conclusion of the contract to any of the parties.
    2.4. If the Contractor considers that they cannot comply with an instruction of the client for technical reasons, they shall inform the client in text form and coordinate the further procedure with the client.

  3. Client’s Right to Inspect
    3.1. The client has all control rights, particularly inspections, required to fulfill their obligations under the GDPR. The control right must be exercised with reasonable notice and during the Contractor's normal business hours. To minimize the impact on their business operations, the Contractor may combine these inspections with those of other clients, as far as this is reasonable for the client (e.g., joint inspection appointments conducted within a reasonable time frame). The client must ensure that the inspections are only carried out to the extent necessary to avoid disproportionately disrupting the Contractor's business operations.
    3.2. The client is entitled to delegate the exercise of control rights to a third party commissioned by the client. If the third party is in a competitive relationship with the Contractor, the latter has the right to object to their activities.
    3.3. The Contractor shall assist in the exercise of audit rights to the necessary extent. They may make the client's access contingent on the signing of a customary and reasonable confidentiality agreement, if required to protect their business secrets under the legal provisions.
    3.4. For services to be provided under this clause, the Contractor is entitled to reasonable compensation based on time and effort unless they are responsible for the inspection or it is an inspection conducted or ordered by a supervisory authority. The Contractor may not make the provision of services owed by them dependent on the client recognizing and/or paying a specific fee in advance.

  4. Obligations of the Client
    The client must immediately inform the Contractor, providing reasons, if they identify errors or irregularities in the order's results or concerning the Contractor's activities concerning this agreement or the GDPR provisions.

  5. Obligations of the Contractor
    5.1. The processing of personal data is exclusively in accordance with the provisions of the Main Contract and any instructions issued by the customer. This applies also to the transfer of personal data to a third country or an international organization. This Part V section
    5.1. does not apply if the Contractor is obliged to process data by Union or Member State law to which they are subject; in such a case, the Contractor must inform the client of these legal requirements prior to processing unless the relevant law prohibits such notification due to important public interest.
    5.2. The Contractor confirms that they are not legally obliged to appoint a Data Protection Officer. Instead, they appoint a contact person of the client for all matters of data protection and the execution of this agreement.
    5.3. The Contractor must obligate persons authorized to process personal data to confidentiality, provided they are not already subject to a corresponding legal obligation of confidentiality. The scope of the obligation must be reasonably proportional to the data processed and the consequences of any potential breach of personal data protection. It must also refer to all personal data the Contractor processes for the client. The Contractor must prove the content and the fact of the obligation to the client upon request. Further obligations under a separate confidentiality agreement concluded between the parties remain unaffected.
    5.4. The Contractor must provide the client with a report of their order processing upon request. The Contractor must inform the client of subsequent changes in text form without being asked.
    5.5. The Contractor supports the client in complying with Art. 32 to 36 GDPR, taking into account the nature of processing and the information available to them. To this purpose, they particularly provide the services stipulated in this contract.
    5.6. The Contractor will assist the client, as needed, in conducting a data protection impact assessment in accordance with Art. 35 GDPR and provide the client with all necessary information and evidence from their sphere. The Contractor is similarly obligated if the client must conduct a prior consultation of a supervisory authority pursuant to Art. 36 GDPR. For services to be provided under this Part V paragraph 3.4, the Contractor is entitled to reasonable compensation based on time and effort. The Contractor must not delay the provision of the services they owe. This does not make contract fulfillment dependent on the client recognizing and/or paying a specific fee in advance.
    5.7. Upon reasonable request from the client, the Contractor shall provide the client with all necessary information to demonstrate compliance with the Contractor’s obligations under Article 28 GDPR.
    5.8. Should the client’s data held by the Contractor be endangered by seizure, confiscation, insolvency, or settlement proceedings, or by other third-party events or measures, the Contractor shall inform the client thereof immediately and comprehensively, unless legally prohibited. Additionally, the Contractor is obliged to inform all relevant third parties in this context that these are personal data for which the client is the responsible body and the Contractor is only acting as a processor on behalf.

  6. Security of Processing
    6.1. The Contractor shall take all necessary measures according to Art. 32 GDPR, especially appropriate technical and organizational measures, to ensure a level of protection appropriate to the risk of data processing. They must demonstrate compliance with these requirements to the client upon request.
    6.2. The Contractor is permitted to adapt to changing technical or legal circumstances. The Contractor will promptly inform the client of changes that may result in a reduction of the protection level.

  7. Subcontractors
    7.1. The Contractor employs subcontractors for processing, who must be communicated to the client.
    7.2. The Contractor informs the client in text form of changes in the commissioning of processors. The client may oppose the change within two weeks after receiving the information. The Contractor will not implement the change before the opposition period expires. In the case of an objection, the Contractor is entitled to terminate the data processing contract with a notice period of at least one month, provided the change would have been reasonable for the client, and the objection is unreasonable for the Contractor. Reasonableness for the client exists if the change would not have brought disadvantages and, in particular, if it is ensured that, during the implementation of the change, the requirements of this agreement and the GDPR continue to be met. Unreasonableness for the Contractor exists if they provide data processing services as a substantially uniform process for numerous clients and individual deviations with subcontractors are not easily implementable for the Contractor (e.g., all clients use the same standardized software platform).
    7.3. The Contractor must ensure compliance with the provisions of paragraphs 2 and 4 of Article 28 GDPR for any subcontractors. They also ensure that contractual agreements between the contractor and client regarding this matter and any additional instructions from the client are also observed by subcontractors. This must be demonstrated to the client upon request.

  8. Actions of Supervisory Authorities
    8.1. The Contractor will inform the client, as permitted, immediately about control activities and measures by a (supervisory) authority, to the extent they relate to this agreement. This applies especially if an authority investigates the Contractor within the scope of an administrative offence or criminal proceedings related to data processing.
    8.2. To the extent that the client is themselves subjected to a (supervisory) administrative or criminal scrutiny, a claim for liability by an affected person or third party, or any other claim related to the Contractor’s data processing, the Contractor supports the client to the necessary extent. For services to be provided, the Contractor is entitled to reasonable compensation based on time and effort, unless they are not responsible for the respective control etc. The Contractor may not make the provision of their owed services dependent on the client recognizing and/or paying a specific fee in advance.

  9. Compensation of the Contractor
    The Contractor is not entitled to separate compensation for services provided under this contract, unless otherwise agreed in this contract.

  10. Contract Duration
    The duration of this agreement is based on the duration of the Main Contract. It can only be terminated separately from the Main Contract for good cause, unless this agreement or mandatory legal provisions stipulate otherwise.

  11. Consequences of Termination
    11.1. After termination of the processing services provision, the Contractor shall delete or return all personal data, at the client’s option, and delete existing copies, unless there is an obligation to retain personal data under Union or Member State law to which the Contractor is subject. The Contractor shall confirm to the client that the deletion has been carried out following the client’s instructions.
    11.2. The client has the right to verify the complete and contractually compliant return and deletion of data at the Contractor's site.
    11.3. Furthermore, the Contractor's right of retention to processed data and associated data carriers is excluded.

  12. Liability
    The liability of the parties is determined by the agreements in the Main Contract. The immediate liability of the parties towards an affected individual according to legal data protection provisions remains unaffected.

  13. Violation of Data Protection Provisions, Agreements, or Instructions
    13.1. The Contractor shall inform the client immediately, but no later than 24 hours after becoming aware, in text form, of violations of data protection provisions, agreements made, and/or instructions issued. The corresponding notification must include at least the following information:
    13.1.1. A description of the nature of the breach, including, if possible, the type and volume of the data affected and the categories of the data subjects affected;
    13.1.2. Name and contact details of the data protection officer or another contact point for further information;
    13.1.3. A description of the likely consequences of the personal data protection breach;
    13.1.4. A description of the measures taken or proposed by the data controller to rectify the personal data protection breach and, where appropriate, measures to mitigate its possible negative effects;
    13.2. The client alone is responsible for any necessary notification to a supervisory authority or informing affected individuals. The Contractor will assist to the necessary extent.
    13.3. Furthermore, the Contractor is obliged to investigate the breach immediately to the necessary extent and provide the client with appropriate documentation. The documentation must include a description of measures the Contractor has taken to prevent further breaches and why they believe the measures taken are sufficient to meet this agreement’s and legal requirements.

  14. Rights of Data Subjects
    14.1. The Contractor supports the client, as far as possible and reasonable, with appropriate technical and organizational measures to fulfill their obligation to respond to requests for exercising the rights of data subjects according to Chapter 3 GDPR. For this purpose;
    14.2. The client must inform the Contractor in text form of which support service of the Contractor they need and provide the Contractor with the data necessary to fulfill the requirement. If one party requires further information from the other party, they will notify the other party in writing promptly. The Contractor will provide their cooperation within a reasonable time so that the client can meet their deadlines. The Contractor will inform the client immediately, with reasons, if they cannot provide the requested assistance.
    14.3. Should a data subject contact the Contractor directly to exercise their rights under Chapter 3 of the GDPR, the Contractor will refer them to the client, as far as it is possible to assign them. If the Contractor cannot identify the data subject, and if the Contractor is not directly obligated towards the data subject as the data controller according to Chapter 3 of the GDPR, the Contractor will inform the data subject that they operate as a processor on behalf of third parties and cannot identify the third party in relation to the data subject. If and to the extent the Contractor themselves are obligated to the data subject as the data controller pursuant to Chapter 3 of the GDPR, fulfilling such obligations lies solely with the Contractor as the data controller.
    14.4. The Contractor is entitled to reasonable compensation based on the time and effort required for services to be provided for the client under this Part V, section 3.4. The Contractor may not make the provision of their owed services dependent on the client recognizing and/or paying a specific fee in advance.

Sell. Without limits.

Sell. Without limits.

Process sales. Quickly, easily, and within your own branding.

Process sales. Quickly, easily, and within your own branding.

Schedule demo call

Schedule demo call

Schedule demo call

Free appointments available

Free appointments available

Free appointments available