General Terms and Conditions of Alexander Dort GmbH

Status 01 March 2022

Please note: This translation into English is offered exclusively as a service for customers who are not proficient in the German language. The current German version of these General Terms and Conditions is the only legally binding version.

1. General

These "General Terms and Conditions" shall apply exclusively to all transactions between the Customer and the Agency. Conflicting terms and conditions of the Customer shall only be effective if they are expressly recognised by the Agency in writing.

Agreements deviating from or supplementing these "General Terms and Conditions" must be made in writing.

Should individual provisions of these "General Terms and Conditions" be invalid, this shall not affect the binding nature of the remaining provisions and the contracts concluded on the basis thereof. The invalid provision shall be replaced by a valid provision which comes as close as possible to the meaning and purpose of the invalid provision.

2. Conclusion of contract

The Agency's offers are subject to confirmation. The Client shall be bound by his order for a fortnight from the date of its receipt by the Agency. Orders from the Client shall only be deemed to have been accepted by written confirmation of the order by the Agency, unless the Agency indicates that it accepts the order, for example by taking action on the basis of the order.

3. Performance and fee

Unless otherwise agreed, the Agency's fee claim for each individual service shall commence as soon as the service has been rendered. The Agency shall be entitled to demand advance payments to cover its expenses. The monthly subscription packages offered by the Agency are generally payable in advance on the first of each month.

For the services rendered in the case of advertising budget management, the Agency shall receive a fee in the amount of 15% of the advertising budget handled through it.

All services of the agency which are not expressly compensated by the agreed fee shall be remunerated separately. This shall apply in particular to all ancillary services rendered by the Agency.

All cash expenses incurred by the Agency that go beyond the normal course of business (e.g. for messenger services, extraordinary shipping costs or travel) shall be reimbursed by the Client. Cost estimates by the Agency shall in principle be non-binding. If it is foreseeable that the actual costs will exceed those estimated in writing by the Agency by more than 20 per cent, the Agency shall draw the Customer's attention to the higher costs. The cost overrun shall be deemed to have been approved by the customer if the customer does not object in writing within three days of this notification and at the same time discloses less expensive alternatives.

The Agency shall be entitled to appropriate remuneration for all work by the Agency which is not carried out for whatever reason. On payment of this remuneration, the customer shall not acquire any rights to this work; rather, concepts, drafts, etc. that have not been executed shall be returned to the Agency without delay.

4. Term and notice periods of time quota subscriptions

The Agency also offers all services offered as time contingent subscriptions on an hourly basis. Through all these staggered subscription packages, the customer acquires a provision of predefined time quotas per month. This includes all services offered by the agency, insofar as these are required for the implementation of the client's orders. Costs exceeding the offered services, e.g. for fees of other artists, photographers and other service providers, hosting costs for websites, travel and accommodation costs as well as unforeseen services are not included in these packages and will be charged according to expenditure and separate offer. Unused working hours in these subscription quotas expire at the end of the respective month. All time quota subscriptions on a monthly basis can be cancelled by both contracting parties with 14 days' notice to the end of the current month to the end of the following month.

Furthermore, the Agency also offers these monthly time quota subscriptions as discounted annual subscriptions with payment on an early monthly basis. When concluding an annual subscription, the agency waives the costs for one month for the customer in the amount of the booked monthly package. Thus, the last month is not charged when booking the annual subscription. The notice period for annual subscriptions is three months to the end of the current annual subscription period.

All time contingent subscriptions are concluded for an indefinite period of time and are automatically extended 4 weeks before the expiry of the booked contract period by the booked contract period.

5. Presentations

The Agency shall be entitled to an appropriate fee for participation in presentations, which shall at least cover the Agency's entire personnel and material expenses for the presentation as well as the costs of all external services. If the Agency does not receive an order after the presentation, the Agency's services, in particular the presentation documents and their content, shall remain the property of the Agency; the customer shall not be entitled to make further use of them - in whatever form; the documents shall rather be returned to the Agency without delay.

If the ideas and concepts contributed in the course of a presentation for the solution of communication tasks are not utilised in advertising material designed by the Agency, the Agency shall be entitled to use the ideas and concepts presented elsewhere.

The transfer of presentation documents to third parties as well as their publication, duplication, processing or other dissemination shall not be permitted without the express consent of the Agency.

6. Property rights and copyright protection

All services rendered by the Agency, including those from presentations (e.g. suggestions, ideas, sketches, preliminary drafts, scribbles, final drawings, concepts, negatives, slides), including individual parts thereof, shall remain the property of the Agency, as shall the individual workpieces and design originals, and may be reclaimed by the Agency at any time - in particular upon termination of the Agency contract. By paying the fee, the client shall only acquire the right of use (including reproduction) for the agreed purpose and to the agreed extent of use.

In the absence of an agreement to the contrary with the Agency, the Client may only use the Agency's services himself, exclusively in Germany and only for the duration of the Agency contract.

In the event of seizure or other intervention by third parties, the Customer shall notify the Agency in writing without delay so that the Agency can file a third-party action in accordance with § 771 of the German Code of Civil Procedure (ZPO). Insofar as the third party is not in a position to reimburse the Agency for the court and out-of-court costs of an action pursuant to § 771 ZPO, the Customer shall be liable for the loss incurred by the Agency.

Changes to services of the Agency by the Customer shall only be permissible with the express consent of the Agency and - insofar as the services are protected by copyright - of the originator. The Agency's consent shall be required for the use of the Agency's services that goes beyond the originally agreed purpose and scope of use - irrespective of whether these services are protected by copyright. The Agency and the author shall be entitled to a separate appropriate remuneration for this; appropriate shall in principle be the fee stipulated in the Agency agreement, but at least in the amount of 7.5% of the remuneration paid by the customer to the third parties commissioned with the production, distribution or publication of the advertising material.

The Agency's consent shall also be required for the use of the Agency's services or of advertising materials for which the Agency has prepared conceptual or design templates after the expiry of the Agency agreement - irrespective of whether these services are protected by copyright.

In return, the agency shall be entitled to the full entitlement of the agency remuneration agreed in the expired contract, as a rule 15 %, in the 1st year after the end of the contract. In the 2nd or 3rd year after expiry of the contract, only half or a quarter of the remuneration agreed in the contract. From the 4th year after the end of the contract, no more agency remuneration shall be payable.

7. Labelling

The Agency shall be entitled to refer to the Agency and, if applicable, to the originator on all advertising material and in all advertising measures, without the Customer being entitled to any remuneration for this.

8. Approval

All services rendered by the Agency (in particular all preliminary drafts, sketches, final artwork, brush proofs, blueprints, colour proofs, ...) shall be checked by the Client and approved within two days. If they are not released in time, they shall be deemed approved by the customer.

The customer shall in particular have the legal admissibility of the agency services checked, especially the admissibility under competition and trademark law. The Agency shall arrange for an external legal review only at the written request of the Client; the associated costs shall be borne by the Client.

9. Deadlines

The Agency shall endeavour to meet the agreed deadlines. However, failure to meet the deadlines shall only entitle the Client to assert the rights to which he is entitled by law if he has granted the Agency a period of grace of at least 14 days. This period shall commence with the receipt of a reminder letter by the Agency.

An obligation to pay damages under the title of default shall only exist in the event of intent or gross negligence on the part of the Agency. Unavoidable or unforeseeable events - in particular delays on the part of the Agency's contractors - shall in any case release the Agency from compliance with the agreed delivery date.

10. Payment

The Agency's invoices shall be due promptly net cash without any deductions from the date of invoice, unless otherwise agreed. In the event of late payment, interest on arrears at the current rate of 12% p.a. shall be deemed to have been agreed. Delivered goods shall remain the property of the Agency until payment has been made in full.

The customer may only offset or assert a right of retention with undisputed or legally established claims.

11. Warranty and compensation

The customer shall assert and justify any complaints in writing within three days of performance by the Agency. In the case of justified and timely complaints, the customer shall only have the right to improvement of the service by the Agency.

Claims for damages by the customer, in particular due to delay, impossibility of performance, positive breach of contract, culpa in contrahendo, defective or incomplete performance, consequential harm caused by a defect or due to unlawful acts shall be excluded, unless they are based on intent or gross negligence on the part of the Agency.

The Agency shall not assume any liability for the Client's documents provided to it for processing.

12. Liability

The Agency shall carry out the work entrusted to it in compliance with generally recognised legal principles and shall inform the Client in good time of any significant risks recognisable to it. However, the Client shall be responsible for compliance with the statutory provisions, in particular those relating to competition law, even in the case of advertising measures proposed by the Agency. He shall only release an advertising measure proposed by the Agency (a trademark proposed by the Agency) when he himself has ascertained that it is unobjectionable under competition law (trademark law) or when he is prepared to bear the risk associated with the implementation of the advertising measure (the use of the trademark) himself.

Any liability of the Agency for claims made against the customer on the basis of the advertising measure (the use of a trademark) shall be expressly excluded if the Agency has fulfilled its duty to inform; in particular, the Agency shall not be liable for legal costs, the customer's own lawyer's fees or the costs of publishing judgements as well as for any claims for damages or similar claims of third parties.

In the event that a claim is made against the Agency itself due to the implementation of an advertising measure (the use of a trademark), the Customer shall indemnify and hold the Agency harmless: the Customer shall thus compensate the Agency for all financial and other disadvantages (including immaterial damages) incurred by the Agency as a result of a claim by a third party.

13. Applicable law

The legal relationship between the Client and the Agency shall be governed exclusively by German law.

14. Place of fulfilment and jurisdiction

The place of performance shall be the Agency's registered office.

The place of jurisdiction for all disputes arising directly or indirectly between the Agency and the Customer shall be the German court with local and subject-matter jurisdiction for the Agency's registered office.

However, the Agency shall also be entitled to call upon another court with jurisdiction over the Customer.

15. Severability clause

These General Terms and Conditions are intended to regulate all matters relating to the Agency's services. Should one or more policies of these Terms and Conditions be contrary to applicable law, invalid or unenforceable, that policy shall be treated independently of the other policies and will not affect the legal validity of the other policies and terms.

Supplementary agreement to the GTC:

Order data processing Order processing agreement pursuant to Art. 28 (3) GDPR

Contractor (Processor):

Alexander Dort GmbH
Am Altzberg 28
66540 Neunkirchen

This supplementary agreement specifies the data protection obligations of the contracting parties arising from the conclusion of the contract for commissioned data processing. They are thus a supplement to the General Terms and Conditions of the Contractor and are recognized by the Client together with the General Terms and Conditions.

Preamble

Insofar as the services offered and to be provided by the Contractor include or require the processing of personal data, the processing of such data shall be carried out exclusively on the basis of this commissioned processing agreement (hereinafter "Agreement") pursuant to Article 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter "GDPR"). It applies to activities in which employees of the Contractor, or third parties commissioned by the Contractor may come into contact with personal data of the Client.

0.1.1 Personal data

Personal data is any information relating to an identified or identifiable natural person, cf. Art. 4 No. 1 GDPR.

0.1.2 Data processing on behalf

Data processing on behalf is the processing of personal data by the processor (contractor) according to instructions and on behalf of the controller (client).

0.1.3 Subcontractors

As a contractor of the processor within the meaning of the GDPR, the subcontractor is a "further processor", cf. Art. 28(4) GDPR.

0.1.4 Instruction

Instruction is the order of the Customer directed at a specific data protection handling (for example anonymization, blocking, deletion, surrender) of the Contractor with personal data. The instructions are initially.

1.1.1

The Contractor shall process personal data on behalf of the Client exclusively for the purpose of providing the services to be provided by the Contractor for the fulfillment of a booked service and which are further specified in the General Terms and Conditions. In addition, these provisions shall apply, whereby the provisions of this Agreement shall take precedence regarding the data processing operations.

1.1.2

The contract begins with the ordering of a service by the client from the contractor and expires automatically after the expiration of the contract period.

1.1.3

If the order does not contain any provisions regarding the duration of the contract, the following shall apply: The contract shall commence on the date on which the present contract is accepted by the Client (viewing and acceptance of the General Terms and Conditions and the commissioned data processing by the Client and placing of the order). This contract is concluded for an indefinite period of time. It can be terminated with a notice period of 6 months to the end of the year.

1.1.4

The right to terminate without notice for good cause remains unaffected. The Customer may also terminate the Agreement at any time without notice if there is a serious breach by the Contractor of the provisions of the GDPR or this Agreement, the Contractor is unable or unwilling to carry out an instruction of the Customer, or the Contractor refuses access by the Customer or its data protection officer or the agents of the auditing department in breach of the Agreement.

1.1.5

The subject, purpose, and scope of the agreed data processing result from the offered and booked services.

1.1.6

The categories of data subjects include:

• Customers
• Applicant
• Interested parties
• Subcontractor
• Press
• Business partner
• Employees of the client

1.1.7

The data processing includes the following types of data:

• any form of personal data resulting from the nature and scope of the order

1.1.8

The collection, processing, and use of data by the Contractor shall take place exclusively on the territory of the Federal Republic of Germany, in a member state of the European Union or in another state party to the Agreement on the European Economic Area. A transfer to a third country may only take place if this is permitted in accordance with Art. 44 et seq. GDPR and has been approved in writing in advance by the Client. Further obligations, requirements, and reservations in connection with a relocation of activities, in particular as a result of sub delegation, in accordance with the main contract shall remain unaffected.

1.1.9

Insofar as the Contractor performs maintenance work on IT systems for the Customer, the following additional agreements shall apply:

1.1.10

The Contractor may only access personal data of the Customer within the scope of the Maintenance if this is necessary for the performance of the Maintenance. During maintenance, the Contractor is prohibited from storing personal data of the Customer on its own IT systems or data carriers, unless the Customer instructs it to do so.

1.1.11

The Contractor shall notify the Customer in advance of any remote maintenance work. The Customer shall be entitled to follow the performance of the remote maintenance. Upon request and to the extent necessary, the Contractor shall assist in the configuration of technical control equipment.

1.1.12

Remote maintenance is only permitted from the Contractor's business premises. Necessary data transmissions for the purpose of remote maintenance must be made in sufficiently encrypted form. The Contractor shall use sufficiently secure authentication procedures in accordance with the state of the art.

2.1.1

The Contractor may only process personal data within the scope of the Client's instructions, unless an exceptional case within the meaning of Art. 28 (3) a) GDPR exists. The Contractor shall inform the Client without undue delay if it is of the opinion that an instruction violates applicable laws. The instructions shall initially be stipulated by the contract and may thereafter be amended, supplemented, or replaced by the Customer in writing or in an electronic format (text form) to the office designated by the Contractor by means of individual instructions (individual instruction). Verbal instructions shall subsequently be documented by the person responsible The Contractor shall also follow the internal work instructions/guidelines of the Customer of which the Contractor is aware. In the event of contradictions between the instructions and the work instructions, the individual instructions shall take precedence.

2.1.2

The Contractor guarantees that an analysis of the voice recordings and an evaluation of the content as well as the processing of the data for own purposes will not take place.

2.1.3

The Contractor shall ensure the implementation of and compliance with the agreed technical and organizational measures (TOM) in its area of responsibility in accordance with Article 32 of the GDPR. Overall, the measures to be taken are data security measures and to ensure a level of protection appropriate to the risk regarding confidentiality, integrity, availability and the resilience of the systems. In particular, the Contractor shall design its internal organization in such a way that it meets the special requirements of data protection. In addition, the Contractor shall support the Client in complying with the obligations set forth in Art. 32 GDPR (Art. 28 (3) c, f GDPR). The Contractor shall ensure that it or any of its subcontractors for the provision of the service only process and store applications and data worthy of protection in virtual networks (e.g., in the form of cloud computing) with the prior consent of the Client.

2.1.4

The contractor expressly warrants that the voice recordings are used exclusively to record the spoken word in text form and to process it in text form. There is no technical analysis of the spoken word of the individual applicants from which conclusions could be drawn about the personality structure of the applicant. Pitch, word choice, sentence structure, speech speed and rhythm are not analyzed at any point to create a psychological profile. Such a technique is not implemented in the Contractor's software.

2.1.5

In accordance with Article 28 (1) and (5) of the GDPR, the Contractor shall provide sufficient guarantees that the appropriate technical and organizational measures are implemented to ensure that the processing complies with the GDPR and the rights of the data subject. To this end, it has prepared a comprehensive and up-to-date data protection and data security concept for this commissioned processing. The Contractor is obligated to maintain and continuously update this data protection and data security concept, whereby changes must be coordinated with the Client.

2.1.6

The Contractor shall cooperate free of charge in accordance with Article 28 (3) (f) of the GDPR in the preparation of a data protection impact assessment pursuant to Article 35 of the GDPR and, if applicable, in the prior consultation of the supervisory authorities pursuant to Article 36 of the GDPR. In addition, the Contractor shall cooperate free of charge upon request in the creation and updating of the Client's procedural directory, insofar as it relates to the documentation of the technical and organizational security measures. The Contractor shall disclose the required information and documents to the Customer upon request.

2.1.7

The Contractor is also obligated not to process employee-related or -related data of employees of the Customer and its affiliated companies for performance or behavioral control and not for purposes and in applications other than those agreed with the Customer's co-determination bodies. The Customer shall comprehensively inform the Contractor of any relevant agreements with the co-determination bodies and the requirements resulting therefrom; in the event of contradictions with this Agreement, the Contractor shall inform the Customer without undue delay and the latter shall issue a corresponding instruction.

2.1.8

The Contractor warrants that the employees involved in the processing of the Client's data and other persons working for the Contractor are prohibited from processing the data outside the scope of the instruction. Furthermore, the Contractor warrants that the persons authorized to process the personal data have committed themselves to confidentiality or are subject to an appropriate statutory duty of confidentiality. The confidentiality/confidentiality obligation shall continue to exist after termination of the order. Upon request of the Client, the respective obligation of the employees involved in the processing of the Client's data shall be proven.

2.1.9

If required by law, the Contractor shall appoint a data protection officer in writing. Otherwise, a contact person for data protection issues shall be appointed. Contact details of the company data protection officer (or the contact person for data protection issues) and contact person for information security issues of the Contractor are: privacy@alexanderdort.com

2.1.10

The Contractor shall be obligated to continuously monitor its data processing processes and systems regarding compliance with the requirements of data protection law. The Contractor shall document this and make the corresponding records available to the Customer upon request at least once a year for the purpose of proof. For this purpose, the Contractor shall submit upon request:

• compliance with approved rules of conduct pursuant to Art. 40 GDPR; or
• certification in accordance with an approved certification procedure pursuant to Art. 42 GDPR; or
• Current attestations, reports, penetration tests, results of emergency recovery exercises, action plans, or report excerpts from independent entities (e.g., auditors, auditing, data protection officers, IT security department, data protection auditors, quality auditors); or
• suitable certification through IT security or data protection audits (e.g. BSI-Grundschutz).

Vulnerabilities identified in the evidence must be remedied promptly, taking into account the criticality level. The Contractor agrees that the Client may also perform penetration tests on components provided for the Client on an annual basis after prior announcement and with the Client bearing the costs. Furthermore, the Client's software components may be transferred to a service provider for testing.

2.1.11

The Contractor shall inform the Client without undue delay in the event of disruptions to the operational process, suspected breaches, or other irregularities in the processing of the Client's personal data, as well as of control actions and measures taken by the supervisory authority in accordance with Chapter VIII of the GDPR.

2.1.12

The Contractor is aware that the Client is obligated to comprehensively document all breaches of the protection of personal data (Art. 4 No. 12 GDPR) and, if necessary, to report them to the supervisory authorities or the affected person within 72 hours. If such breaches have occurred, the Contractor shall support the Client in complying with its reporting obligations in accordance with Art. 28 (3) lit. f GDPR. The Contractor shall report the breaches to the Client without undue delay and shall provide at least the following information:

• A description of the nature of the breach, the categories and approximate number of individuals and records affected,
• Name and contact details of a contact person for further information,
• A description of the probable consequences of the injury, and
• A description of the actions taken to correct or mitigate the violation.

2.1.13

Data carriers provided as well as all copies or reproductions made thereof shall remain the property of the Client. The Contractor shall store them carefully so that they are not accessible to third parties.

The Contractor shall be obliged to provide the Client with information at any time, insofar as its personal data and documents are affected. The Contractor shall undertake the destruction of test and reject material in accordance with data protection requirements following prior approval (in writing or text form) by the Client. In special cases to be determined by the client, the material will be stored or handed over.

2.1.14

After completion of the contractual services or earlier upon request by the Client - at the latest upon termination of the main contract - the Contractor shall hand over to the Client all documents, processing and utilization results created as well as data files related to the contractual relationship that have come into its possession or, after the Client's prior consent (in writing and text form), destroy or delete them in accordance with data protection requirements. Insofar as statutory retention obligations exist, the deletion/destruction of the data shall only take place after their expiry. The record of the deletion/destruction must be submitted upon request. Documentation which serves as proof of orderly and proper data processing shall be retained by the Contractor beyond the end of the contract in accordance with the respective retention periods. The Contractor may hand them over to the Client at the end of the contract to relieve the Contractor.

2.1.15

In automated processing systems, the Contractor shall log at least the following operations:

• Survey,
• Change,
• Query,
• Disclosure including transmission as well as
• Combination and

Logs of queries and disclosures must make it possible to determine the reason, date, and time of these operations and, as far as possible, the identity of the person who queried or disclosed the personal data and the identity of the recipient of the data.

3.1.1

The Customer shall inform the Contractor of any deficiencies in the performance of the commissioned processing that become known to it under data protection law.

3.1.2

Prior to the start of data processing, the Customer shall satisfy itself in the course of the previous cooperation that the TOMs for data security implemented at the Contractor have been complied with. It may do so at its discretion, in particular by comparing the procedures used with the requirements of the data protection and data security concept as well as through various audits by the internal audit department, the information security officer(s), the data protection officer(s) or their respective representatives. The Customer shall also conduct a corresponding review on a regular basis during the term of the contract.

4.1.1

If the Client is required by applicable data protection laws to provide information to the data subjects regarding the collection, processing, or use of personal data of such person, the Contractor shall assist the Client in providing such information.

4.1.2

The Contractor shall only correct, delete, or restrict the data processed on behalf of the Customer in accordance with the Customer's instructions. If a data subject contacts the Contractor directly for the purpose of correcting, restricting, deleting, or providing information, the Contractor shall forward this request to the Client without delay. The response to the request for information shall be made exclusively by the Customer.

4.1.3

Insofar as included in the scope of services, the deletion concept, right to be forgotten, correction, data portability and information shall be ensured directly by the Contractor in accordance with the Client's documented instructions.

5.1.1

The Customer shall have the right, in consultation with the Contractor, to carry out inspections prior to the start of data processing and during the term of the contract or to have such inspections carried out by inspectors to be named in individual cases. The Contractor shall ensure that the Customer can, if necessary, convince itself annually of the Contractor's compliance with its obligations pursuant to Article 28 of the GDPR. In particular, the Customer may, after notification (and without notification in the case of incidents referred to in Sections 3.9 and 3.10), convince itself of the adequacy of the measures for compliance with the technical and organizational requirements of the data protection laws relevant to the commissioned processing at the Contractor's business premises during normal business hours and, to the extent possible, without disrupting business operations. The data protection authorities responsible for the supervision of the Client shall have the same right in principle. In addition, the Contractor shall provide the Client with security-relevant information without delay and in full. All information relating to the information security of the contractual relationship between the Customer and the Contractor shall be treated confidentially.

5.1.2

The assumption of costs of such a control on the part of the client is excluded. Further control, access, and information rights of the client or of third parties according to the main contract remain unaffected.

5.1.3

The Contractor undertakes to provide the Customer upon request (text form is sufficient) within a reasonable period of time with all information required to perform a comprehensive inspection of the order.

5.1.4

The Contractor shall support the Customer in carrying out controls and shall cooperate in the complete and expeditious processing of its controls. For its part, the Contractor shall regularly control the data processing and document the controls as well as their results and make them available to the Customer.

6.1.1

Orders may only be placed with subcontractors with the prior written consent of the Customer. The Customer already now approves the subcontracting relationship between the Contractor and the subcontractors specified in Annex 1 (including indication of the full company name, address, processing locations and type of service).

6.1.2

If subcontractors are engaged by the Contractor, the contractual agreements shall be designed in such a way that they comply with the requirements for confidentiality, data protection and data security between the contracting parties to this Agreement as well as Article 28 (2) to (4) of the GDPR and the Contractor shall regularly verify compliance with these obligations by the subcontractor. The Customer and the competent data protection authorities shall be granted control and inspection rights in accordance with Section 6. Likewise, the Customer shall be entitled to receive information from the Contractor upon written request about the essential content of the contract and the implementation of the subcontractor's obligations relevant to data protection, if necessary, also by inspecting the relevant contractual documents.

6.1.3

Further requirements and specifications for the commissioning of subcontractors in accordance with the main contract remain unaffected.

6.1.4

The transfer of personal data of the Client to the subcontractor and its first activity shall be permitted only after all requirements for subcontracting have been met.

6.1.5

Subcontracting relationships within the meaning of this provision shall be understood to be those services which relate directly to the provision of the main service. This does not include ancillary services which the Contractor uses, for example, as telecommunications services, postal/transport services, maintenance and user service or the disposal of data carriers and other measures to ensure the confidentiality, availability, integrity and resilience of the hardware and software of data processing systems. However, the Contractor shall be obligated to enter into appropriate and legally compliant contractual agreements and to take control measures to ensure the protection and security of the Customer's data, even in the case of externally contracted ancillary services.

7.1.1

The Contractor shall be liable to the Customer for damages as a result of faulty data processing or in the event of security-related breaches culpably caused by the Contractor, its employees or those commissioned by it to perform the contract when providing the contractual services.

7.1.2

In all other respects, the Client and the Contractor shall be liable vis-à-vis the data subjects in accordance with the provision set out in Article 82 of the GDPR.

8.1.1

If the Client's personal data at the Contractor is endangered by attachment or seizure, by insolvency or composition proceedings or by other events or measures of third parties, the Contractor shall inform the Client thereof without undue delay. The Contractor shall immediately inform all persons responsible in this context that the sovereignty of the personal data lies with the Client.

8.1.2

Amendments and supplements to this Agreement and all of its components - including any representations made by the Contractor - shall be made in writing, which shall also include electronic format.

8.1.3

German law applies.

8.1.4

Should individual parts of this contract be invalid, this shall not affect the validity of the rest of the contract.