Terms
§1 General
(1) Scope
1. These terms and conditions govern the use of all services and products offered by Wunderdata GmbH, Saarbrücker Str. 36, 10405 Berlin (hereinafter Wunderdata or Agent). Hereto including, but not limited to the website http://wunderdata.com and the tool accessible through this site.
5. These Terms and conditions also apply to all future transactions with the user, if the legal transactions are similar.
(2) Right and restrictions of use
1. The user is granted a non-exclusive, to the time of usage limited right to access the software via internet. Any further rights are not given to the user.
• to redevelop, decompile or attempt in any other way to make the source code of the software visible
• to copy the software, modify, adapt, sublicense, sell, or use in any other manner that is not held firmly in this agreement
• to provide, sell, lend or sublicense the software without written permission from Wunderdata to third parties
• to use the software in a manner that endangers the performance , security or accessibility of the software.
1. All prices shown are net prices excluding taxes.
2. Prices have to be payed in advance or, in case of direct debit payment, it has to be ensured, that the available funds in the account are sufficient.
(4) Liability
1. The user shall be liable for all damages incurred by third parties, if and when the user is responsible for such use.
2. For events of force majeure, which make it substantially difficult, interfere or make it impossible to conduct the contractual obligations, Wunderdata shall not be liable.
3. Wunderdata is not liable for damage to software or hardware, or property damage, unless the cause is based on reckless or intentional actions by Wunderdata.
§ 2 Collection, processing or use of personal data on behalf of others based on § 11 BDSG
(1) Subject-matter and duration of the commission
The agent creates a data warehouse and gives the principal access to the data warehouse for the time of the agreement.
(2) Scope, nature and purpose of the proposed collection, processing or use of data
1. Scope
The data will be processed and used exclusively within the territory of the Federal Republic of Germany, a Member State of the European Union or another signatory to the Agreement on the European Economic Area. Any movement of data to a third country requires the prior consent of the Principal and is subject to compliance with the special requirements set out in Sections 4b and 4c BDSG.
2. Nature of the data
The subject-matter of the collection, processing and/or use of personal data covers the following types/categories of data
- Personal master data
- Behavior data
- Contact data
- Buying history
- Billing and payment data
- Planning and management data
3. Purpose
The purpose is to get better insights and reach operative and strategic targets easier.
4. Persons affected (data subjects)
The group of data subjects affected by the processing of their personal data within this commission includes
- Customers
- Suppliers
- Employees in the meaning of Section 3(11) BDSG
- Contacts
(3) Technical/organizational measures
1. Within Agent’s area of responsibility, Agent shall structure Agent’s internal corporate organisation to ensure compliance with the specific requirements of the protection of Personal Data. Agent shall take the appropriate technical and organizational measures to adequately protect Principal’s Personal Data against misuse and loss in accordance with the requirements of the German Federal Data Protection Act (§ 9 BDSG). Such measures hereunder shall include, but not be limited to
a) the prevention of unauthorised persons from gaining access to Personal Data Processing systems (physical access control),
b) the prevention of Personal Data Processing systems from being used without authorization (logical access control),
c) ensuring that persons entitled to use a Personal Data Processing system gain access only to such Personal Data as they are entitled to accessing in accordance with their access rights, and that, in the course of processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control)
d) ensuring that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage on storage media, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control),
e) ensuring the establishment of an audit trail to document whether and by whom Personal Data have been entered into, modified in, or removed from Personal Data Processing systems, (entry control),
f) ensuring that Personal Data Processed are Processed solely in accordance with the Instructions (control of instructions)
g) ensuring that Personal Data are protected against accidental destruction or loss (availability control),
h) ensuring that Personal Data collected for different purposes can be processed separately (separation control).
2. Upon Principal’s request, Agent shall provide a comprehensive and current Personal Data protection and security programme covering Processing hereunder
(4) Correction, deletion and blockings of data
The Agent may only correct, delete or block the data processed on behalf of the Principal when instructed to do so by the Principal. If a data subject should apply directly to the Agent to request the correction or deletion of his personal data, the Agent must forward this request to the Principal without delay.
(5) Controls and other responsibilities of the Agent
Written appointment – where stipulated by law – of a data protection official, able to discharge his duties as set out in Sections 4f and 4g BDSG. The official’s contact details must be supplied to the Principal to enable direct contact to be made.
The maintenance of confidentiality in accordance with Section 5 BDSG. All persons who have access to personal data belonging to the Principal under the terms of this commission must give an undertaking to maintain confidentiality and must be informed of any special data protection requirements arising from this commission, and the limitation of use to specific purposes as instructed.
The implementation and maintenance of all technical and organizational measures required for this commission according to Section 9 BDSG and the Annex thereto.
Immediate notification to the Principal of any monitoring activities and measures undertaken by the supervisory authority pursuant to Section 38 BDSG.
Monitoring of the commission by way of regular reviews by the Agent concerning the performance and fulfillment of the contract, particularly compliance with and any necessary amendment to provisions and measures laid down to carry out the commission.
(6) Subcommissions
The commissioning of sub-contractors is only permitted with the prior written consent of the Principal.
(7) Monitoring rights of the Principal
The Principal may carry out the job control stipulated in No. 6 of the Annex to Section 9 BDSG in consultation with the Agent, or appoint auditors to do so. The Principal may carry out sample checks on the Agent’s business premises, generally to be announced in advance, in order to verify compliance with this Agreement by the Agent. The Agent undertakes to provide the Principal with the information required to meet his job control obligation, and make the necessary documentation available.
With regard to the monitoring obligations of the Principal under Section 11(2) sentence 4 BDSG before the start of data processing and throughout the term of the commission, the Agent must ensure that the Principal can confirm adherence to the technical and organizational measures taken. For this purpose, the Agent must provide the Principal upon request with evidence of the implementation of the technical and organizational measures pursuant to Section 9 BDSG and the Annex thereto. Evidence of the implementation of any measures that do not only affect the specific commission may also be presented in the form of up-to-date attestations, reports or extracts thereof from independent bodies (e.g. external auditors, internal audit, the data protection officer, the IT security department or quality auditors) or suitable certification by way of an IT security or data protection audit (e.g. ‘IT basic security’ as defined by the Federal Office for Information Security – BSI).
(8) Notification of infringements by the Agent
The Agent must notify the Principal in all cases where the Agent or persons employed by him infringe provisions relating to the protection of personal data belonging to the Principal or any other stipulations set out in the commission.
The Parties are aware that Section 42a BDSG may impose a duty to inform in the event of the loss or unlawful disclosure of personal data or access to it. Such incidents should therefore be notified to the Principal immediately, regardless of their origin. This also applies to serious operational faults or where there is any suspicion of an infringement of provisions relating to the protection of personal data or other irregularities in the handling of personal data belonging to the Principal. In consultation with the Principal, the Agent must take appropriate measures to secure the data and limit any possible detrimental effect on the data subjects. Where obligations are placed in the Principal under Section 42a BDSG, the Agent must assist in meeting them.
(9) Principal’s authority to issue instructions
The data may only be handled under the terms of the agreements concluded and the instructions issued by the Principal (see Section 11(3) sentence 1 BDSG). Under the terms of the commission as described in this Agreement, the Principal retains a general right of instruction as to the nature, scope and method of data processing, which may be supplemented with individual instructions. Any changes to the subject-matter of the processing and any changes to procedure must be agreed and documented together. The Agent may only pass on information to third parties or to the data subject with the prior written consent of the Principal.
The Principal must confirm any oral instructions immediately in writing or by e-mail (in text form). The Agent must not use the data for any other purpose and is particularly forbidden to disclose the data to third parties. No copies or duplicates may be produced without the knowledge of the Principal. This does not apply to backup copies where these are required to assure proper data processing, or to any data required to comply with statutory retention rules.
The Agent must inform the principal immediately, in accordance with Section 11(3) sentence 2 BDSG, if he believes that there has been infringement of legal data protection provisions. He may then postpone the execution of the relevant instruction until it is confirmed or changed by the Principal’s representative.
(10) Deletion of data and return of data media
Upon completion of the contractual work or when requested by the Principal – and no later than the end-date of the Service Agreement – the Agent must return to the Principal all documents in his possession and all work products and data produced in connection with the commission, or delete them in compliance with data protection law with the prior consent of the Principal. The same applies to any test data and scrap material. The deletion log must be presented upon request.
Documentation intended as proof of proper data processing must be kept by the Agent beyond the end of the Agreement in accordance with relevant retention periods. The Agent may hand such documentation over to the Principal after expiry of the Agreement.
(11) Approval of affected persons
The principal confirms, that he got the approval of affected customers and employees to collect, process and use their personal data. This applies especially for special personal data or when the personal data is used to rate the personality of the affected, including his skills, performance or his behavior.
(12) Aggregated data
For optimization purposes, Wunderdata gets the right to collect, process and use non personal data (anonymous or aggregated data) of the principal without directive. Examples of such data includes a benchmark across all Wunderdata clients on metrics such as size of data set. Wunderdata will not publish data if it is a) personal data or if b) it includes data specific to a client.
§3 Other
(1) Change of Terms and Conditions
Wunderdata is entitled to unilaterally amend these terms, to the extent necessary to eliminate interference or equivalence to adapt their legal or technical environment.
(2) Jurisdiction
For all transactions with Wunderdata applies the law of the Federal Republic of Germany.
(3) Severability
Should individual provisions of this contract be or become invalid or should the contract have an unforeseen gap, the validity of the remaining provisions stay unaffected. Instead of the invalid or missing provisions, the respective legal regulations apply.
(4) Language
Only the German version of these terms is legally binding. All translations have informational purpose only.