Terms & Conditions.
1.1 These GTC apply to all contracts (each a “Contract”) for software solutions to support business processes for use via the Internet as a web application (“SaaS Solution”) of ZREALITY GmbH, Zollamtstraße 11, 67663 Kaiserslautern, Germany (“ZREALITY”).
1.2 Clients of ZREALITY can only be companies, i.e. natural persons or legal entities acting in connection with their business or self-employment (each a “Client”; ZREALITY and Clients are each a “Party” and together the “Parties”).
1.3 ZREALITY does not recognize any deviating terms and conditions or other contractual terms and conditions of the Client, unless ZREALITY has expressly agreed to their applicability in writing in advance. ZREALITY already expressly objects to the validity of the Client’s terms and conditions.
2. Conclusion of Contract
2.1 Upon the Client’s request, ZREALITY shall prepare a non-binding offer (“Offer”) regarding the use of the SaaS Solution requested by the Client. An Offer shall not be deemed to be agreed in the sense of a contract conclusion until it has been signed by an authorized representative of the respective contracting party.
2.2 The commencement of the contract shall be determined by the parties in the offer (“Commencement Date”). If no specific date is specified as the Contract Commencement Date, the Contract shall commence on the date of the last signature of an authorized representative within the scope of the Contract conclusion.
3 Subject matter of the contract
3.1 The concrete scope of functions of the SaaS Solution as well as the requirements for the hardware and software environment that must be met on the Customer’s side result from the respective offer and the documentation that ZREALITY makes accessible or provides to Customers together with the SaaS Solution (“User Documentation”). It is not possible to provide the SaaS solution for local installation at the customer’s premises.
3.2 As part of the SaaS solution, storage space is provided by ZREALITY on central servers on which the data and information (e.g., 3D representations) generated and processed for the Customer with the SaaS solution and information uploaded by the Customer (e.g., participant lists) (“Customer Content”) are stored for the duration of the contractual relationship.
3.2 The Customer may use the SaaS solution to store data and information (e.g., 3D representations) and information uploaded by the Customer (“Customer Content”).
3.3 The performance transfer point is the ZREALITY router output to the Internet. On the Customer’s side, the Customer itself must take care of the connection to the Internet, the provision or maintenance of the network connection to the performance handover point, and the procurement and provision of network access components for the Internet.
3.4 The Client’s access to the SaaS Solution is secured via the Internet. After the conclusion of the contract, ZREALITY will provide the Client with access data to access its account (“Client Account”) in the SaaS Solution and to use the SaaS Solution. The Client is obliged to keep its access data incl. password secret and to protect it from misuse by third parties. In this context, ZREALITY points out that ZREALITY employees are not authorized to request passwords or access data by telephone or in writing. The Customer will change the password provided by ZREALITY for the initial log-in. When choosing a password, the generally known rules should be observed (length, complexity of the password). The Client must notify ZREALITY immediately in the event of loss of the access data, including the password, or if misuse of such data is suspected. Furthermore, ZREALITY is entitled to block access to the Customer’s account to the SaaS solution in the event of misuse. The Customer shall be liable in the event of misuse for which it is responsible.
4. Service Level Regulations
4.1 The following service levels apply to the SaaS solution:
– Uptime: 24 hours per day, all seven (7) days per week (“Uptime”);
– Maintenance Hours: Maintenance work performed on a pre-scheduled basis that requires an interruption in the availability of the SaaS Solution will be performed by ZREALITY, to the extent technically feasible, on business days between 20:00 and 08:30 (“Scheduled Maintenance”);
– Availability during Operating Hours: 99% on average over a calendar month (“Availability”), excluding Scheduled Maintenance and downtime beyond ZREALITY’s control from the calculation of Availability.
4.2 To the extent that, for urgent technical reasons that cannot be postponed, maintenance work is exceptionally required during operating hours that does not constitute Planned Maintenance, with the result that the SaaS Solution is not available during this time, ZREALITY will, if possible, inform the Client in good time by e-mail to the address specified by the Client.
4.3 ZREALITY will perform the analysis and correction of documented, reproducible errors in the SaaS Solution (hereinafter “Support Services”) in accordance with recognized industry standards. ZREALITY does not guarantee success in the elimination of errors. “Error” within the meaning of these GTC is any malfunction reported by the Customer that results in the quality and functionality of the SaaS Solution deviating from the offer and user documentation and
– this has a more than insignificant effect on its usability, or
– corruption of data or loss of data occurs that is processed with or generated by the SaaS Solution.
If a malfunction that has occurred cannot be reproduced, it is not considered an Error. In this case, the parties shall jointly agree on the further course of action.
4.4 The customer must immediately report any faults that occur with a precise description of the problem. The report may initially be made verbally, but must be repeated in text form (e-mail) no later than the next business day. ZREALITY can be reached to receive error reports by e-mail Monday – Friday from 09:00 to 17:00 at the following e-mail address: email@example.com
4.5 The type and duration of error checking and processing depends on the error class and the corresponding response times:
4.5.1 Error classes
– Error class 1: Productive use of the SaaS solution is not possible or only possible to a significantly limited extent or essential performance features are missed.
– Error class 2: Core functionality is ensured, but there is a significant error in a sub-module that prevents or significantly restricts working with this module.
– Error class 3: All other errors
4.5.2 Response times depend on the support services agreed between ZREALITY and the Customer:
– Error Class 1: By the next business day
– Error Class 2: At the discretion of ZREALITY
– Error Class 3: At the discretion of ZREALITY
– Failure Class 1: One (1) hour
– Failure Class 2: Two (2) business days
– Failure Class 3: Five (5) business days
Within the response times, ZREALITY will submit a proposal to correct the error. The proposal shall include the following:
– Conduct a failure analysis and present the results of the analysis conducted;
– Present the impact of the failure on other functionalities (criticality);
– Propose a course of action to resolve the failure.
4.6 ZREALITY is not obligated to provide support services (neither standard nor enterprise support)
Availability Service Credit (% of the monthly fee for the Service)
– for errors based on unauthorized modifications or adaptations of the SaaS solution by the customer or on behalf of the customer;
– for software other than the SaaS solution (in particular third-party software used on customer systems);
– for errors based on improper or unauthorized use of the SaaS solution or on operating errors by the customer, unless the operation is performed in accordance with the user documentation;
– in the event of any hardware defects;
– in the event of use of the SaaS Solution by the Customer on hardware and operating system environments other than the permitted ones specified in the user documentation; or
– in the form of on-site operations by employees of ZREALITY.
4.7 If ZREALITY and the Client agree in individual cases to provide support services in accordance with this Section 4.6 outside of ZREALITY’s general obligations, ZREALITY is entitled to treat corresponding services as a separate order and to invoice the Client for them in addition to the usage fees for the SaaS Solution in accordance with the applicable service rates. In the event of Unplanned Downtime, ZREALITY shall make commercially reasonable efforts to remedy the Unplanned Downtime within a reasonable period of time.
If ZREALITY fails to meet the service level set forth in Section 4. 1 of these GTC for the Service (“Unavailability”), the Client shall be entitled to the service credits set forth below (“Service Credits”), which Service Credits shall not exceed 10% of the total fees paid by the Client to ZREALITY for all Services provided in the relevant Service Month.
To receive a Service Credit, Customer must claim such credit with ZREALITY within five (5) business days of receipt of the Service Level Report for the period for which Customer claims the Service Credit. Such claim by Customer shall include specific details of the days, times and duration of each unavailability claimed by Customer. If, after investigation, ZREALITY accepts Customer’s written claim for a Service Credit, ZREALITY will notify Customer that the relevant Service Credit will be offset against the charge for Services paid by Customer in the next monthly invoice for Services. Service credits cannot be credited retroactively. If the Customer fails to claim a Service credit in a timely manner, the Customer’s entitlement to a Service credit for that month will expire. Service credits payable by the Customer shall be offset against any claims for damages of the Contractual Partner due to non-compliance with the Service Level.
4.8 ZREALITY shall ensure continuous monitoring of the Service Levels. All measurements of the Service Levels shall be made on a monthly basis for each calendar month during the term of the Contract.Upon the Customer’s request, ZREALITY shall provide monthly reports on the measurements of Unplanned Downtime and the calculation of System Availability for the relevant previous month. If Customer has any complaints regarding any measurement or other information set forth in such report, Customer shall notify ZREALITY in writing of such complaints within five (5) calendar days of receipt of the report, provided that the accuracy of the report shall be deemed sufficient if no such notice is given by Customer. Any such notice shall specify the measurements complained of and describe in detail the nature of the complaint. ZREALITY and Customer agree to resolve such disagreements regarding Service Levels and/or related Measurements to the extent possible and in a timely manner by mutual agreement.
4.9 The Client’s rights in the event of non-availability are governed exclusively by this clause 4. Further rights are excluded. This shall not affect the customer’s right to terminate the contract and to claim damages in accordance with these GTC.
5 Backups and data storage
The Client is obliged to sufficiently back up Client Content. ZREALITY will also perform daily backups of the Service and Customer’s data. Backups will be stored for up to twelve (12) months. Upon termination (ordinary or extraordinary) of the Agreement by either party, Client Data processed via the SaaS Solution will be stored for an additional three (3) months before being permanently deleted by ZREALITY, subject to any statutory retention periods of ZREALITY.
6. Rights of Use SaaS Solution and Customer Content
6.1 Subject to the provisions of this Agreement, ZREALITY grants the Client the non-exclusive, worldwide, royalty-bearing right, sublicensable exclusively to the number of users of the Client’s account agreed upon in accordance with the Offer, to use the SaaS Solution for internal contractual purposes during the term of the Agreement. Customer may only use the SaaS Solution within the scope of the capacity agreed in the offer.
6.2 Subject to the rights granted under these GTC, ZREALITY reserves all rights and legal title to the SaaS Solution, any developments or programming based thereon, and the intellectual property and know-how related thereto. The Client acknowledges that it does not receive or acquire any rights other than those expressly granted under these GTC.
6. 3 Client hereby grants ZREALITY the non-exclusive right to (a) copy, use, modify, distribute, display and disclose Client Content to the extent necessary to provide the Services to Client pursuant to this Agreement, (b) copy, modify and use Client Content in connection with internal operations and functions, including but not limited to, for purposes of operational analysis and reporting, internal financial reporting and analysis, audit functions, and archiving; and (c) use aggregated and anonymized Customer Content for purposes of marketing or product optimization, which aggregated data shall not include any information that identifies or makes identifiable the Customer or User, Brands or Users as the source of such data.
If ZREALITY and the Client have agreed to make available a version of the SaaS Solution for testing purposes “Test Version”), these GTC shall apply accordingly to the extent applicable to the Test Version. The specific scope of services for the Test Version is set forth in the corresponding offer
8. Duties to cooperate
The cooperation obligations of the Client required for the performance of the contractual services by ZREALITY shall be provided in full and in a timely manner. Subject to further specifications in the offer to the Customer and the user documentation, the Customer’s duties to cooperate include, in particular, the following:
– when using the SaaS solution, all applicable laws and other legal provisions must be observed. The Client must not transfer any data or content to ZREALITY’s servers that violates legal provisions or infringes third-party property rights or copyrights or other rights of third parties;
– in the event of an error message, the Client must immediately provide ZREALITY with all documentation, logs and other information relevant for troubleshooting;
– the Client is obliged to regularly participate in the product training offered by ZREALITY or otherwise acquire the knowledge necessary to use the SaaS solution;
– the Customer may only transmit data via the Saas Solution that is free of computer viruses or other harmful code / other harmful technologies;
– the Customer may not use software or other techniques or procedures in connection with the use of the SaaS Solution that are likely to impair the operation, security and availability of the Saas Solution.
9. Compensation Adjustment
ZREALITY is entitled to adjust the remuneration payable by the Client for the use of the Saas Solution during the term of the agreement. However, such a price change is only permitted once a year. Price increases must be announced by ZREALITY by e-mail to the e-mail address specified by the Client no later than six (6) weeks before they take effect (“Price Increase Announcement”). In the event that the price increase amounts to more than 10% of the previous remuneration, the Client has a special right of termination, which it may exercise in writing with a notice period of one (1) month to the end of the calendar month following receipt of the Price Increase Notice.
10. Blocking of data
If a third party asserts to ZREALITY an infringement of rights by data or content transmitted by the Client to the data storage provided by ZREALITY (“Reported Content”), ZREALITY shall be entitled to temporarily block the relevant Reported Content if the third party has conclusively demonstrated the infringement. In this case, ZREALITY will request the Customer to cease the infringement within a reasonable period of time or to provide evidence of the legality of the Reported Content. If this request is not or not sufficiently complied with, ZREALITY shall be entitled, without prejudice to further rights and claims, to terminate the contract for cause without notice. To the extent that the Client is responsible for the infringement, the Client shall also be obligated to compensate ZREALITY for any resulting damage and shall indemnify ZREALITY to this extent against any claims of third parties upon first request. Further rights are reserved.
11. Changes in performance
ZREALITY is entitled at any time to further develop, change or supplement the SaaS Solution in part or in its entirety. ZREALITY will announce contract-relevant, significant changes at least six (6) weeks before they take effect by email to the email address provided by the Client (“Performance Change Notice”). The Customer may object to the changes in writing or by e-mail with a notice period of one (1) month from receipt of the Service Change Notice. If not objected to, the changes will become part of the contract between ZREALITY and the Client. The notification of the change in service shall indicate the consequences of the objection. In the event of a timely objection, ZREALITY is entitled to terminate the contract in writing with a notice period of one (1) month to the end of the calendar month.
12. Third Party Property Rights
12.1 If industrial property rights and copyrights of third parties are infringed by ZREALITY as a result of the contractual use of the SaaS Solution, and if third parties raise claims against the Client on account of such infringement, ZREALITY will, at its own discretion and at its own expense, either
– procure the rights of use required for the SaaS Solution; or
– modify the SaaS Solution in such a way that it no longer infringes the rights of third parties and has at least the features contractually agreed with the Client.
12. 2 ZREALITY will defend the Client against or, at its option, indemnify the Client within the scope of the limitations of liability set forth in Section 13 against any damages that result directly from an assertion of corresponding claims arising from infringements of the rights of third parties and that are asserted against the Client in court, to the extent that such claims by the third party are not based on the following:
– modifications to the SaaS Solution by the Client that have not been approved by ZREALITY under this Agreement or otherwise; or
– use of the SaaS Solution in a manner other than as agreed in accordance with the purpose of this Agreement; or
– use of the SaaS Solution on hardware or operating system environments not approved by ZREALITY.
The obligation to pay compensation is excluded if ZREALITY proves that the Client itself is responsible for the infringement of third-party rights.
12.3 The Client is obligated to notify ZREALITY without undue delay if third parties claim infringement of property rights against it in connection with the SaaS solution. The Client is only entitled to take action, in particular to defend itself against the claims in court or to satisfy legal claims of the third party with reservation, provided that ZREALITY has given prior notice that ZREALITY will not defend the Client against the claim.
ZREALITY shall be liable for all damages arising in connection with this Agreement, for any factual or legal reason whatsoever, only in accordance with the following provisions:
13.1 In the event of intent and gross negligence, claims under the German Product Liability Act, and injury to life, limb or health, ZREALITY shall have unlimited liability in accordance with the statutory provisions.
13.2 In all other respects, liability per calendar year is limited to the damage foreseeable at the time of the conclusion of the contract up to a total amount for all cases of damage per calendar year corresponding to 50% of the remuneration paid by the Client in that calendar year. This limitation of liability shall also apply in the event of data loss and data deterioration as well as data protection breaches by ZREALITY as defined in the order processing agreement between the parties.
14. data protection
When providing the SaaS Solution, ZREALITY may have access to personal data that ZREALITY processes as a processor for the Client on the basis of the Order Processing Agreement (“OPA”) entered into with the Client in relation to this Agreement.
The provisions of the confidentiality agreement agreed between the parties shall apply with priority. Unless expressly agreed, the following shall apply:
15.1 The Parties are aware that during the term of the Agreement they have access to certain Confidential Information of the other Party or Confidential Information of third parties that the disclosing Party is obligated to keep confidential. Confidential Information means any written, electronic or oral information that (i) has been disclosed by one Party to the other Party, (ii) is not generally known or publicly available, either in its entirety or in the precise arrangement and composition of its component parts, (iii) relates to the activities of a Party or a Third Party, (iv) is subject to the disclosing Party’s reasonable technical and organizational safeguards, and (v) has either been designated as confidential or, because of the nature of the circumstances under which the disclosure is made, should reasonably be treated as confidential (“Confidential Information”). Both Parties acknowledge that the Disclosing Party or Third Party, as the case may be, shall remain the owner of all rights in Confidential Information.
15. 2 Each Party undertakes (i) to use the Confidential Information disclosed by the other Party only to the extent permitted and intended in this Agreement, (ii) to keep the Confidential Information obtained from the other Party strictly confidential and, by implementing appropriate technical and organizational measures, to protect it from disclosure to and use by third parties, (iii) to restrict access to the Confidential Information disclosed by the other Party to those of its employees, agents and/or consultants, if any, who have a need to know such information and who have been obligated in writing to keep such information confidential in accordance with this Agreement, and (iv) surrender or destroy any Confidential Information disclosed by the other Party that is in its possession upon termination or expiration of this Agreement. Notwithstanding the foregoing, Customer acknowledges that ZREALITY may use anonymized statistical data about Customer’s use of ZREALITY and may share such statistical data with third parties. The contractual confidentiality obligations shall continue for two (2) years after termination of the Agreement.
15.3 Notwithstanding the foregoing, the provisions of Sections 15.1 and 15.2 of the General Terms and Conditions shall not apply to Confidential Information that (i) is freely available or generally known at the time of its disclosure, (ii) through no fault of the recipient, freely available or becomes generally known, (iii) was lawfully communicated to Recipient by persons who were not bound by confidentiality obligations in this regard, (iv) is already in Recipient’s possession at the time of disclosure without any confidentiality obligations attached thereto, (v) was independently developed by Recipient, or (vi) is authorized for release or disclosure by Disclosing Party without restriction. Notwithstanding the foregoing, either party may disclose Confidential Information to the extent necessary (i) to comply with a court or governmental order or otherwise to satisfy the requirements of mandatory law, provided that the party disclosing the Confidential Information pursuant to the order shall give prior written notice to the other party and use reasonable efforts to obtain a protective order, or (ii) to have a court determine a party’s rights under this Agreement, including any motions necessary to do so.
16. Contract Term and Termination
16.1 The Contract shall come into force on the Contract Commencement Date and, unless otherwise agreed on the basis of the Offer, shall run for twelve (12) months (“Minimum Term”) unless terminated in accordance with this Clause 16. The Agreement shall automatically renew for successive one-year periods unless terminated by either party upon three (3) months’ prior written notice to the other party prior to the expiration of the current renewal period (the Minimum Term and any renewal periods are collectively referred to as the “Term”).
16.2 In the event of termination of a contract with a notice period or minimum term agreed in accordance with the offer, the customer shall continue to be entitled to the contractually agreed services until the end of the contractual term.
16.3 If the Service Level listed in Section 4 of the GTC is not met for a period of three (3) consecutive calendar months or for three (3) calendar months within a period of six (6) calendar months (availability during operating hours below 95%) and if ZREALITY is responsible for the shortfall, the Client shall be entitled to terminate the contract without notice and to claim damages in lieu of performance.
16.4 Any termination must be made in text form (letter, fax, e-mail). Non-use of the SaaS solution shall not be deemed to be termination. Without notice of termination received in due time and form, the term of the contract shall be automatically extended.
17 Termination, Consequences of Termination
17.1 The right of both parties to terminate for cause remains unaffected. In particular, ZREALITY is entitled to terminate this Agreement without notice if
– the Client is in default of payment of an amount for a period of more than two (2) months that is at least equal to the agreed fee for the use for the period of two (2) months;
– insolvency proceedings or other judicial or extrajudicial proceedings serving the settlement of debts have been or will be instituted against the Client’s assets;
– the user account of the third party has been transferred or the access data to the SaaS solution has been made accessible to third parties, in each case without the prior consent of ZREALITY;
– the Customer has otherwise breached its obligations under this Agreement and, despite being given a deadline, does not cease the breach of contract or provide evidence of measures that are suitable to prevent the repetition of the breach of contract in the future.
17.2 In the event of termination of the contractual relationship, for whatever legal reason, the parties are obliged to wind up the contractual relationship in an orderly manner. To this end, ZREALITY will, in accordance with the GCU
– transfer the data stored by ZREALITY under the contract to the Client or a third party designated by the Client no later than four (4) weeks after the termination of the contract, at the Client’s option, either by way of remote data transfer or on data carriers;
– delete the data immediately after confirmation of successful data transfer by the Client or a designated third party and destroy all copies made.
17.3 Support services for the migration of the Data that go beyond Section 17.2 may be provided by ZREALITY on the basis of a separate order. Such additional support services shall be remunerated in accordance with ZREALITY’s price list as amended from time to time.
18. Terms of Payment
18.1 The Client is obliged to pay ZREALITY the fees agreed in the Offer in euros or, if applicable, a different currency listed in the Offer, in advance at the intervals agreed in the Offer (if nothing has been agreed: annually) in accordance with Clause 18.2.
18.2 The fees due under this Agreement shall be invoiced during the term of the Agreement at the intervals agreed in the Order (unless agreed: annually), in each case in advance for the following year, for the first time with the invoice date of the first day of the term of the Agreement. The Customer accepts an electronic invoice.
18.3 Each invoice amount is due fifteen (15) days after the Customer’s receipt of the invoice.
18.4 All charges are exclusive of value added tax and any other applicable tax, the payment of which is the sole responsibility of Customer.
18.5 Customer shall be in default of payment if it fails to pay the invoice amount within thirty (30) days of the invoice date. Interest on late payment shall be 9% points above the prime rate per annum from the due date.
18.6 If the Client disputes an invoice or any other amount due under this Agreement, the Client shall notify ZREALITY in writing within thirty (30) days after receipt of the invoice or after the due date, stating in detail the reasons for the dispute (“Disputed Invoice”). Except for Disputed Invoices, all invoices or amounts due shall be deemed accepted and payable without deduction. ZREALITY will not assert the rights under Section 18.4 with respect to charges that are the subject of a justified complaint by the Client.
19. Assumption of contract
ZREALITY is entitled to transfer rights and obligations arising from this contractual relationship in whole or in part to a third party with a notice period of four (4) weeks. In this case, the Client is entitled to terminate the contract within two (2) weeks after the announcement of the transfer of the contract.
20.1 Changes to these GTC. Subject to the following provisions, ZREALITY reserves the right to amend these GTC, provided that such amendment is reasonable for the Client, taking into account the interests of ZREALITY; this is particularly the case if the amendment is without significant legal or economic disadvantages for the Client, e.g. in the case of changes to contact information. In all other respects, ZREALITY will inform Clients of any changes to these Terms and Conditions with reasonable advance notice, but at least one (1) month before the intended entry into force of the changes, to the e-mail address specified by the Client (“GTC Change Notice”).
If the Client does not agree with a change intended by ZREALITY, the Client has the right to object to the change within one (1) month of receipt of the GTC Change Notice. In case of timely objection, ZREALITY is entitled to terminate the contract with a notice period of one (1) month to the end of the calendar month.
20.2 Entire Contract. This Agreement, including the Proposal and attachments and appendices, conclusively governs all agreements between the parties with respect to the subject matter hereof and, except as otherwise expressly provided in this Agreement, supersedes all prior oral and written agreements and understandings between the parties with respect to its subject matter. Neither party shall be bound by any terms, conditions or representations other than those expressly provided for in this Agreement, including the Proposal and attachments and appendices hereto.
20.3 Changes and Amendments. Unless otherwise agreed on the basis of these GTC, amendments and supplements to this Agreement shall be in writing within the meaning of Section 126 (2) of the German Civil Code (BGB) and shall be signed by authorized representatives of both Parties. This also applies to the waiver of the written form and an amendment of this written form requirement.
20.4 Assignment. Client may not assign its rights under or delegate its obligations under this Agreement without the prior express written consent of ZREALITY; in the absence of such consent, any attempted assignment or delegation shall be void and of no effect.
20.5 Set-Off and Retention. The Client shall have a right of set-off or retention against ZREALITY only in the case of counterclaims that have been legally established or are undisputed.
20.6 No Contract for the Benefit of Third Parties. The parties acknowledge that, except as otherwise expressly provided in this Agreement, the provisions of this Agreement are for the exclusive benefit of the parties. This Agreement does not expressly or impliedly confer any right on any third party, whether an individual or a legal entity, to enforce any provisions of the Agreement.
20.7 Severability Clause. To the extent that any provision of this Agreement is invalid or unenforceable for any reason in any jurisdiction, such provision shall be modified to the extent necessary to make it valid or enforceable. The invalidity or unenforceability of any provision shall not render such provision invalid or unenforceable in any other case, circumstance or jurisdiction and shall not affect the validity of any other provision of the Agreement.
20.8 Waiver. No waiver with respect to the Contract shall be effective and binding unless in writing and duly signed by the waiving party. Each waiver shall constitute a waiver only with respect to the specific matter governed thereby and shall in no way affect the rights of the waiving party in any other respect or at any other time. Any delay or omission by a party in exercising any right under this Agreement shall not be deemed a waiver of such right.
20.9 Venue. The place of performance and jurisdiction for all disputes arising out of or in connection with this Agreement, including any tort claims for merchants, legal entities under public law or special funds under public law, shall be Kaiserslautern, Germany.
20.10 Governing language. The German language version of this Agreement shall prevail and be legally binding in all respects and shall prevail in the event of any inconsistency.
20.11 Governing Law. This Agreement shall be governed exclusively by the laws of the Federal Republic of Germany, excluding its conflict of laws rules and the UN Convention on Contracts for the International Sale of Goods (CISG).
20.12 Contact details of ZREALITY. Please send complaints and notices of termination to the following address:
Order processing agreement
Agreement between (“Client”) and ZREALITY GmbH, Zollamtstrasse 11, 67663 Kaiserslautern, Germany (“Contractor”; collectively the “Parties” or each a “Party”) regarding the processing of personal data on behalf of (“GC”). The terms “personal data”, “process”, “data subject”, “controller” and “processor” are defined in Article 4 of the General Data Protection Regulation (Regulation (EU) 2016/679 (“GDPR”).
1. Subject Matter and Duration of the Order
1.1 Subject matter of the order
The subject matter of the order of data processing by the Contractor results from the software or SaaS contract between the Parties (“Main Contract”). In this context, the Contractor shall process personal data for the Client. In this context, the Client is responsible as the controller for the processing of personal data, for assessing the legal permissibility of the processing of personal data and for safeguarding the rights of data subjects.
1.2 Duration of the Contract
This GCU is agreed between the Parties for the duration during which the Contractor processes personal data for the Client on the basis of the Main Contract.
2. Specification of the content of the order
2.1. scope, nature and purpose
The scope, nature and purpose of the processing
of personal data by the Contractor for the Client are specifically described in the Main Contract.
2.2. type of data
The subject of the processing of personal data are the following types / categories of data (“Client Data”)
– Contact data (e-mail / telephone),
– Internet usage data, which arise when using the Saas solution of the Contractor,
– Data, which arise when using the chat or video chat function.
2.3. circle of data subjects
The circle of data subjects affected by the processing of personal data within the scope of this order includes:
– employees / workers of the contractor (this includes the management, interns, temporary employees and similar persons),
– employees / workers of business partners of the contractor,
– customers and contacts at the customer of the contractor.
3. authority of the client to issue instructions / place of data processing
3.1 The Client Data shall be processed exclusively in accordance with documented instructions of the Client. The Principal shall immediately confirm verbal instructions in writing or by e-mail (in text form). Changes to the object of processing and procedural changes shall be mutually agreed and documented. Any additional expenses incurred shall be remunerated by the Customer on a time and material basis.
3.2 The Contractor shall process Customer Data only outside the instructions of the Customer, insofar as it is obliged to do so by applicable law. In such a case, the Contractor shall inform the Client of this circumstance in advance, unless the respective law prohibits this.
3.3 The Contractor shall inform the Customer if it is of the opinion that an instruction violates relevant data protection regulations. The Contractor shall be entitled to suspend the implementation of the relevant instruction until it is confirmed or amended by the Responsible Party at the Customer.
3.4 The processing of the Client Data by the Contractor shall take place within the EU / EEA. A transfer of processing to countries outside the EU / EEA by the Contractor shall only take place after consultation with the Client.
The persons authorized to process the Client Data have committed themselves to confidentiality or are subject to a statutory duty of confidentiality.
5. technical-organizational measures
5.1 The Contractor shall take technical and organizational measures to protect the Client Data that meet the requirements of Article 32 of the GDPR. These technical and organizational measures are described in Annex 1 of this GC. The Client is aware of these technical and organizational measures and is responsible for ensuring that they provide an adequate level of protection for the risks posed by the data to be processed.
5.2 The technical and organizational measures are subject to technical progress and further development. In this respect, the Contractor shall be permitted to implement alternative adequate measures. In doing so, the security level of the specified measures may not be undercut. Significant changes shall be documented.
6. Subcontracting relationships
6.1 The Client agrees to the Contractor’s use of subcontractors:
6.1.1 The Contracting Authority consents to the use by the Contractor of the subcontractors listed in Annex 2 to this GCU at the time of conclusion of this GCU.
6.1.2 The Customer agrees to the use of additional subcontractors or to the modification of existing subcontractors if the Contractor notifies the Customer of the use or modification in writing
(e-mail is sufficient) fourteen (14) days prior to the start of the Data Processing. The Customer may object to the use of a new subcontractor or the change for important data protection reasons within ten (10) days. If no objection is made within the period, the consent to the use or change shall be deemed given. The Customer acknowledges that in certain cases the service can no longer be provided without the use of a specific subcontractor. If there is an important reason under data protection law for the objection and if a mutually agreeable solution cannot be found between the parties, the parties shall each have a special right of termination with respect to the Contractor’s performance relating to the rejected Subcontractor.
6.2 The Contractor shall conclude written (this includes electronic form) commissioned processing agreements with the subcontractor(s), the content of which shall comply with this GCU, taking into account the nature and scope of the data processing under the subcontract.
7. data subject rights
The Contractor shall support the Client within the scope of its possibilities in fulfilling the requests and claims of data subjects pursuant to Chapter III of the GDPR.
8. Cooperation obligations of the Contractor
The Contractor shall assist the Client in complying with the personal data security obligations, data breach notification obligations, data protection impact assessments and prior consultations referred to in Articles 32 to 36 of the GDPR.
9. Principal’s right to information and review
9.1 The Customer shall have the right to request necessary information to prove the Contractor’s compliance with the agreed obligations and to carry out inspections in agreement with the Contractor or to have them carried out by inspectors to be named in individual cases.
9.2 The Parties agree that the Contractor shall be entitled to submit meaningful documentation to the Customer to prove compliance with its obligations and implementation of the technical and organizational measures. Meaningful documentation may be provided by the submission of a current audit certificate, reports or report extracts from independent bodies (e.g., auditors, auditors, data protection officers), suitable certification by IT security or data protection audit (e.g., in accordance with ISO 27001) or certification approved by the competent supervisory authorities.
9.3 The right of the Customer to conduct on-site inspections shall not be affected hereby. However, the Client shall consider whether an on-site inspection is still necessary after the submission of meaningful documentation, in particular taking into account the maintenance of the proper operation of the Contractor. The Customer shall only carry out on-site inspections in consultation with the Contractor.
10. Deletion of data and return of data carriers
At the Client’s option and request – at the latest upon termination of the commissioned processing – the Contractor shall, at the Client’s option, hand over to the Client all documents that have come into its possession, processing and usage results that have been created, as well as data files that are related to the commissioned relationship, or, after prior consent, destroy them in a manner that complies with data protection requirements. Documentation which serves as proof of the orderly and proper data processing or which the Contractor is legally obligated to retain may be retained by the Contractor beyond the end of the contract in accordance with the respective retention periods.
The limitations of liability agreed in the main contract shall apply to the Contractor’s liability in connection with this GC.
Annex 1 to the Order Processing Agreement:
Technical and organizational measures pursuant to Art. 32 DSGVO.
Description of the technical and organizational security measures taken by ZREALITY GmbH (“Processor”)
The Contractor has implemented the following technical and organizational security measures (“TOMs”) to ensure the ongoing confidentiality, integrity, availability and resilience of Processing Systems and Services. Where applicable, the TOMs shall be supplemented by the security measures implemented by the subcontractors used:
The Contractor has taken the following technical and organizational security measures to ensure, in particular, the confidentiality of the Processing Systems and Services. The Contractor shall take appropriate measures to prevent its data processing systems from being used by unauthorized persons. This is achieved by:
-Authentication with user name and password;
-Key regulation (key issue for buildings only to authorized personnel, etc.) and security locks;
-Careful selection of external service providers and conclusion of confidentiality obligations;
-Alarm messages in case of unauthorized access of server rooms;
-Automatic timeout of the user terminal, if it remains idle, identification and password required to access again?
-Issuing and securing identification codes and use of two-factor authentication
-Industry standard encryption and password requirements (password policy, including minimum length, use of special characters, etc., password change);
-Blocking of security-relevant access after incorrect login attempts;
-Physically separate storage on separate systems and data carriers;
-Regular security updates for data processing systems.
The Contractor’s employees who are authorized to use its data processing systems may only access personal data within the scope and to the extent covered by their respective access rights (authorization). In particular, access rights and levels are based on the employee’s function and role, using the concepts of least privilege and need-to-know to align access rights with defined responsibilities. Specifically, this is achieved by:
-Committing employee policies and training;
-Committing employees to confidentiality and nondisclosure;
-Creating user profiles and assigning user rights;
-Restricting access to personal data to authorized individuals only;
-Blocking user access after incorrect login attempts;
-Central storage of log files and restricted access for authorized persons;
-Logical client separation;
-Restricted access to servers for authorized persons only;
-Use of VPN technology;
-Physical deletion of data media before reuse.
The Contractor has implemented the following technical and organizational security measures, in particular to ensure the integrity of the processing systems and services:
-The Contractor shall take appropriate measures to prevent personal data from being read, copied, modified or deleted by unauthorized persons during transmission or transport of the data carriers. This is achieved by:
-Establishing dedicated lines or VPN tunnels;
-Using firewall, and encryption technologies for software and hardware;
-Performing vulnerability tests on a monthly basis;
-Avoiding the storage of personal data on portable storage media for transport purposes and on company-owned laptops or other mobile devices;
-For physical transport: careful selection of transport personnel and vehicles; secure transport containers and packaging.
-Secure destruction and disposal of data storage media.
-Contractor shall not access Customer Content except as necessary to provide Customer with the products and professional services selected by Customer. Contractor does not access Customer Content for any other purpose.
The Contractor has implemented the following technical and organizational security measures, in particular to ensure the availability of Processing Systems and Services. The Processor shall take appropriate measures to ensure that Personal Data is protected against accidental destruction or loss. This is achieved by:
-Creating backup and recovery plan;
-Redundancy of infrastructure;
-Use of anti-virus software;
-Use of hardware firewall;
-Fire and smoke detection systems;
-Protective power strips in server rooms;
-Fire extinguishers in server rooms;
-Regular security updates for data processing systems;
-Alarm notifications in the event of unauthorized access to server rooms;
-Performance of regular data backups;
-Storage of data backups in a secure, off-site location;
-Separation of production and test systems.
The Contractor has implemented the following technical and organizational security measures, in particular to ensure the resilience of the processing systems and services:
-Data protection management and definition of roles and responsibilities;
-Operational continuity management and contingency plan;
-Project-based risk management;
-Monthly execution of vulnerability tests and immediate implementation of results;
-Incident detection system and project-based incident response management;
-Regular (external) auditing;
-Regular review of scaling and infrastructure;
-Data protection-friendly defaults;
-Secure development cycle
Annex 2 to the order processing agreement
# Name Address Area of operation under the contract
1 Amazon Web Services EMEA SARL 38 Avenue John F. Kennedy, L-1855, Luxembourg IT Infrastructure / Hosting (EU servers only)
As of March 2021