For your convenience, we have provided a translation of this page. This translation is for informational purposes only, and the definitive version of this page is the German version.

General Terms and Conditions for Data Processing (GTCDP)

  1. General

    1. These General Terms and Conditions for Data Processing (GTCDP) apply to the contractual relationships between the contractual parties (hereinafter "Contractual Parties") of (hereinafter "") and the contractual partner (hereinafter "Contractual Partner") in the entrepreneurial area and are included in the contract (hereinafter "Main Contract") by the express reference in the GTC of

    2. These GTCDP specify the obligations of the contracting parties regarding data protection, which result from the services described in the main contract. They apply to all activities which are connected with the Main Agreement and in which employees of or persons commissioned by carry out commissioned processing for the Contracting Party in accordance with objective criteria pursuant to Article 28 of the Data Protection Regulation and process personal data (hereinafter also referred to as "Data") of the Contracting Party. They apply in addition to and subordinate to the General Terms and Conditions of

  2. Subject matter, nature and purpose and duration

    1. The subject matter, purpose and duration of the processing result from the main contract and, if applicable, its annexes. The categories of personal data, as well as the categories of data subjects, depend in each case on the type and scope of the commissioned processing actually carried out and are determined by the contractual partner.

    2. The provisions of this GTCDP shall apply for the duration of the actual data protection-relevant service provision in accordance with the main contract, unless obligations beyond this arise from the provisions of this GTCDP.

  3. Handling and instructions

    1. processes personal data exclusively on the instructions of the Contractual Partner. This includes activities that are agreed upon in the main contract and its appendices. The Contractual Partner is solely responsible for compliance with the legal provisions of the data protection laws, in particular for the lawfulness of all processing within the meaning of Art. 4 No. 7 GDPR.

    2. The instructions are initially laid down in the main contract and, if applicable, its annexes and may thereafter be amended, supplemented or replaced by the contractual partner in writing (text form in accordance with § 126 lit. b BGB). Verbal instructions shall be confirmed in writing without delay.

    3. If instructions are given in this way which results in additional expenditure for which was not previously agreed, then is entitled to adjust the remuneration agreed in the main contract with the prior written consent of the Contractual Partner. In this case, will inform the Contractual Partner in good time of the extent of the anticipated additional expenditure and is entitled to suspend the implementation of the instructions given until the Contractual Partner confirms that the costs have been borne.

  4. Obligations of

    1. processes personal data only within the framework of the order and on the instructions of the Contractual Partner, unless an exceptional case exists within the meaning of Article 28 para. 3 lit. a GDPR. will inform the Contractual Partner without delay if it is of the opinion that an instruction violates applicable laws and may suspend the implementation of the instruction until it has been confirmed or amended by the Contractual Partner.

    2. warrants that the processing will in principle take place within the EU or the EEA. Any transfer to a third country may only take place with the consent of the Contracting Party and under the conditions contained in Chapter V of the GDPR and in compliance with the provisions of this Agreement.

    3. ensures that the persons employed for processing are familiarised with the relevant provisions of this Agreement prior to the commencement of the processing, are appropriately instructed and supervised on an ongoing basis, receive regular training and are appropriately bound to confidentiality for the duration of their employment as well as after termination of the employment relationship.

    4. Due to the size of the company, is not obliged to appoint a data protection officer. Nevertheless, we seek external expert advice on the subject of data protection. Questions regarding data protection can be directed to the contact details provided in the annexe to this GTCDP.

    5. shall organise its own internal organisation in such a way that it meets the special requirements of data protection and shall provide the Contractual Partner with evidence of compliance with the stipulated data protection obligations by suitable means.

    6. shall take appropriate technical and organisational measures for the adequate protection of the data of the Contractual Partner, which meet the requirements of Art. 32 GDPR and ensure the confidentiality, integrity, availability and resilience of the systems and services in connection with the processing on a permanent basis. You can find them under this link Furthermore, shall implement a procedure for the regular review of the effectiveness of the technical and organisational measures.

    7. The technical and organisational measures taken by shall be made available to the Contractual Partner upon request. The Contractual Partner shall be responsible for ensuring that these offer an appropriate level of protection for the risks of the data to be processed. reserves the right to adapt the security measures, in particular to technical progress, whereby it must be ensured that the contractually agreed level of protection is not undercut.

    8. supports, as far as agreed, the Contractual Partner within the scope of its possibilities in the fulfilment of the enquiries and claims of affected persons according to Chapter III of the Data Protection Regulation as well as in compliance with the obligations mentioned in Art. 32 to 36 of the Data Protection Regulation.

    9. shall inform the Contractual Partner without delay if it becomes aware of violations of the protection of personal data of the Contractual Partner, shall take the necessary immediate measures to reduce the possible consequences for the rights and freedoms of the persons concerned and shall consult with the Contractual Partner without delay.

    10. In the event of a claim being made against the Contractual Partner by a data subject in respect of any claims in accordance with Article 82 of the Data Protection Act, undertakes to support the Contractual Partner in defending the claim within the scope of its possibilities, insofar as the claims of the data subject affect the commissioned processing carried out by

    11. destroys or hands over to the Contractual Partner, after the latter's request, but at the latest with the termination of the main contract, all documents that have come into its possession, processing and utilisation results produced as well as data files that are in connection with the contractual relationship, insofar as there is no obligation to store this data according to Union law or the law of the Member States.

    12. agrees that the Contractual Partner is entitled, after making an appointment with an appropriate lead time, without disturbing the operational process and after signing a declaration of confidentiality with regard to the data of other Contractual Partners and the technical and organisational measures set up, to check compliance with the regulations on data protection and information security as well as the contractual agreements at the expense of the Contractual Partner himself or through commissioned third parties - also on site. If the third party commissioned by the Contractual Partner is in a competitive relationship with, the latter has a right of objection against it.

    13. Should a data protection supervisory authority or another sovereign supervisory authority of the Contractual Partner carry out an inspection, the above paragraph shall apply accordingly. It is not necessary to sign a confidentiality agreement if this supervisory authority is subject to a professional or statutory confidentiality obligation for which a violation is punishable under the German Criminal Code.

  5. Obligation of the contracting partner to cooperate

    1. The Contractual Partner must inform immediately and completely if he discovers errors or irregularities with regard to data protection regulations in the context of the provision of services by

    2. The Contractual Partner shall be responsible for the security of the processing in accordance with Art. 32 GDPR for all data processing systems falling within its sphere of influence. This means in particular that the contracting party itself is responsible for adequate protection of the analogue and electronic data processing systems operated by it or commissioned by it against the influence of unauthorised persons. This includes, in particular, the initiation of state-of-the-art technical and organisational measures which ensure the security of the processing, in particular the integrity and confidentiality of any data of the contractual partner.

    3. In the event of a claim against the contractual partner by a data subject with regard to any claims pursuant to Art. 82 GDPR, Section 4.8 shall apply accordingly.

    4. The Contractual Partner shall name a contact person to for data protection questions arising within the scope of the contract.

  6. Requests from data subjects

    1. If a data subject contacts with requests to exercise his or her rights pursuant to Section III of the GDPR, will immediately refer the data subject to the Contractual Partner, provided that an assignment to the Contractual Partner is possible according to the information provided by the data subject.

    2. will support the Contractual Partner within the scope of its possibilities and upon instruction in the processing of data subject enquiries, insofar as the processing carried out by it is affected by the data subject enquiry. Expenses incurred by are to be remunerated in accordance with the agreements regarding remuneration in the main contract.

    3. is not liable if the request of the person concerned is not answered, not answered correctly or not answered in time by the Contractual Partner.

  7. Subcontracting relationships or subcontractors

    1. Subcontracting relationships in the sense of this contract are only such services that have a direct connection with the provision of the main service. Ancillary services such as transport, maintenance and cleaning as well as the use of telecommunication services or user services are not covered. The obligation of to ensure compliance with data protection and information security also in these cases remains unaffected.

    2. Within the framework of the execution of the order, the Contractual Partner permits in principle to involve, use, exchange or no longer commission further processors for the execution of (partial) services. will conclude agreements with the subcontractors to the extent necessary to ensure appropriate data protection and information security measures.

    3. will inform the Contractual Partner of any intended change with regard to the involvement of further subcontractors or the replacement of existing subcontractors, which will give the Contractual Partner the opportunity to object to such changes within 14 days of receipt of the information. The contractor will not refuse to approve such changes without good cause. In this context, the subcontractors currently listed in the Annex to this GTCDP shall be deemed approved by the contracting party.

  8. Information obligations, written form clause, choice of law

    1. If the property of the Contractual Partner with is endangered by measures of third parties (for example by seizure or confiscation), by insolvency or composition proceedings or by other events, shall inform the Contractual Partner immediately.

    2. Amendments and supplements to this GTCDP and all their components - including any assurances of - require a written agreement, which may also be in an electronic format (text form), and the express reference to the fact that it is an amendment or supplement to these conditions.

    3. In the event of any contradictions, the provisions of this GTCDP shall take precedence over the provisions of the main contract. In all other respects, they shall apply in addition to and subordinate to the General Terms and Conditions of Should individual parts of this GTCDP be invalid, this shall not affect the validity of the rest of the GTCDP.

Annexe to the General Terms and Conditions Data Processing (GTCDP)

  1. Subject matter and duration of processing

    1. The object of the processing is the services of agreed in the main contract.

    2. The processing shall be carried out during the entire term of the main contract and shall be extended with each extension of the main contract. If the main contract is concluded for an indefinite period, the processing will also be carried out for an indefinite period until the main contract is terminated.

  2. Nature and purpose of the processing

    1. The purposes of the processing are:

      • if customer service is agreed:

        • Assistance/consultation in the event of installation, operation, malfunctions or problems with the software.

    2. The type of processing depends on the agreed service in accordance with the main contract.

  3. Type of personal data

    • Personal master data
    • Communication data (e.g. telephone, e-mail)
    • Contract master data (contractual relationship, product or contractual interest)
  4. Categories of data subjects

    • Customers
    • Interested parties
    • Employees
    • Contact persons
  5. Subcontractors engaged

    Subcontractor Address/Country Service
    Stripe Payments Europe Stripe Payments Europe, Ltd, c/o A&l Goodbody, Ifsc
    North Wall Quay
    Dublin 1
    Processing of payments
    netcup GmbH netcup GmbH
    Daimlerstrasse 25
    D-76185 Karlsruhe
© 2023 Martin Melzer, All rights reserved.