GENERAL TERMS AND CONDITIONS
The following General Terms and Conditions (“GTCs“) apply to all contracts concluded between you (the “Customer“) and Cerpro GmbH, (Register no. HRB 181410, Hamburg local court) with its registered office at Dolomitenstraße 97, 13187 Berlin, Germany (“Cerpro“) under which your company utilizes software solutions based on Cerpro Cloud.
By ticking the confirmation box and clicking on the “Subscription” button, the Customer indicates that they agree to these conditions.
1 DEFINITIONS AND SCOPE
In these GTCs:
1.1 the following words and phrases have the following meanings, unless the context requires otherwise:
1.2 These GTCs apply exclusively. Any deviating or conflicting conditions do not apply unless they have been expressly agreed in writing. These GTCs apply only if the Customer is an entrepreneur (Section 14, German Civil Code) (Bürgerliches Gesetzbuch – BGB), a legal entity under public law, or a special fund under public law. The provision of SaaS services for consumers (Section 13 German Civil Code) is not regulated by these GTCs.
2 CONCLUSION OF THE CONTRACT
2.1 The Customer may purchase a subscription in their desired contractual form at www.cerpro.io. The Customer may remove the subscription completely from their shopping cart at any time. For subscriptions that may only be purchased together, the required supplementary subscriptions will be automatically added to the shopping cart. You do not need to enter payment information for free subscriptions. The order process can be canceled by closing the browser window. The Customer provides information about the company, name, mailing address, e-mail address, and phone number in the respective fields under the selected product. After it agrees to the GTCs and data protection provisions, the Customer will submit its binding offer to subscribe the software version of the SaaS services displayed in the order overview.
2.2 The Customer and Cerpro enter into a contract as soon as the subscription order is confirmed in a separate e-mail. However, Cerpro reserves the right to check the customer’s contact details and to contact the Customer for verification purposes before concluding the contract. If the Customer is granted a trial version has expired, he will receive an offer to extend the paid SaaS services after the agreed trail period has expired. The subscription will be extended after the Customer provides the relevant payment information. The Customer should regularly check the Spam folder of their e-mail program.
2.3 The Customer receives the contractual provisions together with information about the ordered goods and/or ordered services, including these GTCs, by e-mail upon acceptance of the contract offer, or together with the notification thereof. Cerpro will not save the contractual provisions for the Customer.
2.4 2.4 The Software is not provided in a physical copy or as a download; it is provided exclusively as a SaaS service.
3 SOFTWARE CHANGES and UPDATES
3.1 Cerpro is entitled to change services, and in particular to update the Software in response to technical advances. Cerpro will announce any significant change to the services at least one month in advance of the change concerned. If the changes are significant, the Customer may terminate the contract with a notice period of two weeks up to the date of the change. Significant changes are defined as changes that result in less functionality being available than was included in the previous version of the Software.
3.2 Cerpro is not obligated
3.2.1 to provide Software Updates or to update
3.2.2 the Software or the Documentation.
3.3 Cerpro assumes no obligation or warranty with regard to the frequency of Software Updates.
4 SUBSCRIPTION PERIOD
4.1 The subscription period is per month or annually (hereinafter the “subscription period“) and begins on the day of the order confirmation (the “subscription date“), which Cerpro will send to the customer via e-mail.
4.2 Unless the subscription is canceled in accordance with Section 15, the subscription period will be automatically extended by an additional subscription period at the end of the current subscription period.
4.3 The Customer may increase the number of authorized users of the Software (“users“) during the subscription period in accordance with the payment interval specified in Annex 1. If the number of users is increased during the current subscription period, the subscription period will be extended by one month / 12 months depending on the chosen subscription model from the point at which the order for the increased number of users is confirmed. The number of users may only be reduced by canceling the subscription in accordance with Section 15.
4.4 In deviation from Sections 4.1 to 4.3, the subscription period for a trial license to be agreed indivdually is limited to 30 days from the day of the subscription date, and cannot be extended. If the trial license is included in another license (the “main license“), the trial license will also be terminated automatically. The main license can be extended in accordance with the provisions of Section 4.1 and 4.2.
5 GRANTING OF RIGHT
5.1 With effect as of the subscription date, and subject to the payment of the license fees in accordance with Section 6, Cerpro grants the Customer the rights for the operation and execution of the software named in the title of the license only, and for the use of the associated documentation for the duration of the subscription period (“licensing” or “license“).
5.2 Unless otherwise stipulated, the following terms apply to the granted license:
5.2.1 The license is limited, revocable, non-exclusive, and non-transferable (except where permitted by and in accordance with Section 17);
5.2.2 It may not be sub-licensed;
5.2.3 The Documentation is only licensed to the Customer to support the Customer’s use of the Software.
5.3 Licensing is subject to the following obligations and restrictions:
5.3.1 The Customer must have a valid license for each user.
5.3.2 In order to use Cerpro Cloud, the Customer must have a valid license and/or the required subscription for each user.
5.3.3 Each user must be registered by name in the Customer’s account and must be an employee of the Customer. The Customer may remove existing users in order to replace them with new users. How-ever, doing so will not extend the subscription period.
5.3.4 5.3.4 Neither the Customer nor the user may copy the Software in whole or in part, or reproduce it in any way.
5.3.5 5.3.5 Except to the extent expressly permitted by law, neither the Customer nor the user may modify, change, adapt, correct errors, or interfere with the Software in any way, merge it with other data, programs, or systems or integrate it into other data or programs or systems, or attempt any of these actions.
5.3.6 Except to the extent expressly permitted by law, neither the Customer nor the user may decompile, reverse engineer, decode, and/or disassemble the Software. Furthermore, the Customer may not translate the Software into another computer language and/or attempt to do so.
5.3.7 Neither the Customer nor the user may allow any third party to access or use the Software.
5.3.8 The Customer or the user may not assign, renew, sub-license, rent, lease, sell, pledge, encumber, transfer, or otherwise dispose of the license granted hereby or the Software or Documentation granted through the license, or pretend or attempt to grant licenses to the Software or Documentation; and
5.3.9 5The Customer or the user must notify Cerpro as soon as it becomes aware of unauthorized access or use of the Software or the Documentation by a person.
5.4 The Customer is responsible for all acts and omissions of any user.
6 LICENSE FEE
6.1 The Customer pays Cerpro the license fee based on the license metrics and subscription period set out in Annex 1. The Cerpro Cloud software may only be used subject to payment of the license fees shown in Annex 1. The use of the Cerpro Cloud software is free of charge for the period specified in Annex 1.
6.2 The license fee is due at the beginning of each new calendar month. If the subscription starts after the beginning of the month, the prorated license fee will be added to the next monthly payment. Payment may be made on account..
6.3 If the subscription is extended, the license fee for the extended period is based on the provisions of Section 6.2.
6.4 In the event of an increase in the number of authorized users during the subscription period in accordance with Section 4.3, the license fee for the remaining days of the subscription period will be increased prorata to the corresponding higher license fee. This increased fee falls due immediately after the change has been confirmed. If the fee is increased after the beginning of the month, the prorated license fee is added to the next monthly payment. The Customer may not reduce the number of users during a subscription period unless otherwise agreed between the parties.
7 DOCUMENTATION
7.1 The Customer may only use the Documentation for the purpose of using the Software in accordance with these GTCs, and may not allow any other person to use the Documentation in any way.
7.2 The Customer may not copy or reproduce the Documentation, or any part thereof, in any way without the prior written consent of Cerpro, with the exception that the Customer may copy the Documentation only insofar as this is reasonably necessary in connection with the permitted use of the Software by the Customer.
7.3 The Customer may not transmit the Documentation to other persons, except and to the extent that this is required by law, or where the Customer needs to share the Documentation with its officers, directors, and employees who require access to the Documentation in order to use the Software. This does not apply to documentation:
7.3.1 that already is or becomes publicly or generally available as of the time when such information was transmitted to the Customer (except as the result of a breach of the provisions listed under the prepreceding sections by the Customer);
7.3.2 that was already legally in the Customer’s possession and was not subject to any confidentiality obligation; or
7.3.3 that the customer received from a third party who was authorized to transmit this documentation without restriction.
8 UPLOADING DATA
8.1 The Customer must ensure that it possesses all the necessary rights to all user content uploaded to the AWS server.
8.2 Cerpro may temporarily and immediately block any user if there is reasonable suspicion that the uploaded data is illegal and/or violates the rights of third parties. In particular, Cerpro will be deemed to have a justified suspicion of illegal activity and/or breach of the law if courts, authorities, and/or other third parties inform Cerpro of such activity. Cerpro will immediately inform the Customer of the fact that user(s) have been blocked, and the reasons for doing so. The block on the user(s) concerned will be lifted as soon as the suspicion has been investigated and deemed unfounded.
8.3 Cerpro may use the uploaded data to improve the Software. This right will lapse if the Customer removes the uploaded data or if it is erased as a result of the closure of the Customer’s account.
8.4 The Customer acknowledges and accepts that Cerpro may analyze the stored data (such as inquiries, names, number of manufactured parts, geometry, cost calculations, etc.) and use it to improve its services and develop new products, subject to confidentiality regulations. Any data that emerges anonymously from such analyses, is the property of Cerpro and is at its free disposal. The Customer acknowledges and recognizes that it has no rights to such data.
9 AUDITING RIGHTS
9.1 Cerpro and its commissioned auditors have the right to audit the access of the Customer and the user to the Software, or to monitor how it is used in order to confirm compliance with these terms and conditions.
9.2 Any such audit is subject to reasonable advance notice by Cerpro, and Cerpro agrees that it will not unreasonably interfere with the Customer’s business activities
9.3 The Customer will support Cerpro in carrying out such an audit and, without prejudice to all other rights of Cerpro, will remedy any and all breaches identified during the audit.
10 RIGHTS IN CASE OF DEFECTS
10.1 The Software provided by Cerpro must match the Documentation provided by Cerpro in all significant respects. The Documentation is not considered to be warrantied unless this has been agreed separately in writing. In the case of Updates, upgrades, and the delivery of new versions, in the event of any defects, the rights of the Customer are limited to the new features provided in the Update, upgrade, or new version as compared to the previous version.
10.2 Cerpro will correct all defects by improving and/or replacing the Software. If the defect is not remedied by the initial deadline, and if the Customer has set a second deadline that Cerpro has failed to meet, or if a reasonable number of attempts at rectification prove to be unsuccessful, the Customer may terminate the subscription and/or demand compensation at its discretion in accordance with the relevant legal requirements. The defect may also be remedied by delivering or installing a new program version or an interim solution. If the defect does not affect the functionality significantly or at all, Cerpro may remedy the defect by delivering a new version or an update in the context of its version, update, and upgrade planning, excluding additional rights.
10.3 If the Customer is a merchant, the Customer is still obliged to pay the entire subscription fee in the event of a defect, unless the right to a fee reduction is undisputed or has been legally established by a court decision. Any claims to unjust enrichment remain unaffected.
10.4Defects must be reported in writing with a comprehensible description of the symptoms of the error. If possible, these symptoms must be documented by written records, printouts, or other documents that substantiate the defects. The defect report should allow the defect to be reproduced. The Customer’s legal duty to check for and report defects remains unaffected.
10.5Any claims for damages are subject to the restrictions specified under Section 12
10.6Cerpro may refuse to remedy the defect or to deliver a replacement until the Customer has paid Cerpro the agreed fees, less an amount corresponding to the economic value of the defect.
10.7For free subscriptions, rights in the event of defects are limited to the statutory liability for defects in accordance with Section 600 of the German Civil Code.
11 RIGHTS IN CASE OF DEFECTS OF TITLE
11.1 The Software provided by Cerpro is free of third-party claims that could conflict with its use in accordance with the contract. The usual reservations of title are excluded.
11.2 If there are defects of title, Cerpro may, at its own discretion, either (i) take legal measures to invalidate the rights of third parties impairing the use of the Software in accordance with the contract, or (ii) defend against the enforcement of such claims, or (iii) modify or replace the Software in such a way that it no longer violates the rights of third parties, provided and insofar as this does not significantly impair the warranted functionality of the Software.
11.3 If a solution in accordance with Section 11.2 cannot be reached within a reasonable period of time set by the Customer, the Customer may either cancel the subscription or demand compensation, subject to the relevant legal requirements.
11.4 In all other cases, Sections 10.3, 10.4, 10.5 and 10.6 apply accordingly.
12 LIABILITY AND DAMAGES
12.1 Cerpro will only be held liable in accordance with the provisions set out in Sections 12.1.1 to 12.1.5
12.1.1 Cerpro is liable without restriction for any damage that Cerpro, its legal representatives or executive employees cause deliberately or as a result of gross negligence, as well as for damage caused deliberately by vicarious agents. In the event of gross negligence by other vicarious agents, Cerpro is liable in accordance with the provisions for simple negligence under Section 12.1.5 below.
12.1.2 2 Cerpro is liable without restriction for death, physical injury, or harm to health that can be traced back to intent or negligence on the part of Cerpro, its legal representatives, or vicarious agents.
12.1.3 Cerpro is liable for losses resulting from the absence of warranted characteristics up to the amount covered by the purpose of the warranty and that Cerpro could have foreseen as of the time of the warranty.
12.1.4 Cerpro is liable for product liability in accordance with the German Product Liability Act (Produkthaftungsgesetz).
12.1.5 Cerpro is liable for losses caused by the breach of primary obligations by Cerpro, its legal representatives, or vicarious agents. Primary obligations are defined as fundamental obligations that define the essence of the agreement, that were decisive for the conclusion of the agreement, and that the Customer may expect to be fulfilled. If Cerpro breaches its major obligations through simple negligence, its resulting liability is limited to the amount that Cerpro could have foreseen as of the time when the service was provided.
12.2 Cerpro is only liable for data loss up to the amount of the typical recovery costs that would have been incurred if data had been backed up properly and regularly.
12.3 Any further liability on the part of Cerpro is fundamentally excluded. In particular, Cerpro is not liable for initial defects.
13 DATA PROTECTION
13.1 Personal data is used in accordance with the provisions of the Data Protection Notice, which can be accessed at www.cerpro.io/en/privacy-policy.
13.2 Cerpro processes personal data on behalf of the Customer. Annex 2 regulates the processing of personal data and forms an integral part of these GTCs.
14 EXPORT CONTROL
The customer assures to comply with all export regulations and sanctions. In particular, the customer will obtain any license required for uploading the data.
15 TERMINATION
15.1 Either party may cancel the subscription prior to the end of the subscription period by giving notice of four weeks. The Customer may indicate its desire to cancel the subscription by e-mailing www.info@cerpro.io. The e-mail must including a declaration by the Customer to this effect as well as the Customer’s contact details and contractual information. In the event such an indication is received, the subscription period will not be extended. The Customer may use the Software until the end of the subscription period.
15.2 If a party:
15.2.1 materially breaches these GTCs in a way that cannot be remedied
15.2.2 commits a material breach of these GTCs that can be remedied, but fails to remedy the breach within 14 days of a written notice in accordance with Section 15.1, stating the nature of the breach and that the other party demands it be remedied,
then the other party may terminate the subscription by providing the party in breach of contract with written notice of termination, observing a notice period of at least 14 days, provided that the notice of termination is given within six months of the date on which the material breach of contract occurred or within six months of when the terminating party becomes aware of it, whichever is the later.
15.3 Subject to Section 15.4, and if the Customer fails to make the subscription payment due to Cerpro within 14 days of it falling due, Cerpro may cancel the subscription by giving the Customer written notice of at least 7 days.
15.4 The right to termination granted under Section 15.3 does not arise in the event of non-payment of an owed sum, as long as this sum is and remains the subject of dispute conducted in good faith between the Customer and Cerpro (and where any sum that is not subject to a dispute conducted in good faith has been paid in accordance with these GTCs), as well as for a period of 7 days after the settlement of such a dispute.
15.5 Cerpro may terminate the subscription with immediate effect by notifying the Customer accordingly, if:
15.5.1 a sanction is imposed against a country or territory from which the Software, Documentation, or services are exported or provided, or into which the Software, Documentation or services are imported, or in which the Software, Documents or services are received;
15.5.2 a sanction is imposed against the Customer or a user or a country in which the Customer or a user is registered or operates;
15.5.3 Cerpro has legitimate reason to believe that the continued licensing of the Software or the performance of one of the services breaches, or would breach, an export law on sanctions; or
15.5.4 Cerpro has legitimate reason to believe that the Customer or a user has breached an export law or law on sanctions or is likely to breach them.
15.5.4 The parties acknowledge and agree that if a party is entitled at any time to exercise more than one right of termination under these GTCs, that party may, at its sole discretion, choose which right or rights of termination (if any) it wishes to exercise.
16 CONSEQUENCES OF THE EXPIRATION OF THE SUBSCRIPTION PERIOD AND TERMINATION
16.1 After the termination date:
16.1.1 the following provisions remain in effect: Sections 1, 9, 12, 13, 16, 19, 21 together with all other provisions, express or implied, continue to be effective after the subscription has expired or terminated; and
16.1.2 all other rights and obligations end with immediate effect (including, but not limited to the rights granted under Section 5), without prejudice to any and all rights, obligations, claims (including claims for damages due to breach of contract), and liabilities that have arisen before the termination date.
16.2 Cerpro must erase or return all copies of all data belonging to the Customer within 30 days of the termination date, unless Cerpro is required to keep copies for regulatory purposes (in this case, the Customer bears the burden of proof) or to learn from historical data to improve the software (in this case the data will be anonymized as long as possible).
17 ASSIGNMENT
17.1 With the exception of monetary claims, the Customer may not assign, transfer, encumber, manage in trust for any person or otherwise trade with its rights arising from these GTCs.
17.2 Cerpro may, at its sole discretion, assign, transfer, invoice, manage in trust for each person, and trade the rights arising from these GTCs in any other way.
18 SUBCONTRACTING
Cerpro may subcontract any of the obligations under these GTCs. Cerpro shall ensure that such a subcontractor is bound by contractual conditions that essentially correspond to those applicable to the obligations of Cerpro within the framework of these GTCs.
19 AMENDMENTS TO CONDITIONS
19.1 Cerpro may amend these GTCs. Cerpro shall inform the Customer of all and all upcoming changes. If the Customer does not reject these proposed amendments within 6 (six) weeks after receiving notice from Cerpro, the amendments will take effect and become binding between the parties as of the beginning of the next extended subscription period.
19.2 The parties’ rights of termination remain unaffected.
19.3 When providing notice about upcoming amendments, Cerpro will also inform the Customer about the Customer’s right to reject the amendments and the consequences of failure to act
20 SEVERABILITY CLAUSE
If any provision of these GTCs is found to be unlawful, invalid, void, or unenforceable by a court or an institution or an authority of the competent jurisdiction, the provision concerned will be deemed to be severed from these GTCs. This will have no effect on the validity of the other provisions of these GTCs, which will remain in full force and effect.
21 APPLICABLE LAW AND JURISDICTION
21.1 These GTCs and all non-contractual obligations arising from or in connection with these GTCs are subject to the law of the Federal Republic of Germany. The United Nations Convention on Contracts for the International Sale of Goods does not apply.
21.2 The courts having jurisdiction over the location of Cerpro‘s registered office have exclusive jurisdiction over all disputes arising from and in connection with these GTCs.
Annex 1 – License Fee
All fees are stated exclusive of VAT/sales tax
Annex 2 – Addendum on Data Protection
This addendum on data protection (“Addendum”) forms part of the GTCs (referred to hereinafter as the “Main Agreement”) and amends them where applicable.
The terms used in this addendum have the meanings set out in this Addendum. Capitalized terms that are not otherwise defined here have the meanings assigned to them in the Main Agreement. With the exception of the following changes, the terms of the Main Agreement remain in full force and effect. In the event of a conflict between this Addendum and the Main Agreement, this Addendum will prevail.
1. Definitions. The following terms under this Addendum have the meanings set out below:
1.1 “Applicable Law” means (a) the laws of the European Union or of its member states governing the personal data of customers, where a Member of the Customer Group is subject to EU data protection laws; and (b) any other applicable law governing customers’ personal information, where a Member of the Customer Group is subject to the data protection laws of a different country;
1.2 . “Customer Partner” means an entity that owns or controls the customer, or that has shared control or ownership with the customer. Control is defined in this context as direct or indirect ownership of the power to control or stipulate the policies of a company, whether through possession of voting securities, by contract, or otherwise;
1.3 “Member of the Customer Group” designates the customer or a subsidiary of the customer;
1.4 “Personal Customer Data” is all personal data processed by a commissioned processor on behalf of a Member of the Customer Group, in accordance with or in connection with the Main Agreement;
1.5 “Commissioned Processor” designates Cerpro or a sub-processor;
1.6 “Data Protection Laws” refers to the EU data protection laws and, if applicable, the data protection laws or the privacy laws of another country;
1.7 “EU Data Protection Laws” refers to the General Data Protection Regulation of the EU 2016/679 (referred to as the “GDPR”) as amended, replaced, or superseded, including other laws designed to enact or supplement the GDPR;
1.8 “Services” mean the services and other activities provided or carried out on behalf of Cerpro in accordance with the Main Agreement for Members of the Customer Group;
1.9 “Sub-processor” means any person (including third parties, but excluding employees of Cerpro or any subcontractors) commissioned by or on behalf of Cerpro to transfer personal data on behalf of a Member of the Customer Group in connection with the Main Agreement; and
1.10 the terms “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing”, and “Supervisory Authority” have the same meaning as in the GDPR, and any terms related to them should be interpreted accordingly. For the purposes of Cerpro, the term “Data Subject” also has the same meaning as defined in Annex 1 to the Addendum.
2 Term
This Addendum takes effect when personal customer data is first submitted and ends automatically when the Main Agreement expires or ends.
3 Security
3.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Cerpro shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including, if necessary, the measures specified in Article 32 (1) GDPR.
3.2 When assessing the appropriate level of security, Cerpro will take into account the risks that arise from the processing, including, in particular, risks arising from a Personal Data Breach. Cerpro will inform the customer of the measures taken if requested to do so.
3.3 All of the technical measures adopted will be adjusted to reflect technical progress and further developments. In this regard, Cerpro may take alternative, appropriate measures. Any alternative measures must not result in the security level of the defined measures being reduced.
4 Data Subjects/Categories of Data
4.1 Only Personal Data belonging to the Customer’s employees will be collected, processed, or used.
4.2 The categories of the transmitted Personal Data as well as the Data Subjects affected are listed in Annex 1.
4.3 No special categories of data, as defined by applicable laws, will be processed in connection with the Main Agreement
5 Personnel
Cerpro will make all reasonable efforts to ensure that (a) personnel who have access to customer data are subject to written obligations to maintain the confidentiality of this data, and (b) these personnel are appropriately trained in the proper handling of personal data.
6 Auditing Rights
The customer must notify Cerpro and any Sub-processors as early as possible if it exercises any of its auditing rights under the Main Agreement. It must also reimburse Cerpro and the Sub-processors for administrative costs and expenses incurred in the course of conducting and complying with such an audit.
7 Sub-processing
7.1 Subcontracting within the meaning of this Addendum does not include ancillary services, such as telecommunications services, postal/transport services, maintenance, and user support services, and other measures to ensure the confidentiality, availability, integrity, and resilience of the hardware and Software associated with data processing systems.
7.2 However, Cerpro is obligated to make appropriate and legally binding contractual agreements, and to take suitable control measures in order to ensure the protection and security of the customer’s data, even where ancillary services are outsourced.
7.3 Cerpro will hire the Sub-processors s listed in Annex 1, and the customer hereby consents to their use. The customer hereby consents to the hiring of new Sub-processors by Cerpro.
7.4 Changes to the existing subcontractor are permitted provided that Cerpro informs the customer by in hard-copy or in text form with appropriate advance notice, and provided that the sub-processing is based on a contractual agreement in accordance with Article 28 (2–4) GDPR.
7.5 . If the subcontractor provides the service outside the EU/EEA, Cerpro must ensure compliance with the applicable laws by adopting suitable measures.
8 Processing of Customer Data
8.1 With respect to customer data covered by this Addendum, the parties agree that the customer is the Controller and Cerpro is a Data Processor.
8.2 The customer must fulfill its obligations as a Controller, and Cerpro must fulfill its obligations as a Data Processor, in accordance with the Main Agreement and this Addendum.
8.3 Cerpro will process customer data only to fulfill its obligations under the Main Agreement, such as, but not limited to, the provision of the service, the detection, prevention, and resolution of security and technical problems, and answering support inquiries.
8.4 Customer data will only be processed within the framework of the Main Agreement and in accordance with the customer’s instructions.
8.5 Cerpro will inform the customer of all reasonable costs it incurs in complying with the customer’s instructions where the instructions go beyond the agreed services in accordance with the Main Agreement; Cerpro is only obligated to follow such instructions if the customer agrees to reimburse these costs. In particular, the collected, processed, or used data may only be rectified, erased, or restricted in accordance with the customer’s instructions.
8.6 Backup copies will be created if they are necessary to ensure proper data processing, or if they are required for reproduction processes that are necessary to ensure compliance with statutory retention requirements.
8.7 All instructions must be given in writing. If this is not possible in individual cases, then the customer must provide Cerpro with verbal instructions and confirm these instructions in writing.
9 Requests to access data
9.1 Cerpro will support the customer in an appropriate manner in fulfilling the obligation to respond to requests from Data Subjects to rectify, transfer, or erase personal data that is stored on the Cerpro platform and used to provide the services.
9.2 If the data subject requests the rectification or erasure of their personal data directly from Cerpro, Cerpro will immediately forward this request to the customer
9.3 The customer shall reimburse Cerpro for the reasonable costs incurred by complying with this provision in accordance with Cerpro‘s agreed or current rate for professional services.
10 Assistance, reporting, and impact assessments
Cerpro will offer the customer adequate support in fulfilling its obligations relating to the security of personal data, reporting obligations in the event of data breaches, data protection impact assessments, and prior consultations, in accordance with Articles 32 to 36 GDPR.
11 Reporting a Breach
11.1Unless the notice is delayed by the actions or demands of a law enforcement agency, Cerpro must immediately inform the customer’s support contacts about any unauthorized acquisition, access, use, disclosure, or destruction of customer data (a “breach“) after Cerpro has determined that a breach has occurred.
11.2Unless such notice is prohibited by a law enforcement agency as part of an investigation, Cerpro shall disclose information about the nature and consequences of the breach in order that the customer may reasonably contact Data Subjects, government agencies, and/or credit bureaus. The customer has sole control over the content of the customer data that it enters into the subscription service, and is solely responsible for deciding whether to notify Data Subjects and the relevant regulatory authorities or enforcement bodies, as well for providing such notice.
11.3The customer must ensure that the support points of contact named in the Cerpro customer support portal are up-to-date and ready to receive any notice of a breach from Cerpro.
12 Return and Erasure of Customer Data
12.1CERPRO must delete all copies of the company’s processed Personal Data immediately as of the date of the discontinuation of services, or arrange for the erasure of this data, unless a Member of the Customer Group issues an instruction stipulating otherwise.
12.2Cerpro may continue to store personal company data to the extent required by the applicable laws, and only to the extent required by the applicable laws and for the period required by the applicable laws. However, it may only do so provided that Cerpro guarantees that all of this personal company data will remain confidential and ensures that this personal company data is only processed as is necessary for the purposes specified in the applicable laws that require such storage, and not for any other purpose.
13 Liability
The liability of Cerpro arising from or in connection with this Addendum is subject to the provisions of the Main Agreement.
14 General Conditions
14.1Applicable law and jurisdiction
The parties to this Addendum hereby submit to the jurisdiction specified in the Main Agreement for any dispute or claim arising in any way out of this Addendum, including any dispute over its existence, validity, or termination, or the consequences of its being shown to be null and void.
14.2 Order of precedence
14.2.1 Nothing in this Addendum reduces the obligations of Cerpro under the Main Agreement in relation to the protection of Personal Data, or allows Cerpro to process (or permit the processing of) Personal Data in a way that is prohibited under the Main Agreement.
14.2.2 In the event of any conflict between the provisions of this Addendum and other agreements between the parties, including the Main Agreement and (unless expressly agreed otherwise in writing and signed on behalf of the parties) including agreements entered into or alleged to be have been entered into after the date of this Addendum, the provisions of this Addendum will prevail.
15 Severability Clause
If any provision of this Addendum is shown to be invalid or unenforceable, this will not affect the validity and effectiveness of the remaining provisions of this Addendum. The invalid or unenforceable provision will either (i) be amended as necessary to ensure its validity and enforceability, preserving the intentions of the parties as far as possible, or, if this is not possible, (ii) be interpreted as if the invalid or unenforceable part of the provision had never been included.
ANNEX 1 TO THE ADDENDUM
1. Data Subjects
The transmitted personal data relate to the following categories of Data Subjects:
End users who are employees of customers, or other Data Subjects who have been given permission to use the Software.
2. Categories of Data
The transmitted Personal Data relate to the following categories of data:
Usernames, passwords, names, e-mail addresses, and excluding data uploaded by the customer and user.
3. Sub-processor