General Terms and Conditions for Vendors and/or Affiliates

These General Terms and Conditions for Vendors and/or Affiliates are divided into the following parts:

  • Part I - General Terms and Conditions for Vendors - These apply if you wish to offer products as a vendor via copecart.com;
  • Part II - General Terms and Conditions for Affiliates - These apply if you wish to advertise our vendors' products as an affiliate;
  • Part III - General rules for Vendors and Affiliates - These apply to both vendors and affiliates;
  • Part IV - Order processing by Vendors;
    • Appendix 1 to Part IV - Technical and organizational measures;
    • Appendix 2 to Part IV - Authorized subcontractors;
    • Appendix 3 to Part IV - Persons authorized to issue instructions;
    • Appendix 4 to Part IV - Data Protection Officer;
  • Part V - Order processing by CopeCart.


PART I - General Terms and Conditions for Vendors

1. Registration as well as change and termination of a registration, participation fee

  • 1.1 Registration as a vendor is only possible for companies within the meaning of Section 14 of the German Civil Code (BGB). You must provide truthful information for registration. We are entitled to obtain proof of the accuracy of this information and of your entrepreneurial status by means of suitable evidence. We are also entitled to reject an application for registration without giving reasons.
  • 1.2 You are obliged to complete our Know-Your-Customer process within one week of registration. If this is not done or the process is not successfully completed (e.g. missing or implausible information), your account will be deactivated and none of your products will be offered for sale until the process has been successfully completed.
  • 1.3 If your details change, you must update them immediately on our website.
  • 1.4 Either party may terminate a registration at any time without notice. This shall not affect the obligation to perform the purchase agreements concluded under this contract. This contract shall apply accordingly to these subsequent obligations until they have been fulfilled. The right to terminate for good cause remains unaffected.

2. Offering products and services, transfer of rights

  • 2.1 Upon successful registration, you are authorized to have products and services (collectively "Products") offered by us via copecart.com. We are the provider of your products and services to purchasers (the "endcustomers") and thus their contractual partner. If an end customer wishes to conclude a contract for the purchase of a product, a contract is first concluded between the end customer and us and then, as a covering transaction, a corresponding contract is concluded between us and you. Consequently, no direct contract is concluded between you and an end customer for the purchase of a product.
  • 2.2 We will advertise and offer your products at our discretion. We will, at our discretion, provide technical functions for the sale of the products that enable you or the Affiliates to sell them on other websites or by other means (e.g. telephone sales). In these cases, too, we are always the contractual partner of an end customer and such a sale must be made in accordance with the provisions of these terms and conditions. There is no claim that all products will always be advertised and offered.
  • 2.3 If, at our discretion, we are of the justified opinion that you are in breach of the provisions of this contract and it is therefore unreasonable for us to offer your products, we will block access to your products and inform you of this blocking and the reasons for it.
  • 2.4 You guarantee that your products may be marketed and offered within the European Union and that they comply with all relevant legal requirements. The corresponding obligation also applies to all othercountries in which your products are offered, unless you object to offering them beyond the borders of the EU.
  • 2.5 If you wish to offer a product through us, you must provide all the information requested by us in the corresponding input mask. This includes the following information in particular:
    • 2.5.1 Name of the product;
    • 2.5.2 Price;
    • 2.5.3 Product description;
    • 2.5.4 Availability and term of the contract;
    • 2.5.5 Shipping costs, if applicable;
    • 2.5.6 Information required by law that must be observed when advertising the product;
    • 2.5.7. texts and illustrations for the free promotion of the product;
    • 2.5.8 Legally correct classification of the product with regard to the right of withdrawal for consumers, i.e. in particular digital product or service
  • 2.6 The information or data provided by you must be updated immediately upon any change and must comply with the legal requirements at all times. You will inform us immediately if one of your products does not meet the legal requirements or the requirements of this contract or if third parties claim this or an infringement of their rights.
  • 2.7 You are liable for incorrectly or incompletely transmitted information or data. Therefore, please check that all required information has been included and is correct after you have posted your product. The information you provide must enable us to offer and advertise each of your products in accordance with the law.
  • 2.8 You are not authorized to advertise or cause to be advertised that CopeCart recommends or otherwise promotes its products.
  • 2.9 If we are dependent on your cooperation to process customer inquiries, complaints, notices of defects or other legal claims by customers, you shall provide this cooperation immediately and free of charge.
  • 2.10. You transfer to us free of charge the worldwide rights to the information, data and any other content provided to us in the context of the placement of a product to use these for the purposes of implementing this contract and, in particular, to advertise and sell the products in online and offline media. This granting of rights includes in particular all forms of offering and advertising the products on websites, in social media offerings, blogs, by telephone, by video conference, price search engines and other Internet offerings as well as apps. You warrant that you will transfer to us the rights required for this purpose free of third-party rights that prevent use in accordance with the contract. Upon termination of the contract, we are not obliged to recall advertising for products that has already been published using the rights transferred above or to remove public access to them (e.g. advertising in social media offerings).

3. Distribution of digital products

  • 3.1 If your product can be sent by us in digital form or made accessible by means of a link, you must provide us with the corresponding content or access when you place the product at our disposal.
  • 3.2 We are entitled to grant end customers access to these products in accordance with the possibilities offered by you or to provide them to you and to allow you to store them permanently. This includes the right of duplication, making available to the public, making available on demand, distribution and reproduction by means of all technical and commercial forms of utilization and distribution. Insofar as it is technically necessary for the performance of the contract or required for commercial exploitation, we are entitled to process the product to the extent necessary.
  • 3.3 If a product is a digital product pursuant to Section 327 (2) BGB, the following provisions shall apply, which shall take precedence over the other provisions of these GTC in the event of contradictions, unless there is an exception pursuant to Section 327 (6) BGB:
    • 3.3.1 An end customer who is a consumer ("consumer end customer") may request the provision of the product immediately after the conclusion of the cover transaction. You must provide the corresponding services immediately. If you do not comply with this obligation pursuant to Section 327c (1) BGB, we may terminate the corresponding contract if the consumer end customer has terminated its contract with us accordingly. We will inform you immediately if a consumer end customer requests us to do so. Otherwise, the provisions of Section 327c BGB shall apply accordingly.
    • 3.3.2 You must provide us with digital products in accordance with the provisions of Sections 327e to 327g BGB. Offering digital products that do not comply with this is not permitted. If you are of the opinion that a legally compliant offer of your product is not possible in accordance with the aforementioned regulations, you must inform us accordingly and not allow us to offer the product.
    • 3.3.3 Updates within the meaning of Section 327f BGB must be made available to us in such a way that we are able to fulfil our legal obligations towards consumer end customers, in particular those arising from Section 327f BGB.
    • 3.3.4 It is not permitted to offer products for which, according to Section 327h of the German Civil Code (BGB), information of consumer end customers and a separate agreement with them would be required.
    • 3.3.5 Changes to digital products are only permitted in accordance with the statutory requirements, in particular Section 327r BGB.
    • 3.3.6 Statutory rights of recourse, in particular pursuant to §§ 327u or 445c BGB remain unaffected. Insofar as these terms and conditions grant us further claims, these shall remain unaffected.

4. Prohibited products

The following product categories may not be offered:

  • 4.1 Sexually offensive products;
  • 4.2 Alcohol, tobacco and medication;
  • 4.3. products that discriminate against third parties on the basis of race, gender, religion, nationality, disability, sexual orientation or age;
  • 4.4. products that infringe the rights of third parties, in particular trademarks, patents or other industrial property rights;
  • 4.5 Products for which there are legal advertising bans or restrictions;
  • 4.6 Products that may only be sold to end customers after an age check has been carried out (e.g. FSK 18 content);
  • 4.7 All legally prohibited products

5. Cover business for products and services sold

  • 5.1 If an end customer purchases a product offered by you from us, we purchase the corresponding product from you as a covering transaction and commission you with the fulfilments of the corresponding contract between us and the customer. If the contract is fulfilled by sending digital content or a link, we fulfil the contract between us and the end customer in this respect.
  • 5.2 If a product can be purchased for several payment instalments (e.g. recurring payment for access to digital content), we shall purchase the product on a periodic basis in accordance with the payment instalments and not immediately for the entire term. If the end customer is in arrears with the payment of further instalments, the purchase will only take place when we receive the corresponding amounts.
  • 5.3 We will only provide the end customer with the information you have given us regarding the product and will only include our current General Terms and Conditions, which are available at copecart.com/agb.
  • 5.4 The conclusion of the cover transaction shall take place directly and automatically without the need for a separate declaration on your part. In this respect, both parties waive receipt of the respective declarations onthe conclusion of the contract. We will inform you of the conclusion of a respective cover transaction by e-mail containing all relevant data. You can also call up the corresponding contracts on our website.
  • 5.5 From the conclusion of the covering transaction, you are entitled to the gross sales price specified by you and charged to the end customer less the fees to which we are entitled. Of this, 80% will be released for payment after the end customer's 14-day withdrawal period has expired and the remaining amount after a further 40 days, provided we have received the money from the end customer. Payment will be made to the account or similar specified by you using the details you have entered on our website. The payment due to you is subject to the applicable VAT if you have entered your valid VAT identification number in your profile in good time before the invoice is issued. There is no right to subsequent correction of the invoice. If you have agreed to the initiation of collection measures against an end customer who is in default of payment, you shall bear the costs of the collection procedure specified by us.
  • 5.6 For certain products and/or types of contract offered by you, we may, at our discretion, grant you the option of allowing us to sell our claim against the purchaser of the product to a factoring company. If we make use of this option with your consent and the factoring company acquires the receivable in the individual case, we will pay the remuneration due to you for the respective contract as soon as we receive the payment from the factoring company. The fees agreed with you for this accelerated payment are also due. If the factoring company reverses the purchase of a receivable for reasons for which you are responsible (e.g. reversal due to incorrect waiver of the right of withdrawal due to incorrect classification of the product by you, product violates Part I Clause 4 of the GTC), you are obliged to repay the amounts you received prematurely, unless the customer has otherwise settled our claim.
  • 5.7 The payment of the purchase price requires that you have indicated in your profile whether you are liable for VAT and that you have indicated your VAT ID, if applicable.
  • 5.8 Should you not be able to deliver ordered products or not be able to deliver them within the respectively communicated delivery time, you must inform us immediately. In this case, we are entitled to withdraw from the affected contract with you.

6. Use of "CopeCart" or "CopeCart.com"

We authorize you to use the name "CopeCart" or "CopeCart.com" only to the extent necessary to indicate in a customary manner that a product can be purchased through copecart.com. Any other use of our trademarks requires our prior approval.

7 CopeMember

  • 7.1 Upon registration, a Vendor shall have access to CopeMember within the scope and limits of the free usage model offered by us as part of Copecart. This may only be used by the Vendor for the fulfilment of cover transactions within the meaning of Part I Clause 5, i.e. for end customers of the Vendor's products sold by Copecart.
  • 7.2 Any further use of CopeMember or use for other purposes requires a paid CopeMember package.
  • 7.3 The Vendor is responsible for the content published in CopeMember, including that of End Customers, and must indemnify Copecart against any justified claims by third parties (e.g. due to the infringement of third-party rights or other unlawful content). The use of CopeMember is subject to the Data Processing Agreement pursuant to Part IV.

8. Joint ventures of vendors

  • 8.1 Two Vendors may enter into a so-called Joint Venture for a Product in accordance with the functions offered by us. The applicant for the establishment of a joint venture is the Vendor offering the Product (the "Applicant"). The applicant remains our contractual partner for the respective product in accordance with these terms and conditions.However, a reduction of the remuneration due to the Applicant from the sale of the Product will be agreed in accordance with the application for the establishment of the joint venture. We are entitled to reject such an application without giving reasons.
  • 8.2 Upon establishment of the joint venture, the vendor named by the applicant ("beneficiary") shall be entitled to the amount by which the applicant's claim to remuneration has been reduced. The Beneficiary acquires this claim to remuneration directly against us. The payer is therefore not the applicant, but CopeCart. If we have a claim against the applicant for repayment of all or part of the remuneration paid to the applicant under the joint venture, we shall also have a claim against the beneficiary.
  • 8.3 We are not a party to the contract that the Applicant and the Beneficiary enter into for the purposes of the Joint Venture.
  • 8.4 A joint venture may be terminated at any time without notice.

9. Activation of affiliate campaigns

  • 9.1 Within the scope of the possibilities granted by copecart.com, you may grant third parties (so-called affiliates) the opportunity to advertise products offered by you. The design of the corresponding affiliate program and the selection of participating affiliates is at our discretion. We are contractual partners of the affiliates and are entitled at any time not to activate, restrict or terminate advertising measures.
  • 9.2 If you wish to grant corresponding advertising opportunities, you undertake to provide only truthful, non-misleading information that enables the advertising measure to be implemented in accordance with the law. You are not authorized to grant Affiliates incentives or promotions for the advertising measures outside of copecart.com.
  • As part of an advertising campaign, you can provide for remuneration for the Affiliate, whose debtor vis-à-vis the Affiliate is initially us when the conditions required for the due date occur. We will charge these commissions paid to the Affiliates on your behalf to you and offset them against the payment claims to which you are entitled against us.

10. Shipment of physical products

You send physical products that we have purchased from you as a covering transaction to the end customer without delay. Shipping is at your expense and risk. You should therefore insure the shipment.

11. Instalment payment agreements

If you yourself are involved in the acquisition of customers for the products offered by us and we have given you the opportunity to make instalment payment agreements for this purpose, the purchase with instalment payment may not be more expensive than the purchase with immediate payment. A higher instalment purchase price is only permissible if the duration of the instalment payment does not exceed three months from the conclusion of the contract between us and the end customer.

12. Payments, taxes and duties

  • 12.1 In order to pay the amounts due to you, you must first go through our identification procedure (Know Your Customer - KYC). This procedure is similar to the identification procedure that banks regularly require of their customers to prevent money laundering and ensures that you or your company (natural or legal person) are the authorized payee. Before paying the amounts due to you, you must also provide proof of your entrepreneurial status and the payment of VAT by you or your exemption from VAT (small business regulation). If, due to the location of your company, further proof is required in order to be able to make payments to you (e.g. to prevent money laundering), these documents must also be submitted to us in advance.
  • 12.2 If the existing clearing account for you shows a claim balance in our favor, you are obliged to settle this within 30 days of becoming aware of it (e.g. a request for payment from us).
  • 12.3 If we are obliged to withhold taxes or duties for fees to be paid to you, the fee to be paid to you will be reduced accordingly and we will make the corresponding payments to the competent authority. Otherwise, you alone are responsible for the proper taxation of your income.

13. Advertising measures, cancellation button for subscription products

  • 13.1 If you yourself, through vicarious agents or through affiliates are involved in the acquisition of customers for the products offered through us, you must comply with all legal requirements. This applies in particular to the provisions of the Unfair Competition Act and consumer protection legislation. If the end customer does not carry out the purchase himself via a website offered by us, you must ensure that the sales process complies with the law and, in particular, that all information obligations (in particular regarding the existence of a right of withdrawal vis-à-vis consumers) are fulfilled. You must also ensure that our GTC for end customers are effectively included in the contract. Furthermore, it is not permitted to make statements in the sales process that deviate from the contract that we conclude with the respective end customer.
  • 13.2 On websites that serve to advertise or directly or indirectly conclude continuing obligations with consumers for products that oblige us to provide a service against payment, you are obliged to include a termination button in accordance with the provisions of Section 312g BGB. If a consumer uses this button to terminate an existing contract with us, we must be informed immediately.
  • 13.3 If you culpably violate the provisions of this Part I Clause 13, you must indemnify us against the resulting claims and costs.

14. Reversal of a hedging transaction

  • 14.1 If an end customer effectively cancels the contract for the purchase of a product, we are also entitled to cancel the corresponding cover transaction with you accordingly.
  • 14.2 The same applies if an end customer is entitled to cancel a contract for the purchase of one of your products for other reasons for which we are not responsible (e.g. due to delayed performance or defects).

15. Data protection, use of customers for advertising purposes, double opt-in

  • 15.1 When placing a product, you must state truthfully and in accordance with the statutory provisions which personal data of an end customer you require from us in order to be able to fulfil the cover transaction with the end customer. If we transmit personal data of an end customer to you in this respect, you may only process this data to fulfil this purpose or if you are otherwise legally entitled to process it. If you act as a processor for us in this respect, the data processing agreement pursuant to Part IV.
  • 15.2 Any processing of the end customer's personal data in violation of data protection regulations is prohibited and violations of this provision entitle us to terminate the contractual relationship with you without notice. Further claims remain unaffected.
  • 15.3 You are only permitted to use personal data of end customers for advertising purposes if the legal requirements are met. The transmission of contact data by us cannot be used to derive the authorization to use this data for advertising purposes, e.g. email newsletters, without the necessary requirements being met. If we inform you that one of your customers has given us consent to receive a newsletter from you by email, we will not verify this opt-in by means of a double opt-in. We therefore recommend that you carry out a double opt-in yourself in order to be able to provide the evidence required by law for the granting of an opt-in. Otherwise, you may not be able to prove that a customer has effectively consented to receiving promotional emails.
  • 15.4 We offer the option of transferring the personal data of our end customers provided to you to other Internet offers (e.g. newsletter tools). It is your responsibility to create the data protection basis for this transfer and to conclude any necessary agreements between you and the recipient of the data.

16. Third party services

  • 16.1 At our discretion, we offer the option of transferring data from your account to services offered by third parties or receiving data from them. We ourselves are not the provider of these services and are not responsible for them.
  • 16.2 You must conclude the necessary contracts yourself in order to use the services of third parties and are obliged to use them in compliance with your contractual and legal obligations.

Part II - General Terms and Conditions for Affiliates

1. Definitions

For the purposes of this Part II, the following definitions apply:

  • 1.1 "Advertisers" are the vendors who offer products via copecart.com and who provide advertising material for publication by Affiliates.
  • 1.2 "Affiliates" are persons who wish to publish advertisements from advertisers on advertising spaces operated by you.
  • 1.3 "Technical protection measures" are measures to determine whetheran advertisement has been clicked on by a user on a specific advertising space and measures to prevent such clicks from being faked or misused.
  • 1.4 "Users" are natural persons who do not visit or otherwise become aware of an advertising space for the purpose of generating revenue for the Publisher or other third parties.
  • 1.5 "Advertising media" are those provided by advertisers.
  • 1.6 "Advertising spaces" are spaces operated by the Affiliate and for which the Affiliate is responsible for the publication of advertising on websites on the Internet, in apps or other digital offers in which advertising spaces are made available.
  • 1.7 "Advertising campaigns" are temporary advertising measures by advertisers for which advertisements are made available.

2. Registration as well as change and termination of a registration

  • 2.1 Registration as an affiliate is only possible for companies within the meaning of Section 14 of the German Civil Code (BGB). You must provide truthful information for registration. We are entitled to obtain proof of the accuracy of this information and of your entrepreneurial status by means of suitable evidence. We are also entitled to reject an application for registration without giving reasons.
  • 2.2 If your details change, you must update them immediately on our website.
  • 2.3 Either party may terminate a registration as an Affiliate with one week's notice.

3. Participation in the affiliate program

  • 3.1 Affiliates are obliged to include advertising material in a legally compliant manner and only on advertising spaces that are designed and operated in accordance with the applicable legal requirements. You are not authorized to provide information on the advertised products that differs from the information provided by us. This applies in particular to the description of the products or the rights to which the buyer is entitled.
  • 3.2 It is prohibited to publish advertising material on advertising spaces that are likely to jeopardize our reputation or that of the advertiser or if these advertising spaces are located in an environment that would be an inadmissible offer if § 4 JMStV were applicable.
  • 3.3 Furthermore, it is not permitted to show the advertising material on advertising space for the following offers:
    • 3.3.1. offers that directly or indirectly enable the possibility of downloading or streaming legally protected content without the consent of the owners of the rights to this content;
    • 3.3.2 Offers that represent the following: Forced-click systems, cashback or bonus systems, Paid4 leads (paid mailers, paid clicks, paid leads), temporary e-mail addresses, promotional clicks for SMS dispatch, banner network or banner exchange systems as well as "banner farm" sites, websites that consist only of advertising banners, ViewBar lead/sale programs in pop-ups/frames, entry services for competitions);
  • 3.4 Advertising material placed contrary to the above specifications shall not give rise to any claims for remuneration, shall entitle us to terminate the contract for good cause and may give rise to claims for damages.
  • 3.5 Advertising materials may only be used in the manner in which they are provided by us. If these are provided together with technical protection measures, they may only be used together with these as specified by us.

4. Participation in advertising campaigns, use of advertising material, remuneration

  • 4.1 The Affiliate may participate in the advertising campaigns provided by the Advertisers if we make the relevant advertising material available to it. There is no entitlement to participate in a specific advertising campaign or to use a specific advertising medium.
  • 4.2 We are entitled to terminate individual advertising media or campaigns prematurely at any time.
  • 4.3 Advertising materials, including technical protective measures, must be used properly for the advertising spaces in accordance with our specifications.
  • 4.4 The Affiliate shall not receive any remuneration for the integration of an advertising medium on an advertising space. The Affiliate is only entitled to remuneration if there is an interaction with the advertisingmaterial by a user and subsequently the conclusion of an individual order by the user on copecart.com.
  • 4.5 The amount of the remuneration is based on the information provided by us in the context of advertising the opportunity to participate in an advertising campaign. Unless otherwise stated, the claim to remuneration shall only arise when we have been fully remunerated by the end customer from the conclusion of the contract brokered by the Affiliate and have not had to refund the purchase price. There is no entitlement if the affiliate and vendor are identical and the affiliate uses this topurchase its own product or if the affiliate purchases a product via its own affiliate link.
  • 4.6 The basis for determining the remuneration due to the Affiliate is our billing systems. The Affiliate may provide evidence to the contrary.
  • 4.7. 80% of the affiliate remuneration shall be released for payment after the end customer's 14-day withdrawal period for the brokered contract has expired and the remaining amount after a further 40 days. Payment is made according to the data entered by the affiliate on our website. Objections to our settlement must be notified to us no later than 14 days after the settlement date. After that, the payout amount is considered approved.
  • 4.8 Payments shall only be made from an amount of EUR 50 per remuneration distribution and, irrespective of the amount, upon termination of the contract in accordance with the due date provision in Part II Section 4.7 above.
  • 4.9 Remuneration which has been achieved through a breach of the provisions of this contract, or where it subsequently transpires that the conditions for its accrual were not met, shall be subject to reclaim.

5. rights to advertising material

  • 5.1 The advertising materials provided to the Affiliate under this contract and any technical protection measures associated with them may only be used in the form in which they were provided and exclusively for the purposes of this contract. Any other use or disclosure to third parties is not permitted.
  • 5.2 Modification or editing of the advertising material and the technical protective measures is not permitted.
  • 5.3 For the term of the contract or a respective advertising campaign (whichever is shorter), we only grant the Affiliate the rights to the advertising materials and technical protection measures that are necessary for their contractual use, utilization and publication.
  • 5.4 The Affiliate is not entitled to transfer the advertising material or technical protection measures to third parties or to grant rights to them.

Part III - General regulations for vendors and affiliates

1. Warranty, liability and indemnification by vendors and affiliates

  • 1.1 Vendors are obliged to indemnify us internally against third-party claims for products that we have sold under this contract. This includes in particular warranty, liability and product liability claims. This does not apply if the Vendor is not responsible for the existence of the claims. The indemnification claim shall include in particular expenses for the elimination of defects, installation and removal costs, claims for damages, liability claims, claims and costs of examination and possible defence against such claims (including the reasonable costs of legal advice (hourly rate up to EUR 350 net) as well as litigation and court costs).
  • 1.2 If Vendors or Affiliates culpably violate obligations arising from the contractual relationship with us and if claims are asserted against us by third parties as a result, the respective Vendor or Affiliate must indemnify us against these claims in accordance with Part III Clause 1.1.
  • 1.3 We will inform affected Vendors or Affiliates of the assertion of claims within the meaning of Part III Clauses 1.1. and 1.2. and involve them appropriately in the examination and possible defense of the claims.

2. Communication

You must provide an e-mail address at which we can reach you at all times and or which incoming e-mails will be acknowledged within one working day and not answered automatically. If you register to promote a vendor's product, the vendor (the vendor whose partner program you have registered for) may send you emails to provide you with relevant information about its partner program and to support you in promoting its products. You can object to receiving e-mails directly from the respective vendor at any time.

3. Liability

  • 3.1 You undertake to assume the statutory warranty obligations arising from the contract between you and us. You must indemnify us against product liability claims. Warranty and liability claims of customers based on the products sold by you through us can also be settled between you and the customers. This does not release us from our obligation.
  • 3.2 The warranty and liability claims as well as the claim for indemnification include in particular expenses for the elimination of defects, installation and removal costs, claims for damages, liability claims, claims and costs (including the reasonable costs of legal advice (hourly rate up to EUR 350 net) and defence as well as litigation and court costs).

4. Blocking of accounts

We are entitled to block accounts of Vendors and Affiliates and to suspend their offers if we are of the opinion that they violate laws or the provisions of this contract to such an extent that we cannot reasonably be expected to continue to operate the account. We will inform the person concerned of this immediately, stating the reasons.

5 Our liability

  • 5.1 Liability for intent and gross negligence is unlimited.
  • 5.2 In the event of a breach of material contractual obligations due to simple negligence, liability shall be limited to foreseeable damage typical of the contract. Essential contractual obligations are those whose fulfilment is essential for the proper execution of the contract and on whose compliance the injured party may regularly rely. The limitation period for claims under this paragraph is one year.
  • 5.3 Part III clause 5.2. shall not apply to claims arising from injury to life, limb or health, in the event of fraudulent action, the assumption of a guarantee, liability for initial inability or impossibility for which we are responsible and for claims under the Product Liability Act.
  • 5.4 Otherwise, liability - regardless of the legal grounds - is excluded.

6. Our warranty

  • 6.1 The choice of subsequent performance shall be incumbent on us in compliance with the statutory limits.
  • 6.2 The limitation period for warranty claims is one year. This does not apply to liability claims, in this respect the regulations on liability apply.

7 Applicable law and place of jurisdiction

  • 7.1 The contract shall be governed solely by the law of the Federal Republic of Germany. Private international law shall not apply insofar as it can be waived.
  • 7.2 The sole place of jurisdiction for all disputes in connection with this agreement is our registered office. We are also entitled to assert claims against our contractual partner at one of its statutory places of jurisdiction.

8. Severability clause

Should individual provisions of these General Terms and Conditions be or become invalid in whole or in part, this shall not affect the validity of the remaining provisions, unless the omission of individual clauses would place a contracting party at such an unreasonable disadvantage that it can no longer be reasonably expected to adhere to the contract.

Part IV - Order processing by vendors

1. Introduction, scope, definitions

  • 1.1 CopeCart (for this Part IV "Principal") has the Vendor (for this Part IV "Contractor") process personal data on its behalf for the purpose of carrying out cover transactions (the respective "Main Contract"). In order to execute the Main Contract, the Client commissions the Contractor with commissioned processing in accordance with Art. 28 GDPR, insofar as the legal requirements for this are met. In the event of contradictions, this order processing contract shall take precedence over the main contract.
  • 1.2 Terms used in this contract are to be understood in accordance with their definition in the EU General Data Protection Regulation. In this sense, the Client is the "Controller" and the Contractor is the "Processor". Insofar as declarations are to be made "in writing" in the following, the written form pursuant to Section 126 BGB is meant. Otherwise,declarations may also be made in another form, provided that appropriate verifiability is guaranteed.

2. Type and purpose of data collection, processing or use:

Nature and purpose of processing: Processing is of the following nature: collection, recording, organization, structuring, storage, adaptation or alteration, cross-selling, upselling, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data. The processing serves the following purpose: contract fulfillment, contract processing. Categories of data subjects - The following are affected by the processing: Customers

3. Object and duration of the processing

  • 3.1 Object: The contractor undertakes the following processing:
  • General personal data:
    • the name
    • the date of birth and the place of birth
    • or the place of residence of a person
  • Identification numbers
  • Online data

The processing is based on the main contracts existing between the parties.

  • 3.2 Duration: Processing begins on the day the respective main contract is concluded and continues indefinitely until this contract or the main contract is terminated by one of the parties.

4. Obligations of the contractor

  • 4.1 The Contractor shall process personal data exclusively as contractually agreed or as instructed by the Client, unless the Contractoris legally obliged to carry out specific processing. If such obligations exist for the Contractor, the Contractor shall inform the Client of these prior to processing, unless the notification is prohibited by law. Furthermore, the Contractor shall not use the data provided for processing for any other purposes, in particular not for its own purposes.
  • 4.2 The Contractor confirms that it is aware of the relevant general data protection regulations. It shall observe the principles of proper data processing.
  • 4.3 The Contractor undertakes to maintain strict confidentiality during processing.
  • 4.4 Persons who may gain knowledge of the data processed in the order must undertake in writing to maintain confidentiality, unless they are already subject to a relevant confidentiality obligation by law.
  • 4.5 The Contractor warrants that the persons employed by it for processing have been familiarized with the relevant provisions of data protection and this contract before the start of processing. Appropriate training and awareness-raising measures shall be repeated at regular intervals. The Contractor shall ensure that persons deployed for commissioned processing are appropriately instructed and monitored on an ongoing basis with regard to compliance with data protection requirements.
  • 4.6 In connection with the commissioned processing, the Contractor shall support the Client in drawing up and updating the list of processing activities and in carrying out the data protection impact assessment. All necessary information and documentation must be kept available and forwarded to the Client immediately upon request.
  • 4.7 If the Client is subject to inspection by supervisory authorities or other bodies or if data subjects assert rights against it, the Contractor undertakes to support the Client to the extent necessary, insofar as the processing in the order is affected.
  • 4.8 The Contractor may only provide information to third parties or the data subject with the prior consent of the Client. The Contractor shall forward any requests addressed directly to it to the Client without delay.
  • 4.9 Where required by law, the Contractor shall appoint a competent and reliable person as data protection officer. It must be ensured that there are no conflicts of interest for the officer. In cases of doubt, the client may contact the data protection officer directly. The contractor shall inform the client immediately of the contact details of the data protection officer or explain why no officer has been appointed. The contractor shall inform the client immediately of any changes in the person or internal tasks of the officer.
  • 4.10. The order processing shall generally take place within the EU or the EEA. Any relocation to a third country may only take place with the express consent of the client and under the conditions contained in Chapter V of the General Data Protection Regulation and in compliance with the provisions of this contract.
  • 4.11. If the Contractor is not established in the European Union, it shall appoint a responsible contact person in the European Union in accordance with Art. 27 of the General Data Protection Regulation. The contact details of the contact person as well as any changes in the person of the contact person must be communicated to the Client without delay.

5. Notification obligations

  • 5.1 The Contractor shall notify the Client immediately of any breaches of personal data protection. Reasonable suspicions of this must also be reported. The notification must be sent to an address specified by the client at the latest within 24 hours of the contractor becoming aware of the relevant event. It must contain at least the following information:
    • 5.1.1. a description of the nature of the personal data breach, including, where possible, the categories and approximate number of data subjects concerned, the categories concerned and the approximate number of personal data records concerned;
    • 5.1.2. the name and contact details of the data protection officer or other contact point for further information;
    • 5.1.3. a description of the likely consequences of the personal data breach;
    • 5.1.4. a description of the measures taken or proposed to be taken by the Contractor to address the personal data breach and, where appropriate, measures to mitigate its possible adverse effects
  • 5.2 Significant disruptions in the execution of the order as well as violations of data protection regulations or the provisions of this contract by the Contractor or the persons employed by it must also be reported immediately.
  • 5.3 The Contractor shall inform the Client immediately of any inspections or measures by supervisory authorities or other third parties, insofar as these relate to order processing.
  • 5.4 The Contractor warrants to support the Client in its obligations under Art. 33 and 34 of the General Data Protection Regulation to the extent necessary.

6. Technical and organizational measures

  • 6.1 The data security measures described in Appendix 1 are defined as binding. They define the minimum owed by the Contractor. The description of the measures must be so detailed that a knowledgeable third party can recognize beyond doubt at any time what the minimum owed should be on the basis of the description alone. Reference to information that cannot be taken directly from this agreement or its annexes is not permitted.
  • 6.2 The data security measures may be adapted in line with technical and organizational developments as long as they do not fall below the level agreed here. The Contractor shall immediately implement any changes required to maintain information security. The Client must be informed of any changes without delay. Significant changes must be agreed between the parties.
  • 6.3 If the security measures taken do not or no longer meet the Client's requirements, the Contractor shall notify the Client immediately.
  • 6.4 The Contractor warrants that the data processed in the order will be strictly separated from other data stocks.
  • 6.5 Copies or duplicates shall not be made without the client's knowledge. This does not apply to technically necessary, temporary copies, insofar as an impairment of the level of data protection agreed here is excluded.
  • 6.6 The processing of data in private residences is only permitted with the prior written consent of the Client in individual cases. If such processing takes place, the Contractor shall ensure that a level of data protection and data security corresponding to this contract is maintained and that the Client's rights of control specified in this contract can also be exercised without restriction in the private residences concerned. The processing of data on behalf of the Client using private devices is not permitted under any circumstances.
  • 6.7 Dedicated data carriers that originate from the client or are used for the client shall be specially marked and are subject to ongoing administration. They must be stored appropriately at all times and must not be accessible to unauthorized persons. Inputs and outputs are documented.
  • 6.8 The Contractor shall provide regular evidence of the fulfilment of its obligations, in particular the complete implementation of the agreed technical and organizational measures and their effectiveness. The proof shall be provided to the Client every 12 months at the latest without being requested to do so and otherwise at any time upon request. Proof may be provided by means of approved codes of conduct or an approved certification procedure.

7. Subcontracting relationships

  • 7.1 The commissioning of subcontractors is only permitted with the written consent of the client in individual cases.
  • 7.2 Consent is only possible if the subcontractor has been contractually bound to data protection obligations that are at least comparable to those agreed in this contract. Upon request, the client shall be given access to the relevant contracts between the contractor and the subcontractor.
  • 7.3 The rights of the client must also be able to be effectively exercised vis-à-vis the subcontractor. In particular, the client must be entitled to carry out inspections of subcontractors or have them carried out by third parties at any time to the extent specified here.
  • 7.4 The responsibilities of the contractor and the subcontractor must be clearly delineated.
  • 7.5 Further subcontracting by the subcontractor is not permitted.
  • 7.6 The Contractor shall carefully select the subcontractor, paying particular attention to the suitability of the technical and organizational measures taken by the subcontractor.
  • 7.7 The forwarding of data processed in the order to the subcontractor is only permitted if the Contractor has documented that the subcontractor has fulfilled its obligations in full. The Contractor shall submit the documentation to the Client without being requested to do so.
  • 7.8 The commissioning of subcontractors who do not perform processing on behalf of us exclusively from the territory of the EU or the EEA is only possible if the conditions set out in Part IV Sections 4.10. and 4.11. of this contract are observed. In particular, it is only permissible if and as long as the subcontractor offers appropriate data protection guarantees. The Contractor shall inform the Client of the specific data protection guarantees offered by the subcontractor and how proof of this can be obtained.
  • 7.9 The Contractor shall carry out an appropriate review of the subcontractor's compliance with its obligations on a regular basis, at least every 12 months. The audit and its results must be documented in such a meaningful way that they are comprehensible to a competent third party. The documentation is carried out by means of an audit provided in the system, which is performed by the Vendor in the form of a self-audit.
  • 7.10. If the subcontractor fails to comply with its data protection obligations, the contractor shall be liable to the client for this.
  • 7.11. At present, the subcontractors specified in Annex 2 with name, address and order content are engaged in the processing of personal data to the extent specified therein and approved by the Client. The Contractor's other obligations to subcontractors set out herein shall remain unaffected.
  • 7.12. Subcontracting relationships within the meaning of this contract are only those services that are directly related to the provision of the main service. Ancillary services such as transportation, maintenance and cleaning as well as the use of telecommunications services or user services are not covered. The Contractor's obligation to ensure compliance with data protection and data security in these cases remains unaffected.

8. Rights and obligations of the client

  • 8.1 The client alone is responsible for assessing the permissibility of the commissioned processing and for safeguarding the rights of data subjects.
  • 8.2 The client shall issue all orders, partial orders or instructions in documented form. In urgent cases, instructions may be issued verbally. The client shall confirm such instructions in writing without delay.
  • 8.3 The Client shall inform the Contractor immediately if it discovers errors or irregularities in the inspection of the order results.
  • 8.4 The Client shall be entitled to monitor the Contractor's compliance with the data protection regulations and the contractual agreements to an appropriate extent itself or through third parties, in particular by obtaining information and inspecting the stored data and the data processing programs as well as other on-site checks. The persons entrusted with the inspection shall be granted access and inspection by the Contractor to the extent necessary. The Contractor shall be obliged to provide the necessary information, demonstrate processes and provide the evidence required to carry out an inspection.

9. Instructions

  • 9.1 The client reserves a comprehensive right to issue instructions with regard to the processing of the order.
  • 9.2 The Client and the Contractor shall name the persons exclusively authorized to issue and accept instructions in Annex 3.
  • 9.3 In the event of a change or long-term absence of the named persons, the other party must be informed immediately of any successors or representatives.
  • 9.4 The Contractor shall notify the Client immediately if, in its opinion, an instruction issued by the Client violates statutory provisions. The Contractor shall be entitled to suspend the implementation of the relevant instruction until it has been confirmed or amended by the person responsible at the Client.
  • 9.5 The Contractor shall document any instructions issued to it and their implementation.

10. Remuneration

The tasks and measures of the contractor within the scope of order processing are carried out free of charge. No remuneration shall be paid.

11. Special right of termination

  • 11.1 The Client may terminate the Main Agreement and this Agreement at any time without notice ("extraordinary termination") in the event of a serious breach by the Contractor of data protection regulations or the provisions of this Agreement, if the Contractor is unable or unwilling to carry out a lawful instruction of the Client or if the Contractor refuses to comply with the Client's control rights in breach of contract.
  • 11.2 A serious breach exists in particular if the Contractor does not or has not fulfilled the obligations specified in this Agreement, in particular the agreed technical and organizational measures, to a significant extent.
  • 11.3 In the event of insignificant violations, the Client shall set the Contractor a reasonable deadline for remedial action. If the remedy is not provided in good time, the client shall be entitled to extraordinary termination as described in this section.
  • 11.4 The Contractor shall reimburse the Client for all costs incurred by the Client due to the premature termination of the main contract or this contract as a result of extraordinary termination by the Client.

12. Termination of the order

  • 12.1 Upon termination of the contractual relationship or at any time at the request of the Client, the Contractor shall either destroy the data processed in the order or hand it over to the Client at the Client's discretion. All existing copies of the data shall also be destroyed. The destruction must be carried out in such a way that it is no longer possible to restore even residual information with reasonable effort. Physical destruction shall be carried out in accordance with DIN 66399, whereby at least protection class 2 shall apply.
  • 12.2 The Contractor is obliged to ensure that subcontractors also return or delete the data without delay.
  • 12.3 The Contractor shall provide proof of proper destruction and submit it to the Client without delay.
  • 12.4 Documentation that serves as proof of proper data processing shall be retained by the Contractor beyond the end of the contract in accordance with the respective retention periods. The Contractor may hand them over to the Client at the end of the contract for its own convenience.

13. Liability

  • 13.1 The Contractor shall bear the burden of proof that damage is not the result of a circumstance for which it is responsible, insofar as the relevant data was processed by it under this Agreement. As long as this proof has not been provided, the Contractor shall indemnify the Client against all claims asserted against the Client in connection with the commissioned processing. Under these conditions, the Contractor shall also reimburse the Client for all legal defence costs incurred.
  • 13.2 The Contractor shall be liable to the Client for damage culpably caused by the Contractor, its employees or the subcontractors commissioned by it to perform the contract or by the subcontractors it deploys in connection with the provision of the commissioned contractual service.
  • 13.3 Part IV Clauses 13.1. and 13.2. shall not apply if the damage was caused by the correct implementation of the commissioned service or an instruction issued by the client.

14. Regulations on the correction, deletion and blocking of data

  • 14.1 The Contractor shall only correct, delete or block data processed within the scope of the order in accordance with the contractual agreement made or in accordance with the Client's instructions.
  • 14.2 The Contractor shall comply with the corresponding instructions of the Client at all times and also beyond the termination of this contract.

15. Contractual penalty

For each culpable breach of an obligation under this data processing agreement, the Contractor undertakes to pay the Client a contractual penalty, the determination of which is at the reasonable discretion of the Client and which is subject to judicial review in the event of a dispute. Claims exceeding the contractual penalty remain unaffected. The contractual penalty has no influence on other claims of the client.

16. Transfer to third countries

To ensure an adequate level of data protection when transferring personal data to third countries, Copecart GmbH uses the standard contractual clauses approved by the European Commission. These clauses regulate the processing of personal data by our processors and ensure compliance with the data protection regulations of both the EU and the respective third country." We also refer to our General Terms and Conditions and our Privacy Policy.

17. Other

  • 17.1 Both parties are obliged to treat as confidential all knowledge of business secrets and data security measures of the other party obtained in the course of the contractual relationship, even after termination of the contract. If there is any doubt as to whether information is subject to the confidentiality obligation, it shall be treated as confidential until written release by the other party.
  • 17.2 If the Client's property is jeopardised by third-party measures (such as seizure or confiscation), by insolvency or composition proceedings or by other events, the Contractor must inform the Client immediately.
  • 17.3 Ancillary agreements must be made in writing.
  • 17.4 The defense of the right of retention within the meaning of § 273 BGB is excluded with regard to the data processed in the order and the associated data carriers.
  • 17.5 Should individual parts of this agreement be invalid, this shall not affect the validity of the remainder of the agreement.

Appendix 1 - Technical and organizational measures The order-related technical and organizational measures to ensure data protection and data security, which the contractor must at least set up and maintain on an ongoing basis, are set out below. The aim is to guarantee in particular the confidentiality, integrity and availability of the information processed in the order. Confidentiality (Art. 32 para. 1 lit. b GDPR)

  • Access control: No unauthorized access to data processing systems, e.g. magnetic or chip cards: Magnetic or chip cards, keys, electric door openers, plant security or gatekeepers, alarm systems, video systems;
  • Access control: No unauthorized system use, e.g: (secure) passwords, automatic locking mechanisms, two-factor authentication, encryption of data carriers;
  • Access control: No unauthorized reading, copying, modification or removal within the system, e.g: Authorization concepts and needs-based access rights, logging of access;
  • Separation control: Separate processing of data collected for different purposes, e.g. multi-client capability, sandboxing;

Pseudonymization (Art. 32 para. 1 lit. a GDPR; Art. 25 para. 1 GDPR)

  • The processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to appropriate technical and organizational measures;

Integrity (Art. 32 para. 1 lit. b GDPR)

  • Transfer control: No unauthorized reading, copying, modification or removal during electronic transmission or transport, e.g. encryption, virtual private networks (VPN), electronic signature: Encryption, Virtual Private Networks (VPN), electronic signature;
  • Input control: Determining whether and by whom personal data has been entered into, changed or removed from data processing systems, e.g. logging, document management: Logging, document management;

Availability and resilience (Art. 32 para. 1 lit. b GDPR)

  • Availability control: Protection against accidental or wilful destruction or loss, e.g: Backup strategy (online/offline; on-site/off-site), uninterruptible power supply (UPS), virus protection, firewall, reporting channels and emergency plans; Rapid recoverability (Art. 32 para. 1 lit. c GDPR);Procedures for regular review, assessment and evaluation (Art. 32 para. 1 lit. d GDPR; Art. 25 para. 1 GDPR)
  • Data protection management;
  • Incident response management;
  • Data protection-friendly default settings (Art. 25 para. 2 GDPR); Order control No commissioned data processing within the meaning of Art. 28 GDPR without corresponding instructions from the client, e.g: Clear contract design, formalized order management, strict selection of the service provider, obligation to convince in advance, follow-up checks.

Appendix 2 - Authorized subcontractors:

  • Subcontractor: Marketing MBA, Office 1906 Jumeirah Business Center 3, Cluster Y, Jumeirah Lake Towers, Dubai, United Arab Emirates. rp@aiv.group (CEO Raoul Plickat)
  • Tools and programs used by the sub-provider that process personal data:
    • Slack Technologies Limited: Salesforce Tower 60 R801, North Dock Dublin Ireland privacy@slack.com
    • Monday.com: MondayCom Ltd, 6 Yitzhak Sadeh Street, Tel Aviv-Yafo, 677750 https://monday.com/helpcenter/
    • Notion: Hendrik Beck & Sascha Rehbock GbR, Hanauer Str.3, 61118 Bad Vilbel info@getgamma.app
    • Google: Google Workspace Google AnalyticsGoogle Tag Manager Google Ireland Limited Gordon House, Barrow Street Dublin 4 Ireland support-deutschland@google.com
    • Zoom: Zoom Video Communications, Inc. 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA privacy@zoom.us
    • Calendly: Calendly LLC, 1315 Peachtree St NE, Atlanta, GA 30309, USA privacy@calendly.com
    • WebinarJam: 7660 Fay Ave Ste H184, La Jolla, California, 92037, United States support@webinarjam.com
    • Close CRM: Elastic Inc, PO Box 1145, Jackson, WY 83001, USA dpo@close.com
    • Keeping: Katsu Ventures LLC, 90 State Street, Suite 700, Albany, NY 12207 support@keeping.com
    • Active Campaign: Active Campaign LLC, 1 N Dearborn St Fl 5, Chicago, Illinois, 60602, USA help@activecampaign.com
    • WebSMS: LINK Mobility Austria GmbH, Brauquartier 5/13, 8055 Graz, AUSTRIA office.at@linkmobility.com
    • Slido:Cisco Systems, Inc, Legal department, 170 West Tasman Dr., San Jose, CA 95134 USA support@slido.com
    • Jotform: Jotform Inc. 4 Embarcadero Center, Suite 780, San Francisco CA 94111 support@jotform.com
    • WebFlow: WebFlow Inc, 398 11th Street, Floor 2, San Francisco, CA 94103 support@webflow.com
    • clickfunnels: Clickfunnels LLC, 3443 W Bavria St, Eagle, Idaho 83616, US support@clickfunnels.com
    • funnelcockpit: Denis Hoeger Caballero, Nobelstr- 3-5, 41189 Mönchengladbach, Germany support@funnelcockpit.com
    • Kajabi: Kajabi LLC, 333 El Camino, Real Ste 200 Tustin California 92780, US support@kajabi.com
    • AcademyOcean: Netpeak Group Ltd, 43 Cherni Vrah bld, Sofia, Bulgaria gdpr@netpeak.net
    • Copemember: CopeMember Technology Ltd, Gialousas 63, 3071 Limassol, Cyprus info@copemember.com
    • Copecart: CopeCart GmbH, Rosenstraße 2, 10178 Berlin, Germany info@copecart.com
    • matomo: Matomo Ltd, 150 Willis St, Mount Victoria, 6011, New Zealand privacy@matomo.org
    • cookiebot: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark mail@cookiebot.com
    • Hotjar: Hotjar Ltd, Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141 Malta support@hotjar.com
    • zapier: Zapier, Inc. 548 Market St. #62411 San Francisco, CA 94104-5401, USA contact@zapier.com
    • vimeo: Vimeo Inc, 330 W 34th St Fl 5, New York City, New York, 10001, USA support@vimeo.com
    • vidalytics: Vidalytics LLC, 340 S Lemon Ave, Walnut, California, 91789, USA hi@vidalytics.com

Appendix 3 - Persons authorized to issue instructions

  • The following persons are authorized to issue and receive instructions: The controller pursuant to Art. 4 No. 7 GDPR

Appendix 4 - Data Protection Officer

  • The contractor currently has an external data protection officer:
    • Williams-Connect Management Janko Williams Street of Youth 18 14974 Ludwigsfelde kontakt@williams-connect.eu

Part V - Order processing by CopeCart GmbH

1. Object of the assignment

  • 1.1 The Vendor (for the purposes of this Part V "Client") has CopeCart GmbH (for the purposes of this Part V "Contractor") process personal data on its behalf on the basis of the contract for the use of the copecart.com platform (the "Main Contract"). For this purpose, the parties enter into this Data Processing Agreement, which takes precedence over the Main Agreement in the event of contradictions. Order processing in this sense by the Contractor exists insofar as the Contractor processes personal data via copecart.com for which the Contractor is the controller within the meaning of Art. 4 GDPR.
  • 1.2 Data of the client and its customers are affected. This includes, in particular, names, addresses, communication data, behavioral data, contract data and payment data.

2. Responsibility and right of the client to issue instructions

  • 2.1 The client is the controller within the meaning of Art. 4 No. 7 GDPR for the purposes of commissioned processing. It is responsible for compliance with the statutory provisions on data protection, in particular for the lawfulness of the transfer of data to the contractor and for the lawfulness of data processing by the contractor.
  • 2.2 The Client has the right at any time to issue instructions supplementing the main contract regarding the type, scope and procedure of the processing of personal data. Instructions must be issued via the copecart.com website, as far as possible, otherwise in text form. Instructions that are not covered by the contract on the use of copecart.com are subject to a fee, insofar as a fee is customary for this.
  • 2.3 The Contractor shall inform the Client immediately in text form if, in its opinion, an instruction issued by the Client violates statutory regulations. As long as the parties have not resolved the Contractor's concerns, the Contractor shall be entitled to suspend the execution of the instruction in question. If the parties are unable to reach an agreement and the Client adheres to its instruction, the Contractor shall be entitled to terminate this contract by giving reasonable notice, which shall not be less than two weeks. If in this case the main contract cannot be executed, the Client shall be entitled to terminate it if the main contract could only be executed by implementing the unlawful instruction and this was not recognizable to either party when the contract was concluded.
  • 2.4 If the Contractor is of the opinion that it cannot comply with an instruction of the Client for technical reasons, it shall inform the Client of this in text form and coordinate further action with the Client.

3. Control rights of the client

  • 3.1 The Client shall be entitled to all control rights, in particular inspections, which are necessary to comply with the obligations incumbent upon it in accordance with the provisions of the GDPR. The right of inspection must be exercised with a reasonable period of notice and during the Contractor's normal business hours. In order to reduce the pact of inspections on its business operations, the Contractor is entitled to combine them with those of other clients, insofar as this is reasonable for the Client (e.g. joint inspection dates, which are carried out within a reasonable period of time). The Client shall ensure that inspections are only carried out to the extent necessary so as not to disproportionately disrupt the Contractor's business operations.
  • 3.2 The client shall be entitled to transfer the exercise of control rights to a third party commissioned by the client. If the third party is in a competitive relationship with the Contractor, the latter shall have the right to object to its activities.
  • 3.3 The Contractor shall cooperate in the exercise of the inspection rights to the extent necessary. It may make inspections by the Client dependent on the signing of a customary and appropriate confidentiality agreement, insofar as this is necessary to protect its business secrets in accordance with the statutory provisions.
  • 3.4 For the services to be provided under this clause, the Contractor shall be entitled to reasonable remuneration based on the time spent, unless it is responsible for the inspection or it is an inspection carried out or ordered by a supervisory authority. The Contractor may not make the provision of the services owed by it dependent on the Client acknowledging and/or paying a certain remuneration in advance.

4. Obligations of the client

The Client must inform the Contractor immediately, stating the reasons, if it discovers errors or irregularities in the results of the order or with regard to the Contractor's activities with regard to the provisions of this contract or the GDPR.

5. Obligations of the Contractor

  • 5.1 Any processing of personal data shall be carried out exclusively in accordance with the provisions of the main contract and any instructions issued by the client. This also applies to the transfer of personal data to a third country or an international organization. This Part V Section 5.1. shall not apply if the Contractor is obliged to process the data by the law of the Union or the Member States to which it is subject; in such a case, the Contractor shall notify the Client of these legal requirements prior to processing, unless the law in question prohibits such notification due to an important public interest.
  • 5.2 The Contractor confirms that it is not legally obliged to appoint a company data protection officer. It shall appoint a contact person for the Client in its place for all matters relating to data protection and the implementation of this contract.
  • 5.3 The Contractor shall oblige the persons authorized to process the personal data to maintain confidentiality, unless they are already subject to an appropriate statutory duty of confidentiality. The scope of the obligation shall be proportionate to the data processed and the consequences of any breach of the protection of personal data. It must also relate to all personal data that the contractor processes for the client. The content and the fact of the obligation must be demonstrated to the client upon request. Any further obligations arising from a separate confidentiality agreement concluded between the parties shall remain unaffected by this.
  • 5.4 The Contractor shall provide the Client with a list of its order processing procedures upon request. It must inform the Client of any subsequent changes in text form without being requested to do so.
  • 5.5 The Contractor shall support the Client in complying with the obligations set out in Art. 32 to 36 GDPR, taking into account the type of processing and the information available to it. For this purpose, it shall in particular provide the services provided for in this contract.
  • 5.6 If necessary, the Contractor shall support the Client in carrying out a data protection impact assessment in accordance with Art. 35 GDPR and shall provide it with all information and evidence required for this from its sphere. It shall be obliged accordingly if the Client must carry out a prior consultation with a supervisory authority in accordance with Art. 36 GDPR. For the services to be provided under this Part V Section 5.6, the Contractor shall be entitled to reasonable remuneration based on the time required. The Contractor may not make the provision of the services owed by it dependent on the Client acknowledging and/or paying a certain remuneration in advance.
  • 5.7 At the legitimate request of the Client, the Contractor shall provide the Client with all information necessary to prove compliance with the obligations incumbent on the Contractor under Article 28 GDPR.
  • 5.8 Should the Client's data at the Contractor be jeopardized by seizure, confiscation, insolvency or composition proceedings or by other events or measures of third parties, or if such measures have been taken, the Contractor shall inform the Client immediately and comprehensively, unless it is not permitted to do so by law. Furthermore, the Contractor is obliged to inform all relevant third parties in this respect that the data is personal data for which the Client is the controller and that the Contractor itself is only acting as a processor.

6. Security of processing

  • 6.1 The Contractor shall take all measures required pursuant to Art. 32 GDPR, in particular suitable technical and organizational measures, to ensure a level of protection appropriate to the risk of data processing. It shall demonstrate compliance with these requirements to the Client by suitable means at the latter's request.
  • 6.2 The Contractor is entitled to adapt to changed technical or legal circumstances. The Contractor shall inform the Client immediately of any changes that may mean a reduction in the level of protection.

7. Sub-processors

  • 7.1 The Contractor shall use sub-processors for the processing, which shall be notified to the Client.
  • 7.2 The Contractor shall inform the Client in text form of any changes to the commissioning of subcontracted processors. The client may object to the change within a period of two weeks from receipt of the information. The Contractor shall not implement the change before the expiry of the objection period. In the event of an objection, the Contractor shall be entitled to terminate the order processing contract with a notice period of at least one month, provided that the change would have been reasonable for the Client and the objection is unreasonable for the Contractor. Reasonableness for the client is given if the change would not have caused any disadvantages for the client and, in particular, it would have been ensured that the provisions of this contract and the GDPR would have continued to be complied with if the change had been implemented. Unreasonableness for the contractor is given if it provides its order processing services as an essentially uniform process for a large number of clients and individual deviations in the subcontracted processors are not easy for the contractor to implement (e.g. all clients use the same, standardized software platform).
  • 7.3 The Contractor shall comply with the conditions set out in paragraphs 2 and 4 of Art. 28 GDPR for any sub-processors. It shall also ensure that the contractual agreements otherwise made with the Client in this respect and any supplementary instructions of the Client are also complied with by the processors. He must provide evidence of this to the client upon request.

8. Measures taken by supervisory authorities

  • 8.1 To the extent permissible, the Contractor shall inform the Client without undue delay of any inspection activities and measures of a (supervisory) authority insofar as they relate to this contract. This shall apply in particular if an authority investigates the Contractor in the context of administrative offense or criminal proceedings relating to the commissioned processing.
  • 8.2 If the Client is subject to an inspection by the (supervisory) authority, administrative offense or criminal proceedings, a liability claim by a data subject or a third party or any other claim in connection with the commissioned processing at the Contractor, the Contractor shall support the Client to the extent necessary. For the services to be provided in this respect, the Contractor shall be entitled to a reasonable fee based on the time spent, unless and insofar as it is not responsible for the corresponding inspection etc. The Contractor may not make the provision of the services owed by it dependent on the Client acknowledging and/or paying a certain remuneration in advance.

9. Remuneration of the contractor

The Contractor shall not be entitled to any separate remuneration for the services provided by it under this contract, unless otherwise agreed in this contract.

10. duration of the contract

The term of this contract is based on the term of the main contract. It can only be terminated separately from the main contract for good cause, unless this contract or mandatory statutory provisions stipulate otherwise.

11. Consequences of contract termination

  • 11.1 After completion of the provision of the processing services, the Contractor shall either delete or return all personal data at the Client's discretion and delete the existing copies, unless there is an obligation to store the personal data under Union law or the law of the Member States to which the Contractor is subject. The Contractor shall confirm to theClient that the deletion has been carried out in accordance with the Client's instructions.
  • 11.2 The client has the right to check that the data has been returned to and deleted from the contractor in full and in accordance with the contract.
  • 11.3 Any right of retention of the Contractor with regard to the processed data and the associated data carriers is otherwise excluded.

12. Liability

The liability of the parties shall be governed by the agreements in the main contract. The direct liability of the parties to a data subject under statutory data protection provisions remains unaffected.

13. violation of data protection regulations, agreements or instructions

  • 13.1 The Contractor is obliged to notify the Client in text form of any breach of data protection regulations, the agreements made and/or the instructions issued without delay, at the latest 24 hours after first becoming aware of it. The corresponding notification shall contain at least the following information:
    • 13.1.1 A description of the nature of the breach, including, where possible, the type and amount of data involved and categories of data subjects;
    • 13.1.2 The name and contact details of the data protection officer or other contact point for further information;
    • 13.1.3 A description of the likely consequences of the personal data breach;
    • 13.1.4 A description of the measures taken or proposed to be taken by the controller to address the personal data breach and, where appropriate, measures to mitigate its possible adverse effects;
  • 13.2 Any necessary notification to a supervisory authority or information of data subjects shall be the sole responsibility of the Client. The Contractor shall cooperate in this to the extent necessary.
  • 13.3 The Contractor is further obliged to immediately clarify the breach to the extent necessary and to provide the Client with corresponding documentation. The documentation shall include a description of the measures taken by the Contractor to prevent further breaches and why it is of the opinion that the measures taken are sufficient to meet the requirements of this contract and the statutory provisions.

14. Rights of data subjects

  • 14.1 The Contractor shall, as far as possible and reasonable, support the Client with appropriate technical and organizational measures to comply with its obligation to respond to requests to exercise the rights of data subjects referred to in Chapter 3 of the GDPR. For this purpose, the client must inform the contractor in text form which support action of the contractor it requires and to this extent provide the contractor with the data required to fulfill the request. If one party requires further information from the other party, it shall inform the other party immediately in text form. The Contractor shall provide its support within a reasonable period of time so that the Client can meet the deadlines incumbent upon it. The Contractor shall inform the Client immediately, stating the reasons, if it is unable to provide the requested support.
  • 14.2 If a data subject should contact the Contractor directly to exercise the rights to which they are entitled under Chapter 3 of the GDPR, the Contractor shall refer them to the Client, insofar as it is possible to assign them to the Client. If it is not possible for the Contractor to identify the data subject and the Contractor is not directly obliged to the data subject as the controller under Chapter 3 of the GDPR, it shall inform the data subject that it is acting as a processor for third parties and that it cannot identify the third party with regard to the data subject. If and to the extent that the contractor is itself obliged to the data subject as a controller under Chapter 3 of the GDPR, the fulfilment of the corresponding obligations is the sole responsibility of the contractor as the controller.
  • 14.3 For the services to be provided for the Client in accordance with this Part V Section 14, the Contractor shall be entitled to reasonable remuneration based on the time required. The Contractor may not make the provision of the services owed by it dependent on the Client acknowledging and/or paying a certain remuneration in advance.
Loading...
Your browser is out of date!
Update your browser to view this website correctly.
Close