Terms, Privacy Policy and Data Processing

Terms and Conditions of Userlike

Subject Matter and Scope

  • Subject matter of these General Terms and Conditions (hereinafter "terms and conditions") is the provision of services (hereinafter "Services") of Userlike UG (limited liability), Probsteigasse 44-46, 50670 Cologne, Germany, (hereinafter "Userlike") regarding the application "Userlike" (all editions) to customers (hereinafter "Customers"), who are not consumers as defined in Section 13 of the German Civil Code (Bürgerliches Gesetzbuch – BGB).
  • These terms and conditions and any regulations in individual agreements between the Parties shall apply exclusively. Conflicting or deviating terms of Customer shall not apply, even if Userlike despite the knowledge thereof provides its Services without objecting to those conflicting or deviating terms.
  • Userlike shall have the right to change these terms and conditions within a suitable notice period. Changes shall enter into effect only if Customer has not objected to the changes within one month from the written notification of the intended change (objection period) and if in such notification Userlike informs Customer (a) on his right to object and (b) the objection period. This clause does not apply to obligations of Userlike which are prerequisite for the proper implementation of the agreement, by the breach of which attainment of the purpose of the agreement is jeopardized and on which Customer may duly rely (cardinal obligation).

Agreements and Offers

  • A completed web-based order form or any other kind of order request of the Customer constitutes a binding contractual offer regarding the requested Services of Userlike. An agreement shall be deemed concluded upon acceptance of such offer by Userlike, at the latest upon provision of the Service by Userlike.
  • Any offers by Userlike shall be deemed non-binding, unless expressly otherwise agreed. Performance dates or times mentioned in a Customer’s request are binding only if designated as binding by Userlike in writing.

Services

  • Customer shall inform Userlike without undue delay in case of malfunction or disruption of the Service.
  • Customer shall be obligated to keep personal access data (username and password) confidential against access by unauthorized third parties. Customer shall change his password immediately and shall be obligated to inform Userlike without undue delay if there is reason to suspect that unauthorized third parties have access to Customer’s password.
  • Customer shall be obligated to use the Services in accordance with the legal provisions of the territory of intended use. In particular Customer shall observe the applicable copyrights, trademark rights, patent rights and any other intellectual property or personal rights of third parties. Customer may neither use nor make available to the public any data or any information with illegal content.
  • Customer may not use the Services, to conduct attacks on Userlike or third parties, such as spamming, hacking, brute force attacks, the use of spy software, virus or worms attacks.
  • In case of an infringement of section 4 (2) to (4) of these terms and conditions Userlike may delete illegal content at any time and without prior notice or may – to the extent necessary –block access of Customer to the relevant content and/or Services until Customer has redressed the infringement. In case of a severe violation of Customer against the duties stipulated in section 4 (2) to (4) of these terms and conditions Userlike shall have the right to terminate the contract for good cause without prior notice (section 10 (2)). If Customer is responsible for the infringement he shall compensate Userlike for all damages resulting thereof.

Customer’s Obligations

  • Details of the respective contractually agreed Services can be found on the product order pages of Userlike valid at the time of the order.
  • Insofar as Userlike conducts its Services free of charge (Free Trial and Edition "Free") it may at its own discretion and at any time, in whole or parts, change, limit or cancel such Services. If doing so Userlike will take Customer’s legitimate interests into account and will notify Customer within a reasonable timeframe in advance, provided that such notification is technically feasible and reasonable.
  • Userlike provides its Services 24 hours a day, 365 days a year and ensures an availability rate of at least 99,00% of the annual mean, except for maintenance downtimes. Userlike will inform Customer about necessary maintenance downtimes in good time, if possible. Userlike is not liable for any downtimes which make its Services unavailable via internet, in particular for downtimes because of technical or other problems that are outside Userlike’s sphere of influence or control such as force majeure events or acts of third parties.

Rights of use and Reimbursement

  • Userlike grants to Customer the non-exclusive, non-transferable, non-sublicensable and unlimited right to use the Services within the scope and limited to the term of the agreement. Userlike shall be obligated to provide new versions, upgrades or updates of its Services only insofar as it is strictly necessary for the remedy of defects. Outside the scope of the agreement Customer is not entitled to use, copy or download Userlike’s Services or to make them available to any third parties.
  • Customer shall be obligated to indemnify Userlike and its subcontractors against all third party claims that are based on the illegal use of the Services or any such use that happened with his consent, or that arise, in particular, from litigation procedures involving the infringement of laws on data protection, copyright or other laws in conjunction with the use of the Services. If Customer realizes or can be expected to realize that such infringement is about to occur, he shall be obligated to notify Userlike without undue delay.

Data Protection

  • Userlike collects, processes and uses personal identifiable information ("personenbezogene Daten") solely pursuant to German data protection legislation. Customer may find Userlike’s current privacy notice ("Datenschutzerklärung") at Userlike’s website under the section "Privacy Notice".
  • It is in Customer’s sole responsibility to collect, process or use personal identifiable information of third parties in accordance with German statutory provisions while using the Services. That applies, in particular, to his obligation to obtain the necessary consent of the parties involved, provided that no statutory provision legitimates the intended data collection, processing or usage.

Rights in Case of Defects

  • Insofar as Userlike provides its Services free of charge (Free Trail and Edition "Free") Userlike shall be not obligated to remedy defects.
  • Insofar as Userlike provides paid Services it shall be entitled to remedy the defect by delivering an update, upgraded or otherwise revised version of the Service or by implementing a workaround.
  • Liability for defects shall be excluded if the defect is caused because Customer or a third party on behalf of Customer altered Services or in any other way interfered in the Services in an inadmissible manner or because Customer or said third party made use of the Services in a way that is not compliant with the scope of the agreement or Service documentation.

Liabilities

  • Services provided free of charge (Free Trial and Edition "Free")
    Insofar as Userlike provides its Services free of charge, Userlike’s liability shall be liable in accordance with statutory provisions of German law for any damages based on intent, fraudulent intent, gross negligence or lack of a guaranteed feature. Any further liability shall be excluded. Liability for injury in life, limb or health and liability in accordance with the German Product Liabilty Act (Produkthaftungsgesetz – ProdHaftG) shall remain unaffected.
  • Paid Services
    Insofar as Userlike provides paid Services Userlike shall be liable in accordance with statutory provisions of German law for any damages based on intent or gross negligence or the lack of a guaranteed feature, including intent or gross negligence of its subcontractors.
    In the event of slight negligent breach of an obligation of Userlike which is prerequisite for the proper implementation of the agreement, by the breach of which attainment of the purpose of the agreement is jeopardized and on which Customer may duly rely, liability shall be limited to the typical damage expected under the agreement. Any other liability shall be excluded. Liability for injury in life, limb or health and liability in accordance with the ProdHaftG shall remain unaffected.
  • Liability for loss of data
    Userlike shall be liable for the loss of data in the event of slight negligence only under the conditions and within the scope of section 7 (2) and only to the extent that the damage would also have occurred if Customer had performed a duly and regular, at least daily, backup (on his local systems).

Payment Terms

  • Unless otherwise agreed, Customer may find details concerning prices on the product order pages of Userlike, valid at the time of the order.
  • All prices (including additional costs) are net prices. Userlike shall be entitled to issue electronic invoices. Billing for the respective Service will be processed in accordance with the payment method selected by Customer.
  • The billing amount is immediately due and payable without deduction upon invoicing. A payment shall only be deemed to have been made when Userlike has disposal over the amount.
  • Customer shall be in default if he does not make his payment within fourteen days after the due date and receipt of an invoice or equivalent statement of payment. In case of default, Userlike shall be entitled to claim default interest at the statutory rate (Section 288 para. 2 BGB). The assertion of further claims remains unaffected.
  • In the event that Customer is in default of (a) payment or a significant part thereof, for two consecutive months or (b) in an amount that is at least equivalent to the amount due for a period of two months, Userlike shall be entitled to block access to the Services. Userlike’s right to terminate the contract for good cause without prior notice (section 10 (2)) remains unaffected.

Term and Termination of an Agreement

  • Unless otherwise agreed, the agreement has a minimum term – depending on the chosen edition of the Service – of one, twelve or twenty-four months and may be terminated without notice at the end of each term. Unless terminated in due time the agreement shell be deemed extended each time for the applicable minimum term. As for Custom Customers – depending on the chosen edition of the Service – a minimum term of twelve or twenty-four months with a notice period of three months to the end of each term shall apply.
  • Notice of Termination can be provided either by using Userlike’s relevant communications tools on its website or in text format (eMail).
  • The right to terminate the agreement for good cause without notice remains unaffected. A good cause shall apply in particular if the terminating party, taking into account all circumstances of the specific case and weighing the interests of both parties, cannot reasonably be bound to the agreement until expiration of the relevant term.
  • If Customer opts for deleting his entire account at Userlike, also Customer’s corresponding data will be automatically deleted. It is therefore Customer’s responsibility to backup his data on his local account before deleting his account.

Integration

  • Userlike provides software-based technical support in the communication of its customers with third parties via independent messenger applications such as Facebook Messenger and Telegram.
  • The telephone numbers Userlike imparts to its customers to use with messenger applications are supplied by cloud communication providers. There is no contractual relationship established between Userlike’s customers and cloud communication providers. Userlike’s customers are not entitled to be provided with a leaving or disclosure of the telephone number, nor with benefits in respect of these cloud communication providers.
  • Installation or maintenance of the operation of the messenger applications is not included in the scope of services of Userlike’s products. Userlike does not have any contractual relationship with the providers of these messenger applications. Alterations in the settings of the messenger applications or improper handling of these can lead to interruptions and harm its functioning. In such cases, Userlike will work to restore functionality.
  • If the messenger application’s provider bans individual telephone numbers, Userlike will inform customers about this and impart to them a new number. If customers decide to accept this offer, all recipients will have to be recruited and verified again.
  • Also not included in the scope of services of Userlike’s products is the equipment of third parties that is necessary for the messenger applications to be used. Userlike does not have any contractual relationship with the third parties.

Miscellaneous

  • Userlike shall have the right to provide its Services with the help of subcontractors. Userlike shall be liable for any Services provided by subcontractors to the same extent that Userlike is liable for its own actions.
  • Information specified on the product order page, in brochures and other documents serves only to describe the products and does not constitute a guarantee, particularly a guarantee of a certain quality. Guarantees must be expressly confirmed by Userlike in writing.
  • The contractual relations between Userlike and Customer shall be governed by German law under exclusion of the UN Convention on Contracts for the International Sale of Goods.
  • If Customer is merchant within the meaning of the German Commercial Code (Handelsgesetzbuch – HGB), a legal person governed by public law or a special fund (Sondervermögen) under public law, exclusive place of jurisdiction shall be Cologne, Germany. The same applies, if Customer has no general place of jurisdiction in Germany or if his domicile or his usual place of residence is unknown at the time an action is filed. Userlike’s right to file an action against Customer at its general place of jurisdiction remains unaffected.
  • Should provisions of an agreement with Customer including these term and conditions are or become invalid in parts or as a whole, validity of the remaining provisions shall remain unaffected and the invalid parts shall be replaced by the relevant statutory provision.

Last revision: 10 February 2016

Terms, Privacy Policy and Data Processing

Privacy Policy of Userlike

1. An overview of data protection

General

Data protection and data security are of utmost importance for Userlike UG (limited liability), hereinafter "Userlike" or "we". In the following we may provide answers to your most frequent questions to what personal data we collect, process and use in connection with our website and what your possibilities are to influence this data usage.

We would like to point out that this privacy statement applies only to our website https://www.userlike.com and its subpages (hereinafter "Websites") but not to websites of third parties that are linked with our Websites. As Userlike has no measures to influence data usage of said third parties, we recommend that you also assess those third parties’ privacy statements.

Userlike collects and processes personal data exclusively in compliance with the relevant provisions of German data protection law, in particular the General Data Protection Regulation (EU-DSGVO) and the Telemedia Act (TMA).

The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.

Data collection on our website
Who is responsible for the data collection on this website?

The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.

How do we collect your data?

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.

Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.

What rights do you have regarding your data?

You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.

Analytics and third-party tools

When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.

You can object to this analysis. We will inform you below about how to exercise your options in this regard.

2. General information and mandatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Notice concerning the party responsible for this website

The party responsible for processing data on this website is:

Userlike UG (haftungsbeschränkt)
Probsteigasse 44-46
50670 Köln

Telephone: +49 (0) 221-63060024
Email: privacy@userlike.com

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Encrypted payments on this website

If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.

Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon in your browser line is visible.

In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.

Information, blocking, deletion

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.

Opposition to promotional emails

We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.

3. Data protection officer

Statutory data protection officer

We have appointed a data protection officer for our company.

Userlike UG (haftungsbeschränkt)
Igor Buchmüller
Probsteigasse 44-46
50670 Köln

Telephone: +49-221-63060024
Email: privacy@userlike.com

4. Applicants for Employment

The purpose of the data processing is the selection of applicants for an employment relationship. There are no plans to change these purposes.

Legal basis is § 26 BDSG (2017) in connection with Article 6 (1) (b) (employment contract) and Article 88 DS-GMO.

Applicant data is passed on internally to the responsible and decision-making employees. We also use service providers to process orders for the provision of services, in particular for the provision, maintenance and servicing of IT systems.

The data will be deleted three months after the end of the application process.

Personal data is required for the examination of the application and, if necessary, the subsequent conclusion of an employment contract. Without personal data, an application cannot be considered. However, applications can also be submitted without providing such information marked as voluntary.

In the course of the application process, data is processed by the service provider Hetzner. This processing is based on the conclusion of an order processing agreement under German law. A copy may be made available at any time by the data protection officer.

5. Data collection on our website

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 paragraph 1, letter f of DSGVO. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:

  • Time of the server request,
  • Browser type and browser version,
  • IP-Address,
  • Operating system used,
  • Referrer URL.

These data will not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Contact form

Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

Live-Chat

Userlike uses a live chat of Userlike UG (haftungsbeschränkt), Probsteigasse 44-46, 50670 Cologne, Germany (yes, we use our own chat :-) ). You can use the live chat as a contact form to chat with our staff in near real time. At the start of the chat, personal data is collected.

  • Date and time of the call,
  • browser type/version,
  • IP address,
  • operating system used,
  • URL of the previously visited website,
  • amount of data sent.
  • First name, last name
  • email address

Depending on the course of the conversation with our employees, further personal data may arise in the chat, which are entered by you. The type of data depends strongly on your request or the problem you describe to us.

All our employees have been and will be trained on the subject of data protection and on the safe and confidential handling of customer data. All our employees are bound to confidentiality and have accordingly signed an addendum to the obligation to maintain confidentiality and to observe data protection in their employee contracts.

When you visit userlike.com, the chat widget is loaded as a JavaScript file from AWS Cloudfront. The chat widget technically represents the source code that is executed on your computer and enables the chat.

Furthermore, Userlike stores the chat record. This shall not only spare you the inconvenience of recalling the whole chat history of past chats when you ask for our assistance via live chat but shall also ensure an continuous quality control regarding our live chat. If you do not want to have your chat record stored please contact us and we will delete it immediately. You may find our contact details at the end of this privacy statement.

Use of Services

If you decide to make use of our services, we may ask you for further personal data. If you make use of services that are free of charge (e.g. Free Trial or Edition "Free") this is the name of your company or your website address, your first name, surname and username, your email address andyour password. If you want to use our fee-based services (e.g. Edition "Team", "Corporate", "Business", "Custom" or "Flex") you must furthermore provide us with the necessary payment details, depending on the chosen payment method (e.g. credit card details, etc.).

Depending on the individual use of the relevant service we might process further personal data insofar as it is necessary to render our services. This relates for example to the content of chats or chat records that have been conducted and stored by making use of our services and IT infrastructure.

Registration on this website

You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.

To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.

We will process the data provided during registration only based on your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.

Processing of data (customer and contract data)

We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.

Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

Data transmitted when entering into a contract with online shops, retailers, and mail order

We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract, for example, to companies entrusted to deliver goods to your location or banks entrusted to process your payments.

Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.

The basis for data processing is Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Transfer of personal data

Userlike will transfer data to third parties only to the extent necessary to render its services. For any other purposes we will transfer personal data to third parties only with your prior and explicit consent. That applies in particular to the transfer of personal data for advertising purposes. Exceptions to this rule apply only in the following cases:

  • If required for investigating the illegal use of the services of Userlike or for legal proceedings, personal data will be transferred to the criminal investigation authorities and, if legally obliged, to injured third parties. We are also legally obliged to give certain public authorities information. These are criminal investigation authorities, public authorities which prosecute administrative offences entailing fines and the German finance authorities.
  • Occasionally we depend on contractually affiliated external companies and external service providers to supply services such as the supply of advertising measures (only if you have given your explicit prior consent), processing payments (credit card etc.), storing your data and customer service. In such cases, information is transferred to these companies or individuals in order to enable them to process this information further. The service providers may only use the data for the purposes stipulated by Userlike and solely in accordance with German data protection laws.
  • In order to further develop our business, we may alter the corporate structure of Userlike e.g. by changing its legal form. We may also form, sell or buy subsidiaries, divisions or parts of the company. In such transactions, customer information together with the part of the company to be transferred will be passed on. Every time personal data are transferred to third parties to the extent prescribed, Userlike will ensure that this is done in accordance with this privacy statement and the relevant data protection laws.

6. Social Media

Twitter Plugin

Functions of the Twitter service have been integrated into our website and app. These features are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When you use Twitter and the “Retweet” function, the websites you visit are connected to your Twitter account and made known to other users. In doing so, data will also be transferred to Twitter. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by Twitter. For more information on Twitter's privacy policy, please go to https://twitter.com/privacy.

Your privacy preferences with Twitter can be modified in your account settings at https://twitter.com/account/settings.

Instagram plugin

Userlike uses (in the Userlike blog) functions and contents of the Instagram service provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. This service allows us to include contents such as images, videos or texts and buttons on our blog. Instagram's Privacy Policy: http://instagram.com/about/legal/privacy/.

Facebook Connect / Login:

Userlike uses Facebook Connect, a service of Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA or its subsidiary Facebook Ireland Ltd., Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (Facebook). By logging in via the Facebook Connect button, personal data is transmitted to Facebook. We do not know what data Facebook links to the personal data received and for what purposes Facebook uses this data.

For more information, please see Facebook's Privacy Policy (https://www.facebook.com/about/privacy/). If you do not want Facebook to be able to associate your Facebook account with our website, please log out of your Facebook account and block the execution of Java script content from Facebook in your browser, e.g. with the Java script blockers from www.noscript.net or www.ghostery.com.

7. Analytics and advertising

Google Analytics

This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

IP anonymization

We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Browser plugin

You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Objecting to the collection of data

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.

For more information about how Google Analytics handles user data, see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Outsourced data processing

We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic data collection by Google Analytics

This website uses Google Analytics' demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section "Refusal of data collection".

Google AdSense

This website uses Google AdSense, a service for including advertisements from Google Inc. ("Google"). It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google AdSense uses so-called "cookies", which are text files stored in your computer that enable an analysis of the way you use the website. Google AdSense also uses so-called web beacons (invisible graphics). Through these web beacons, information such as the visitor traffic on these pages can be evaluated.

The information generated by cookies and web beacons relating to your use of this website (including your IP address), and delivery of advertising formats, is transmitted to a Google server in the US and stored there. This information can be passed on from Google to contracting parties of Google. However, Google will not merge your IP address with other data you have stored.

AdSense cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

You can prevent the installation of cookies by setting your browser software accordingly. Please be aware that in this case, you may not be able to make full use of all the features of this website. By using this website, you agree to the processing of data relating to you and collected by Google as described and for the purposes set out above.

Google Analytics Remarketing

Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behavior on one device (e.g. your mobile phone), on other devices (such as a tablet or computer).

Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging.

To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.

You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/.

The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Art. 6 (1) (a) DSGVO. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing anonymous user behavior for promotional purposes.

For more information and the Google Privacy Policy, go to: https://www.google.com/policies/technologies/ads/.

Google AdWords und Google Conversion-Tracking

This website uses Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States ("Google").

As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page.

Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics.

Conversion cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

For more information about Google AdWords and Google Conversion Tracking, see the Google Privacy Policy: https://www.google.de/policies/privacy/.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Doubleclick

Userlike uses Doubleclick, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway in 94043 Mountain View, USA (hereinafter: Doubleclick). Userlike uses the data to ensure the full functionality of the website. In this context, the browser may transmit personal data to Doubleclick. The legal basis for data processing is Article 6 (1) (f) DSGVO. The legitimate interest consists in an error-free function of the website. Doubleclick has certified itself under the EU-US Privacy Shield Agreement (see https://www.privacyshield.gov/list). The data will be deleted as soon as the purpose of their collection has been fulfilled. For more information on the handling of the transferred data, please refer to Doubleclick's privacy policy: https://www.google.com/intl/de/policies/privacy/. You can prevent Doubleclick from collecting and processing your data by disabling script code execution in your browser or by installing a script blocker in your browser (which can be found at www.noscript.net or www.ghostery.com, for example).

KISSmetrics

This website uses functions of the web analytics service Kissmetrics. The provider is Space Pencil, Inc., 847 Sansome Street, Lower Level San Francisco, CA 94111, USA.

Kissmetrics uses "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to and stored by Kissmetrics on servers in the United States.

The storage of Kissmetrics cookies is based on Article 6 (1) (f) DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both his website and his advertising.

Objection to data collection

You can prevent Kissmetrics from collecting your information by clicking the following link. An opt-out cookie is set to prevent your data from being collected during future visits to this https://signin.kissmetrics.com/privacy/ (Opt-Out section).

More information on how Kissmetrics handles user data can be found in their data protection statement:
https://signin.kissmetrics.com/privacy/

Headwayapp

Userlike uses the Headwayapp to inform you as a customer about product news in the dashboard area (changelog). Therein we provide information on significant changes, new functions and corrections to the product.

Headwayapp uses so-called "cookies". These are text files that are stored on your computer to allow you to use the dashboard.

For more information on the handling of user data at headwayapp.co, please refer to Headwayapp's data protection declaration:
https://headwayapp.co/privacy

8. Newsletter

Newsletter data

If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter. The data processed before we receive your request may still be legally processed.

The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.

MailChimp

This website uses the services of MailChimp to send newsletters. This service is provided by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service which organizes and analyzes the distribution of newsletters. If you provide data (e.g. your email address) to subscribe to our newsletter, it will be stored on MailChimp servers in the USA.

MailChimp is certified under the EU-US Privacy Shield. The Privacy Shield is an agreement between the European Union (EU) and the US to ensure compliance with European privacy standards in the United States.

We use MailChimp to analyze our newsletter campaigns. When you open an email sent by MailChimp, a file included in the email (called a web beacon) connects to MailChimp's servers in the United States. This allows us to determine if a newsletter message has been opened and which links you click on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type, and operating system). This information cannot be assigned to a specific recipient. It is used exclusively for the statistical analysis of our newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to your interests.

If you do not want your usage of the newsletter to be analyzed by MailChimp, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. You can also unsubscribe from the newsletter directly on the website.

Data processing is based on Art. 6 (1) (a) DSGVO. You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed.

The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted from our servers and those of MailChimp. Data we have stored for other purposes (e.g. email addresses for the members area) remains unaffected.

For details, see the MailChimp privacy policy at https://mailchimp.com/legal/terms/.

9. Plugins and Tools

YouTube

Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.

If you're logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

Further information about handling user data, can be found in the data protection declaration of YouTube under: https://www.google.de/intl/de/policies/privacy.

Vimeo

Our website uses features provided by the Vimeo video portal. This service is provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

If you visit one of our pages featuring a Vimeo plugin, a connection to the Vimeo servers is established. Here the Vimeo server is informed about which of our pages you have visited. In addition, Vimeo will receive your IP address. This also applies if you are not logged in to Vimeo when you visit our website or do not have a Vimeo account. The information is transmitted to a Vimeo server in the US, where it is stored.

If you are logged in to your Vimeo account, Vimeo allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account.

For more information on how to handle user data, please refer to the Vimeo Privacy Policy at: https://vimeo.com/privacy.

Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

If your browser does not support web fonts, a standard font is used by your computer.

Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google's privacy policy at: https://www.google.com/policies/privacy/.

pingdom

Userlike uses the monitoring service Pingdom of Pingdom AB, Kopparbergsvägen 8, 722 13, Västerås, Sweden. This tool allows for a technical analysis of the loading behavior and the technical availability of our website and collects your IP address. Cookies are set for this purpose. You can prevent this by making the appropriate settings in your browser. You can find Pingdom's privacy policy here: https://www.pingdom.com/legal/privacy-policy/.

Amazon Web Services (AWS)

Userlike uses the Amazon Web service Cloudfront as a Content-Delivery-Network (CDN), which is provided by Amazon Web Services Inc., Box 81226, Seattle, WA 98108, USA. A CDN is a worldwide network of servers that provides content for Userlike. The use of a CDN ensures that Userlike's service can be reached equally quickly in every country in the world. Contents in this context are Java-Script files or the chat widgets, which bring source code for the execution of the chat. Furthermore, the CDN provides images of the page www.userlike.com or stylesheet files that control the appearance of the website.

Userlike uses the Amazon Web Service Simple Email Service (Amazon SES) to send emails sent by Amazon Web Services Inc., Box 81226, Seattle, WA 98108, USA. For example, when you register with Userlike, a welcome email will be sent to you. In this example, the email is sent by AWS SES.

Userlike uses the Amazon Web Service Route 53 (AWS Route 53) to map the Domain Name System (DNS) of the domain userlike.com, which is provided by Amazon Web Services Inc., Box 81226, Seattle, WA 98108, USA. The DNS has the function of a phone book, only for computers. If your computer wants to connect to the servers of the domain userlike.com, the computer first needs an IP address of the Userlike server in Germany. This IP address is requested from AWS Route 53. The data exchange between your computer and our servers can then take place.

9. Payment service providers

PayPal

Our website accepts payments via PayPal. The provider of this service is PayPal (Europe) S.à.r.l & Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg.

If you select payment via PayPal, the payment data you provide will be supplied to PayPal based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) DSGVO (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.

Wirecard

Among other things, Userlike offers payment via Wirecard. The provider of this payment service is Wirecard AG, Einsteinring 35, 85609 Aschheim, Germany (hereinafter "Wirecard").

If you select payment via Wirecard, the payment data you have entered will be transmitted to Wirecard.

Your data will be transmitted to Wirecard on the basis of Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing to fulfil a contract). You have the option to revoke your consent to data processing at any time. A revocation has no effect on the effectiveness of data processing operations in the past.

Recurly

Userlike offers payment via Recurly. The payment service provider is Recurly Inc., 400 Alabama Street, Suite 202, San Francisco, CA 94110, USA, (hereinafter "Recurly").

If you select payment via Recurly, the payment data you have entered will be transmitted to Recurly.

Your data will be transmitted to Recurly on the basis of Article (6) (a) DSGVO (consent) and Article (6) (b) DSGVO (processing for the fulfilment of a contract). You have the option to revoke your consent to data processing at any time. A revocation has no effect on the effectiveness of data processing operations in the past.

Is it possible to change this Privacy Policy?

Userlike reserves the right to change this Privacy Policy should this be necessary due to a changed legal situation or due to further or changed services used or offered by Userlike. The latest version can be found at https://www.userlike.com/de/terms#privacy-policy.

Terms, Privacy Policy and Data Processing

Data Processing

1. Contract and specifications for data processing on behalf

  1. 1.1. This agreement for data processing on behalf (referred to hereinafter as “DPA”) sets out the rights and duties of the parties under data protection law which arise from the contracts which already exist between the parties or will be concluded between them in the future (referred to hereinafter as “main contract”) and under which the Processor provides processing of personal data on behalf of the Controller.
  2. 1.2. This DPA and all its components apply in all cases where Controller engages the Processor for processing personal data (referred to hereinafter as “data”) on the Controller’s behalf according to Art. 28 GDPR (General Data Protection Regulation). This DPA constitutes the framework for a multitude of different data processing procedures.
  3. 1.3. In the case of discrepancies, the provisions of this DPA including all its components have priority over the provisions of the appropriate main contract.
  4. 1.4. The specifications in terms of data protection law which are applicable for the different processing procedures (referred to hereinafter as “specifications”) will be agreed upon before the commencement of the data processing and fixed in annexes to the DPA (referred to hereinafter as “annexes”). They stipulate in particular the subject matter and the duration as well as the mode and purpose of the data processing, the data categories and the categories of persons concerned (data subjects) as well as the technical and organisational measures to be implemented (referred to hereinafter as “TOM”).
  5. 1.5. The annexes are part of the DPA. In the case of discrepancies, the annexes have priority over the more general provisions of the DPA. If reference is made to the DPA hereinafter or in the annexes, such reference must be deemed to pertain to the DPA including all its components.

2. Responsibility and processing on instructions

  1. 2.1. The Controller is solely responsible under this DPA for compliance with the applicable statutory provisions including but not limited to the lawfulness of the disclosures made to the Processor and the lawfulness of data processing (“controller” in terms of Art. 4 no. 7 GDPR).
  2. 2.2. The Processor, for the purposes of data processing, acts solely on the instructions given by the Controller except in the case of an exemption according to Art. 28 subs. 3 a) GDPR (statutory processing obligation). Oral instructions, if any, must be confirmed in electronic form without undue delay (“unverzüglich”). If the Controller acts as a data processor on behalf of a third party, the Controller’s obligations under the data processing contract with the third party are deemed to constitute direct instructions by the Controller which are also applicable in the relationship with the Processor if these obligations are stricter than those agreed in this DPA. The Controller will inform the Processor of any such third-party requirements regarding data processing on behalf in electronic form.
  3. 2.3. The Processor will rectify or delete the data to be processed under the contract or restrict the processing of such data (referred to hereinafter as “blocking”) if the Controller so instructs the Processor and this is within the agreed limits of the authority to give instructions.
  4. 2.4. The Processor will inform the Controller without undue delay (“unverzüglich”) if it considers an instruction to be contrary to the applicable data protection regulations or this DPA. The Processor is entitled to suspend the implementation of the instruction until it is confirmed or adjusted by the Controller by notice in electronic form. The Processor is entitled to refuse the implementation of instructions which obivously are contrary to data protection law.
  5. 2.5. The parties will designate to each other by notice in electronic form one or several mutual contact persons to be addressed for data protection issues, including their appointed data protection officers. If the contact persons or their contact data change, the parties are obliged to mutually inform each other by notice in text form.
  6. 2.6. The Processor ensures that the persons who are authorised to process the data (a) are familiar with the instructions given by the Controller and comply with them and (b) have been committed to secrecy or are subject to an appropriate statutory obligation of secrecy. The obligation of secrecy and confidentiality continues in effect even after the termination of the data processing.
  7. 2.7. If the Controller acts as a data processor on behalf of a third party, the obligations imposed on the the Processor by this DPA are deemed to apply and be immediately binding also in the relationship between the third party and the Processor. This applies to all services which the Processor provides to the third party on the Controller’s behalf. The third party is in particular entitled to assert the right to control and information according to § 8 directly against the Processor.

3. Processing security

  1. 3.1. The parties agree TOM according to Art. 32 GDPR to ensure adequate protection of the data (referred to hereinafter as “Annex TOM”).
  2. 3.2. The right to make changes to the Annex TOM is reserved to the Processor; it must however be ensured that the changes do not cause the protection level to fall below the contractually agreed protection level. The Processor is obliged to notify the Controller of any essential changes by notice in electronic form and such essential changes are subject to prior consent to be given by the Controller by notice in text form.

4. Notification of data breaches and data processing errors

  1. 4.1. The Processor will notify the Controller without undue delay (“unverzüglich”) if it becomes aware of any breach of the data entrusted to it by the Controller which has occurred within its sphere of organisation, as described in Art. 4 no. 12 GDPR, or if there is any specific reason to suspect that a data breach has occurred with the Processor.
  2. 4.2. The Controller will inform the Processor without undue delay (“unverzüglich”) if it becomes aware of any processing errors.
  3. 4.3. The Processor will take, without undue delay (“unverzüglich”), all measures which are required to eliminate the data breach described in § 4.1 or the errors described in § 4.2 and mitigate any possible detrimental consequences or impact, in particular with regard to the data subjects concerned. For such purpose, the Processor will consult with the Controller. Oral information about any incidents according to § 4.1 or § 4.2 must be documented and confirmed by notice in electronic form without undue delay (“unverzüglich”).

5. Data transfer to a recipient in a third country or in an international organisation

The transfer of data to a recipient in a third country outside the EU and the EEA is permissible if the requirements fixed in Articles 44 et seqq. GDPR are complied with and, in addition, the transfer is subject to prior consent to be given by the Controller by notice in electronic form. The further details are stipulated in one or several annexes.

6. Subcontracting of additional processors acting on behalf

  1. 6.1. The Processor is entitled to have the processing of personal data carried out by other processors acting on behalf in whole or in part (referred to hereinafter as “subcontractors”).
  2. 6.2. Good cause is deemed given if there is legitimate reason to doubt that the subcontractor will perform the agreed services in accordance with the applicable statutory data protection provisions and requirements or in accordance with this DPA. If this is not possible for the Processor or not reasonable for the Controller, the respective party is entitled to extraordinary termination of the main contract for good cause.

    Good cause is deemed given if there is legitimate reason to doubt that the subcontractor will perform the agreed services in accordance with the applicable statutory data protection provisions and requirements or in accordance with this DPA. If this is not possible for the Processor or not reasonable for the Controller, the respective party is entitled to extraordinary termination of the main contract for good cause.
  3. 6.3. The Processor will agree with the subcontractor on provisions with exactly the same contents as are stipulated in this DPA. In particular, the TOM to be agreed with the subcontractor must be equivalent in terms of the protection level to those agreed herein.
  4. 6.4. Services which the Processor procures as mere subsidiary services to support its business activities outside the data processing on behalf are not deemed to constitute subcontracting within the meaning of this clause. The Processor is however obliged to take adequate precautionary measures for these subsidiary services, too, to ensure protection of the data.

7. Rights of data subjects and support and assistance to the Controller

If a data subject asserts claims according to chapter III GDPR against any of the parties, such party will inform the other party without undue delay (unverzüglich”). The Processor will support and assist the Controller within the realms of possibility in handling any such claims and in complying with the duties specified in Art. 33 to 36 GDPR.

8. Controller’s right to control and information

  1. 8.1. The Processor will provide the Controller with appropriate evidence to demonstrate compliance with its duties. The Controller will check the appropriateness of the evidence provided.
  2. 8.2. As to the compliance with and implementation of the agreed protection measures and their proven efficiency, the Processor may refer to adequate certifications or other appropriate testing records or certificates. In particular, certifications according to Art. 42 GDPR and other certifications or evidence according to Art. 40 GDPR are deemed to be adequate certifications or evidence. In addition, the following certifications may be appropriate, too: certification according to ISO 27001 or ISO 27017, an ISO 27001 certification based on IT Grundschutz (IT basic protection), certification according to acknowledged and appropriate industry standards or a testing certificate according to SOC / PS 951. The certification and testing procedures must be conducted by an acknowledged independent third party. The Processor is obliged to make its certificates or testing certificates available to the Controller. Appropriate additional documents (e.g. activity reports of the data protection officer or extracts from auditors’ reports) can also be made available to the Controller to document compliance with the agreed protection measures. The Controller’s right to inspection according to § 8.3 remains unaffected.
  3. 8.3. The Controller is entitled to conduct, during usual business hours and without interfering with the Processor’s operations and, as a rule, following an appropriate notification to be given reasonable time before the intended audit, audits/ inspections at the Processor’s premises to verify compliance with the applicable data protection regulations. The Processor may request as a prerequiste for the audit/ inspection the prior signing of a non-disclosure agreement to ensure confidentiality of the data of other customers and the TOM implemented by the Processor.
  4. 8.4. The parties, for the purpose of remedying any insufficiencies found in the audit/ inspection, will consult on the measures to be implemented.
  5. 8.5. If a supervisory authority makes use of its powers according to Art. 58 GDPR, the parties will inform each other without undue delay (“unverzüglich”). They will support and assist each other within their respective sphere of control and responsibility in fulfilling the obligations imposed on them by the competent supervisory authority.

9. Liability and damages

  1. 9.1. If a data subject asserts claims for damages against either of the parties for breach of data protection regulations, the party against which the claims are asserted is obliged to inform the other party without undue delay (“unverzüglich”).
  2. 9.2. The Controller and Processor are liable to the data subjects according to the regulation contained in Art. 82 GDPR.
  3. 9.3. The parties will support and assist each other in defending themselves against the claims for damages asserted by data subjects unless this would endanger the legal position of one party in relation to the other party or the supervisory authority or to third parties.

10. Costs

The Processor will bear the costs incurred by it in connection with the measures taken by the Controller. This includes in particular the costs incurred by the Processor in connection with controls and inspections carried out by the Controller according to § 8.

11. Term

An annex is deemed terminated upon termination of the main contract without a separate notice of termination being required to end the annex. In this case, the Processor is obliged, at the Controller’s choice, either to return the data processed under the annex or delete the data in accordance with the applicable data protection requirements without undue delay (“unverzüglich”) and confirm this to the Controller by appropriate notice in electronic form. The Processor will also notify the Controller by appropriate notice in text form if the Processor is itself subject to a statutory obligation to store the data in question.

12. Continuing validity and transfer of old contracts

The DPA, as of its signing, supersedes the existing contracts according to § 11 BDSG (German Federal Data Protection Act). If the parties, prior to concluding this DPA, have agreed on specifications according to § 1, these will continue in effect and apply analogously under the DPA unless they are superseded by annexes which pertain to the same data to be processed.

13. Information for end customers

The provider allows the client to individualize the chat widget and extend the functional scope of the service. All settings are stored in the client's customer account. The activation of optional chat functions is not necessary for the operation of the core service of the chat and is a free decision of the client.

Depending on the function used, the activation of these optional functions may result in personal data of the client's end customers being forwarded to subcontractors of the provider for further processing. All the subcontractors are listed in the appendix, point 9: Optional add-on providers.

Upon activation of the respective function, the subcontractor shall be deemed to have been approved by the customer; a right of objection pursuant to Clause 6.2 shall then not exist. If the client activates optional functions in the chat widget, the client undertakes to inform the users of the chat widget about the use of these functions in conformity with data protection. Furthermore, the client undertakes to check the functional scope of the chat widget and to ensure that the data protection settings of the account are correctly configured.

14. Final provisions

  1. 14.1. .If the Controller’s data should be endangered while under the Processor’s custody due to seizure or confiscation, insolvency or composition proceedings or other incidents or measures taken by third parties, the Processor will be obliged to inform the Controller by notice in electronic form without undue delay (“unverzüglich”). The Processor will inform all responsible parties involved without undue delay (“unverzüglich”) that the responsibility for the data lies exclusively with the Controller.
  2. 14.2. There are no oral side agreements. Changes and amendments to the DPA require appropriate agreement in electronic form to be valid as well as explicit reference to this DPA. Any non-compliant oral agreements between the parties will be deemed to be invalid. This also applies to any changes to the present clause.
  3. 14.3. If only one provision of this DPA should be or become invalid or void in whole or in part, this will be without prejudice to the validity of the remaining provisions of this DPA. The statutory provisions will apply in lieu of the invalid or void provision if the gap which has arisen as a result of the invalidity cannot be filled by supplementary contract interpretation (“ergänzende Vertragsauslegung”) according to §§ 133, 157 BGB (German Civil Code). However, both parties will be obliged to enter into negotiations without undue delay (“unverzüglich”) to reach an agreement to replace the invalid or void provision and which corresponds most closely to the legal and economic purpose and intention of the the invalid or void provision and which in particular comes up to the nature of the agreement which is an agreement for the performance of a continuing obligation (“Dauerschuldverhältnis”) and which is meant to regulate data protection issues
  4. 14.4. This DPA is governed by German law with the exception of the conflict of laws rules; Art. 3 subs. 3 and subs. 4 of the Rome I Regulation remain unaffected.

On request, we will gladly send you the documents on technical and organizational measures that we refer to in our data processing agreement.

Last revised: May 1, 2018