General Terms and Conditions (GTC) and Terms of Use

Identification of provider and scope of application

The DÜPERTHAL connect application (https://app.dueperthal-connect.com), the online shop (especially at https://dueperthal.com/en/) and the further line of products is offered by DÜPERTHAL SICHERHEITSTECHNIK GMBH & CO. KG, Frankenstraße 3, 63791 Karlstein, Germany, hereinafter referred to as DÜPERTHAL.

Contact and legal information about the supplier:

Fax: +49 6188 9139-121

E-Mail: info@dueperthal.com

Represented by: the management:
Franz-Josef Hagen, Alexander Hanning, Maximilian Hanning

Local court of Aschaffenburg, Germany, HRA No. 3229

Personally liable partner:

DÜPERTHAL Beteiligungs GmbH, 33813 Oerlinghausen, Germany

Local court of Lemgo, Germany, HRB Nr. 4193

VAT ID No.: DE173162942

By concluding the contract by placing an order in DÜPERTHAL’s online shop of (especially at https://dueperthal.com/en/) and/or by ordering products from DÜPERTHAL through other sales channels and/or by using the DÜPERTHAL connect application, the customer/purchaser agrees to these GTC.

I. Specific regulations and GTC regarding the DÜPERTHAL connect application

§ 1 Service content of the application and available versions

(1) With the DÜPERTHAL connect application, DÜPERTHAL provides an aid/tool for the digitalized management of hazardous substances. The subject matter of the contract in this respect is the provision of software by DÜPERTHAL for use by the customer via a remote data connection.

(2) Access to the DÜPERTHAL connect application shall be exclusively browser-based. The application software shall remain on the provider's server. DÜPERTHAL shall not be responsible for establishing and maintaining the data connection between the customer's IT system and the transfer point operated by DÜPERTHAL.

(3) Each customer may create a number of users resulting from the price-performance directory within the framework of the specified rights-role concept.

(4) Master data on locations, rooms, storage facilities, hazardous substances and auxiliary materials can be configured and stored. All master data can be assigned to inventories in inventory management. The information assigned to the inventories is stored in a database and is available on demand to all users of the respective customer in the team at any time.

(5) The available packages and extensions can be found in the current price-performance directory.

§ 2 Technical provision, data storage, availability and performance limitations

(1) The DÜPERTHAL connect application shall be operated on the systems of DÜPERTHAL or at qualified sub-service providers selected by DÜPERTHAL. Only the published version and the interfaces and extensions provided shall be available.

(2) DÜPERTHAL is entitled to modify the scope of services (e.g., in the case of updates or upgrades) or to temporarily restrict or discontinue them if and to the extent that this is necessary due to a court decision or an official measure, to ensure data protection, to prevent unlawful or improper use or to improve performance.

(3) DÜPERTHAL is also be entitled to modify the scope of services (e.g., in the case of updates or upgrades) or to temporarily restrict or discontinue them if and to the extent that this is necessary due to necessary maintenance and installation measures.

(4) In this respect DÜPERTHAL shall generally reduce any restrictions pursuant to paragraphs (2) and (3) to the lowest possible extent and eliminate them as quickly as possible.

(5) Insofar as service restrictions, in particular temporary disruptions or interruptions of the services, are due to force majeure, DÜPERTHAL shall be released from the provision of services for the corresponding period, and the customer shall not have the right to raise any claims from this circumstance.

(6) In this respect, force majeure shall be deemed to be all unforeseeable, unavoidable impediments to performance beyond DÜPERTHAL's control for which DÜPERTHAL is not responsible. Such events include in particular forces of nature, fire, industrial action (so-called strike; also in involved third-party companies), restrictions, ordinances, general orders or administrative acts to combat or prevent the spread of a pandemic, such as in the case of the coronavirus, and an interruption of the power supply.

(7) DÜPERTHAL shall otherwise provide the customer with the DÜPERTHAL connect application with an average availability of 99.5% per month.

(8) DÜPERTHAL may, with the customer's consent, interrupt the provision of services in order to carry out maintenance work for a period of time defined in advance which results in an availability lower than that defined in paragraph (7). The customer shall only refuse consent if there is a justified interest in doing so. These periods as well as the periods resulting from paragraphs (2), (3) and (5) shall not be taken into account in the calculation of the availability rate.

(9) The customer has the option of using the access provided by DÜPERTHAL to the DÜPERTHAL connect application to store information and data on DÜPERTHAL's systems which they can access and manage in connection with the use of the DÜPERTHAL connect application (e.g., master data and inventory data). In this respect, DÜPERTHAL shall only owe the provision of storage space for the use of the DÜPERTHAL connect application by the customer. DÜPERTHAL shall not be subject to any custody or safekeeping obligations with regard to the data transmitted and processed by the customer. The customer shall be solely and independently responsible for compliance with the retention periods under commercial and tax law. DÜPERTHAL shall back up the customer's data on the data server every working day during the term of the contract.
(10) DÜPERTHAL is not obligated to provide the customer with a copy of the data or master data stored by the customer on the storage space allocated to it. In this respect, availability and access shall only be granted via the online access of the application. An optional release of the data shall be made taking into account the technical possibilities of DÜPERTHAL and at the customer's expense. Excluded from this are personal data covered by § 14.13 of these General Terms and Conditions with regard to the processing of personal data by proxy pursuant to Art. 28 (3) of the General Data Protection Regulation (GDPR).

(11) DÜPERTHAL shall delete the customer's existing productive data (i.e. such data stored in the DÜPERTHAL connect application) 14 days after the termination of the contract without further notice unless the customer notifies DÜPERTHAL within this period that they wish an optional and chargeable data backup and/or data transfer taking into account DÜPERTHAL's technical possibilities and at the customer's expense.

§ 3 General obligations and duties of the user

(1) The customer shall establish a data connection between the workstations intended by them for use and the data transfer point currently defined by DÜPERTHAL at their own expense. DÜPERTHAL shall be entitled to redefine the data transfer point if this is necessary to enable the customer to use the application.

(2) The customer shall further ensure that the hardware and software used by them, including workstation computers, routers and data communication equipment, comply with the minimum technical requirements for the use of the software version currently offered. If DÜPERTHAL does not specify any specific technical and minimum requirements in this respect, the customer shall in any case ensure the respective current state of the art with regard to its own IT equipment. In any case, the recording of inventories also requires peripheral devices with an integrated camera or camera function or a corresponding connection to a camera.

(3) The customer shall ensure that the users authorized to use the application software are familiar with the operation of the software.

(4) The customer shall be responsible for making its own data backups of the data and information stored by them in the DÜPERTHAL connect application that go beyond the basic backup provided by DÜPERTHAL. In this respect DÜPERTHAL shall carry out a daily backup which shall be kept ready for seven days in each case. After expiry of the seventh day in each case the respective backup shall be deleted.

(5) The customer shall also be responsible for compliance with the legal requirements of their usage and communication behaviour as well as the content published and made available by them. This applies in particular to obtaining and documenting any necessary consent from third parties within the meaning of Art. 6 (1) a of the GDPR as well as further documentation and information obligations under data protection law. DÜPERTHAL shall not be responsible or liable for the content processed, stored, published and disseminated by the customer or the users via the portal or the DÜPERTHAL connect application.

(6) The customer is not entitled to allow third parties to use the DÜPERTHAL connect application. A third party does not include persons as agents of the customer who use the services free of charge, such as employees of the customer and freelancers within the scope of the contractual relationship.

(7) In this respect, the customer shall inform the users created by them with regard to the aforementioned regulations, duties and obligations accordingly and subject them to these regulations.

§ 4 Registration, conclusion of contract, fees and contract period, existing customer advertising

(1) The offer to use the DÜPERTHAL connect application is exclusively available to entrepreneurs. Conclusion of a contract with consumers is excluded. An entrepreneur within the meaning of the preceding sentence is a natural person or legal entity or a partnership with legal capacity that acts in the exercise of its commercial or independent professional activity when concluding the contract.

(2) Furthermore, the option to register for the use of the DÜPERTHAL connect application and the associated platform shall not constitute an offer, but only an invitation to submit an offer for the conclusion of a contract (so-called invitatio ad offerendum). By registering, the customer makes an offer to conclude the contract on the use of the DÜPERTHAL connect application. This offer by the user can be accepted by DÜPERTHAL by creating and activating a user account and providing the corresponding services. With this acceptance, the contract between the customer and DÜPERTHAL shall be concluded. DÜPERTHAL is consequently not obligated to conclude the contract.

(3) The fees, billing modalities and terms as well as the scope of services are set forth in the price-performance description.

(4) Your e-mail address, which you provided to DÜPERTHAL as part of your registration or set-up of a user account, will be used by DÜPERTHAL for direct advertising for its own similar products or services, unless you object to this use. Under the same conditions, direct advertising may be carried out within the scope of using the DÜPERTHAL connect application. An objection is possible at any time via the communication channels offered by DÜPERTHAL without incurring transmission costs other than those according to the basic rates. If and to the extent that you have agreed to a corresponding use of your e-mail address and/or a display of advertising within the DÜPERTHAL connect application in return for a free offer, this right of objection shall not apply.

§ 5 Rights of DÜPERTHAL

The customer grants DÜPERTHAL the right to reproduce the data to be stored by DÜPERTHAL for the customer insofar as this is necessary to provide the services owed under this contract. DÜPERTHAL is also entitled to keep the data in a fail-safe computer centre. In order to eliminate malfunctions, DÜPERTHAL shall also be entitled to make changes to the structure of the data or the data format.

§ 6 Liability for defects

(1) If the services provided by DÜPERTHAL are defective because their suitability for use in accordance with the contract is not only insignificantly impaired, DÜPERTHAL shall be liable for material defects and defects of title in accordance with the statutory provisions.

(2) Liability for damages regardless of fault for defects which were already present at the time of conclusion of the contract is excluded.

(3) The customer shall immediately notify DÜPERTHAL of any defects via the communication channels offered by DÜPERTHAL.

(4) In all other respects, the statutory law on liability for defects shall apply unless otherwise provided for in these GTC.

§ 7 General liability

(1) DÜPERTHAL shall generally not be liable for damage caused by an interruption of operations or restrictions of the platform or the DÜPERTHAL connect application within the scope of free use (e.g. within the scope of a test phase), unless the intervention was operation-related and was caused by DÜPERTHAL intentionally or through gross negligence. In particular, operational interventions do not include impairments that occur in connection with update, repair or maintenance work on the platform or the application.

(2) DÜPERTHAL shall only be liable in the event of its own intent and gross negligence, as well as intent and gross negligence on the part of its own representatives and agents. Otherwise, DÜPERTHAL shall only be liable under the Product Liability Act, the GDPR (in particular Art. 82 of the GDPR) and if and to the extent that DÜPERTHAL has fraudulently concealed a defect or a corresponding guarantee has been assumed.

(3) In cases of gross negligence, however, DÜPERTHAL's liability shall be limited to the foreseeable damage typical for the contract. Damage not exceeding EUR 12,500.00 shall be deemed typical and foreseeable for the contract.

(4) DÜPERTHAL's liability is otherwise excluded.

(5) Contributory negligence on the part of the user shall be taken into account.

(6) DÜPERTHAL is generally not be liable for any damage caused by a non-transmitted or incorrectly transmitted warning message as part of a remote monitoring system operated by the DÜPERTHAL connect application and/or a local alarm system operated by the DÜPERTHAL connect application, provided that the transmission error was not caused by DÜPERTHAL and/or is attributable to incorrect operation by the user or customer.

(7) Also, DÜPERTHAL is generally not be liable for any damage caused by a non-transmitted or incorrectly transmitted warning message as part of a remote monitoring system operated by the DÜPERTHAL connect application and/or a local alarm system operated by the DÜPERTHAL connect application, provided that the transmission error is attributable to the IT infrastructure of the customer or a third party.

(8) The above limitations shall not apply in the event of injury to life, limb or health culpably caused by DÜPERTHAL.

(9) The above limitations shall also not apply to damages arising from the negligent breach of material contractual obligations. Material contractual obligations are obligations which the contract imposes on DÜPERTHAL according to its content in order to achieve the purpose of the contract, the fulfilment of which therefore makes the proper performance of the contract possible in the first place and compliance with which the user may regularly rely on. However, if there is no gross negligence in this respect, DÜPERTHAL's liability shall be limited to the foreseeable damage typical for the contract. Damage not exceeding EUR 12,500.00 shall be deemed typical and foreseeable for the contract.

(10) The above liability provisions shall also apply with regard to DÜPERTHAL's agents and legal representatives.

(11) The customer shall be responsible for the backup of the data processed by them via the DÜPERTHAL connect application with regard to a data security level exceeding that specified in § 4 (3) of these GTC. This shall also apply in particular to any personal data concerned.

(12) DÜPERTHAL assumes no responsibility and no liability for the content, data and/or information published or processed by the customers and/or users within the DÜPERTHAL connect application or the platform. This also applies to content on linked external websites.

(13) DÜPERTHAL accepts no liability for any errors or omissions. Determining valid measurement results, conclusions and measures derived from them are the sole responsibility of the customer or user. DÜPERTHAL accepts no liability for the accuracy of the measured values or measurement results. Furthermore, DÜPERTHAL accepts no liability for errors or damage resulting from using the measured values.

(14) DÜPERTHAL is generally not liable for damage resulting from misuse and/or improper handling of the application or the product by the customer or user. In this respect, the product- and application-specific information and instructions must be observed by the customer and user. Any use beyond the intended use of the application and/or the product is also considered misuse.

(15) In particular, the following applications are also considered misuse within the meaning of paragraph 8:

Use and storage of the device outside the technical limits.
Use of the device in potentially explosive or aggressive atmospheres.
Connecting incorrect sensors or unsuitable chargers. Only cables and extensions
approved by the manufacturer may be used.
Using damaged devices and sensors.
Penetration of moisture and liquids into the device.
Sterilising the device.
Independent maintenance or repair of the device. For maintenance and repair, the device must be sent to the manufacturer or a partner specified by the manufacturer.

(16) DÜPERTHAL accepts no liability for damage resulting from improper use of a product or application. Any warranty claims shall then also lapse. Liability for any damage to property or personal injury shall then be transferred to the operator.

(17) In addition, the product-specific warranty and liability regulations defined by DÜPERTHAL, which are provided in direct connection with the respective product, also apply.

§ 8 Modification of the terms of contract

Unless otherwise provided, DÜPERTHAL shall be entitled to amend or supplement these contractual terms and conditions, provided that the customer is notified of the amendments or supplements in text form at least six weeks before they take effect and the customer does not object to the amendments or supplements to the contractual terms and conditions with a notice period of one week at the time the amendments or supplements are intended to take effect. This objection must be made in text form. If the customer does not object, the amendments or supplements to the contractual terms and conditions shall be deemed to have been approved by the customer. When notifying the customer of the amendments or supplements to the contractual terms and conditions, DÜPERTHAL shall specifically draw the customer's attention to the intended significance of their conduct.

§ 9 Payment processing

Under certain circumstances, payment may be processed via payment service providers selected by DÜPERTHAL. More information about this and the possible payment methods can be found in the price-performance directory and/or the purchase procedure.

§ 10 Contract period

(1) The contract shall run for an indefinite period, with a notice period of 3 months to the end of the month.

(2) The right to terminate the contract for good cause remains unaffected.

(3) Any termination must be in text form.

§ 11 Infringement, extraordinary right of termination and special right of termination

If the user violates the terms of this agreement or misuses the portal or the DÜPERTHAL connect application, DÜPERTHAL may in this respect discontinue the services with immediate effect and/or block the customer's account. In this situation, DÜPERTHAL shall also be entitled to a possible further extraordinary right of termination and a possible claim for damages.

§ 12 Copyright

The compiled contents of the DÜPERTHAL connect application are database works specially produced by DÜPERTHAL, inter alia, within the meaning of Sections 4 (2), 87a (1) of the German Copyright Act (UrhG). The associated programs are protected by Section 69a et seq. of the German Copyright Act (UrhG).

DÜPERTHAL is the rights holder with regard to the source code and all other elements of the DÜPERTHAL connect application, in particular with regard to the rights of use and ancillary copyrights to content and documents, unless these are expressly provided by third parties.

§ 13 Regulations regarding the processing of personal data by proxy according to Art. 28 (3) of the GDPR

DÜPERTHAL SICHERHEITSTECHNIK GMBH & CO. KG,
Frankenstraße 3, 63791 Karlstein, Germany,

as processor (hereinafter referred to as "contractor")

on behalf of the customer (controller within the meaning of the GDPR, hereinafter referred to as "client")

§ 13.0 Preamble

The contractor is commissioned by the client to provide the services specified in § 2 and § 14.3, which also involves the processing of personal data. In particular, Art. 28 of the GDPR imposes certain requirements on the present commissioned processing. This order processing agreement is concluded in order to comply with these requirements.

§ 13.1 Definitions

A controller is, pursuant to Art. 4 (7) of the GDPR, a person who, alone or jointly with others, makes decisions regarding the purposes and means of the processing of personal data.

A processor is, pursuant to Art. 4 (8) of the GDPR, a natural or legal person, authority, institution or similar entity that processes personal data on behalf of the controller.

Personal data, pursuant to Art. 4 (1) of the GDPR, include all such information that relate to an identified or identifiable natural person. This person is hereinafter referred to as the data subject, where identifiable means a natural person who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an electronic or online identifier or one or more special characteristics that are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.

Personal data require special protection if the racial and ethnic origin, political opinions, religious or philosophical beliefs or trade union membership of data subjects can be derived from them pursuant to Art. 9 of the GDPR, if they provide information about criminal offences pursuant to Art. 10 of the GDPR, if they provide information about criminal convictions and criminal offenses or related security measures, as well as genetic data pursuant to Art. 4 (13) of the GDPR, if they are biometric data pursuant to Art. 4 (14) of the GDPR, health data pursuant to Art. 4 (15) of the GDPR or personal data concerning sexual life or sexual orientation.

Processing, pursuant to Art. 4 (2) of the GDPR, includes any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Supervisory authority, pursuant to Art. 4 (21) of the GDPR, describes an independent state body established by a Member State pursuant to Art. 51 of the GDPR.

§ 13.2 Competent data protection supervisory authority

The supervisory authority responsible for the contractor is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) [Bavarian State Office for Data Protection Supervision (BayLDA)],

Promenade 18, 91522 Ansbach, Germany
Telephone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
E-Mail: poststelle@lda.bayern.de
Homepage: https://www.lda.bayern.de

The client and the contractor, as well as any representatives of the latter, shall cooperate with the supervisory authority upon request in order to fulfil their duties.

§ 13.3 Subject of the contract

Services provided by the contractor for the client shall include in particular the following areas, which in particular ensure proper provision of the DÜPERTHAL connect application and form the basis for protected processing of employee and user data:

1. Registration of contact persons

Type of processing activity:
In particular, the following take place: collecting, recording, organizing, arranging, storing, adapting or changing, reading out, querying, using data.

Purpose of the processing activity:
Personal data of contact persons of the client are made available to the contractor so that, in particular, queries from users can be clarified internally if necessary and communication between the contact persons of the client with support staff of the contractor can be conducted efficiently, e.g., with regard to the use of the DÜPERTHAL connect application or the clarification of technical problems.

Type of data concerned:
Personal data in the above sense include, in particular, the surname, first name and contact details of contact persons at the client’s (e.g., telephone number, e-mail address).

Categories of data subjects:
Data subjects are in particular employees of the client who are entrusted with support and who act as internal contact persons.

2. User installation and program use (also in the context of the rights-role concept)

Type of processing activity:
In particular, the following take place: collecting, recording, organizing, arranging, storing, adapting or changing, reading out, querying, using data.

Purpose of the processing activity:
User data, i.e., employee data, is provided to the contractor so that, in particular, the use of the application is possible. This includes, for example, data input, which is regulated by the granting of certain rights in the context of the rights-role concept. The purposes also include the traceability of program use (especially log files) and compliance with security guidelines.

Type of data concerned:
User installation and program usage data include, in particular, user ID of the client employee as well as surname, first name, master data and contact data of the user (e.g., telephone number, e-mail address).

Categories of data subjects:
Data subjects are in particular users, i.e., employees, of the client.

3. IT infrastructure (server/database/hosting)

Type of processing activity:
In particular, the following take place: collecting, recording, organizing, arranging, storing, using data and disclosing by transmission.

Purpose of the processing activity:
Client data, i.e. in particular employee data, are made available to the contractor so that the contractor can in particular centrally store, administer as well as properly provide the data sets for downstream processes.

Type of data concerned:
Processed personal data of users and contacts include in particular employee data such as personnel number, user ID, surname, first name, master data and contact data such as e-mail address and telephone number.

Categories of data subjects:
Data subjects are in particular employees of the client.

4. Support and maintenance of IT infrastructure (server/database)

Type of processing activity:
In particular, the following take place: collecting, recording, organizing, arranging, storing, using data and disclosing by transmission.

Purpose of the processing activity:
The contractor obtains access to client data, i.e. in particular employee data, in order to provide personal support as well as maintenance access, in particular to configure, administer or repair user data records, if applicable.

Type of data concerned:
Processed personal data of users and contacts include in particular employee data such as personnel number, user ID, surname, first name, master data and contact data such as e-mail address and telephone number.

Categories of data subjects: Data subjects are in particular employees of the client.

The contractor processes the personal data exclusively on behalf of the client and in accordance with the client's instructions. The scope and purpose of the data processing by the contractor shall result from the contractual agreement. The client shall be responsible for assessing the permissibility of the data processing.

This Agreement serves to specify the rights and obligations of both parties under data protection law. In case of doubt, its provisions shall take precedence over the provisions of the service relationship.

The present provisions shall apply to all activities which are connected with the service relationship and in which the contractor and its employees or bodies commissioned by the contractor process personal data originating from the client or collected for the client.

The term of this Agreement shall commence upon conclusion of this Agreement and shall end upon its termination.

§ 13.4 Client's right to issue instructions

The contractor is permitted to process data within the scope of the service relationship and in accordance with the client's instructions, in particular with regard to the transfer of personal data to a third country or to an international organization. The contractor must notify the client of the legal requirements of any further processing prior to the processing to which they are obliged by the law of the European Union or the Member States to which they are subject. This shall not apply if they are prohibited by law from such communication.

The contractor may process and use the client data for its own purposes on its own responsibility within the scope of what is permissible under data protection law if a statutory permission provision or a declaration of consent by the data subject permits this. This contract shall not apply to such data processing.

This Agreement includes the basic instructions of the client, which may, however, be amended, supplemented or replaced by the client in writing or in text form by further instructions regarding the correction, deletion and blocking of data (individual instructions). The client may issue such instructions at any time.

Both the client and the contractor must document the instructions issued. Instructions which go beyond the services agreed within the scope of the service relationship shall be classified as a request for a change in services.

If, in the opinion of the contractor, an instruction issued by the client violates provisions of data protection law, the contractor must inform the client thereof without delay. The contractor may pause the implementation of this instruction or wait with the implementation until the client has confirmed or changed it. In addition, the contractor may refuse to carry out an instruction that is obviously unlawful.

§ 13.5 Type of data processed, group of data subjects

The type of personal data concerned in the course of the contractor's processing activity is specified in more detail in § 14.3. The data subjects whose personal data are processed are also specified in § 14.3.

§ 13.6 Protective measures of the contractor

The contractor shall comply with the statutory data protection provisions. They shall not be permitted to disclose the data obtained in the course of the processing activities to third parties or to expose them to access. Personal data shall be protected against access by unauthorized persons by state-of-the-art measures.

As a matter of principle, the contractor shall process the client data within the European Union or in another contracting state of the Agreement on the European Economic Area (EEA). Nevertheless, the contractor is permitted to process client data outside the EEA if the requirements of this Agreement are met, if the contractor has informed the client in advance about the location of the data processing and if the conditions of Art. 44–48 of the GDPR are met or an exception pursuant to Art. 49 of the GDPR applies.

The contractor's internal organization shall be designed in accordance with the requirements of data protection. Technical and organizational measures shall be put in place to ensure an adequate level of protection of the client's personal data pursuant to Art. 32 GDPR, in particular effective measures of:

a. Access control (to access the data)

b. Admission control

c. Access control (to work with the data)

d. Disclosure control

e. Input control

f. Order control

g. Availability control

h. Disconnection control

The contractor may change protective measures taken as long as the contractually agreed level of protection remains ensured.

The contractor's data protection officer is:

ubb GmbH, Walter-Bröker-Ring 8, 32756 Detmold, Germany

Telephone: +49 (5231) 70 93 44, E-mail: email@ubb.gmbh

The contact details of the data protection officer shall be made available by the contractor on their website and communicated by the contractor to the supervisory authority.

The contractor and their employees are not permitted to process personal data without authorization. The persons commissioned by the contractor for the processing and fulfilment of this Agreement (hereinafter referred to as employees), shall be obligated accordingly (obligation to confidentiality, Art. 28 (3) b of the GDPR) and shall ensure compliance with this obligation with due care. These obligations must remain effective even after termination of this Agreement and of the employment relationship between the employee and the contractor. The contractor shall provide the client with appropriate evidence of such obligations upon request.

The employees entrusted with data processing shall be sensitized and trained with regard to the relevant data protection provisions. Adequate controls and instructions shall ensure compliance with these provisions.

The creation of copies shall be prohibited without the client's approval unless this is necessary in particular to ensure the level of data protection (technically) and unless it is legally permissible.

§ 13.7 Information obligations of the contractor

The contractor shall inform the client without undue delay in writing or text form of any disruptions, suspected data protection violations or violations of contractual obligations of the contractor, suspected security-related incidents or other irregularities that occur during the processing of personal data at the contractor, at persons employed by the contractor within the scope of the contract or at third parties. Likewise, it shall inform the latter in the event of audits by the data protection supervisory authority. A data protection breach notification shall have the following content at least:

Explanation of the nature of the personal data breach, if possible categories and number of data subjects, categories and number of personal data records affected;

Presentation of the measures taken or recommended by the contractor to remedy the breach and, if necessary and possible, procedures to mitigate possible adverse consequences.

The contractor shall inform the client without undue delay in writing or text form. The contractor shall immediately take necessary measures to secure the data and mitigate any possible adverse consequences for data subjects, inform the client and request further instructions.

The contractor must provide the client with information at any time insofar as the client's data is affected by a violation pursuant to paragraph 1.

Upon request, the contractor shall provide the client with all necessary evidence available at the contractor of its fulfilment of obligations pursuant to this Agreement.

If the client's data at the contractor are endangered, e.g., by attachment or seizure, by insolvency or composition proceedings or by other events or measures of third parties, the contractor shall inform the client thereof without undue delay, unless the contractor is prohibited from doing so by court or official order. The contractor shall inform all competent bodies that the client holds the decision-making authority over the data as the "responsible party" within the meaning of the GDPR.

If significant changes are made to the security measures pursuant to § 14.6 (2), the contractor shall inform the customer thereof without undue delay.

If the data protection officer or the contact person for data protection changes at the contractor, the contractor shall inform the client thereof without undue delay.

With regard to the processing activities, the contractor and, if applicable, its representative shall keep a directory of all categories of personal data processing activities carried out on behalf of the client, which shall contain all information pursuant to Art. 30 (2) of the GDPR. The contractor shall make this directory available to the client upon request.

The contractor shall be obliged to cooperate in the creation of the procedure directory to an appropriate extent. For this purpose, the contractor shall inform the client in a suitable manner of the information required in each case.

The contractor shall support the client in fulfilling their obligations under data protection law to the extent necessary. This shall include in particular the preparation and updating of the directory of procedural activities, any data protection impact assessments. Data protection controls by the supervisory authority and the assertion of data subject rights shall also be subject to this obligation (insofar as the processing of personal data by the contractor is affected).

§ 13.8 Control rights of the client

The client shall check the technical and organizational measures of the contractor before the start of data processing and regularly thereafter, at least every 12 months. In order to do this, they may in particular obtain information from the contractor, request existing test certificates from experts, certifications or internal audits. Likewise, the customer may personally inspect the technical and organizational measures used by the contractor to ensure the level of data protection after timely coordination during normal business hours or have them inspected by a competent third party, provided there is no competitive relationship between the third party and the contractor. Such inspections on the part of the client shall only be carried out to the extent necessary. The client shall ensure that the contractor's operations are not disproportionately disrupted in the process.

Upon oral or written request, the contractor shall provide the client within a reasonable period of time with all information and evidence necessary for a review of the contractor's technical and organizational measures.

The result of the inspection shall be documented by the client and the contractor shall be informed thereof. The customer shall inform the contractor without delay of any errors or irregularities detected. If changes in the processing activity are necessary to avoid certain circumstances, the client shall inform the contractor of the necessary procedural changes.

Upon request, the contractor shall provide the client with a comprehensive and up-to-date data protection and security concept for the commissioned processing as well as for persons authorized to access the data.

Upon request, the contractor shall provide the client with evidence of the implemented employee commitment pursuant to § 14.6 (5).

The contractor may at their own discretion, taking into account the client's legal obligations, refuse to disclose information that is sensitive with regard to their own business operations or if the disclosure would violate legal or other contractual regulations. The client shall not be permitted to obtain access to information regarding other customers of the contractor, costs, quality audit and contract management reports as well as other confidential information of the contractor which is not directly relevant for the agreed audit purposes.

At the contractor's request, proof of compliance with the obligations is also possible, as an alternative to an inspection, through the submission of a suitable, current attestation or report from an independent body (e.g., auditor, audit, data protection officer, IT security department, data protection auditors or quality auditors) or an adequate certification through IT security or data protection audit ("audit report"), provided that the audit report enables the client to sufficiently understand compliance with the contractual obligations.

§ 13.9 Use of subcontracted processors

With this contract, the contractor is granted the general authorization to use further processors – so-called sub-processors – for the processing of client data. When commissioning sub-processors, the contractor shall in particular take into account their use of appropriate technical and organizational measures pursuant to Art. 32 of the GDPR. Material test documents in this regard shall be made available to the client upon request.

Sub-processors in third countries may only be used if the special requirements of Art. 44 et seq. of the GDPR are met (e.g., adequacy decision of the Commission, standard data protection clauses, approved codes of conduct).

The contractor must ensure by means of a contract that the agreements between the client and the contractor also take effect with respect to sub-processors. The contract with the sub-processor must include a clear delineation of the respective responsibilities of the contractor and sub-processor. If there are several sub-processors, this must also be ensured for the responsibilities between these sub-processors. The client shall be granted the right to conduct appropriate audits of sub-processors or to have third parties conduct such audits, if required.

The contract with the sub-processor must be in writing; pursuant to Art. 28 (4), (9) of the GDPR, an electronic format is also possible. Prior to any processing of client data by the sub-processor, the sub-processor must ensure compliance with the requirements pursuant to Art. 29 and Art. 32 (4) of the GDPR with respect to their employees.

The contractor shall inform the client of any intended change with regard to subcontracted processors so that the client may object thereto pursuant to Art. 28 (2) sentence 2 of the GDPR if they deem this necessary. If the client has rejected certain sub-processors, the contractor shall not be permitted to commission them to process client data.

If the contractor commissions third parties with services which are exclusively ancillary services, i.e. in particular postal, transport and shipping services, cleaning services, telecommunication services without concrete reference to services which the contractor provides for the client, as well as guarding services, there shall be no subcontracting relationship within the meaning of these provisions. In contrast, maintenance and testing services are subcontracting relationships subject to approval if the IT systems concerned play a role in the provision of services for the client.

§ 13.10 Requests and rights of data subjects

The contractor shall assist the client within the scope of its possibilities with adequate technical and organizational measures in fulfilling their obligations pursuant to Art. 12–22 of the GDPR, Art. 32 of the GDPR and Art. 36 of the GDPR.

In the event of the assertion of rights by the data subject against the contractor, the contractor shall not act independently, but shall immediately inform the data subject of the client's responsibility and await the client's instructions. The rights of the data subject shall include in particular the right to information, correction and deletion of their data.

The contractor shall inform the client about the stored client data, the recipients of client data to whom they transmit them in accordance with the order and the purpose of the storage, if this information is not already known to the client or the client cannot obtain it themselves.

Within the scope of what is reasonable and necessary, the contractor shall ensure that the client can correct, delete or restrict the further processing of the client data or, at the request of the client, shall carry out the correction, blocking or restriction of further processing themselves, if and to the extent that this is impossible for the client themselves. The client shall reimburse the contractor for the expenses and costs incurred to the contractor in this respect; proof of these expenses and costs must be provided.

The contractor shall assist the client within the scope of what is reasonable and necessary to provide client data in a common and machine-readable format if the client cannot obtain the data by other means and the data subject has a right to data portability with respect to the client data pursuant to Art. 20 of the GDPR. The client shall reimburse the contractor for the expenses and costs incurred to the contractor in this respect; proof of these expenses and costs must be provided.

§ 13.11 Liability

In the internal relationship with the contractor, the client alone shall be liable to the data subject with respect to such damages as the data subject has experienced due to inadmissible or incorrect data processing or data use within the scope of the commissioned processing in accordance with the data protection laws.

The contractor's liability under this Agreement shall be governed by the exclusions and limitations of liability set forth in the contractor's GTC and any supplementary agreements. Insofar as third parties assert claims against the contractor which have their cause in a culpable breach by the client of this Agreement or of one of their obligations as a data protection officer, the client shall indemnify the contractor against these claims upon first request.

The client shall indemnify the contractor upon first request against all possible fines against the contractor to the extent that the client themselves share responsibility for the sanctioned violation.

The client shall indemnify the contractor against liability insofar as the contractor proves their non-responsibility for any damage to a party affected.

§ 13.12 Extraordinary right of termination

The client shall be entitled to terminate the service relationship in whole or in part without notice if the contractor does not fulfil their contractually fixed obligations, violates regulations of the GDPR intentionally or grossly negligently or is unwilling or unable to comply with an instruction of the client. In the case of simple infringements, the client shall set the contractor a reasonable deadline to remedy the infringement. Simple infringements include such infringements that are committed neither intentionally nor with gross negligence.

§ 13.13 Termination of the service relationship

If the service relationship between the client and the contractor is terminated, the contractor shall delete personal data at the client's request, unless there is an obligation to store the personal data under Union law or the law of the Federal Republic of Germany or any legitimate interest of the contractor prevails after a documented weighing of interests.

Even after termination of the service relationship, the contractor shall treat the data of which they have become aware in this context as confidential. The provisions of this Agreement shall remain valid after termination of the service relationship for as long as the contractor has personal data which they have processed on behalf of the client.

§ 14 Final clauses

(1) General terms and conditions of the customer shall not apply to this contract. This shall also apply if such terms and conditions are not expressly contradicted.

(2) The customer is only entitled to offset if their claims are undisputed by DÜPERTHAL or have been legally established.

(3) Place of performance is Karlstein, Germany. The law of the Federal Republic of Germany shall apply exclusively; the UN Convention on Contracts for the International Sale of Goods is excluded. If the user is a merchant, the exclusive place of jurisdiction is Karlstein, Germany.

(4) Should individual provisions of these GTC be or become invalid in whole or in part, this shall not affect the validity of the remaining provisions. In this case, the parties undertake to replace the invalid provision with a valid provision that comes as close as possible to the economic purpose of the invalid provision. The same shall apply to any loopholes in the agreements.

II. Specific regulations and GTC regarding contracts on the supply of goods, in particular contracts concluded via the DÜPERTHAL online shop (especially at https://dueperthal.com/en)

§ 1 Conclusion of the contract

(1) The subject of the contract is the sale of goods.

(2) By placing the respective product on the website, in the online shop or in other advertising and/or sales documents and media, DÜPERTHAL does not make a binding offer to conclude a contract in the first place. This is merely an invitatio ad offerendum, i.e. a non-binding offer. By placing an order, the customer makes a binding offer to conclude a contract. The customer can view the selected items in the online shop by clicking on the shopping cart and make changes if necessary. DÜPERTHAL may accept this offer within one week.

(3) If the customer merely request a quote for a product from DÜPERTHAL, this in turn does not constitute a binding offer to conclude a contract. Following a non-binding enquiry, the customer receives a binding offer from DÜPERTHAL to conclude a purchase contract. The offer is valid for one week unless otherwise agreed or offered. The contract is then concluded with the customer's declaration of acceptance or confirmation within the acceptance/validity period.

(4) Offers are only submitted to entrepreneurs (Section 14 of the German Civil Code (BGB))

DÜPERTHAL's line of products is only available to entrepreneurs. Conclusion of a contract with consumers is excluded. An entrepreneur within the meaning of the preceding sentence is a natural person or legal entity or a partnership with legal capacity that acts in the exercise of its commercial or independent professional activity when concluding the contract.

§ 2 Prices and additional costs

(1) All prices are quoted in euros; they are net prices, i.e. excluding value added tax (VAT). VAT is shown separately. The prices quoted are initially ex works and exclusive of packaging unless otherwise agreed. Any shipping, logistics and/or packaging costs are shown or agreed separately.

(2) If goods are shipped to countries outside the European Union, further costs may be incurred for which DÜPERTHAL is not responsible, such as customs duties, taxes or fees for money transfer (transfer or exchange rate fees charged by credit institutions), which shall be borne by the customer.

(3) Any costs incurred for money transfer (transfer or exchange rate fees charged by credit institutions) shall be borne by the customer in cases where the goods are shipped to an EU member state, but the payment was initiated outside the European Union.

§ 3 Shipping and delivery times

(1) Shipping is made at the customer's request and risk unless otherwise agreed. The risk passes to the customer upon handover to the carrier.

(2) The stated delivery dates and deadlines are non-binding unless they have been expressly agreed as binding. If DÜPERTHAL is culpably unable to meet an expressly agreed deadline or if DÜPERTHAL is in default for other reasons, DÜPERTHAL shall be liable in accordance with the statutory provisions if the delay in delivery is due to an intentional or grossly negligent breach of duty for which DÜPERTHAL is responsible. If the delay in delivery is not due to an intentional or grossly negligent breach of contract for which DÜPERTHAL is responsible, DÜPERTHAL's liability shall be limited at most to the foreseeable, typically occurring damage unless and to the extent that DÜPERTHAL's liability is completely excluded. If the delay in delivery attributable to DÜPERTHAL is due to the culpable breach of a material contractual duty, DÜPERTHAL shall be liable in accordance with the statutory provisions, limited to the foreseeable, typically occurring damage. This limitation of liability does not apply to liability for culpably caused damage due to injury to life, body or health of a person. Damage not exceeding EUR 12,500.00 shall be deemed typical and foreseeable for the contract.

(3) DÜPERTHAL is entitled to make partial deliveries and render partial services insofar as this is reasonable for the customer.

§ 4 Statutory warranty and liability

(1) Only information provided by DÜPERTHAL and the manufacturer's product description shall be deemed agreed as the quality of the goods, but not other advertising, public promotions and statements made by the manufacturer.

(2) In the event of defects, DÜPERTHAL shall, at its own discretion, provide warranty either by repair or subsequent delivery. If the remedy of defects fails, the customer may, at their discretion, demand reduction of the price or rescind the agreement. The remedy of defects shall be deemed to have failed after a second unsuccessful attempt unless, in particular, the nature of the goods or the defect or other circumstances indicate otherwise. In case of remedy, DÜPERTHAL shall not be required to bear the increased costs arising from shipping the goods to a location other than the place of fulfilment, provided that the shipping does not correspond to the designated use of the goods.

(3) The warranty period is one year from delivery of the goods. The shortened period does not apply:

In the case of culpably caused damage arising from injury to life, body or health and for other damage caused intentionally or through gross negligence and for which DÜPERTHAL is responsible;
To the extent that DÜPERTHAL has fraudulently concealed the defect or has assumed a guarantee for the quality of the goods;
In the case of goods that have been used for a building in accordance with their normal use and have caused its defectiveness;
In the case of statutory recourse claims which the customer has against DÜPERTHAL in connection with warranty rights.

(4) Any liability of DÜPERTHAL under the contractual relationship between DÜPERTHAL and the customer is excluded. This limitation of liability does not apply to liability for culpably caused damage due to injury to life, body or health of a person. This limitation of liability does also not apply in the event of damage caused through gross negligence or intent of DÜPERTHAL, nor in the event of a culpable breach of a material contractual duty by DÜPERTHAL.

(5) In case of a breach of a material contractual duty, DÜPERTHAL shall be liable in accordance with the statutory provisions, limited to the forseeable, typical occurring damage. This limitation of liability does not apply to liability for culpably caused damage due to injury to life, body or health of a person or to any intentional or grossly negligent breach of contract for which DÜPERTHAL is responsible. Damage not exceeding EUR 12,500.00 shall be deemed typical and foreseeable for the contract.

(7) Also, DÜPERTHAL is generally not be liable for any damage caused by a non-transmitted or incorrectly transmitted warning message as part of a remote monitoring system operated by the DÜPERTHAL connect application and/or a local alarm system operated by the DÜPERTHAL connect application, provided that the transmission error is attributable to the IT infrastructure of the customer or a third party.

(8) DÜPERTHAL accepts no liability for any errors or omissions. Determining valid measurement results, conclusions and measures derived from them are the sole responsibility of the customer or user. DÜPERTHAL accepts no liability for the accuracy of the measured values or measurement results. Furthermore, DÜPERTHAL accepts no liability for errors or damage resulting from using the measured values.

(9) DÜPERTHAL is generally not liable for damage resulting from misuse and/or improper handling of the application or the product by the customer or user. In this respect, the product- and application-specific information and instructions must be observed by the customer and user. Any use beyond the intended use of the application and/or the product is also considered misuse.

(10) In particular, the following applications are also considered misuse within the meaning of paragraph 8:

Use and storage of the device outside the technical limits.
Use of the device in potentially explosive or aggressive atmospheres.
Connecting incorrect sensors or unsuitable chargers. Only cables and extensions
approved by the manufacturer may be used.
Using damaged devices and sensors.
Penetration of moisture and liquids into the device.
Sterilising the device.
Independent maintenance or repair of the device. For maintenance and repair, the device must be sent to the manufacturer or a partner specified by the manufacturer.

(11) DÜPERTHAL accepts no liability for damage resulting from improper use of a product or application. Any warranty claims shall then also lapse. Liability for any damage to property or personal injury shall then be transferred to the operator.

(12) In addition, the product-specific warranty and liability regulations defined by DÜPERTHAL, which are provided in direct connection with the respective product, also apply.

§ 5 Right of retention and reservation of title

(1) The customer is only entitled to exercise any right of retention if their claim is based on the same contractual relationship.

(2) The goods remain the property of DÜPERTHAL until the purchase price of the respective product has been paid in full and until all claims arising from the current business relationship have been settled completely. Prior to the transfer of ownership of the reserved goods, pledging or transfer by way of security is not permitted. The customer is entitled to resell the goods in the ordinary course of business, if they wish to do so, but in this case the customer hereby assigns to DÜPERTHAL all claims in the invoiced amount that accrue to the customer from the resale, and DÜPERTHAL accepts such assignment. The customer is also authorised to collect the claim, but DÜPERTHAL reserves the right to collect the claim themselves if the customer does not properly meet their payment obligations. In the event the goods subject to retention of title are combined and mixed, DÜPERTHAL acquires co-ownership of the new item in the ratio of the invoice value of the goods subject to retention of title to the other processed items at the time of processing. DÜPERTHAL undertakes to release the securities to which DÜPERTHAL is entitled at the customer's request to the extent that the realisable value of these securities exceeds the claim to be secured by more than 10%. DÜPERTHAL is responsible for selecting the securities to be released.

§ 6 Final clauses

(1) General terms and conditions of the customer shall not apply to this contract. This shall also apply if such terms and conditions are not expressly contradicted.

(2) The customer is only entitled to offset if their claims are undisputed by DÜPERTHAL or have been legally established.

Version of the GTC: 2.2 | Date of the GTC: August 21^st, 2025