Terms and Conditions

General Terms and Conditions for autoadmits.com & Autoadmits

1. Scope of Application

1.1 The following General Terms and Conditions (“Agreement”) apply to all contracts and services rendered between and/or by autoadmits.com or Autoadmits (“Autoadmits”) and its customers (“Customer”) with regard to the use of Autoadmits products and Autoadmits services (hereinafter collectively “Services”). This Agreement constitutes a material part of each agreement unless expressly agreed otherwise in writing.

1.2 This Agreement and Conditions apply to any future business transaction between Autoadmits and the Customer, even without express reference thereto.

1.3 Any deviating terms and conditions of the Customer as well as any deviations and/or amendments to this Agreement shall only become part of this Agreement if they have been expressly acknowledged by Autoadmits in writing (email is sufficient). This Agreement also apply exclusively if Autoadmits has not explicitly objected any contrary terms and conditions.

1.4 Autoadmits reserves the right to modify this Agreement with effect for the future at any time. In this case, Autoadmits will notify the Customer of these changes. The changes shall be deemed to be accepted if the Customer does not object within three weeks after receipt of the amendment notification. Autoadmits will inform the Customer in its amendment notification about the Customer’s right to object and the effects of a lack of objection. If the Customer rejects the changes, Autoadmits has the right to terminate this Agreement.

2. Offer and Conclusion of a Contract

2.1 Offers by Autoadmits are subject to change. The subject matter of this Agreement are the Services as offered in the current service description at the time this Agreement is executed. Autoadmits reserves the right to make technical changes and improvements to the Services within a reasonable scope.

2.2 This Agreement between Autoadmits and the Customer is either executed upon signature of an individual order (“Insertion Order”) by Autoadmits and the Customer or, if applicable, online via Autoadmits’s Self Service portal.

a) Insertion Order In order to execute an agreement by means of an Insertion Order, the Customer must send the countersigned Insertion Order to Autoadmits by fax or by email (“Acceptance”). In addition to any provisions contained in the Insertion Order, this Agreement shall apply.

b) Self Service (if applicable) In order to execute an agreement online via Autoadmits’s Self Service portal, the Customer must register itself online with Autoadmits. The registration needs to be confirmed by Autoadmits by sending a confirmation email to the email address that was provided by the Customer. A right to claim registration does not exist; Autoadmits expressly reserves the right to reject a registration without stating reasons. The Customer’s Autoadmits user account will be activated by the user by clicking on the activation link. The user account is non-transferable. The Customer must keep the password secret and protect it against any wrongful use by unauthorized third parties.

The Customer can order the Services via its user account. Autoadmits offers different packages for its Services. The details for all available packages can be found in the Customer’s account.

Fee-based packages: To order a fee-based package, the Customer must choose a package and click on the button “Buy” in order to make a binding offer to order the Autoadmits package. Autoadmits will confirm the receipt of such order via email. However, such confirmation does not constitute an acceptance of the offer. The agreement between the Customer and Autoadmits will be executed by Autoadmits’s acceptance of the Customer’s offer in writing, via email or by making the Autoadmits software available. Autoadmits is not obliged to accept the Customer’s offer.

The Customer can change the chosen package via its user account. If the Customer reduces its package , the monthly fee will be reduced accordingly as per beginning of the next Term. If the Customer chooses to upgrade its package, the monthly fee will instantly be increased accordingly.

2.3 The Customer represents and warrants that all personal information as well as other relevant contractual data provided by customer during the conclusion of this Agreement is complete and correct. The Customer is obliged to promptly inform Autoadmits about any changes to this data and/or to update altered data in its user account. In the event of a culpable breach of this obligation, Autoadmits is entitled to suspend the Services upon giving prior notice.

2.4 The Customer is aware that contractual declarations (e.g. confirmation emails, amendments to this Agreement as well as other notifications) may be sent via email. They are deemed to have been received when they can be retrieved in the email inbox which was specified by the user during the registration under normal circumstances.

2.5 If the Customer has chosen a flat/unlimited package, it shall be prohibited from adding any of its subsidiaries, affiliates, group companies, other acquired companies, etc. (together referred to as 'Affiliates') to its flat account. Should an Affiliate want to make use of the Services under this Agreement, the Affiliate shall be required to execute a separate Insertion Order with Autoadmits.

3. Services

3.1 With its Services, Autoadmits offers the Customer software that aids in the analysis and optimization of mobile advertising campaigns and user activities on the internet.

3.2 Autoadmits shall render the contractual Services in accordance with the respective service description in effect at the time this Agreement is executed. Unless expressly specified otherwise in the respective service description, Autoadmits ensures the provision of the Services with an availability customary within the industry.

3.3 In case of unforeseen events, Autoadmits is entitled to suspend the Services for maintenance or repair purposes if this is necessary to ensure the proper operation of the Services.

3.4 Autoadmits is entitled to use the assistance of third parties in order to fulfill its contractual obligations.

4. Customer’s Rights and Obligations

4.1 The Customer is entitled to use the Services and the software provided by Autoadmits only for analysis and optimization of mobile advertising campaigns and user activities on the internet. If the Customer is provided with personal data whilst using the Services, the Customer may only process and use this data as far as this is legally permissible. The Customer also assures that the transfer of personal data from Autoadmits to the Customer is legally permissible within the agreed extent.

4.2 Customer must choose the correct settings for use of the Services and software if their services are directed to children.

4.3 The Customer agrees to keep the passwords and login data provided by Autoadmits for access to the Services confidential and to inform Autoadmits immediately as soon as the Customer becomes aware of unauthorized third parties gaining access to these passwords. If, due to the Customer’s fault, unauthorized third parties use any Services provided by Autoadmits by using the passwords, the Customer is liable to Autoadmits for usage fees and damages. The Customer must also obtain any necessary authorization to provide Autoadmits with login data containing personal data relating to their staff.

4.4 The Customer shall not make the Services provided by Autoadmits available to any third parties. In addition, the Customer shall not

4.5 Customer may not perform or attempt to perform any of the following in connection with the Services:

4.6 The Customer is aware that the product “Audience Builder” does not generate completely error-free segments in all cases. If the Customer transfers a segment generated this way to a chosen advertising partner, the Customer carries the risk that this segment corresponds content-related to the Customer’s expectations. Autoadmits is not liable for any defective segments, regardless of whether the error is within the responsibility of Autoadmits or not.

4.7 The Customer is obliged to use the HTML, JavaScript or other program code provided by Autoadmits without any modifications for its intended use.

4.8 If Autoadmits has protected its Services by technical means (e.g. security codes, firewalls, etc.), the Customer is not allowed to circumvent or remove such security measures.

4.9 The Customer is obliged to protect its own data by taking appropriate measures and by regularly making backups of its data.

4.10 The Customer must follow Autoadmits’s instructions as well as the protocols and specifications as requested by Autoadmits with regard to the telecommunication/data transmission.

4.11 During usage of the Services, Customer shall be prohibited from setting up Customer postbacks to any third party (including, but not limited to networks) with the exception of Customer postbacks to the Customer itself. Customer shall be solely liable to the fullest extent for any claims arising out of a violation of the foregoing.

5. Fees, Payment

5.1 The fees for the Services that the Customer makes use of are set out in the applicable Insertion Orders/order forms and/or Autoadmits’s current valid price list. Unless explicitly stated otherwise, all fees are quoted exclusive of the statutory value-added tax (VAT) applicable at the time. If the Customer places an order via its Customer account in the Self Service portal, Autoadmits accepts the payment methods as shown in the customer account (e.g. payment by credit cards). When paying by credit card, the credit card on file will be charged with the amount as indicated in the agreed order. Customers choosing Basic or Business Packages are obliged to conduct monthly payments via credit card. Basic and Business Customers may choose a different type of payment method (invoicing) only if they make a pre-payment of the agreed fees of at least 6 months.

5.2 Invoices will be sent to the Customer via mail or in electronic form, unless expressly agreed otherwise.

5.3 The payment of the invoices shall be due within 30 days of the invoice date. Customer is responsible for paying all fees applicable to the subscription to the Services, whether or not Customer actively used, accessed or otherwise benefited from the Service. In the event of the Customer’s default of payment, Autoadmits is allowed to charge default charges up to EUR 5,00, USD 5,00 or JPY 700,00 respectively as well as default interest in accordance with the statutory provisions. Autoadmits reserves the right to prove and assert greater damages due to default. If the Customer’s payments are considerably delayed, Autoadmits reserves the right to suspend the provision of any further Services, in particular the Customer’s access to the Services, at the expense of the Customer until all due payments have been made. In the event of suspended Services, the Customer is nevertheless obliged to pay the agreed fees until the point of suspension. In case of a suspension of the Services, the Term set out in Section 8 of this Agreement or in the Insertion order shall be extended for the respective time of the suspension. After having set the Customer a reasonable deadline and expiration of that deadline, Autoadmits has the right to terminate this Agreement with immediate effect. In case of returned direct debits or unpaid checks, the Customer shall reimburse Autoadmits for the costs incurred to the extent that the Customer was responsible for the event given rise to these costs. Further claims and rights to which Autoadmits may be entitled in this respect shall remain unaffected.

5.4 Any complaints relating to an invoice must be submitted to Autoadmits in writing or by email to hi@autoadmits.com within four weeks upon receipt of the invoice. If no such complaint has been made within four weeks upon receipt of invoice, the invoice is deemed to be accepted. Autoadmits will inform the Customer in the invoice about the consequences of failing to submit a timely complaint.

6. Grant of Rights, Ownership, Third Party Rights

6.1 Upon execution of this Agreement, Autoadmits grants the Customer the non-exclusive, non-transferable and non-sublicensable right to use the Services during the term of this Agreement, insofar as this is necessary to use the Services according to the respective Insertion Order or, if applicable, the respective order placed via the Self Service portal. The right of use shall expire once the Customer defaults with any payments due.

6.2 Autoadmits shall retain all intellectual property rights as well as any other property rights in and to the software, the Services as well as other services that are provided under this Agreement, including, patents, trademarks, source codes, databases, hardware and/or any other material (e.g. documentations, developments, functions, report templates, preparatory material, etc.).

6.3 The Customer undertakes to not violate any applicable laws, in particular third party rights (e.g. copyrights, personality rights, intellectual property rights) or the terms of this Agreement while using the Services. Insofar, the Customer shall indemnify and hold Autoadmits harmless from any and all third party claims (including but not limited to all costs and expenses, incl. reasonable attorney’s fees) that are being asserted against Autoadmits upon first request.

6.4 Unless otherwise agreed between the parties, Autoadmits is entitled to refer to the collaboration with the Customer and the contractual product and to depict the Customer’s logo for self-promotional purposes.

7. Liability

7.1 Autoadmits shall be responsible that the Services correspond to their intended use. Autoadmits does not assume any liability for any damages resulting from a usage other than the intended use. The same applies to any damages resulting from a usage that is not in accordance with Autoadmits’s instructions and recommendations or any other unauthorized usage.

7.2 Upon receipt of the Services, the Customer is obliged to immediately notify Autoadmits of any obvious defects in writing whereas timely dispatch shall suffice to keep the term. The Customer will provide Autoadmits with all documents necessary for the analysis and debugging attempts and will provide Autoadmits with access to the Customer’s servers, if necessary.

7.3 Autoadmits does not assume any liability for any disturbances, limitations, interruptions or disruptions of the Services which are caused by circumstances beyond Autoadmits’s area of responsibility.

7.4 Autoadmits shall only be liable for any damages which can be attributed to a willful or gross negligent violation of a duty by Autoadmits, its legal representatives or employees, as a result of grave organizational neglect or which are based on defects of a warranted quality of the Services, pursuant to the statutory provisions. This limitation shall not apply to any damages resulting from injury of life, body or health.

7.5 The aforementioned liability provisions shall apply accordingly to Autoadmits’s employees and agents.

7.6 Any claims for damages arising from a slight negligence by Autoadmits shall become time-barred within one year upon occurrence of the damage. This limitation shall not apply to any damages resulting from injury of life, body or health. All other claims for damages shall become time-barred within the statutory period.

7.7 The Customer is obliged to indemnify Autoadmits from any third party claims that may have arisen as a result of the Customer unlawfully using the data provided by Autoadmits. The indemnity obligation does not apply insofar as the claim is based on a gross negligent or intentional breach of a duty by Autoadmits. In addition, Customer indemnifies Autoadmits from any third-party claims arising on first demand arising from Customer's breach of the obligations set out in 10.3.

7.8 The Autoadmits Systems shall be available at least 99,8 % of the annual mean. Autoadmits points out that the services may be interrupted or disrupted by circumstances beyond Autoadmits’s area of responsibility, including but not limited to acts of third parties that do not act on Autoadmits’s behalf, technical conditions of the internet that Autoadmits cannot influence or force majeure. If such circumstances interfere with the availability or functionality of the Services provided by Autoadmits, this has no effect on the contractual conformity of the Services provided by Autoadmits.

7.9 Customer assumes sole and exclusive responsibility to carry out such actions as it deems appropriate as a result of the Output Data. “Output Data” means the various reports, analytics, and other types of information and data that the Service may generate, provide or make available to Customer. Autoadmits has no responsibility or liability, regarding Customer’s reliance upon, or use of, the Output Data, Customer’s actions or omissions in connection with the Output Data, or any consequences resulting therefrom.

8. Term, Termination

8.1 The term of this Agreement is determined in the Insertion Orders or, if applicable, the order form in the Self Service portal.

8.2 In case the Customer has chosen a fee-based package in accordance with Section 2.2 b) ii) above, the term of this Agreement shall be concluded for twelve (12) consecutive months and extended for (twelve 12) months on a rolling basis (every twelve months hereinafter referenced as a “Term”). Each Party has the right to terminate a Term by giving 30 days notice to the end of each Term. The termination must be made in writing and be submitted via mail. If applicable, in case the Customer chooses to upgrade the chosen package, the parties agree that an upgrade shall not lead to an extension of the Term but shall instead roll into the existing Term. The right to immediate termination for cause shall remain unaffected. In particular, Autoadmits has the right to immediately terminate this Agreement

8.3 Upon termination of this Agreement, the Customer is obliged to delete all copies of the codes that were provided by Autoadmits.

8.4 The notice of termination is excluded prior to the end of the Term. If the Customer terminates this Agreement disregarding such exclusion, then the Customer shall be subject to a contractual penalty in the amount of the outstanding payments.

9. Confidentiality

9.1 The parties shall keep all documents, information and data which have been disclosed during the course of the cooperation strictly confidential during the term of this Agreement and for 3 years thereafter. The parties undertake to use the same degree of care in safeguarding the documents, information and data of the other party that is used for its own confidential information, but a least with the due care of a prudent business man. All such documents, information and data shall be used exclusively to perform the contractual services.

9.2 These confidentiality obligations also apply to documents, information and data that relate to companies affiliated with the parties, other cooperation partners or contractors and to documents, information and data about customers and sales representatives of the parties.

9.3 These confidentiality obligations do not apply to documents, information and data that are in the public domain or later become part of the public domain through no breach of contract by a party, is required to be disclosed by operation of law, court or administrative order or that has been subsequently exempted from this confidentiality obligation by an agreement in writing, per fax or via email.

10. Data Protection

10.1 The Customer is obliged to comply with the applicable data protection law when using the Services and software and any requirements provided by the Apple App Store and/ or Google Play Store.

10.2 Pursuant to art. 28 European General Data Protection Regulation (“GDPR”), the processing of personal data by Autoadmits on behalf of the Customer requires a written agreement (“Data Processing Agreement”). The Customer hereby commissions Autoadmits to process personal data on its behalf by concluding a separate agreement in accordance with the scope and the conditions of the annex “Contractual Terms and Conditions for Data Processing”.

10.3 The Customer is responsible to obtain and maintain valid consents from all their end-users, as may be necessary (if at all) under applicable law (including data protection or data processing laws and regulations) to process their personal data in the manners and for the purposes set forth in this Agreement.

10.4 The Customer must choose the correct settings for use of the Services and software if their services are directed to children. Specifically, Customer must limit the collection and processing of personal data regarding children and obtain any necessary consent where required by law including art. 8 GDPR and the US Children’s Online Privacy Protection Act (“COPPA").

11. Final Provisions

11.1 Place of performance and exclusive place of jurisdiction for all disputes between the parties shall be Berlin if the Customer is a merchant, a legal entity under public law or a special fund under public law. Berlin shall also be the exclusive place of jurisdiction if the Customer does not have a general place of jurisdiction in Germany, if the Customer, once it has concluded the contract, moves its domicile out of Germany or whose domicile is unknown at the time the lawsuit is filed.

11.2 Any modifications and or amendments of offers and this Agreement must be made in writing (email is sufficient). This also applies in case of a nullification of the written form requirement.

11.3 If any provision of this Agreement or part thereof is invalid or becomes invalid at a later time, the validity of the remaining provisions shall remain unaffected. The relevant provision shall be replaced by a provision that as closely as possible reflects the economic purpose of the invalid provision. The foregoing shall apply analogously if any provision has inadvertently been omitted.

11.4 Unless expressly agreed otherwise, the legal relationship between Autoadmits and the Customer shall be governed by and construed in accordance with German law.

11.5 Autoadmits has the right within the scope of the contractual purpose to process the data that was provided in accordance with applicable data protection law, or to commission third parties.

11.6 In case of a merger or acquisition, Customer is nevertheless obliged to fulfil all of its obligations under this Agreement. Termination shall only be possible in accordance with section 8 of this Agreement.

Annex “General Terms and Conditions for Data Processing”

1. Scope of Application

The Contractual Terms for Data Processing (“Contractual Terms”) contain the parties’ obligations with regard to data protection, which arise in connection with the commission of autoadmits.com (hereinafter “Processor”) by the contracting party (hereinafter “Controller”) pursuant to article 28 Regulation (EU) 679/2016 (“GDPR”). The scope covers all tasks pursuant to the service description of these Contractual Terms during which the Processor’s employees or third parties commissioned by the Controller come into contact or could come into contact with personal data.

2. Service Description

2.1. The Processor processes data on behalf on the Controller. Data Processing is the collection, use, retention, alteration, transmission, blocking or deletion of personal data by the Processor on behalf of the Controller. For this purpose, device and connection data are read out when visiting a website and when interacting with online advertisements and are stored for the recognition of a user as well as for tracking his usage behavior.

2.2. The purpose of the collection of this data is the processing of data for analyzing the user activities of end-users and thus optimizing the advertising campaigns of the Controller. The Data Processing includes the following data:

If applicable, the data will also be passed on to third parties if the Controller instructs the Processor to do so.

2.3 If applicable, for the Unbotify Product (Unbotify in-app bot detection) and/or the Fraud Prevention Suite feature the following data will be processed in addition to the data mentioned in section 2.2:

The purpose of the collection of this data is the processing of data for the provision of a platform for detecting fraudulent activities made by users of Controller’s service, including maintenance, support, enhancement, and deployment of the same.

2.4 If applicable, for the Acquired.io Product, the following data will be processed: User Data

Customer Data

Data collected from accounts in third party services (including, but not limited to any advertising channels), which includes the following:

3. Affected Persons (Data Subjects), Responsibility

3.1. The group of data subjects affected by the processing of their data within this commission includes in particular the users who visit the Controller’s app/website, therefore clients and prospective clients and for the Acquired.io Product, the employees of the Controller who make use of the Services set out in the Service Agreement.

3.2. The Controller shall be solely responsible for compliance with the applicable data protection laws, in particular regarding the data transfer to the Processor and the data processing. Due to this responsibility, the Controller shall be entitled to request the deletion or return of the data during and after the term of the agreement.

4. Controller’s Rights and Obligations

4.1. The Controller and the Processor are each responsible for compliance with the applicable data protection laws regarding the data to be processed.

4.2. The Controller shall promptly inform the Processor if he discovers any errors and/or irregularities with regard to the applicable data protection laws during his control of the results of such data processing.

4.3. The Controller has audited the proper processing of his data as well as the technical and organizational measures taken by the Processor on site, and shall continue to audit the compliance of such measures and document the results of such audits in writing during the term of the agreement. Proof of such measures, which concerns not only the specific contract, may be provided by certificates, reports or report extracts of independent instances (e.g. auditor, revision, data protection officer, IT security department, data protection auditors, quality auditors) or by a suitable certification by IT security or data protection audits.

4.4. The Controller shall be obliged to inform its customers about the nature and scope of the data processing, the content and lifespan of the cookies and about all rights related thereto in a comprehensive manner in its privacy policy.

4.5. Upon the expiration of the agreement, the Controller shall be obliged to decide whether the data is to be returned or deleted within a reasonable time period set by the Processor.

4.6. Controller shall be obliged to keep a record of processing activities in accordance with art. 30 GDPR with Processor mentioned as the recipient of data set forth in 2.2, 2.3. and/or 2.4.

5. Processor’s Obligations

5.1. The Processor shall process data only within the scope of the Controller’s instructions as contractually agreed (art. 28 para. 3 GDPR). Instruction shall mean the written instruction issued by the Controller to the Processor that directs the Processor to perform a specific action with regard to personal data. Such instructions are specified within the scope of these Contractual Terms and can thereafter be modified, amended or substituted by the Controller by separate written instructions (“Individual Instruction”). Verbal instructions are immediately confirmed by the Controller (at least in text form).

5.2. Where a data subject directly addresses the Processor, the Processor shall immediately forward this request to the Controller. Insofar as it is included in the scope of services, the erasure policy, ‘right to be forgotten’, rectification, data portability and access shall be ensured by the Processor in accordance with documented instructions from the Controller without undue delay.

5.3. Processor shall promptly inform the Controller pursuant to art. 28 para. 3 subpara. 2 GDPR if he believes that an Instruction is in violation of data protection law.

5.4. The Processor shall design its internal corporate organization to ensure compliance with the specific requirements of data protection within the Processor’s area of responsibility and the protection of the rights of the data subjects affected. In particular, the Processor shall implement the technical and organizational measures as stipulated in Section 6 herein to adequately protect the data from misuse and loss in accordance with art. 28 para. 3, art. 32 GDPR.

5.5. The Processor has chosen a data privacy officer in writing, who carries out its activities pursuant to art. 38 and 39 GDPR.A change of the data protection officer shall be communicated to the Controller without delay.

5.6. The Processor entrusts only such employees with the data processing outlined in this contract who have been bound to confidentiality and have previously been familiarized with the data protection provisions relevant to their work. The Processor and any person acting under its authority who has access to personal data, shall not process that data unless on instructions from the Controller, which includes the powers granted in this contract, unless required to do so by law

5.7. The Processor shall promptly inform the Controller in the event of a serious interruption of the operating schedule, suspicion of data protection breaches or any other irregularity related to the processing of the Controller’s data.

5.8. The Processor and the Controller shall cooperate with the supervisory authority on request in carrying out their tasks. Insofar as the Controller is subject to an inspection by the supervisory authority, an administrative or summary offence or criminal procedure, a liability claim by a data subject or by a third party or any other claim in connection with the order or contract data processing by the Processor, the Processor shall make every effort to support the Controller.

5.9. All data carriers provided to Processor as well as any copies thereof remain the Controller’s property. The Processor shall store such data carriers with diligence and protect them against unauthorized access by third parties. The Processor shall be obliged to inform the Controller about its data and records at any time.

5.10. The Processor shall be obliged to delete any test and scrap material in accordance with the applicable data protection laws upon an instruction issued by the Controller on a case-by-case basis. In specific cases the Processor shall hand over such material to the Controller or store on the Controller’s behalf upon request of the Controller.

5.11. Upon the expiry of this agreement, the Processor shall be obliged to hand over to the Controller all personal data that was provided with regard to the commission that has not been processed or deleted yet or to provide proof of their proper deletion.

5.12. The Processor shall assist the Controller in complying with the obligations concerning the security of personal data, reporting requirements for data breaches, data protection impact assessments and prior consultations, referred to in articles 32 to 36 of the GDPR. These include ensuring an appropriate level of protection through technical and organizational measures that take into account the circumstances and purposes of the processing as well as the projected probability and severity of a possible infringement of the law as a result of security vulnerabilities and that enable an immediate detection of relevant infringement events, the obligation to report a personal data breach immediately to the Controller, the duty to assist the Controller with regard to the Controller’s obligation to provide information to the Data Subject concerned and to immediately provide the Controller with all relevant information in this regard, supporting the Controller with its data protection impact assessment, supporting the Controller with regard to prior consultation of the supervisory authority.

5.13. The Processor may claim compensation for support services which are not included in the description of the services and which are not attributable to failures on the part of the Processor.

6. Technical and Organizational Measures

6.1. Before the commencement of processing, the Processor shall document the execution of the necessary technical and organizational measures, set out in advance of the awarding of the order or contract, specifically with regard to the detailed execution of the contract, and shall present these documented measures to the Controller for inspection. Upon acceptance by the Controller, the documented measures become the foundation of the contract. Insofar as the inspection/audit by the Controller shows the need for amendments, such amendments shall be implemented by mutual agreement.

6.2. The Processor shall establish the security in accordance with art. 28 para. 3 point c, and art. 32 GDPR in particular in conjunction with art. 5 para. 1, 2 GDPR. The measures to be taken are measures of data security and measures that guarantee a protection level appropriate to the risk concerning confidentiality, integrity, availability and resilience of the systems. The state of the art, implementation costs, the nature, scope and purposes of processing as well as the probability of occurrence and the severity of the risk to the rights and freedoms of natural persons within the meaning of art. 32 para. 1 GDPR must be taken into account.

6.3. The technical and organizational measures are subject to technical progress and further development. In this respect, it is permissible for the Processor to implement alternative adequate measures. In so doing, the security level of the defined measures must not be reduced. Substantial changes must be documented. The technical and organizational measures to adequately protect the Controller’s data include:

a) Confidentiality (art. 32 para. 1 point b GDPR)

b) Integrity (art. 32 para. 1 point b GDPR)

c) Availability and Resilience (art. 32 para. 1 point b GDPR)

d) Procedures for regular testing, assessment and evaluation (art. 32 para. 1 point d GDPR; art. 25 para. 1 GDPR)

7. Correction, Blocking and Deletion of Data

7.1. Copies or duplicates of the data shall never be created without the knowledge of the Controller, with the exception of back-up copies as far as they are necessary to ensure orderly data processing, as well as data required to meet regulatory requirements to retain data.

7.2. After conclusion of the contracted work, or earlier, upon request by the Controller, at the latest upon termination of this agreement the Processor shall hand over to the Controller or – subject to prior consent – destroy all documents, processing and utilization results, and data sets related to the contract that have come into its possession, in a data-protection compliant manner.

7.3. If a data subject contacts the Processor directly to request the correction or deletion of his data, the Processor shall promptly forward this request to the Controller. If, under the provisions of the data protection law, the Controller is obliged to provide an individual with information on the collection, processing or use of the personal data, the Processor shall assist him in the provision of this information provided the Controller has requested the Processor to do so in writing and shall reimburse the Processor for the costs incurred.

7.4. Documentation which is used to demonstrate orderly data processing in accordance with the order or contract shall be stored beyond the contract duration by the Processor in accordance with the respective retention periods. It may hand such documentation over to the Controller at the end of the contract duration to relieve the Processor of this contractual obligation.

8. Controller’s Right of Inspection

8.1. Upon prior timely notification, the Controller shall be entitled to assure himself of the adequateness of the technical and organizational measures taken by the Processor on the Processor’s premises during the regular business hours and without interrupting the business operations.

8.2. The Processor shall ensure that the Controller is able to verify the compliance of the Processor with the obligations pursuant to art. 28 GDPR. The Processor undertakes to give the contracting authority the necessary information on request and, in particular, to demonstrate the implementation of the technical and organizational measures. The Processor is entitled to claim compensation for the possibility of inspections by the Controller.

9. Subcontractors

9.1. Subcontracting for the purpose of this agreement is to be understood as meaning services which relate directly to the provision of the principal service. This does not include ancillary services, such as telecommunication services, postal / transport services, maintenance and user support services or the disposal of data carriers, as well as other measures to ensure the confidentiality, availability, integrity and resilience of the hardware and software of data processing equipment. The Processor shall, however, be obliged to make appropriate and legally binding contractual arrangements and take appropriate inspection measures to ensure the data protection and the data security of the Controller's data, even in the case of outsourced ancillary services.

9.2. The Processor shall be entitled to subcontract the Processor’s obligations to third parties. The Processor must inform the Controller prior to each deployment of a subcontractor and any intended change in relation to the involvement or replacement of any subcontractors. The Controller then has the right to oppose the use of such subcontractors within three weeks. The Processor may fulfill his obligation to inform the Controller by updating the list of subcontractors in this section. The Processor will initially use the following subcontractors:

9.3. If the Processor engages subcontractors, the Processor is obliged to pass on the contractual obligations hereunder to such subcontractors. In particular, the contract with the subcontractor shall include audit and inspection rights for the Controller in accordance with the terms of this agreement. Upon the Controller’s written request, the Controller shall also be entitled to receive information about the essential terms of the contract and the implementation of the data protection obligations by the subcontractor, e.g. by reviewing the relevant agreement.

9.4. The transfer of personal data of the Controller to the subcontractor and its first-time action are only permitted if all the prerequisites for subcontracting are met. The term of this agreement as well as the right of termination are determined by the agreement between the parties pursuant to Autoadmits’s General Terms and Conditions and the respective offer and/or assignment by the Processor.

10. Term

The term of this agreement as well as the right of termination are determined by the agreement between the parties pursuant to Autoadmits’s General Terms and Conditions and the respective offer and/or assignment by the Processor.

11. Compensation

The compensation for all services to be rendered pursuant to these Contractual Terms is included in the compensation agreed upon between the parties within the offer and/or the assignment. The parties agree that the provisions on the limitation of liability as included in Autoadmits’s General Terms and Conditions shall analogously apply.

12. Miscellaneous

12.1. In the event that the Controller’s data is endangered due to a levy of execution or confiscation, insolvency proceedings or any other events and/or third party measures, the Processor shall promptly notify the Controller. The Controller hall promptly notify all people who are responsible in this context of the Controller having retained ownership of these data.

12.2. Any modifications and or amendments of these Contractual Terms must be made in writing (email is sufficient). This also applies in case of a nullification of the written form requirement.

12.3. If any provision of these Contractual Terms is invalid, the validity of the remaining provisions shall remain unaffected.

12.4. The legal relationship between the Controller and the Processor shall be governed by and construed in accordance with German law. Exclusive place of jurisdiction shall be the Processor’s domicile to the extent permitted by law.

13. We operate with our Hosting Providers

We host with our hosting providers instead of handing our data to cloud services. This means we have total control of our client's user data.

14. We uphold the right to be forgotten

According to Art. 17 GDPR, users can request to have their personal data deleted at any time. This means that if you receive a request for account information deletion – this would have to be forwarded to us in order to fully comply with the request. This can be done by implementing either of the following solutions:

15. What's considered personal data?

According to Art. 4 para. 1 GDPR, personal data includes various digital identifiers as ‘personal data’. Previously, name, photos, email and so on, were typical identifiers. Now, this list has expanded to include specifically:

If your users consent to be tracked, you must protect this data.

16. A deletion policy, record of processing activities, Data Processing Agreement and TOMs

These are only some of the GDPR requirements (articles 17, 28, 30 and art. 32 para. 4). Our Technical and Organizational measures include for example:

Pursuant to Art. 28 GDPR, the processing of personal data by Autoadmits on behalf of the client requires a written agreement, containing each party’s obligations with regard to data protection. Such a Data Processing Agreement is concluded with all our clients before the provision of our services. While the content on this page is designed to help you understand the GDPR when working with third parties, the information contained should not be construed as legal advice. You should consult with your own legal counsel with respect to interpreting your unique obligations under the GDPR and the use of a company's products and services to process personal data. For more information on our GDPR compliance, get in contact with our privacy team - hi@autoadmits.com.