Preamble
The tr8fin GmbH (hereinafter referred to as "Provider") operates a digital platform (hereinafter referred to as "tr8fin") for the initiation and brokerage of financing and insurance solutions for export transactions. The offer is directed exclusively at commercial users (hereinafter referred to as "Exporter" or "User") with their registered office in the territory of the Federal Republic of Germany.
The platform works by connecting exporters with the most important partners in the export business, which can include any importers, credit insurers or other platforms and affiliated banks. Third parties are involved in the analysis of the economic circumstances of the parties concerned.
Via tr8fin, the user has the possibility to process his export transactions with the partners involved in a structured and largely standardised manner. The platform supports, among other things, the calculation of offers, communication between the parties involved, balance sheet analysis, application for export insurance and the forfaiting of the covered customer receivables. The connected partners can use the platform to make the user appropriate offers for their services. For the preparation of the offer, all data and information collected by the user and relevant to the offer are forwarded to the connected partners. Each user decides whether he wants to accept the offer and thus applies for the conclusion of a business transaction via the platform with the corresponding partners.
These General Terms and Conditions ("GTC") contain the general rules for the use of the services offered via the platform and through the contractual relationship between the partners. A current version of the usage can be viewed, downloaded, saved or printed out at any time via the link https://tr8fin.de/#nutzungsbedingungen.
§ 1 Scope of application
1.1 These General Terms of Use (hereinafter referred to as "Terms of Use") apply to the provision of tr8fin by tr8fin GmbH, Weiherstraße 10, 53560 Vettelschoß for use by entrepreneurs within the meaning of § 14 of the German Civil Code (BGB) based in the Federal Republic of Germany.
1.2 The tr8fin offer is expressly not directed at consumers; consumers are prohibited from using it. The provider is entitled to demand suitable proof from the user that he is acting in the exercise of his commercial or self-employed professional activity when using tr8fin.
1.3 tr8fin is a web application intended for temporary online use. Users can appl tr8fin in particular to support the search for partners to handle an export transaction. With the tr8fin offer, the provider is merely acting as a technical service provider for the user.
1.4 Any terms and conditions of the user that deviate from or supplement these Terms of Use shall not become part of the contract, even if the provider should provide services without contradicting them. Already existing contracts between the user and companies acting as partners in the sense of the platform are not affected by the user contract and these terms of use and remain valid without restriction.
1.5 The provider is entitled to change the terms of use at any time. The user will be informed in time about new versions of the terms of use. The User has the right to object to the changes within four (4) weeks after receipt of the notification. If the User does not object, the changes are considered as accepted after the expiry of the objection period and the contract of use is then continued under the amended terms of use. The user will be specifically informed of this consequence when the changes are announced. If the User objects to the changes, the Operator is entitled to terminate the User Agreement with a notice period of two (2) weeks for extraordinary reasons.
§ 2 Begriffsbestimmung
The following definitions apply within these terms of use:
Authentication tool
Describes the entirety of passwords, access codes and security features assigned by the user himself, which grant the user access to the software via a web interface.
Registration
Creation of a customer account and allocation of a user name (e-mail) and password.
Transfer point
Is the interface to the contractual service and responsibility area of the provider; unless otherwise agreed, the transfer point is located at the router exit of the provider's data center commissioned with hosting.
Access data
Describes the user name of the user and his password for access to tr8fin.
§ 3 Conclusion of contract
3.1 The presentation of tr8fin on the website does not yet constitute a legally binding offer. In order to use tr8fin, registration is required, in the course of which these conditions of use and the data protection provisions must be expressly accepted. By completing its registration, the user submits a binding offer to conclude the contract of use. Before doing so, he can check his data once again and make corrections if necessary.
3.2 After completion of the registration, the provider sends an automatic confirmation of receipt by e-mail. The contract of use comes into effect with the activation of the user's access to tr8fin. The use of the platform is basically free of charge. If business transactions and contracts are concluded via tr8fin, these services may be chargeable.
3.3 The user can call up the data provided during registration as well as the current v ersion of the terms of use and data protection regulations at any time within his account. The contract of use is concluded in German.
§ 4 Scope of services and functions of tr8fin
4.1 The provider provides tr8fin to the user via the Internet during the term of the contract within the framework of the agreed availability (see 4.3 below) and ready for operation. There is no local installation of software on the user's IT system. The functional scope of tr8fin was described in this preamble and is explained in the application. tr8fin acts here as a pure intermediary and is not responsible for the offers of importers or partners. A scope of functions beyond this is not owed. Technical data, specifications and performance data in public statements, in particular in advertising media, are not guarantees or statements of quality. Updates of tr8fin are made available to the user centrally during the term of the contract; updates may also include new or modified functions without restricting the essential scope of functions of tr8fin.
4.2 The offer of the provider includes the possibility of bringing together exporters and other partners necessary for export financing (e.g. trade credit insurers). The provider assumes no liability for the underlying transaction that may come about. The mediation is expressly not guaranteed. The actual brokerage service is subject to a fee. The costs for the user are only incurred if the cover note is issued by the credit insurer. The costs are shown separately on https://tr8fin.de/#preis-leistungsverzeichnis.
4.3 The provider does not have any obligations of safekeeping or care beyond the hosting of the data transmitted and processed by the user. The user himself is responsible for observing the commercial and fiscal storage obligations and periods.
4.4 The provider guarantees an availability of tr8fin (including access to the data stored by the user) at the transfer point of 95% on a calendar year average. Non-availability is to be assumed if tr8fin is not available to the user due to circumstances which are the responsibility of the provider. In particular, non-availability is not to be assumed if tr8fin is not available due to
- incorrect operation or use by the user contrary to the terms of the contract,
- planned and announced maintenance work, technical problems outside the provider's sphere of influence (e.g. with the Internet connection outside the computer centre) or
- higher forces
is not available. The provider will carry out planned maintenance work during off-peak times (e.g. in the evening or at weekends) if possible. In urgent cases (e.g. importing an important security patch) the platform is not available even at short notice during normal business hours.
4.5 The provider can temporarily restrict access to tr8fin for individual or all users if the security of the platform's operation, the maintenance of network or data integrity or the avoidance of serious disruptions or imminent data loss so require. In making such a decision, the provider will take reasonable account of the legitimate interests of the users, inform the users immediately of the measures taken and will do everything reasonable to remove the access restriction as soon as possible.
4.6 For questions regarding the technical functioning and operation of tr8fin, the provider or a third party commissioned by the provider will provide all users with a support hotline that can be reached by e-mail, telephone and webchat. The contact details and also the times the support can be reached are stored on the tr8fin website. The hotline serves solely to support users in the use of the services owed under the contract. Inquiries to the hotline are processed in the order in which they are received. No binding response times have been set for support.
4.7 As part of the continuous improvement and further development of tr8fin, new functions may be added and/or functions may be modified or partial functions may be excluded during the term of the contract, as long as this is reasonable for the user and does not jeopardise the achievement of the purpose of the contract.
4.8 With regard to the information retrieved or offered by third parties via tr8fin (e.g. insurance or financing) or offers requested (e.g. financing of export transactions), the services of the provider are limited to transmitting this data, information or offers from the third party to the user and providing the technical and organisational requirements for the transmission. The provider has no influence on the transmitted information and offers, and does not check their correctness, completeness or topicality. Such third parties also do not act as vicarious agents.
§ 5 Involvement of third parties
5.1 The provider is entitled to have the contractually agreed services rendered in whole or in part by third parties as subcontractors (vicarious agents), whereby the provider remains directly obligated to the user at all times. In particular, the Provider commissions a subcontractor to host tr8fin and the user's data. The subcontractor, for its part, is entitled to engage further subcontractors, in particular an external computer centre operator, as vicarious agents. The computer centre with the hosted user data is always located within the European Union (EU) or the European Economic Area (EEA).
5.2 The subcontractor commissioned by the Provider with hosting is entitled to exercise or fulfil the rights and obligations of the Provider arising from or in connection with the contract of use in the name of the Provider.
§ 6 Responsibility of the user
6.1 The user is responsible for ensuring that the technical system requirements necessary for the contractual use of tr8fin are met with regard to the hardware and software used by him and his Internet connection. The latest version of the most common web browsers such as Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Edge or Microsoft Internet Explorer 11 is required. The establishment and maintenance of the data connection between the user's IT system and the transfer point is the responsibility of the user.
6.2 The user must provide complete and correct information in the course of registration or when requesting offers or applying for services. The provider may request additional information to verify the user, if the provider considers this necessary, e.g. to comply with legal or contractual regulations. If the information provided by the user during registration should change subsequently, the user is obliged to correct this information himself without delay within tr8fin. If it is not possible to correct information within tr8fin, the changes to user data must be sent to tr8fin by e-mail. tr8fin or partners involved reserve the right to check the information.
6.3 When registering, the user must choose a password for access to tr8fin. The password must comply with the provider's specifications for secure passwords, which the user will be informed of when registering. In order to use tr8fin, the user must identify himself as an authorised user by entering the access data assigned during registration.
6.4 The user shall not use or employ tr8fin for illegal purposes or purposes not covered by the contract, shall not manipulate it and shall not upload any data or content that could damage, manipulate or steal computer programs, data or information or that could burden or otherwise jeopardise the infrastructure of the provider or its subcontractors with disproportionately large data volumes.
6.5 The user is in particular responsible for checking whether tr8fin is suitable for the proper processing of his data and the purposes intended by the user.
6.6 At the time of uploading, the User grants the Provider a free, sub-licensable, non- exclusive right to use the data and content uploaded by the User on the Platform, which is limited in time and space to the duration of the User Agreement. The right of use is limited in terms of content to use (in particular reproduction) for the purpose of fulfilling the contract. The user assures that he has the necessary rights to the data and content uploaded by him and that the use of the data and content by the provider within the framework of the use of tr8fin does not infringe the rights of third parties.
§ 7 User's duties of care and notification
7.1 The user is obliged to establish the technical connection to tr8fin in such a way that spying out the access data and unauthorised access to tr8fin via his account is avoided. Before entering the access data and the authentication instruments, the user has to check that the Internet address, the so-called URL of tr8fin (www. tr8fin.de ) or relevant subdomains (e.g. exporter.tr8fin.de and importer.tr8fin.de) is displayed in the address bar of his browser.
7.2 The user must keep his access data and his authentication instruments secret and only enter them in the input fields specified by the user guidance on the tr8fin web site in order to transmit them to the provider. He must protect his access data and authentication instruments against access by unauthorised third parties (e.g. by storing them in encrypted form).
7.3 The user may not respond to a request by e-mail or telephone to enter access data or authentication instruments outside the input mask provided on the tr8fin web site for entering the security feature. The provider or an authorized third party will never ask the user by e-mail or telephone to provide his access data or authentication instruments.
7.4 The user must ensure that commercially available security measures (such as anti- virus program and firewall) are installed on his IT system and that these and the system and application software used are regularly updated. The user alone is responsible for the system requirements for the use of tr8fin (e.g. hardware, infrastructure, telecommunication connections).
7.5 If the user notices the loss or theft, misuse or other unauthorized use of an authentication instrument or access data or suspects that an unauthorized person has obtained an authentication instrument or access data without authorization, the user must inform the provider immediately.
§ 8 Blocking access to tr8fin
8.1 The provider has to block the user's access to tr8fin immediately at the user's instigation, in particular in the cases of § 7.5.
8.2 If the user has agreed a service from tr8fin that is subject to a charge and if the user is in arrears with the payment of a substantial part of the agreed payment, the provider is entitled, after prior reminder and threat of blocking, to block the access of the user to tr8fin until all open and due claims have been settled in full. Further rights of the provider due to the delay in payment, especially claims for payment of default interest at the statutory rate, remain unaffected.
8.3 In the event of a breach by the user of one of his obligations regulated in §§ 6 and 7, in particular in the event of justified suspicion of illegal or improper use of tr8fin, the provider is entitled to temporarily block the user's access to tr8fin. When deciding on blocking, the provider will take appropriate account of the legitimate interests of the user. The provider will inform the user about the blocking as far as possible before, but at the latest immediately after the blocking by e-mail, stating the relevant reasons, as far as this is legally permissible.
8.4 The provider will lift a block (and reset the access data if necessary) if the reasons for the block no longer apply. It shall inform the user of the lifting of the block. If the user wishes to have a self-initiated block lifted, he must inform the provider of this.
§ 9 Commission and terms of payment
9.1 The brokerage commission to be paid by the user is calculated on the basis of the order value of the basic transaction brokered, which is covered by the credit insurer (either a state export credit insurance agency or a private credit insurance company) and the agreed commission rate. The basis for the commission rate is the current price and product list, which is available on the tr8fin website (https://tr8fin.de/#preis-leistungsverzeichnis).
The commission is due when the cover note is finally issued by the credit insurer and the insurance premium has been charged to the user by the credit insurer. The commission shall also be due if the credit insurer subsequently revokes the commitment for a reason for which the provider is not responsible..
9.2 Independent of tr8fin, the provider can offer further additional services. A separate, additional fee is payable for this, which is listed in the current price and product list. Additional services are displayed to the user and must be confirmed by the user.
9.3 All prices are subject to the statutory value added tax applicable at the time. Invoices are due for payment within fourteen (14) days of receipt, unless another due date is stated on the invoice.
§ 10 Granting of rights of use
10.1 The copyrights and other industrial property rights to the software on which tr8fin is based remain exclusively with the provider or its licensors in relation to the user. All property rights, copyrights and other protective rights to data and databases are and remain with the provider, even if they were created or have been created with the cooperation of the users.
10.2 The user is granted the non-exclusive, non-transferable and non-sublicensable right, limited to the term of the user contract, to use tr8fin exclusively for himself. Third party access to tr8fin via the user's access is not permitted. Furthermore, tr8fin may only be used by the user for the fulfilment and support of his own business purposes; the intended use of tr8fin is otherwise specified in the description on the tr8fin website.
10.3 All rights beyond this, in particular the right to reproduce, distribute (in any form) including renting, editing, making publicly available (on the intranet or Internet) and the right to use tr8fin for or by third parties remain with the provider or its licensors.
§ 11 Claims of the user due to defects
11.1 The provider guarantees that tr8fin corresponds to the description on the tr8fin web site and is free of third party industrial property rights that prevent or restrict the contractual use by the user. Functional impairments of tr8fin resulting from the user's hardware or software environment, incorrect data, improper use or other circumstances arising from the user's area of responsibility do not constitute a defect.
11.2 Should a (material or legal) defect occur, the user will inform the provider of this. Defects in tr8fin will be remedied by the provider during the term of the user contract within a reasonable period of time (e.g. in the context of the next update) within the scope of maintenance and repair obligations. If the rectification of the defect finally fails and if this is an important reason for the user, the user is entitled to terminate the contract of use extraordinarily without observing a period of notice. Further claims of the user remain unaffected. The Provider shall pay damages only within the limits of § 12.
11.3 If third parties assert claims against the user on the basis of the use of tr8fin due to the infringement of their industrial property rights, the user will inform the provider of this immediately. The provider is entitled to conduct the dispute with the third party alone, both in and out of court. If the provider makes use of this authorization, which is at his discretion, the user will support the provider to a reasonable extent in the defense against the claims of the third party. The user will not acknowledge the claims of the third party on his own initiative. Otherwise, § 11.2 apply accordingly to defects of title.
§ 12 Liability
12.1 For defects already existing at the time of the conclusion of the contract, the provider is only liable, in deviation from the legal regulation of § 536a BGB, if the provider is responsible for such defects.
12.2 If the provider provides services to the user without remuneration, e.g. the storage of data or the transfer of data to a possible partner, the provider is only liable for intentional and grossly negligent breaches of duty.
12.3 In all other respects, the provider shall pay damages or compensation for futile expenditure, regardless of the legal grounds, only to the following extent:
- in the case of intent and gross negligence in the full amount;
- in all other cases only in the event of a breach of a material contractual obligation,
which is essential for achieving the purpose of the contract and on whose fulfilment the user may therefore rely, limited to compensation for typical and foreseeable damage.
12.4 In the event of data loss, the provider is only liable for the damage that would have occurred even if the user had made regular and proper electronic data backups, unless the provider has caused the data loss intentionally or through gross negligence.
12.5 The legal liability for personal injury according to the Product Liability Law and other mandatory legal regulations remains unaffected by the above provisions.
§ 13 Data transmission to third parties
The protection of privacy is extremely important to the provider. tr8fin undertakes to handle this data in a trustworthy and responsible manner and will not pass it on, or only pass it on with the express permission of the user, unless the provider is obliged to do so for legal reasons.
13.2 Compliance with the legal provisions on data protection is also a matter of course when working with third parties. With the following data protection notices we inform users which exemplary data our service providers receive, process and use when the user uses tr8fin.
|
Service provider
|
Data scope
|
Intended use
|
|
Euler Hermes SA, 56 avenue des Arts, 1000 Brüssel, Belgien; hier vertreten durch die deutsche Niederlassung: Friedensallee 254, 22763 Hamburg, Deutschland)
|
Exporter master data (e.g. company name, address), underlying transaction data (e.g. volume, country, importer)
|
Calculation and preparation of an offer for trade credit insurance
|
|
Prof. Schuhmann GmbH, Weender Landstraße 23, 37073 Göttingen
|
Master data of the importer and exporter
|
Provision of creditworthiness information
|
|
Verband der Vereine Creditreform e.V., Hellersbergstraße 12, 41460 Neuss
|
Master data of the exporter
|
Identification of the exporter and verification of the master data
|
|
COMPEON GmbH, Am Wehrhahn 100, 40211 Düsseldorf
|
Exporter master data (e.g. company name, address), underlying transaction data (e.g. volume, country, importer)
|
Search for a suitable financial partner
|
|
finstreet GmbH:, Friedrich-Ebert-Straße 113, 48153 Münster
|
Exporter and importer master data (e.g. company name, address), data on the underlying transaction (e.g. volume, country, importer), partner data
|
Administrator of the IT platform, provision of the service desk, IT development
|
|
Freshworks GmbH, Alte Jakobstraße 85/86, 10179 Berlin
|
Contact person (name), e- mail address, telephone
|
Ticket system for customer support (service desk)
|
If it is necessary in the case of a data transfer that the user must accept the corresponding conditions of the data recipient for the further processing of data, the user will be informed separately before the transfer.
§ 13 Data protection provisions
13.1 Within the scope of their responsibilities when using tr8fin, the parties undertake to comply with the relevant data protection regulations, in particular those of the EU Data Protection Basic Regulation ("DS-GVO"), the Federal Data Protection Act ("BDSG") and the Telemedia Act ("TMG"). Personal data must be protected in accordance with the statutory data protection regulations. Personal data within the meaning of Article 4 No. 1 of the DPA is any information relating to an identified or identifiable natural person (so-called "person concerned"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, on-line identification, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Insofar as the user enters personal data from third parties in tr8fin or has this done by third parties, the user is responsible to tr8fin for this and ensures that this is permitted under the applicable data protection regulations. Furthermore, the user is responsible for assessing the admissibility of the processing in accordance with Art. 6 Para. 1 DS-GVO and for safeguarding the rights of the data subjects in accordance with Art. 12 to 22 DS-GVO. The provider will immediately forward such requests to the user if they are recognizably directed exclusively to the user. The provider will cooperate to the necessary extent in the fulfilment of the rights of the data subjects in accordance with Articles 12 to 22 of the DS-GVO by the user, in the compilation of the lists of processing activities and in any necessary data protection impact assessments of the user and will provide the user with appropriate support to the extent possible.
13.2 The provider processes personal data exclusively in accordance with these terms of use, whereby the (brokerage) orders placed by the user in tr8fin are considered instructions and are documented in electronic format. Any further data processing requires the consent of the user or a legal basis. Such a legal basis exists, for example, if the provider is obliged to process the data in a different way by German or EU law (e.g. due to investigations by criminal prosecution or state security authorities). In such a case, the processor shall notify the controller of these legal requirements prior to the processing operation, unless the law concerned prohibits such notification on grounds of an important public interest. Details on the data collection and processing by the provider result from the "Information on data protection" of the provider.
13.3 The provider supports the user in complying with the obligations regarding the security of personal data, notification obligations in the event of data breaches, data protection impact assessments and prior consultations as set out in Articles 32 to 36 of the DS- GVO. These include :
- ensuring an adequate level of protection by technical and organisational measures that take into account the circumstances and purposes of the processing operation and the predicted probability and seriousness of a possible breach of the law through security breaches and allow for the immediate detection of relevant breach events
- the obligation to report violations of personal data to the user
- the obligation to assist the user in the context of his duty to inform the data subject and to provide him with all relevant information in this connection without delay
- supporting the user for his data protection impact assessment
- the support of the user in the context of prior consultations with the supervisory authority
13.4 For support services that are not due to misconduct of the provider, the provider can claim compensation.
13.5 The provider shall ensure a level of protection of the rights and freedoms of data subjects commensurate with the risks represented by the processing. To this end, the protection objectives of confidentiality, availability and integrity of the systems and services, as well as their resilience with regard to the type, scope, circumstances and purpose of the processing operations are taken into account in such a way that the risk is permanently mitigated by appropriate technical and organisational measures. The implementation of the technical and organisational measures is described in detail in the Appendix "Technical and organisational measures".
13.6 To this end, the provider shall carry out continuous checks on the data processing. The Provider shall prove the compliance and effectiveness of the technical and organizational measures taken as well as the compliance with these data protection provisions in the form of certificates or test certificates issued by independent bodies such as auditors, data protection and/or quality auditors or professional associations upon request by the User. This obligation of the provider to provide evidence is limited to the sending of the certification document.
13.7 The user shall receive further information, in each case against reimbursement of the costs thereby incurred, and shall be entitled to check the technical and organisational measures taken and compliance with these data protection provisions to the appropriate and necessary extent (also by third parties commissioned by the user). This can be done in particular by obtaining information.
13.8 The provider will only use personnel who are bound to data secrecy when processing data. The provider will only make the data provided internally known to those employees who are charged with the fulfilment of the contract between the user and the provider.
13.9 The provider has appointed a company data protection officer who carries out his or her activities in accordance with the requirements of data protection law.
13.10 As far as data protection laws require, the provider will correct, delete or block personal data. In particular, the provider undertakes to delete all data transmitted by the user after the purpose of the contract has been fulfilled, but at the latest when the contract ends. Deviating from this, the Provider is entitled to store data, which serve as proof of the proper execution of the contract, according to the respective storage and limitation periods beyond the end of the contract.
13.11 The provider shall structure contractual arrangements with subcontractors entrusted with the processing of personal data in such a way that they comply with the data protection provisions of this Agreement. Subcontractors within the meaning of this regulation provide such services that are directly related to the provision of the main service of tr8fin. This does not include ancillary services which the provider uses, for example, as telecommunication services, postal/transport services, maintenance and user service or the disposal of data carriers as well as other measures to ensure the confidentiality, availability, integrity and resilience of the hardware and software of data processing systems. However, in order to guarantee data protection and data security of the User's data, the Provider shall take appropriate and legally compliant contractual agreements and control measures to ensure that the User's data is protected even in the case of outsourced ancillary services.
§ 14 Term and termination
14.1 The contract of use runs for an indefinite period. The remuneration obligation is based on § 9 and is independent of the use of the tr8fin platform. The User may terminate the User Agreement at any time with a notice period of four (4) weeks to the end of the next calendar month. The Provider may terminate the contract of use with a notice period of four (4) weeks to the end of the (calendar) quarter.
14.2 The right of both contractual partners to an extraordinary termination of the contract of use for good cause remains unaffected. An important reason for the provider is especially given if the user has been involved with the payment of invoices for a longer period of time. is more than one (1) month in default or if he/she violates essential contractual obligations in any other way and does not stop this violation within one (1) week even after a corresponding request by the Provider.
14.3 Any termination can be made in writing or by e-mail.
14.4 If the user or the provider terminates the contractual relationship, the user's data will be deleted in accordance with the statutory provisions. The provider is neither entitled nor obliged to store, archive and/or make available for access by the user the user's data beyond the specified period. The user's consent to the deletion of his data is hereby deemed to have been given.
14.5 The provider is not entitled to any rights of retention or lien with regard to the user's data.
§ 15 Final provisions
15.1 The contracting parties agree that the provider can communicate with the user electronically, i.e. e.g. by e-mail to the e-mail address provided by the user in the context of his registration for tr8fin. Unless otherwise agreed in these Terms of Use, all notifications and declarations (e.g. regarding changes to these Terms of Use, cancellations, help with questions, etc.) may be sent to the e-mail address provided by the user. The user agrees to receive corresponding messages and declarations unencrypted by e-mail. Alternatively, the user can also receive the messages by post. A letter to the address of the provider is sufficient. If the provider provides services to the user without any remuneration being due, e.g. the use of the tr8fin platform without the actual mediation, the provider is only liable in this respect for intentional and grossly negligent breaches of duty.
15.2 An assignment or transfer of contractual rights and obligations by the user to third parties requires the prior written consent of the provider. An assignment or transfer of contractual rights and obligations by the Provider to affiliated companies within the meaning of §§ 15 ff. AktG, §§ 270 et seq. HGB is also possible without the consent of the user.
15.3 If the user is a merchant and the dispute arising from the contract of use is attributable to the operation of his commercial business, Linz shall be the exclusive place of jurisdiction. The same applies to a legal entity under public law and to special funds under public law.
15.4 Should individual provisions of these terms of use or other provisions of the contract of use be or become invalid, or should the contract contain a loophole, the validity of the remaining provisions shall not be affected. In place of the invalid or missing provision, the contracting parties shall agree on a valid provision that comes as close as possible to what they had economically intended at the time the contract was concluded.
Annex "Technical and organisational measures
1. Confidentiality (Article 32(1)(b) of the DS-GVO)
• Access control
Measures to deny unauthorised persons access to data processing equipment with which personal data are processed:
Unauthorised persons shall be denied access to the offices where personal data are processed. At all office locations, access is only permitted to authorized employees. The access to the office buildings is secured with a locking system. There is a key regulation with documented issue and return.
• Access control
Measures to prevent data processing systems from being used by unauthorised persons: All workstations and services are protected by at least one access control system (user name/password).
Systems will be provided with a password policy, if technically possible. The structure and lifetime of passwords are regulated by guidelines (according to the IT basic protection catalogue).
The data on the employees' computers is completely encrypted and can only be decrypted by the user.
Data is only transmitted via selected channels and is encrypted and protected by suitable measures. No personal or non-anonymous data is transmitted via non-encrypted channels. Data dependent on the channel is protected as follows:
• Mail: Encryption of the transmission path (TLS) depending on the user
• Phone: No encryption
• • Access control
Measures to ensure that persons authorised to use a data processing system can only access the data subject to their access authorisation and that personal data cannot be read, copied, altered or removed without authorisation during processing:
Each employee can only access the data required for the performance of his or her duties with the authorization assigned to him or her.
Developers in 3rd level support only have access to fictitious test data. Personnel charged with fault clearance can access real data to the extent that this is necessary to solve the problem. All employees have undertaken in writing to observe data secrecy (§ 5 BDSG).
There is no public traffic in the offices. If customers, suppliers or craftsmen come to the company, they are always accompanied by one or more employees.
The prescribed destruction of paper documents containing personal data is carried out in accordance with DIN 32757 at least with security level P-4.
• Separation control
Measures to ensure that data collected for different purposes are processed separately:
The data of the client and other clients are processed by different employees as far as possible.
There is a dedicated authorization concept that takes into account the separate processing of data from the sold-to party from data from other clients.
2. Integrity (Art. 32 (1) lit. b DS-GVO)
• Transfer check
Access to servers and central systems used by the company is carried out via encrypted connections whenever technically possible. For systems that allow third parties to enter data, an encrypted access option is also always provided. So that we can guarantee data integrity, authenticity and security against unauthorized access. Among other things, SSH tunnels or SSL secured connections are used for this purpose.
• Forwarding control
Measures to ensure that personal data cannot be read, copied, altered or removed without authorisation during electronic transmission or during their transport or storage on data carriers, and that it is possible to check and establish to which points personal data are to be transmitted by data transmission equipment:
If possible, data is transmitted exclusively in encrypted form (see point Access control). Unauthorized reading, copying, modification or removal of data during transmission is prevented during encrypted transmission (via HTTPS, SSH, TLS or VPN connection).
A physical dispatch of data carriers is not planned. This means there is no risk of loss of physical data carriers and there is no misuse of transported data.
Data required for demonstrating the request or for testing the application are reduced to the minimum necessary for processing the request before they are transferred to the ticket system, i.e. the data are anonymised as far as possible or at least pseudonymised.
• Input control
measures to ensure that it is possible to verify and establish a posteriori whether and by whom personal data have been input, altered or removed from data processing systems:
The processing of personal data is logged. This clearly allocates and documents which personal data has been changed, removed or entered by which processor.
3. Availability and capacity (Art.32(1)lit. b and c DS-GVO)
• Availability control and rapid recoverability
Measures to ensure that personal data is protected against destruction or loss:
All workstations are equipped with anti-virus software that is automatically updated and carries
out regular checks.
An incremental data backup (synchronization) is performed daily and stored in different fire compartments. Additional measures for availability control are listed in the technical and organizational measures of subcontractors (ISO 27001 certified).
• Reliability
The systems used are regularly tested, checked and updated. Where external systems are used, care is taken to ensure appropriate guarantees for regular inspection and updating by the operator. Error messages from employees or customers are checked, controlled and corrected if necessary as fast as possible. Before new systems, tools or functions are introduced, they are extensively tested by several expert employees.
The backup processes are documented and the recovery of individual backups is tested on a random basis in order to have familiar and functioning procedures at hand in case of a necessary recovery. If errors occur in the backup process, the responsible employees are automatically informed.
• Data integrity
While transmission control ensures data integrity during transmission and storage or data carrier control ensures the integrity of the data on the storage media, the integrity of data is additionally ensured by redundant backup systems that run physically separated from each other independently.
4. Procedures for regular review, assessment and evaluation (Art. 32 (1) lit. d DS-GVO; Art. 25 (1) DS-GVO)
• Data Protection Management
The contractor has appointed an external company data protection officer and ensures through the data protection organisation that he is appropriately and effectively integrated into the relevant operational processes. Regular reviews are carried out by the company data protection officer. These are documented.
• Data protection-friendly default settings (Art. 25 (2) DS-GVO)
• Deletions in the systems used for processing can be carried out (deleteability).
• Only the data required according to the specifications of the client will be processed.
• Order control
Measures to ensure that personal data processed on behalf of the client are only processed in accordance with the client's instructions:
The data submitted for processing will only be processed within the scope of the client's instructions and in particular will not be passed on to unauthorized third parties. The following measures, among others, will be implemented to ensure this:
• Conclusion of an agreement on order processing or EU standard contractual clauses
• Reviewing other documentation and research results that allow an assessment of the reliability of a subcontractor
• Control of the execution of the contract
The processing of personal data is only guaranteed according to the instructions of the client and is determined by written agreements on data protection between the client and the contractor.
Information on data protection
Information under Articles 13, 14 and 21 of the basic data protection regulation
General information
In the following we inform you about the processing of your personal data ("data") by tr8fin GmbH and the claims and rights to which you are entitled according to the data protection regulations.
1. Who is responsible for data processing and whom can I contact?
The responsible site is: tr8fin GmbH (hereinafter also referred to as "we", "us" or "tr8fin"), Weiherstraße 10, 53560 Vettelschoß, Germany. You can reach our company data protection officer at: tr8fin GmbH, data protection officer, Weiherstraße 10, 53560 Vettelschoß, datenschutz@tr8fin.de
2. 2. What sources and data do we use?
We process personal and company-related data that we receive from you in the course of our business relationship (e.g. company data entered by you, customer and supplier data). In addition, we process - as far as necessary for the provision of our services - personal data which we have received from other third parties (e.g. Prof. Schuhmann GmbH) in a permissible manner (e.g. for the execution of orders, for the fulfilment of contracts, on the basis of legitimate interests or on the basis of a consent given by you).
Relevant personal data are personal details (name, address and other contact details, date and place of birth and nationality). Furthermore, this may also include data from the fulfilment of our contractual obligations (e.g. framework data of export contracts, payment transaction data, data of importers), advertising and sales data (including advertising scores), documentation data, register data and other comparable data.
Relevant company-related data, which may also be personal data, include balance sheet dates, sales revenues, net income, depreciation, interest expense and comparable data.
3. What do we process your data for (purpose of processing) and on what legal basis?
We process your data in accordance with the provisions of the European Data Protection Basic Regulation ("DSGVO") and the Federal Data Protection Act ("BDSG"):
3.1 To fulfil contractual obligations (Art. 6 para. 1b DSGVO)
The processing of personal data (Art. 4 No. 2 DSGVO) is carried out to execute our contracts with you and to execute your orders. Further details on the purpose of data processing can be found in the tr8fin terms of use.
3.2 In the context of balancing interests (Art. 6 para. 1f DSGVO)
As far as necessary, we process your data beyond the actual fulfilment of the contract in order to protect the legitimate interests of us or third parties. Examples:
- Examination and optimization of procedures for demand analysis and direct customer approach;
- advertising or market and opinion research, unless you have objected to the use of your data;
<
- Assertion of legal claims and defence inl egal disputes;
- Efficient central data processing within tr8fin or a commissioned third party;
- Ensuring IT security and IT operation;
- Measures for business management and further development of services and products.
- We will not process the personal data collected and processed for the purposes of product information or transfer them to third parties without your consent. However, we will make the data anonymous and aggregate it. We will evaluate this anonymous and aggregated data for product information purposes in order to determine which products may be of interest to our customers' business operations and then, if possible, provide them with the corresponding product information on the basis of these evaluations.
3.3 Based on your consent (Art. 6 para. 1a DSGVO)
If you have given us your consent to process personal data for specific purposes (e.g. transfer of data within the group/corporate group or to third parties, evaluation of data for advertising purposes), the legality of this processing is based on your consent. A given consent can be revoked at any time. Please note that the revocation is only effective for the future. Processing operations that took place before the revocation are not affected.
3.4 Due to legal requirements (Art. 6 para. 1c DSGVO)
We are also subject to various legal obligations, i.e. legal requirements (e.g. commercial law, tax laws). The purposes of the processing include the fulfilment of fiscal control and notification obligations.
4. 4. Who gets my data?
Within the responsible body, those bodies receive your data that need it to fulfil our contractual and legal obligations. Processors commissioned by us (Art. 28 DSGVO) may also receive data for these purposes. These are companies in the following categories: credit services, IT services, logistics, insurance, printing services, telecommunications, debt collection, consulting and advisory services, and sales and marketing.
We may only pass on information about you to recipients outside the responsible body if this is permitted or required by law or if you have given your consent. Under these conditions, recipients of personal data may be, for example
- The other companies named in the data protection information to which we transfer personal data in order to carry out the business relationship with you (see above, Section 3.1) or to safeguard legitimate interests (see above, Section 3.2: Testing and optimisation of procedures for analysing requirements and addressing customers directly, advertising or market and opinion research, assertion of legal claims and defence in legal disputes, efficient central data processing, ensuring IT security and IT operation, measures for business management and further development of services and products)
- Other credit and financial service institutions or comparable institutions to which we transfer personal data for the purpose of conducting business with you. Other data recipients may be those entities for which you have given us your consent to transfer data.
5. 5. How long will my data be stored?
As far as necessary, we process and store your personal data for the duration of our business relationship, which for example also includes the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods of retention or documentation specified there are two to ten years.
Finally, the storage period is also assessed according to the statutory limitation periods, which can be up to thirty years, for example, according to §§ 195 ff. of the German Civil Code (BGB), with the regular limitation period being three years.
6. Is data transferred to a third country or to an international organisation?
Data will only be transferred to third countries (countries outside the European Economic Area - EEA) if this is necessary for the execution of your orders, is required by law or if you have given us your consent. We will inform you separately about details, if required by law.
7. What data protection rights do I have?
Every data subject has the right of access under Art. 15 DSGVO, the right of rectification under Art. 16 DSGVO, the right of deletion under Art. 17 DSGVO, the right to restrict processing under Art. 18 DSGVO and the right to data transferability under Art. 20 DSGVO. Furthermore, there is a right of appeal to a data protection supervisory authority (Art. 77 DSGVO).
8. Is there an obligation for me to provide data?
Within the scope of our business relationship, you only need to provide us with the personal data that is necessary for the establishment and execution of a business relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or execute the order, or we will no longer be able to execute an existing contract and may have to terminate it.
9. To what extent is there automated decision-making in individual cases?
No decisions on the conclusion of a contractual relationship will be based on automated processing of personal data for the purpose of evaluating individual personality traits.
10. Information about your right of objection according to Art. 21 DSGVO
10.1 You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 paragraph 1 letter f of the Basic Data Protection Regulation (data processing based on a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4 No. 4 of the DPA, which we may use for advertising purposes. If you object, we will no longer process your personal data, unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
10.2 In individual cases, we process your personal data in order to carry out direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising, including profiling, as far as it is related to such direct marketing.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
11. Special Information tr8fin Web Application
11.1 Which connection data is automatically collected?
The data that we store and analyse is used exclusively for statistical purposes, for example to enable us to continuously improve our services.
Every time a user accesses tr8fin, the following data is automatically transmitted to the tr8fin web server for technical reasons:
Address of the requesting device
Date and time of access
Name and URL of the retrieved file
Amount of data transmitted
Access status (file transferred, file not found etc.) Identification data of the browser and operating system used Name of the provider of the user's Internet access
If applicable, the website from which access is made
This data is collected, processed and used for the purpose of enabling the use of tr8fin (connection establishment), system security and the technical administration of the network infrastructure. A comparison with other databases or a transfer to third parties, even in extracts, does not take place. The legal basis of the processing is Art. 6 para. 1 b DSGVO.
11.2 Which cookies are used?
We use cookies on our tr8fin web application. If you wish to do without the advantages of our cookies, you can read in the help function of your browser how to set your browser to prevent it from accepting new cookies or to delete existing cookies. There you will also learn how to block your browser for all new cookies or which settings you have to make in order to receive an indication of new cookies.
The legal basis of the processing is Art. 6 para. 1 f DSGVO. The authorization of tr8fin results from the fact that on the one hand tr8fin is interested in the evaluation of the app data for the purpose of page optimization. On the other hand, the justification arises from the fact that a data subject may reasonably foresee, at the time of collection of the personal data and in the light of the circumstances in which it is carried out (in particular the measures mentioned above), that processing for this purpose may be carried out.
11.3 Google Analytics
tr8fin uses Google Analytics, an analysis service of Google Inc. "( Google ). Google Analytics uses so-called "cookies", text files which are stored on your device and which enable an analysis of your use of tr8fin. The information generated by the cookie about your use of tr8fin is usually transferred to a Google server in the USA and stored there. However, in the event of activation of IP anonymisation on tr8fin, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. On behalf of the operator of tr8fin, Google will use this information to evaluate your use of tr8fin, to compile reports on tr8fin activities and to provide further services to the tr8fin operator in connection with the use of tr8fin and Internet use. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.
You can prevent Google Analytics from collecting them by making the appropriate settings on your device.
Further information on terms of use and data protection can be found at
http://www.google.com/analytics/terms/de.html or
https://www.google.de/intl/de/policies/. We would like to point out that tr8fin Google Analytics has been extended by the code "anonymizeIp" to ensure anonymous recording of IP addresses (so-called IP masking).
The legal basis for the processing is Art. 6 Para. 1 f DSGVO, whereby the entitlement of tr8fin results from the fact that, on the one hand, tr8fin has an interest in the evaluation of the data for the purposes of page optimisation and, on the other hand, a data subject can reasonably foresee at the time of the collection of the personal data and in view of the circumstances under which it takes place (in particular the above-mentioned measures) that processing for this purpose may possibly take place.
11.4 Use of Google Adwords Conversion Tracking
We use the online advertising program "Google AdWords" and within the framework of Google AdWords the conversion tracking. Google Conversion Tracking is an analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). When you click on an ad placed by Google, a conversion tracking cookie is placed on your computer. These cookies lose their validity after 30 days, do not contain any personal data and therefore do not serve for personal identification.
If the cookie has not expired, Google and we can recognize that you clicked on the ad and were redirected to this page. Every Google AdWords customer receives a different cookie. This means that there is no way that cookies can be tracked via the websites of AdWords customers.
The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. This tells customers the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive information that can be used to identify users personally.
If you do not wish to participate in the tracking, you can object to this use by preventing the installation of cookies through a corresponding setting in your browser software (deactivation option). They are then not included in the conversion tracking statistics. Further information as well as the Google privacy policy can be found at:
http://www.google.com/policies/technologies/ads/,
http://www.google.de/policies/privacy/.
