1. General Terms and Conditions
1. General Provisions
These General Terms and Conditions (GTC) shall govern the usage of the services offered by LAPIXA GmbH through our user interface (“LAPIXA Monitorer”) as well as the retention of LAPIXA GmbH and their legal service providers regarding the legal pursuit of copyright infringements. The service is operated by LAPIXA GmbH, Dircksenstrasse 40, 10178 Berlin, Telephone: +49 (30) 208 984 210, email@example.com, hereinafter referred to as “LAPIXA”.
1.1 “Principal” within the meaning of these GTC shall be persons who use the “LAPIXA Monitorer” and the services associated therewith.
1.2 “Image”, “Images” or “Image Files” within the meaning of these GTC shall be photographs and photographic works within the meaning of the copyright.
1.3 The “LAPIXA Monitorer” shall be the system of LAPIXA that discovers the uploaded Images on the Internet and displays these “Matches” in the user account through the user interface.
1.4 The following Terms and Conditions shall apply to all contracts, declarations of intention, and legal acts of LAPIXA related to the services offered through the Internet presence.
The Principal shall warrant and guarantee to be the holder of the image rights and shall grant licenses regarding the use of these Images for a remuneration. The Principal shall act in their capacity as an entrepreneur and shall act in the exercise of their commercial or freelance independent activities when concluding the contract, and shall not be a consumer within the meaning of Section 13 of the German Civil Code [Bürgerliches Gesetzbuch, BGB].
In contrast to the consumer, the entrepreneur within the meaning of Section 14 of the German Civil Code shall be an individual or a partnership with a legal personality that acts in the exercise of their commercial or independent professional activities when entering into a legal transaction. In principle, there shall be such an activity if the service is offered on the market systematically and permanently for a remuneration. In that context, the intention of profit-making shall not be of importance. Entrepreneurial activities that constitute secondary occupations shall also be covered by the term “entrepreneur”.
The Principal intends to detect unauthorised uses of their Images on the publicly available Internet with the help of the LAPIXA service. Infringements of licenses and the copyright revealed in this way will be legally pursued by a legal service provider retained by LAPIXA. The offer of LAPIXA is exclusively addressed to entrepreneurs within the meaning described above. LAPIXA does not provide any legal consultation, in particular regarding the classification of copyright infringements.
2. Registration and Opening of a Customer Account
2.1 In order to use the services of LAPIXA, the registration and opening of a customer account shall be required.
2.2 Competitors or their employees shall not be permitted to register and open a customer account.
2.3 The following mandatory information shall be required for opening an account with LAPIXA: surname, name, and email address. LAPIXA will use the indicated email address for future communication. In addition, direct advertising for similar LAPIXA services will on occasion be sent there. The customer shall be permitted to object to this type of usage at any time.
2.4 After having entered the data, you will receive an email from LAPIXA containing a confirmation link related to your email address. Once you have confirmed the email address, the registration is completed. By completing the registration and granting your consent to the General Terms and Conditions of LAPIXA, a contract regarding the use of the LAPIXA Monitorer shall be concluded. From that time, you may access your customer account within the LAPIXA Monitorer and use our services by entering your login data.
2.5 The mandatory information required for the registration shall be declared fully and truthfully. LAPIXA shall reserve the right to delete customer accounts, which have been opened using pseudonyms or incorrect information, without stating any reasons for this. Any changes regarding the personal user data shall be registered in your customer account without delay.
3. The LAPIXA Monitorer
3.1 The LAPIXA Monitorer shall be the user interface of LAPIXA for the automated image search on the Internet. LAPIXA shall not assume any guarantee for the fact that all infringements of image rights committed on the Internet will be detected by means of this search.
3.2 The Principal shall be permitted to upload up to 2000 Images to the LAPIXA Monitorer free of charge, which will then be monitored by the search technology. Monitoring more than 2000 Images shall only be possible after consultation with LAPIXA.
4. Main Obligations of the Principal | Conclusion of a Contract
4.1 The Principal shall warrant to LAPIXA to be the author of the submitted Image Files and/or to hold the corresponding exclusive rights to use the Image Files.
4.2 The Principal shall undertake to submit to LAPIXA only Images that are included in the scope of protection of Section 2, subsection 1, number 5 or Section 72 of the German Copyright Law [Urheberrechtsgesetz, UrhG] and regarding which the entitlement may be proven in each individual case by presenting the original file as well as by completely proving the exclusive rights of use (so-called “chain of title”). In the case of asserting the rights arising from Section 13 of the German Copyright Law (identification of the author), the Principal shall warrant to be the holder of these rights.
4.3 The Principal shall provide LAPIXA with a carefully maintained list (if available) indicating all licensees that LAPIXA has knowledge of (so-called “Whitelist”), and shall keep this list up-to-date. This shall mean that the Principal shall submit to LAPIXA information of any possible subsequent licensing by means of an updated Whitelist and without delay.
4.4 The Principal shall upload the Images to be searched for to the LAPIXA Monitorer themselves. Furthermore, the Principal shall be permitted to upload the Images by means of FTP access provided by LAPIXA.
4.5 In the case that in the view of the Principal, their rights are infringed by the corresponding images (matches) detected by LAPIXA, the Principal may mark these matches in the LAPIXA Monitorer (match confirmation and case release) and in this way initiate a legal pursuit (subsequent licensing / license analogy / warning). By means of case releasing, the Principal shall be deemed to submit a binding offer regarding the conclusion of a contract governing the legal pursuit of copyright infringements. This shall not result in an obligation of LAPIXA to take any kind of action. Instead, LAPIXA shall be permitted to perform any legal pursuit at their own discretion. LAPIXA shall accept the case either by express declaration or by documenting the case and retaining a lawyer. The request of any further records or information shall still not constitute a declaration of acceptance. For the purpose of determining the possible license-related damage [Lizenzschaden], the license fee model of the Principal shall be taken into consideration and the respective license fees shall be determined. The Principal shall have the opportunity to substitute the value of the Mittelstandsgemeinschaft Fotomarketing (MFM) estimated by the system with their usual license fees via their customer account. The license fees shall have an amount that is within the scope of their own license model and the usual market prices and shall be provable upon request. In the case that the Principal does not determine the amount of the receivable, LAPIXA shall calculate these by means of the MFM image fees (license analogy).
In the case that infringements of rights are pursued in foreign countries, LAPIXA shall determine the amount of the receivable on the basis of the respective national legal framework.
4.6 Provided that the Principal receives payments arising from the legal pursuit, the Principal shall be obliged to report these payment receipts to LAPIXA without delay and to pay the respective amounts to LAPIXA in accordance with the remuneration agreement.
4.7 In the case that the Principal renegotiates assigned claims for damages, which have already been asserted, with the infringer/debtor without LAPIXA’s consent (e.g. reductions within the scope of settlements), LAPIXA shall be permitted to take the originally indicated license amount as a basis for the calculation regarding their own claims.
4.8 In the case that a license claim arises between the Principal and the infringer on the basis of a negotiation related to a subsequent licensing, LAPIXA shall also be entitled to calculate the remuneration on the basis of the net amount received. Any further claims by the legal service providers shall remain unaffected hereof.
5. Legal Pursuit and Transfer of Rights
5.1 LAPIXA shall assume on behalf of the Principal the documentation – which shall be in accordance with the legal requirements – of the detected infringements of rights by means of a so-called documentation of matches, whereby it is possible to prove the respective infringement of the image rights vis-à-vis infringers and in court and to enforce claims in that regard. For that purpose, the Principal shall assign the claims arising from the infringements of rights (principal and ancillary claims) to LAPIXA at the time at which the case is released. LAPIXA shall assume the assignment. Subsequent to the termination of the contract or in the case of § 4.8, the rights shall be automatically retransferred to the Principal without any further agreement being required. The Principal shall assume the retransfer already now. LAPIXA shall not perform any legal consultation and for the debt collection, LAPIXA shall retain legal service providers authorised for that purpose.
5.2 LAPIXA shall be entitled to notify third parties of the assignment and to disclose the assignment in relation to these for the purpose of the legal pursuit.
5.3 For these cases, the Principal shall grant LAPIXA during the term of the respective contract a non-exclusive, sublicensable, and transferable right of use, which shall be unlimited in terms of location, to the provided image material so that LAPIXA may pursue the damage claims in their own name and may perform any possible subsequent licensing in accordance with § 4.5. LAPIXA shall assume the transfer.
5.4 The Principal shall continue to be permitted to further use and exploit the provided image material. In that context, the Principal shall be obliged to notify LAPIXA of any transfer of rights of use performed after the conclusion of the respective contract.
5.5 LAPIXA shall be permitted to transfer and grant to third parties in whole or in part the rights transferred in accordance with these GTC. This shall particularly include granting subsequent licensing regarding the provided image material and asserting respective payments of license fees as well as granting a respective discount at their own discretion and entering into a settlement while taking into consideration the economic interest of both parties. Furthermore, LAPIXA shall be permitted to initiate at their reasonable discretion the assertion of the rights by third parties (e.g. debt collection companies, lawyers) as well as any other extrajudicial collection activities regarding the payment of damages and/or the subsequent licensing that are necessary for achieving the license fee payments by the infringers of image rights.
5.6 In the case that the extrajudicial debt collection efforts initiated by LAPIXA through legal service providers should remain completely or partially unsuccessful, LAPIXA shall – if there is a corresponding prospect of success – retain at their own discretion and at their own expense a lawyer regarding the enforcement of the claims in court. In such cases, the lawyer and LAPIXA shall enter into the client-lawyer relationship. LAPIXA shall prosecute an action on the basis of transferred rights and shall assume the litigation risk.
5.7 After the retention of the lawyer, LAPIXA shall inform the holder of the rights about the current states of affairs.
5.8 In the case that LAPIXA’s assessment of the prospect of success changes subsequent to the retention of a lawyer (e.g. due to a changed legal framework, the practise of the courts, new circumstances), LAPIXA shall be permitted to cancel the legal pursuit at their own discretion. If the legal pursuit is cancelled, LAPIXA shall be permitted to decide at their own discretion until the commencement of the oral proceedings whether the proceedings shall be terminated by a withdrawal of the action. Provided that the Principal would like to continue the proceedings instead of LAPIXA, LAPIXA shall perform all necessary procedural measures for the Principal replacing LAPIXA as a party. Generally, the consent of the respective other party is required for such a step. In the case that this consent is not granted, LAPIXA shall be permitted to declare the withdrawal.
5.9 Upon LAPIXA’s request, the holder of the rights shall undertake to provide a declaration regarding the image rights signed by the holder of the rights’ own hand, the authorisation regarding the subsequent licensing as well as a declaration of transfer regarding the safeguarding of rights by the legal service provider.
5.10 The Principal shall release the lawyers and other legal service providers, who are retained by LAPIXA and work for safeguarding the rights of the Principal, from the statutory and/or contractual obligation to maintain confidentiality and shall authorise these to submit complete information regarding the client-lawyer relationship. LAPIXA shall comply with their respective obligations to provide information regarding the states of affairs of the proceedings in relation to the Principal.
5.11 In individual cases, LAPIXA shall reserve the right to reject the assumption or the continuation of the performance of the services agreed upon if this is necessary for safeguarding the legitimate interests of LAPIXA after weighing them up against the Principal’ interests. This shall particularly apply if the assertions of the Principals infringe statutory provisions, there is a conflict of interest, the Principal infringes applicable laws or these GTC, from LAPIXA’s point of view, no economic success may be expected, or the services may not be provided in accordance with the standards of services of LAPIXA or acknowledged standards of services. In each case, the Principal shall be informed about the rejection, the cancellation or the refusal either through their customer account or by email.
LAPIXA shall retain a performance commission amounting to 43% of the received proceeds from asserting the rights (principal claim) vis-à-vis the infringers. The same shall apply in the case that a licensing agreement is concluded for the future, which was procured by LAPIXA. In the event of a breach to LAPIXA’s cease and desist clauses and related penalties, LAPIXA will retain a fee of 85% of the proceeds received. The remaining higher share of the proceeds shall be paid to the Principal.
7. Contract Term and Termination
The contract shall be concluded for an indefinite period of time and both parties shall be permitted to terminate it as of the end of each month without observing a notice period and without stating reasons for it. LAPIXA shall be permitted to declare the termination in writing or by deleting the customer account; the Principal shall be permitted to terminate the contract either in writing or online at https://test-website.lapixa.com/termination/.
8. Guarantee regarding Rights
8.1 The Principal shall declare and guarantee to be the holder of the exclusive rights of use to the image material provided to LAPIXA for the detection of Images and shall warrant that the Principal is permitted to dispose freely of the image material and that it was transferred to third parties and/or encumbered with copyrights, ancillary copyrights, personal rights and/or other rights of third parties only within the scope of item 4.3. (Whitelist) and/or that the Principal has retained third parties for safeguarding these rights.
8.2 Within the scope of the foregoing guarantee, the Principal shall indemnify LAPIXA against any claims of third parties and shall be liable – even without any fault on their part – for all damages arising in this context, in particular for the necessary and appropriate legal pursuit.
9. Exclusivity Clause
9.1 The Principal shall undertake to not retain during the term of the contractual relationship any other company, a business purpose of which is the detection of infringements of copyrights for digital Images on the Internet, regarding the provision of services that LAPIXA is prepared and able to provide. The Principal shall first approach LAPIXA and offer them the image material.
9.2 The obligation to maintain exclusivity shall constitute an ancillary obligation within the meaning of Section 241, subsection 2 of the German Civil Code.
9.3 During the first four weeks of the contract term, LAPIXA shall dispense with the regulation of item 9.1. (testing phase).
9.4 If the Principal so wishes to retain the services of any other company so mentioned in item 9.1, they must first inform LAPIXA. LAPIXA reserves the right to approve or reject the retention of said services.
10.1 Except for the liability for physical injury, LAPIXA shall only be liable for cases of intent or gross negligence; any other liability shall be excluded.
10.2 The liability for economic losses arising from slight negligence shall be excluded.
10.3 LAPIXA shall not be liable for original Image Files provided by the Principal. LAPIXA shall reserve the right to back up the respective Image in one of their own databases and also to delete it.
10.4 LAPIXA shall not owe a specific outcome of the services. The enforcement of the amount of the license fees indicated by the Principal may not be guaranteed, particularly since a license-related damage is – on the merits and in terms of the amount – subject to the requirements of the respective practise of the courts. In addition to this, the statutory regulations applicable in the respective countries shall apply.
11. Applicable Law, Jurisdiction, Arbitration
11.1 These GTC shall be governed by the law of the Federal Republic of Germany; the UN Convention on Contracts for the International Sale of Goods shall be excluded.
11.2 Berlin shall be agreed upon as the exclusive place of jurisdiction regarding disputes arising from or in connection with these GTC.
11. 3 The parties agree upon initiating a mediation process prior to resorting to litigation.
The parties shall undertake to maintain confidentiality regarding all knowledge and information that they have become aware of during the performance of the contract and to not make this available to third parties. Both parties agree upon non-disclosure regarding the content of the contract. The confidentiality agreement shall also remain effective after the termination of the contract, irrespective of the legal reason.
13. Declaration and Identity Verification in accordance with the German Money Laundering Law [Geldwäschegesetz, GwG]
The Principal shall declare that they act exclusively on their own account. The Principal shall be obliged to report to LAPIXA without delay any changes of this fact arising during the term of the business relationship and to submit evidence for that, which would meet the requirements of a legal pursuit in court.
14. Final Provisions
14.1 Any changes or amendments to a contract shall be made in writing. This shall also apply to the revocation of the requirement of the written form.
14.2 The parties have not entered into any oral ancillary agreements.
14.3 The German version of the GTC shall be the legally binding one. In the case that the content of the translation deviates from it, the German version shall be authoritative.
14.4 In the case that a provision of these GTC should be invalid, the validity of the other GTC shall remain unaffected. The parties shall undertake to replace the invalid provision by a regulation that comes closest to the economic purpose intended by it.
15. Data Protection Law
15.1 LAPIXA may process personal data for Customer under this Agreement. LAPIXA and Customer therefore conclude the agreement on commissioned data processing contained in Annex 2.
15.2 Apart from that, the processing of personal data of the Customer shall always be carried out in compliance with the German Data Protection Regulation (DS-GVO), the German Federal Data Protection Act (BDSG) and other relevant data protection regulations.
II. Annex 1
Explanation regarding the Costs and Account Statements
III. Annex 2
Explanations regarding the Documentation Costs
The documentation costs shall be invoiced to the infringer and shall be deducted from the damages received. The Principal shall not incur any additional costs. The documentation costs shall be based on the following services:
1. Visual examination of matches on the Internet
2. Assessment of the relevance of the match
3. Research regarding the country in which the infringement of the right occurred
4. PDF documentation for the preservation of evidence with the following content:
a) Identification of the Image/match
c) Domain name
e) Date and time of the match
f) Date and time of the screenshot
5. Original image and detected Image
6. Summary of all matches provided in relation to a domain, with URL of the match, indication of date and location of the creation of the photo
7. Recording the information of the legal notice of the respective website as well as the holder of the domain
8. Archiving the PDF documentation for a period of one year
9. Provision of an interface for providing/inspecting/retrieving documentation
IV. Appendix 3
Agreement on order processing The following agreement on order processing is concluded between the customer as the person responsible (hereinafter “customer”) and Lapixa as the order processor (hereinafter “contractor”) in accordance with Article 28 GDPR:
1.1 The person responsible is According to Art. 4 Para. 7 DS-GVO, the body that alone or jointly with other persons responsible decides on the purposes and means of the processing of personal data.
1.2 According to Art. 4 Para. 8 DS-GVO, the processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.
1.3 According to Art. 4 Para. an identifiable natural person is one who, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, expresses the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.
1.4 Personal data in need of particular protection are personal data pursuant to Article 9 GDPR, from which the racial and ethnic origin, political opinions, religious or ideological beliefs or trade union membership of those affected emerge, personal data pursuant to Article 10 GDPR Criminal convictions and criminal offenses or related security measures as well as genetic data in accordance with Article 4 (13) GDPR, biometric data in accordance with Article 4 (14) GDPR, health data in accordance with Article 4 (15) GDPR and Data relating to a natural person’s sex life or sexual orientation.
1.5 According to Article 4 Paragraph 2 of the GDPR, processing is any process carried out with or without the aid of automated processes or any such series of processes in connection with personal data, such as collection, recording, organisation, ordering, storage, adjustment or modifying, reading, retrieving, using, disclosing by transmission, distribution or any other form of making available, matching or linking, restricting, deleting or destroying.
1.6 In accordance with Article 4 (21) GDPR, the supervisory authority is an independent state body set up by a member state in accordance with Article 51 GDPR.
2. Information on the competent data protection supervisory authority
2.1 The supervisory authority responsible for the client is the supervisory authority responsible in the federal state in which the client’s place of business is located.
A list of the supervisory authorities (federal/state/EU states) can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
2.2 The responsible supervisory authority for the contractor is the / the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstraße 219, 10969 Berlin.
2.3 The Client and the Contractor shall, upon request, cooperate with the supervisory authority in the performance of their tasks.
3. Subject of the contract
3.1 The contractor provides services for the client in the area of detecting copyright infringements for photographs on the Internet and the legal enforcement of related claims on the basis of the general terms and conditions (“main contract”). In doing so, the contractor may have access to personal data and processes them exclusively on behalf of and in accordance with the instructions of the client. The scope and purpose of the data processing by the contractor result from the main contract. The client is responsible for assessing the admissibility of the data processing.
3.2 In order to specify the mutual data protection rights and obligations, the parties conclude the present agreement on order processing. In case of doubt, the provisions of this agreement take precedence over the provisions of the main contract.
3.3 The provisions of this contract apply to all activities related to the main contract and in which the contractor and his employees or those commissioned by the contractor come into contact with personal data that originates from the client or was collected for the client.
3.4 The term of this contract is based on the term of the main contract, unless the following provisions result in additional obligations or termination rights.
4. Right to issue instructions
4.1 The contractor may only collect, process or use data within the framework of the main contract and in accordance with the client’s instructions; this applies in particular to the transfer of personal data to a third country or to an international organization. If the contractor is required to carry out further processing by the law of the European Union or the Member States to which he is subject, he shall inform the client of these legal requirements before the processing.
4.2 The instructions of the customer are initially defined by this contract and can then be changed, supplemented or replaced by individual instructions in writing or in text form (individual instructions). The customer is entitled to issue corresponding instructions at any time. This includes instructions regarding the correction, deletion and blocking of data.
4.3 All instructions issued must be documented by both the client and the contractor.
4.4 If the contractor is of the opinion that an instruction of the client violates data protection regulations, he must inform the client immediately. The contractor is entitled to suspend the execution of the relevant instruction until it is confirmed or changed by the client. The contractor may refuse to carry out an obviously illegal instruction.
5. Type of data processed, group of those affected
5.1 As part of the implementation of the main contract, the contractor may have access to the personal data specified in more detail in the DATA annex. This data also includes the special categories of personal data listed in the DATA attachment and marked as such.
5.2 The group of persons affected by data processing is shown in the DATA annex.
6. Protection measures of the contractor
6.1 The contractor will design the internal organization in his area of responsibility in such a way that it meets the special requirements of data protection. He will take technical and organizational measures to adequately protect the client’s data that meet the requirements of Art. 32 GDPR. The contractor must take technical and organizational measures to ensure the confidentiality, integrity, availability and resilience of the systems and services in connection with the processing in the long term. The customer is aware of these technical and organizational measures and is responsible for ensuring that they offer an appropriate level of protection for the risks of the data to be processed.
6.2 The contractor is not obliged to appoint a data protection officer in accordance with Article 37 GDPR. If there are questions about data protection at the contractor, the employee responsible for data protection at the contractor can be reached at any time at firstname.lastname@example.org.
The contractor publishes the contact details of the data protection officer on its website and notifies the supervisory authority.
6.3 The persons employed in data processing by the contractor are prohibited from collecting, processing or using personal data without authorisation. The contractor will oblige all persons entrusted by him with the processing and fulfillment of this contract (hereinafter referred to as employees) accordingly (obligation to confidentiality, Art. 28 Para. 3 lit. b DS-GVO) and with the required diligence to ensure compliance with this obligation. These obligations must be drafted in such a way that they continue even after the termination of this contract or the employment relationship between the employee and the contractor. Evidence of the obligations must be provided to the customer in a suitable manner upon request.
7. Information obligations of the contractor
7.1 In the event of disruptions, suspected data protection violations or violations of contractual obligations by the contractor, suspected security-related incidents or other irregularities in the processing of personal data by the contractor, by persons employed by him within the scope of the order or by third parties, the contractor will notify the client immediately in writing or in text form. The same applies to examinations of the contractor by the data protection supervisory authority. The notification of a personal data breach shall contain at least the following information:
a) a description of the nature of the personal data breach, including, where possible, the categories and number of data subjects affected, the categories affected and the number of personal data sets affected;
b) A description of the actions taken or proposed by the contractor to remedy the breach and, where appropriate, actions to mitigate its possible adverse effects.
7.2 The contractor immediately takes the necessary measures to secure the data and to reduce possible adverse consequences for those affected, informs the client about this and requests further instructions.
7.3 The contractor is also obliged to provide the client with information at any time insofar as his data is affected by an infringement pursuant to Section 7.1.
7.4 Should the client’s data be endangered by attachment or confiscation, through insolvency or composition proceedings or through other events or measures by third parties, the contractor must inform the client immediately, unless prohibited by a court or official order is. In this context, the contractor will immediately inform all responsible bodies that the decision-making authority over the data lies exclusively with the client as “responsible” within the meaning of the DS-GVO.
7.5 The customer must be informed immediately of a change in the person of the company data protection officer/contact person for data protection.
8. Client Control Rights
8.1 Before starting data processing, and then regularly thereafter, the client will ensure that the contractor’s technical and organizational measures are in place. For this he can z. B. Obtaining information from the contractor, having existing attestations from experts, certifications or internal audits presented to him or the technical and organizational measures of the contractor himself personally checked after timely coordination during normal business hours or have them checked by a competent third party, provided that this is not in is in a competitive relationship with the contractor. The client will only carry out checks to the extent required and will not disturb the contractor’s operational processes disproportionately.
8.2 The Contractor undertakes to provide the Client with all information and evidence required to carry out an inspection of the Contractor’s technical and organizational measures within a reasonable period of time at his or her written or oral request.
8.3 The client documents the control result and informs the contractor about it. In the event of errors or irregularities that the client discovers, in particular when examining the results of the order, he must inform the contractor immediately. If facts are found during the check that require changes to the ordered procedure to avoid them in the future, the client will inform the contractor of the necessary changes to the procedure immediately.
8.4 At the request of the client, the contractor shall provide the client with a comprehensive and up-to-date data protection and security concept for order processing and authorized persons.
9. Use of Subcontractors
9.1 The contractually agreed services or the partial services described below are carried out with the involvement of the subcontractors specified in the DATA annex. Within the scope of its contractual obligations, the contractor is authorized to establish further subcontract relationships with subcontractors (“subcontractor relationship”). He shall inform the customer of this immediately. The contractor is obliged to carefully select subcontractors based on their suitability and reliability. When engaging subcontractors, the contractor must oblige them in accordance with the provisions of this agreement and ensure that the client can exercise his rights from this agreement (in particular his test and control rights) directly against the subcontractors. If subcontractors are to be involved in a third country, the contractor must ensure that the respective subcontractor guarantees an appropriate level of data protection (e.g. by concluding an agreement based on the EU standard data protection clauses). Upon request, the contractor will provide the client with evidence of the conclusion of the aforementioned agreements with its subcontractors.
10. Inquiries and rights of those affected
10.1 The contractor shall support the client as far as possible with suitable technical and organizational measures in fulfilling his obligations under Art. 12-22 as well as 32 and 36 GDPR.
10.2 If a data subject asserts rights directly against the contractor, such as the provision of information, correction or deletion of his data, the latter does not react independently, but refers the data subject immediately to the client and awaits his instructions.
11.1 In the internal relationship with the contractor, the client alone is responsible for the compensation for damage suffered by a data subject towards the data subject due to data processing or use that is inadmissible or incorrect under data protection laws in the context of order processing.
11.2 Each party releases itself from liability if one party proves that it is in no way responsible for the circumstance that caused the damage to a data subject.
12. Extraordinary Right of Termination
The client can terminate the main contract in whole or in part without notice if the contractor does not fulfill his obligations under this contract, violates provisions of the DS-GVO intentionally or through gross negligence or cannot or does not want to carry out an instruction from the client. In the case of simple – i.e. neither intentional nor grossly negligent – violations, the customer shall set the contractor a reasonable deadline within which the contractor can remedy the violation.
13. Termination of Main Contract
13.1 The contractor shall return all documents, data and data carriers provided to the client after the end of the main contract or at any time at the request of the client, unless there is an obligation to store the personal data under Union law or the law of the Federal Republic of Germany – Clear. This also applies to any data backups by the contractor. The contractor must provide documented evidence of the proper deletion of any data that is still available.
13.2 The client has the right to demand proof of the complete and contractually correct return or deletion of the data from the contractor in a suitable manner.
13.3 The contractor is obliged to treat confidentially the data that has become known to him in connection with the main contract even after the end of the main contract. The present agreement remains valid beyond the end of the main contract as long as the contractor has personal data that has been sent to him by the client or that he has collected for him.
14. Final provisions
14.1 The parties agree that the defense of the right of retention by the contractor i. s.d. § 273 BGB with regard to the data to be processed and the associated data carrier is excluded.
14.2 Changes and additions to this agreement must be made in writing. This also applies to the waiver of this formal requirement. The priority of individual contractual agreements remains unaffected.
14.3 If individual provisions of this agreement are or become invalid or unenforceable in whole or in part, this shall not affect the validity of the remaining provisions.
14.4 This agreement is subject to German law. Exclusive place of jurisdiction is Berlin.
Description of data/categories of data:
1) depictions of persons in photographs;
2) mapping of contact details to photographs;
3) racial and ethnic origin, political opinions, religious or philosophical beliefs, health data or data on the sex life or sexual orientation of persons, insofar as this can be recognized by a photograph.
Description of those affected/affected
groups People shown in photographs