Terms and Conditions of the webfellows UG (StoreCockpit)

General terms and conditions for software-as-a-service services (SaaS platform) of webfellos UG (StoreCockpit)

1. Präambel

1.1. Webfellows UG (hereinafter "StoreCockpit"), Petrinistraße 14-16, 97080 Würzburg, is the developer and copyright owner of the online analysis software "StoreCockpit" (hereinafter "software"). This is a software solution with which online shops can be analyzed commercially over the Internet. StoreCockpit provides this software via remote access via the Internet ("SaaS platform").

1.2. The general terms and conditions regulate the use of the "StoreCockpit" software as a SaaS solution by the customer.

1.3. By filling out the registration form (Login / Register / Order now) and ticking the appropriate box, the customer agrees to these General Terms and Conditions for Software-as-a-Service.

1.4. The customer's general contract or business conditions, even if these requests for offers, orders, declarations of acceptance etc. are attached, do not become part of the contract, even if StoreCockpit has not contradicted these conditions.

1.5. The conclusion of the contract only becomes binding after an electronic confirmation from StoreCockpit. The confirmation contains information on the name of the software and the scope of use and, if applicable, the duration of the test period. StoreCockpit sends this confirmation within three working days after checking the information provided by the customer.

2. Subject matter of the contract, description of services

2.1. The subject of the contract is the permission to use the software as a SaaS solution as well as the enabling of the storage of data by the customer on servers operated on behalf of StoreCockpit ("hosting") for the customer against payment of the agreed fee. Individual extensions and adjustments to the functionality of the software are not part of the scope of services and this agreement and must be agreed separately.

2.2. The individual services covered by the contract result from the tabular function overview for the software available at https://www.storecockpit.eu/.

2.3. The assumption of a guarantee for certain properties (properties) requires written confirmation by StoreCockpit in order to be effective.

2.4. StoreCockpit is entitled to provide the services in accordance with the data protection agreement in whole or in part through third parties as subcontractors. Documents, information and data of the CUSTOMER and the USER may be made available to these subcontractors for the performance of the service by StoreCockpit - if necessary. StoreCockpit is liable for these services provided by subcontractors as for its own actions.

3. Provision of the software, availability, maintenance work, malfunctions.

3.1. StoreCockpit enables the CUSTOMER to use the software 7 days a week / 24 hours a day with an average availability of 99% based on a year of service at the transfer point (§ 10). This does not include the time required for regular maintenance or technical improvement of hardware and software (planned "down time") as well as cases in accordance with Section 13 below (liability - force majeure and other obstacles to performance for which StoreCockpit is not responsible). The planned "down times" are already taken into account when calculating the remuneration; a reduction in the remuneration owed due to planned "down times" is out of the question.

3.2. With an advance notice of 5 days, StoreCockpit can interrupt the provision of services for a predefined period in order to have maintenance work carried out. StoreCockpit endeavors to carry out maintenance work outside of regular working hours (Central European Time / GMT). To ensure the functionality of the software, StoreCockpit may install necessary "hotfixes" with prior notification by email and interrupt the provision of services for this purpose. Previously announced interruptions for maintenance purposes are not taken into account when determining availability.

3.3. Impairments to data transmission that are caused by the customer's local IT system or by a disruption in the customer's connection to the agreed transfer point (e.g. line failure or disruption at other providers or telecommunications providers) do not constitute a disruption in the aforementioned sense.

3.4. Accounts set up for test purposes can be blocked by StoreCockpit at any time without observing a deadline.

4. Functional scope and further development / service changes.

4.1. The functional scope of the software results from the tabular overview on https://www.storecockpit.eu. The use of the functions of the software by the customer requires access authorization to the software, which in turn influences the range of functions available to the user.

4.2. A quality of the software that goes beyond the stated scope of functions is not owed. Technical data, specifications and performance information in public statements, especially in advertising material, are not guarantees or information on properties.

4.3. As an essential part of the SaaS offer, StoreCockpit will continuously develop the software. As part of the further development of the software, partial functions can be changed or omitted, provided that this does not endanger the achievement of the contractual purpose for the customer.

4.4. In the event of significant changes in service, StoreCockpit will notify the CUSTOMER in good time. If the CUSTOMER incurs significant disadvantages as a result of the changes in service, the CUSTOMER has the right to extraordinary termination of this contract on the change date. The CUSTOMER must terminate the contract within two weeks of receiving notification of the service changes.

5. Failure to meet main performance obligations

5.1. If StoreCockpit does not fully meet its agreed obligations, the following regulations apply.

5.2. If StoreCockpit defaults on the initial operational provision of the software, the liability is based on § 13. The customer is entitled to withdraw from the contract if StoreCockpit does not comply with a two-week grace period set by the customer, i.e. not the full agreed functionality within the grace period the APPLICATION provides.

5.3. If StoreCockpit does not meet the agreed obligations in whole or in part after the software has been made operational, the monthly flat-rate fee will be reduced proportionally for the time in which the software and / or the application data are not available to the customer to the agreed extent or the storage space is not to the extent agreed scope were available.

5.4. StoreCockpit has to demonstrate that it is not responsible for the reason for the delayed provision or the loss of service. If the customer has not reported the loss of service to the provider, he has to prove in the event of a dispute that StoreCockpit has otherwise gained knowledge of it.

6. Support

6.1. Support inquiries can be made via the ticket system integrated in the software. Support requests are questions to the StoreCockpit support staff about the software. The support includes answering questions about the correct application and setting, as well as assistance with technical problems of the SOFTWARE by a support employee.

6.2. Feedback messages are independent of support requests and can be sent at any time by email notification to support@storecockpit.de. No response time is guaranteed for these pure feedback messages. Reported and verified errors are corrected as soon as possible as part of a system update, regardless of the respective report.

7. Contractual obligations of the customer

7.1. The customer will fulfill all obligations necessary for the provision and execution of this contract in a timely, complete and technically proper manner.

7.2. It is the customer's own responsibility to check the services offered with regard to their requirements and, if necessary, to obtain expert advice; to ensure that the minimum requirements of StoreCockpit for the hardware and software used by the customer for the contractual use of the services of StoreCockpit are met; Follow instructions from StoreCockpit to avoid errors; to protect its local IT systems from being infected by viruses, Trojans or similar malware by using appropriate software.

7.3. The customer will not misuse the contract software in any way or allow it to be used by third parties, in particular not transmit any content with illegal content. The customer will also refrain from any attempt to unauthorized access to information or data himself or through unauthorized third parties or to intervene or to allow intervention to be made or to intrude into programs operated by StoreCockpit.

7.4. The customer should immediately report errors in the contractual services to StoreCockpit in writing, stating how and under what circumstances the error or defect occurs and actively support StoreCockpit in troubleshooting. Failure to report does not affect the customer's warranty rights.

7.5. If a third party asserts an infringement of the law through the data or content provided by the customer, StoreCockpit is entitled to block the content in full or temporarily if there is a justified doubt about the legality of the data and / or content based on objective evidence. In this case, StoreCockpit will request the customer to stop the legal violation or to prove the legality of the content within a reasonable period of time. If the customer does not comply with this request, StoreCockpit is entitled, without prejudice to further rights and claims, to terminate the contract for good cause without observing a notice period. StoreCockpit can invoice the customer for expenses that StoreCockpit incurs as a result of the aforementioned measures at the prices valid at StoreCockpit. If the customer is responsible for the infringement, he will compensate StoreCockpit for the resulting damage and indemnify StoreCockpit from any third-party claims. Further rights are reserved.

7.6. In addition, the customer is obliged to undertake all relevant cooperation services immediately and free of charge, in particular if StoreCockpit requests it and the necessary measures do not exceed a reasonable amount of effort.

7.7. In the event of a serious or other breach by the customer of his obligations under this contract as well as repeated breaches, StoreCockpit is entitled, at its discretion, to temporarily suspend the use of the contractual services by the customer in whole or in part or to terminate the contractual relationship for an important reason and without observing a deadline cancel. StoreCockpit can invoice the customer for costs that StoreCockpit incurs as a result of the above-mentioned measures at the current prices at StoreCockpit. If the customer is responsible for the infringement, he is obliged to compensate StoreCockpit for the resulting damage.

7.8. If the customer is not a consumer, the employee of the customer StoreCockpit concluding this contract is available as a direct contact person. In particular, he will provide the information required for the implementation of this contract and is deemed to be entitled to make legally binding decisions. StoreCockpit must be informed immediately of changes in the person of the contact person via the StoreCockpit backend. StoreCockpit points out that electronic notifications about the contract will be sent to the person named in the StoreCockpit backend.

7.9. The customer expressly consents to the delivery of relevant information to the email address provided by the customer. This includes information about upcoming updates and fixes, general innovations and notes on usage.

8. Access data

8.1. The customer will keep the usage and access authorizations assigned to him or the users as well as other agreed identification and authentication safeguards secret, protect them from access by third parties and not pass them on to unauthorized third parties. These data are to be protected by suitable and customary measures. For security reasons, the password and password must be changed not only before using the software for the first time, but also at regular intervals. The customer will inform StoreCockpit immediately if there is a suspicion that the access data and / or passwords could have become known to unauthorized third parties.

9. Remuneration

9.1. The amount of the monthly fee owed for the contractual services is stated in the contract as the net final price without German VAT, unless otherwise stated. The fee is billed monthly or annually in advance.

9.2. StoreCockpit is entitled to adjust the SaaS fee to the current price list. In particular for application services for which StoreCockpit uses other suppliers, in the event of price changes by the supplier, StoreCockpit is entitled to appropriately adjust the SaaS fees for the application services concerned.

9.3. StoreCockpit is entitled to add the SaaS fee to the current price list. However, such a price change is permitted no earlier than twelve months after the conclusion of the contract and only once a year. StoreCockpit will notify the customer in writing of the change no later than two weeks before it takes effect. In the event that the customer does not accept the price increase, StoreCockpit is entitled to terminate the contract in its entirety with one month's notice to the end of the calendar month. In the event of termination, the prices not increased until the termination takes effect shall apply.

9.4. In the event of default in payment, StoreCockpit can temporarily suspend the provision of services until payment has been made.

9.5. If the customer is in arrears with the payment of the fee or a not inconsiderable part of the fee for two consecutive months or with the payment of the fee in the amount of two monthly fees in a period that extends over two months, StoreCockpit can terminate the contractual relationship without observing a notice period.

9.6. The customer can only offset against legally established or undisputed counterclaims. The customer can only assert a right of retention due to counterclaims from this contractual relationship.

10. Right of Use and Restrictions on Use

10.1. The software is protected by copyright. The copyright, patent rights, trademark rights and all other ancillary copyrights to the software as well as to other objects that StoreCockpit makes available to the customer in the context of contract initiation and implementation are exclusively reserved for StoreCockpit. If third parties are entitled to the rights, StoreCockpit has corresponding exploitation rights.

10.2. Insofar as StoreCockpit provides new versions, updates or upgrades of the contractual software during the term of this contract, the following right of use applies to these in the same way. However, StoreCockpit is not obliged to provide new versions, upgrades or updates, unless this is absolutely necessary to remedy defects or otherwise agreed elsewhere in this contract.

10.3. StoreCockpit grants the customer a non-exclusive, non-transferable and non-sublicensable right to use the software specified in the contract and the associated user documentation within the scope of the contract for the duration of the contract. It is used by accessing the software functions via the Internet. The transfer point for the SaaS services is the router exit to the Internet from the data center used by StoreCockpit. The customer does not receive any further rights.

10.4. Use of the software beyond what is permitted under this contract is not permitted. The customer is not entitled to have the software used by third parties or to make it accessible to third parties; in particular, the customer is not permitted to reproduce or sell the software or parts of it. The customer also has to pay the fees if a third party uses the software, if and to the extent that the customer is responsible for the use. The customer is not entitled to decompile, reverse engineer or disassemble the software or to use any part of the software to create a separate application or to have these actions carried out by third parties, insofar as this is not permitted by copyright law.

10.5. If the customer is a test user, StoreCockpit grants a simple license that cannot be transferred, assigned or sublicensed. The customer can purchase a paid license for the software by completing the order process on the StoreCockpit website and entering their payment details and, if necessary, filling out the SEPA direct debit mandate and returning it to StoreCockpit.

11. Guarantee for paid licenses

11.1. StoreCockpit guarantees that, during the term, the functionality of the software essentially corresponds to the relevant documentation and that the data carriers on which the software may be provided to you are free from material or production defects. StoreCockpit does not guarantee that the software will meet your requirements or that your use of the software will be uninterrupted. StoreCockpit does not guarantee technical details or the suitability of the software for a specific purpose, unless otherwise specified in the relevant documentation. Specifications set out in the relevant documentation or other documentation do not contain any express or implied warranties.

11.2. StoreCockpit's liability does not extend to defects caused by deviations from the conditions of use specified by StoreCockpit.

11.3. If the services to be provided by StoreCockpit in accordance with this contract are defective, StoreCockpit will, at StoreCockpit's option, improve or re-perform the services within a reasonable period and after receipt of a notice of defects.

11.4. Insignificant defects can be remedied in the normal course of business by providing updates or releases of a new version of the software.

11.5. If the defects persist after the appropriate period for improvement, the customer is free to terminate the contractual relationship without observing a notice period or to reduce the fees for the use of the software.

11.6. This section governs StoreCockpit's full liability and the customer's sole claims with respect to any bug in the software.

12. Guarantee for test licenses

12.1. The software is provided in its current state. StoreCockpit does not guarantee that the software can be used without interference or errors. If StoreCockpit has fraudulently concealed defects in the software, StoreCockpit is obliged to compensate for the resulting damage. Any further warranty from StoreCockpit for test software is excluded.

13. Liability

13.1. StoreCockpit is responsible for ensuring that the software is suitable for the purposes set out in the service description and that it is free from defects during the entire term of the contract, in particular that it is free from viruses and similar damage that would render the software unsuitable for use in accordance with the contract.

13.2. StoreCockpit is liable for whatever legal reason as follows:

13.3. StoreCockpit has unlimited liability for personal injury for which StoreCockpit is responsible. In the event of property damage for which StoreCockpit is responsible, StoreCockpit will reimburse the expenses for the restoration or replacement of the items up to an amount of an annual usage fee - however, a maximum of € 25,000 per damaging event. In the event of damage to data storage media, the obligation to pay compensation does not include the expense of recovering lost data.

13.4. The limitation of liability does not apply to cases of intent, gross negligence or breach of essential contractual obligations. In the event of a slightly negligent breach of essential contractual obligations, however, the obligation to pay compensation is limited to the foreseeable damage typical for the contract.

13.5. Further and other claims of the customer than those expressly mentioned in this contract, regardless of the law, are excluded unless there is further liability within the scope of mandatory statutory provisions.

14. Right of withdrawal

14.1. The StoreCockpit offer is aimed exclusively at companies. A right of withdrawal does not apply if the legal transaction can be attributed to your commercial or professional activity and / or you have concluded the contract in a shop.

15. Data protection, data security

15.1. StoreCockpit operates all servers exclusively in Europe. No data is stored outside of Europe.

15.2. The parties will observe the applicable data protection regulations, in particular those applicable in Germany and Europe, and oblige their employees employed in connection with the contract and its implementation to data secrecy in accordance with Section 5 of the Federal Data Protection Act (BDSG), unless they are already generally obliged accordingly .

15.3. If the customer collects, processes or uses personal data, he is responsible for ensuring that he is entitled to do so in accordance with the applicable provisions, in particular data protection law, and releases StoreCockpit from third-party claims in the event of a violation. With regard to such data, StoreCockpit operates exclusively in the context of order data processing.

15.4. StoreCockpit is granted the unrestricted right by the customer to process and evaluate customer data in order to fulfill the subject matter of the contract.

15.5. StoreCockpit is granted the unrestricted right by the customer to anonymize customer data in order to fulfill the subject of the contract and to combine them in statistical evaluations ("benchmark").

15.6. StoreCockpit will only collect and use customer-related data to the extent that the implementation of this contract requires. The customer consents to the collection and use of such data to this extent.

15.7. The obligations according to Paragraphs 1 to 3 exist as long as APPLICATION DATA are within the sphere of influence of StoreCockpit, even after the end of the contract.

15.8. If you have any questions about data protection, you can reach our contact person at datenschutz@storecockpit.eu

16. Contract term, termination

16.1. The contract comes into force upon confirmation by StoreCockpit. The term is unlimited and begins on the day of operational availability.

16.2. The contractual relationship can be terminated by both contracting parties with the following deadlines: StoreCockpit can terminate the contract with a period of 6 months to the end of the month. The customer can terminate the contract at the end of its current term (i.e. there is no deadline).

16.3. The right to terminate for good cause remains unaffected. When using the free version, StoreCockpit reserves the right to terminate an account with a notice period of 2 weeks if an account is not used or is inactive and to remove the stored data from its servers.

16.4. If the CUSTOMER terminates a contract before the end of the respective term, the remaining fee will not be reimbursed - not even on a pro-rata basis.

16.5. All terminations under this contract must be made in writing or via the StoreCockpit backend in order to be effective.

16.6. Unless otherwise stated, the contract term is automatically extended by the same term after a period has expired.

17. Subsidiary agreements, written form requirement

17.1. The contract and its annexes conclusively and completely regulate the mutual contractual obligations. Additional agreements have not been made.

17.2. The notifications and declarations of a contracting party provided for in the contractual provisions and required in the rest of the course of business can in principle be effectively transmitted to the online address of the other contracting party.

17.3. Unilateral changes to these general terms and conditions by StoreCockpit will also become part of the contract if they have been announced to the customer by StoreCockpit in writing, the customer has not expressly objected to this in writing within six weeks of receipt of the change notification and this consequence has been pointed out in the change notification.

18. Applicable law, place of jurisdiction

18.1. The law of the Federal Republic of Germany applies exclusively, even if legal disputes arise between foreign companies of the contracting parties from and in connection with the framework agreement. The application of the United Nations Convention on Contracts for the International Sale of Goods (CISG) is excluded.

18.2. The place of jurisdiction is Würzburg if the customer is a merchant and the contract belongs to the operation of his trade or if the customer does not have a general place of jurisdiction in Germany and if there is no exclusive place of jurisdiction. StoreCockpit is however entitled to sue the customer at any other legal place of jurisdiction. The statutory places of jurisdiction apply to non-merchants.

19. Severability clause

19.1. If the customer is a merchant and the contract is part of the operation of his trade, the following applies: Should any provision of this contract be or become ineffective or unenforceable, this shall not affect the validity of the remaining provisions. Rather, the contracting parties will work together to replace the ineffective or unenforceable provision with a legally permissible and effective or enforceable provision that is suitable for achieving the result intended with the ineffective or unenforceable provision. The same applies to filling in loopholes in the contract.


Note: This contract is concluded with the creation of an account at https://storecockpit.eu.

1. General
(1) This contract between StoreCockpit and the user regulates the rights and obligations of the parties in connection with the processing of personal data. StoreCockpit processes personal data on behalf of the user within the meaning of Art. 4 No. 8 and Art. 28 of Regulation (EU) 2016/679 - General Data Protection Regulation (GDPR).

(2) If the term "data processing" or "processing" (of data) is used in this contract, the definition of "processing" within the meaning of Art. 4 No. 2 GDPR is used.

2. Subject of the contract
The object of the processing, in particular the scope, the type and the purpose of the processing, the type of personal data and the categories of data subjects are specified in Appendix 1 to this contract.

3. Rights and duties of the user
(1) To the extent specified in Appendix 1, the user is responsible within the meaning of Art. 4 No. 7 GDPR for the processing of data on behalf of StoreCockpit. According to Clause 4, Paragraph 5, StoreCockpit has the right to notify the user if, in his opinion, legally inadmissible data processing is the subject of the order and / or an instruction.

(2) The user has the right to issue additional instructions to StoreCockpit about the type, scope and method of data processing at any time. Instructions must be given in text form.

(3) Regulations on any reimbursement of additional expenses that arise from additional instructions from the user at StoreCockpit remain unaffected.

(4) The user informs StoreCockpit immediately if he discovers errors or irregularities in connection with the processing of personal data by StoreCockpit.

(5) In the event that there is an obligation to provide information to third parties in accordance with Art. 33, 34 GDPR or any other statutory reporting obligation applicable to the user, the user is responsible for compliance.

4. StoreCockpit's rights and obligations
(1) StoreCockpit processes personal data exclusively within the framework of the agreements made and / or in compliance with any additional instructions given by the user. This does not apply to statutory regulations that may oblige StoreCockpit to process it in any other way. In such a case, StoreCockpit will inform the user of these legal requirements prior to processing, provided that the relevant law does not prohibit such communication due to an important public interest. The purpose, type and scope of the data processing are otherwise based exclusively on this contract and / or the instructions of the user.

(2) StoreCockpit is obliged to design its company and its operating procedures in such a way that the data that it processes on behalf of the user is secured to the extent necessary and protected against unauthorized access by third parties.

(3) StoreCockpit will inform the user immediately if an instruction given by the user violates legal regulations in its opinion. StoreCockpit is entitled to suspend the execution of the relevant instruction until it is confirmed or changed by the user. If StoreCockpit can demonstrate that processing according to the instructions of the user can lead to StoreCockpit being liable under Art. 82 GDPR, StoreCockpit is free to suspend further processing until the liability between the parties has been clarified.

(4) StoreCockpit will process the data it processes on behalf of the user separately from other data. Physical separation is not absolutely necessary.

(5) StoreCockpit has named the user (s) in Annex 1 who are authorized to receive instructions from the user. In the event that the persons authorized to receive instructions change at StoreCockpit, StoreCockpit will inform the user of this in text form.

5. StoreCockpit's data protection officer
StoreCockpit confirms that it has appointed a data protection officer in accordance with Art. 37 GDPR. StoreCockpit ensures that the data protection officer has the required qualifications and specialist knowledge. The name and contact details of the data protection officer can be found in the StoreCockpit data protection declaration.

6. StoreCockpit's reporting obligations
(1) StoreCockpit is obliged to notify the user of any breach of data protection regulations or of the contractual agreements made and / or the instructions given by the user in the course of processing data by him or by other persons involved in the processing immediately after StoreCockpit becomes aware of it to communicate.

(2) StoreCockpit is aware that the user may be required to report in accordance with Art. 33, 34 GDPR, which provides for a report to the supervisory authority within 72 hours of becoming known. StoreCockpit will support the user in implementing the reporting obligations. In particular, StoreCockpit will notify the user of any unauthorized access to personal data that is processed on behalf of the user immediately, at the latest within 48 hours of becoming aware of the access. The report from StoreCockpit to the user must in particular contain the following information: - a description of the type of personal data breach, as far as possible with an indication of the categories and the approximate number of persons concerned, the categories concerned and the approximate number of personal data records concerned ; - a description of the measures taken or proposed by StoreCockpit to remedy the personal data breach and, if necessary, measures to mitigate its possible adverse effects.

7. StoreCockpit's duty to cooperate
(1) StoreCockpit supports the user in his duty to answer requests to exercise the rights of data subjects according to Art. 12-23 GDPR. The provisions of Clause 11 of this contract apply.

(2) StoreCockpit participates in the creation of the directories of processing activities by the user. He must provide the user with the information required in each case in a suitable manner.

(3) StoreCockpit supports the user in compliance with the obligations specified in Art. 32-36 GDPR, taking into account the type of processing and the information available to him.

8. Powers of control
(1) The user has the right to check compliance with the statutory provisions on data protection and / or compliance with the contractual provisions made between the parties and / or compliance with the user's instructions by StoreCockpit at any time to the extent required.

(2) StoreCockpit is obliged to provide the user with information, insofar as this is necessary to carry out the control within the meaning of paragraph 1.

(3) The user can request an inspection of the data processed by StoreCockpit for the user as well as the data processing systems and programs used.

(4) StoreCockpit is obliged to provide the user with the necessary information in the event of measures taken by the supervisory authority towards the user within the meaning of Art. 58 GDPR, in particular with regard to information and control obligations, and to enable the relevant supervisory authority to carry out an on-site inspection. The user is to be informed of the corresponding planned measures by the StoreCockpit.

9. Subcontracting

(1) StoreCockpit must carefully select the subcontractor and, before commissioning, check that he can comply with the agreements made between the user and StoreCockpit. In particular, StoreCockpit must check in advance and regularly during the term of the contract that the subcontractor has taken the technical and organizational measures required according to Art. 32 GDPR to protect personal data. The result of the control is to be documented by the StoreCockpit and transmitted to the user on request.

(2) StoreCockpit is obliged to have the subcontractor confirm that it has appointed a company data protection officer in accordance with Art. 37 GDPR. In the event that no data protection officer has been appointed at the subcontractor, StoreCockpit must point this out to the user and provide information that shows that the subcontractor is not legally obliged to appoint a data protection officer.

(3) StoreCockpit must ensure that the provisions agreed in this contract and any additional instructions from the user also apply to the subcontractor.

(4) StoreCockpit has to conclude an order processing contract with the subcontractor, which meets the requirements of Art. 28 GDPR. In addition, StoreCockpit has to impose the same obligations on the subcontractor to protect personal data that are defined between the user and StoreCockpit. A copy of the order data processing contract must be sent to the user on request.

(5) StoreCockpit is particularly obliged to ensure through contractual arrangements that the control powers (Section 8 of this contract) of the user and of the supervisory authorities also apply to the subcontractor and that corresponding control rights are agreed between the user and the supervisory authorities. It is also to be contractually regulated that the subcontractor has to tolerate these control measures and any on-site controls.

(6) Services that StoreCockpit uses from third parties as pure ancillary services in order to carry out business activities are not to be regarded as subcontracting relationships within the meaning of paragraphs 1 to 6. These include, for example, cleaning services, pure telecommunications services without any specific reference to services that StoreCockpit provides for the user, postal and courier services, transport services, security services. StoreCockpit is nevertheless obliged to ensure that appropriate precautions and technical and organizational measures have been taken to ensure the protection of personal data, even in the case of ancillary services provided by third parties. The maintenance and care of IT systems or applications represents a subcontracting relationship and order processing within the meaning of Art. 28 GDPR if the maintenance and testing relates to IT systems that are also used in connection with the provision of services for the user and when Maintenance can access personal data that is processed on behalf of the user.

10. Confidentiality Obligation
(1) When processing data for the user, StoreCockpit is obliged to maintain the confidentiality of data that they receive or gain knowledge of in connection with the order. StoreCockpit undertakes to observe the same rules of secrecy protection as are incumbent on the user. The user is obliged to inform StoreCockpit of any special secrecy protection rules.

(2) StoreCockpit guarantees that it is familiar with the applicable data protection regulations and that they are familiar with their application. StoreCockpit further assures that it familiarizes its employees with the relevant data protection provisions and has committed them to confidentiality. StoreCockpit further assures that it has in particular committed the employees involved in the execution of the work to confidentiality and has informed them about the instructions of the user.

(3) The obligation of the employees according to paragraph 2 must be proven to the user upon request.

11. Preservation of data subject rights
(1) The user is solely responsible for safeguarding the rights of those affected. If a person concerned turns to the StoreCockpit to assert their rights - in particular to information, correction, blocking or deletion - StoreCockpit will refer the person concerned to the user, provided that an assignment to the user is possible according to the information of the person concerned. StoreCockpit forwards the data subject's request to the user without delay.

(2) Insofar as the cooperation of StoreCockpit is necessary for the protection of the rights of the data subject asserted in individual cases, StoreCockpit will take the necessary measures according to the instructions of the user. If this is not only rarely necessary or if the data subjects do not only rarely assert their rights with the StoreCockpit, StoreCockpit is entitled to set an appropriate fee for the processing of such inquiries. StoreCockpit is not liable if the request of the data subject is not answered by the user, is not answered correctly or is not answered in a timely manner.

12. Confidentiality obligations
(1)Both parties undertake to treat all information that they receive in connection with the execution of this contract as confidential for an unlimited period of time and to use it only for the execution of the contract. Neither party is entitled to use this information in whole or in part for purposes other than those just mentioned, or to make this information available to third parties.

(2) The above obligation does not apply to information that one of the parties has demonstrably received from third parties without being obliged to maintain confidentiality or that is publicly known.

13. Technical and organizational measures for data security
(1) StoreCockpit undertakes towards the user to comply with the technical and organizational measures that are necessary to comply with the applicable data protection regulations. This includes in particular the requirements of Art. 32 GDPR.

(2) The parties agree that changes to the technical and organizational measures may be necessary in order to adapt to technical and legal circumstances. StoreCockpit will coordinate significant changes with the user in advance that could affect the integrity, confidentiality or availability of personal data. Measures that only involve minor technical or organizational changes and that do not negatively affect the integrity, confidentiality and availability of personal data can be implemented by StoreCockpit without consultation with the user. The user can request a current version of the technical and organizational measures taken by StoreCockpit at any time.

(3) StoreCockpit will check the technical and organizational measures taken by it regularly and also on an ad hoc basis for their effectiveness. In the event that there is a need for optimization and / or changes, StoreCockpit will inform the user.

14. Termination
(1) After termination of the contract, StoreCockpit has to delete all documents, data and created processing or usage results that are in connection with the contractual relationship, at the discretion of the user. The deletion must be documented in a suitable manner. Any statutory retention requirements or other obligations to store the data remain unaffected. For data carriers, it applies that they must be destroyed in the event of deletion requested by the user, whereby at least security level 3 of DIN 66399 must be observed; the destruction must be proven to the user with reference to the security level according to DIN 66399.

(2) The user has the right to check the complete and contractual return and deletion of the data at StoreCockpit. This can also be done by inspecting the data processing systems in the StoreCockpit business premises. The on-site inspection should be announced by the user within a reasonable period of time.

15. Final provisions
(1) The written form is required for side agreements.

(2) Should individual parts of this contract be ineffective, this does not affect the effectiveness of the remaining provisions of the contract.

(3) In the event of contradictions, the provisions of this contract take precedence over the provisions of the user terms and conditions.

Appendix 1 - Subject of the contract
1. Subject and purpose of the processing
The order of the user to StoreCockpit exclusively comprises the following work and / or services: Provision and operation of the analysis tool "StoreCockpit" for the purposes of the user, in particular the collection and processing of data on the use of one or more websites of the user by an analysis tool that is provided by StoreCockpit and integrated into his website (s) by the user.

2. Types of personal data
The following types of data are regularly processed: IP addresses of third parties (visitors to the user's website). IP addresses are saved anonymously immediately after they are collected, so that no conclusions can be drawn about individuals.

3. Categories of data subjects
Group of persons affected by data processing: visitors to the user's website

4. Duration of the order
The contract begins with the creation of an account at app.storecockpit.eu and applies to the termination or deletion of the account.

5. Instructions for authorized recipients from StoreCockpit
CEO: Janic Schönberg, datenschutz@storecockpit.eu

Appendix 2 - Subcontractors
StoreCockpit uses services from third parties to process data on behalf of the user who process data on his behalf (“subcontractors”). These are the following companies:

Amazon Web Services, 410 Terry Avenue North, Seattle WA 98109 United States. Fax: +1 206 266-7010. Services: Infrastructure as a Service

Appendix 3
1. Technical and organizational measures
StoreCockpit undertakes to take the following technical and organizational measures for data security within the meaning of Art. 32 GDPR to an appropriate extent:

a) Access control Measures with which unauthorized persons are denied access to data processing systems with which personal data is processed or used.

b) Access control Measures with which the use of data processing systems by unauthorized persons is prevented.

c) Access control Measures to ensure that those authorized to use a data processing system can only access the data subject to their access authorization and that personal data cannot be read, copied, changed or removed without authorization during processing, use and after storage.

d) Transfer control Measures to ensure that personal data cannot be read, copied, changed or removed without authorization during electronic transmission or during their transport or storage on data carriers and that it can be checked and determined to which bodies a transfer of personal data by institutions is provided for data transmission.

e) Input control Measures that ensure that it can be subsequently checked whether and by whom personal data can be entered, changed or removed in data processing systems.

f) Order control Measures to ensure that personal data processed in the order can only be processed in accordance with the instructions of the client.

g) Availability control Measures to ensure that personal data is protected against accidental destruction or loss.

h) Separation requirement Measures to ensure that data collected for different purposes can be processed separately.

2. More information
StoreCockpit stores data anonymously on the servers of the subcontractor AWS (Amazon Web Services). This provider has undertaken to take appropriate technical and organizational measures for data security. Only StoreCockpit employees who need access to the user's data in the event of a random check, as well as employees from the engineering team to carry out maintenance activities, have access to the anonymized data. These people are trained in handling the data and have concluded contracts to safeguard the interests of the website operator. Employees are prohibited from exporting data, sharing it within the company or making it available to the public. Third party IP addresses are stored anonymously. After that, no conclusions can be drawn about individuals.

3. Procedures for regular review, assessment and evaluation
StoreCockpit is subject to the instructions of the appointed data protection officer. In addition, StoreCockpit has the systems checked internally and externally for technical resilience and security. For all StoreCockpit employees there are training courses and rules for the operational operation of data processing systems at regular intervals.

Status: June 15, 2021