November 2022
1. General | Scope
1.1 These End User License Terms (“Terms”)apply to all contracts between Bots and People Product GmbH, Schlesische Straße 29, 10997Berlin, Germany (“Bots & People”) and its customers who are business owners and not consumers (“Customers”)to whom Bots & People provides access to its Services.
1.2 These Terms shall govern each ordering document or any online, email or in-app ordering process that references these Terms (each an “Order”). The terms of each Order shall incorporate these Terms and shall form a separate services contract with respect to the Services (as defined below) under that Order (a “ServicesContract”).
1.3 These Terms shall also apply as a framework for future contracts between Bots &People and Customer even if Bots & People does not refer to them in each individual case. These Terms shall be deemed to be confirmed by Customer at the latest when Customer or the first User uses the Services.
1.4 These Terms apply to the exclusion of all others. Different, conflicting or supplementary standard terms shall only become part of a Services Contract if and to the extent that Bots & People has consented to such terms in writing.
1.5 Individual agreements made in writing with Customer in specific cases (including ancillary agreements, supplementary agreements and amendments) shall take priority over these Terms.
1.6 Where these Terms mention the terms ‘written’, ‘in writing’, ‘written form’ or similar, this shall refer to ‘in writing’ in the sense of § 126 German Civil Code. The electronic exchange of copies of documents signed by hand as well as documents signed with a simple electronic signature(such as provided by e.g. DocuSign or Adobe Sign) shall be sufficient therefor.Unless expressly stated otherwise in these Terms, simple emails shall not be sufficient.
1.7 Unless stated otherwise in these Terms, notice sand declarations submitted by Customer to Bots & People, including but not limited to notices of termination or setting of deadlines, shall be made at least in text form within the meaning of § 126b of the German Civil Code to be valid (simple email shall be sufficient).
2. License Grant | Permitted Users | Updates
2.1 Subject to the terms and conditions of the Services Contract, Bots & People grants to Customer, during the Initial Service Term and any Renewal Service Term, anon-exclusive, non-transferable, non-sublicensable world-wide right and license to access and use the Bots & People automation enablement platform, which is offered as software-as-a-service including any related websites, spaces, services and applications as designated in the Order (collectively the “Services”) for Customer’s internal business purposes only (“License”).The number of Licenses is stated in the Order. Bots & People offers theServices as described in the Services documentation, as updated from time to time, and located at an URL further specified by Bots & People or attached as an exhibit to the Order (“Documentation”).
2.2 Customer shall not permit any third parties to use the Services through the Customer account (“Users”) unless they qualify as Customer’s employees, Affiliates (and employees thereof), outsourcing service providers, consultants or contractors, and always provided that (A)Customer has obtained a License for each such permitted User; (B) Customer procures that such permitted Users comply with these Terms and Customer remains responsible and liable towards Bots & People for all acts and omissions of such permitted Users; and (C) the Services are used by such permitted Users solely for the benefit of Customer. “Affiliate” shall mean any entity that directly or indirectly controls, is controlled by, or is under direct or indirect common control with Customer or Bots & People respectively, or which is a wholly owned subsidiary of Customer or Bots & People respectively, whereby ‘control’ shall mean owning, directly or indirectly, at least fifty-one percent (51%) of the equity securities or equity interests of an entity.
2.3 Bots & People may implement new versions and upgrades of the Services including, but not limited to, changes that effect modifications to the design, operational method, technical specifications, systems, and other functions, etc. of the Services, at any time without prior notice.
3. License Restrictions
3.1 Customer shall not (and shall not permit any third party to) directly or indirectly: (A)sublicense, sell, resell, transfer, assign, distribute, share, lease, rent, make any external commercial use of, outsource, or otherwise generate income from the Services; (B) copy the Services onto any public or distributed network; (C) decompile, reverse engineer or disassemble any portion of the Services, or otherwise attempt to discover any source code, object code or underlying structure, ideas, know-how or algorithms or other operational mechanisms of the Services, in each case, unless permitted by mandatory statutory law; (D) modify, adapt, translate or create derivative works based on all or any part of the Services(except to the extent expressly permitted by Bots & People or authorized with in the Services); (E) modify any proprietary rights notices that appear in the Services or components thereof; (F) use the Services outside of the license scope set forth in Clause 2; or (G) use the Services to (i) store, download or transmit infringing, libelous, or otherwise unlawful or tortious material, or malicious code or malware; or (ii)engage in phishing, spamming, denial-of-service attacks or other fraudulent or criminal activity; (iii) interfere with or disrupt the integrity or performance of third party systems, or the services or data contained therein; (iv) gain unauthorized access to the Services or Bots & People’s systems or networks; or (v) perform, or engage any third party to perform, penetration testing, vulnerability assessments or other security assessments.
3.2 The Services may only be used by Customer and its permitted Users as prescribed in the Documentation and in full compliance with all applicable laws and regulations.
3.3 Customer shall not export or re-export, directly or indirectly, any Services or data relating thereto in breach of any applicable laws and regulations. In particular, Customer and its Affiliates shall comply with the sanctions imposed by the Federal Republic of Germany, the European Union, the United Nations and the United States of America, in each case, insofar as this does not result in a violation of or a conflict with mandatory anti-boycott statutes applicable toCustomer. Customer shall, at its own expense, obtain all necessary customs, import, or other governmental authorizations and approvals.
3.4 The Services may be subject to export and/or re-export control laws and regulations of the European Union, the United States, or to similar laws applicable in other jurisdictions. Customer warrants that (a) the Services will not be used from countries to which such export and/or re-export is prohibited by any such laws and regulations, and (b) that Customer is neither a denied party specified in any such laws and regulations nor listed on any official list of prohibited or restricted parties.
3.5 Although Bots & People has no obligation to monitor Customer’s contractual use of the Services, Bots & People may do so and may prohibit any use of theServices it believes may be in violation of this Clause 3.
4. Customer’s Responsibilities
4.1 Customer shall be responsible for obtaining and maintaining any technical equipment and related ancillary services required to connect to, access or otherwise use the Services at its own cost, including, without limitation, hardware and software (collectively“Equipment”), networks and internet connections. Customer shall maintain the security of the Equipment.
4.2 Customer shall keep the information in the Customer account up to date and correct. Customer shall ensure that user identities, passwords and similar credentials used for accessing the Services are used and stored in a secure manner, cannot be accessed and used by third parties and are immediately changed in the event of unauthorized disclosure.
4.3 Customer shall notify Bots &People of any unauthorized disclosure of such user identities, passwords or similar credentials, and any unauthorized use or breach of security of theServices. Customer shall be solely liable for any unauthorized use of theServices through the Customer account.
4.4 Customer shall be solely liable for the content of all data and any other material displayed, posted, uploaded, stored, exchanged or transmitted by Customer or any User on or through the Services (“Content”).
4.5 Bots & People cannot control the information submitted by Customer or any User during their use of the Services and cannot guarantee the accuracy of any information submitted. Bots & People may, without notice or liability, investigate any complaints or suspected violations of the Services Contract including theseTerms that come to its attention and may take any legal action and/or technical measures that it believes are appropriate, including, but not limited to, rejecting, refusing to post, or removing any Content, or other data, or restricting, suspending, or terminating Customer’s or any User’s access to the Services.
5. MaintenanceAnd Support
5.1 Subject to Customer’s payment of the Service Fees set forth in the applicable Order, Bots& People shall provide Maintenance and Support for the Services to the extent specified in the Order. “Support”is defined as Bots & People’s obligation to use commercially reasonable efforts respond to support requests of Customer with regard to the Services. “Maintenance” or “Maintain” means Bots & People’s obligation to use commercially reasonable efforts with regard to the Services related to error resolution, bugfixes and the provision of updates and upgrades made generally available by Bots& People in its sole discretion.
5.2 Bots & People provides Support to the Customer via the email address academy@botsandpeople.com or any other email address that Bots & People may provide from time to time fromMonday to Friday 9:00 am to 5:00 pm (CET), excluding public holidays in theState of Berlin, Germany.
5.3 Bots & People shall use reasonable efforts consistent with prevailing industry standards to Maintain the Services in a manner which minimizes errors and interruptions in the Services.
5.4 Customer may notify Bots & People of any errors via the email address academy@botsandpeople.com or any other email address that Bots & People may provide from time to time. Bots& People shall use commercially reasonable efforts to ensure that any notified errors are timely corrected, subject to: (a) Customer providing a detailed description of the error and its reproducibility to Bots & People; and (b) depending on the priority of the error to be reasonably determined byBots & People in its sole discretion.
6. Availability of the Services
6.1 Subject to Customer’s payment of the Service Fees set forth in the applicable Order, Bots& People shall use commercially reasonable efforts to make the Services available to Customer, excluding any temporary unavailability for scheduled or for unscheduled Maintenance, and unavailability for causes beyond Bots &People’s reasonable control. Bots & People shall use reasonable efforts to provide advance notice in writing or by email of any scheduled service disruption.
6.2 Bots & People shall not be obliged to provide for Customer’s access to the Services such as for internet access.
7. Additional Services
7.1 Subject to these Terms (including payment of any applicable Service Fees set forth in the Order), Bots & People shall provide additional professional services ifand to the extent described in an Order (“Additional Services”).
7.2 Unless specified otherwise in the relevant Order, the Additional Services are services within the meaning of § 611 German Civil Code. The Additional Services shall be rendered on a one-time fee or a time and materials basis. If the Additional Services purchased have been consumed, Bots & People may cease the provision of AdditionalServices until further Additional Services have been ordered.
7.3 Customer shall provide reasonable cooperation and information as necessary to enable Bots& People to perform the Additional Services. With respect to Bots &People’s staff providing Additional Services to Customer no lease of personnel(Arbeitnehmerüberlassung) shall take place. Instructions to Bots & People’s staff must not be given by Customer’s staff or representatives but only by Bots & People’s representatives.Issues arising with Bots & People’s staff which affect Customer and/or the AdditionalServices to be provided shall be addressed by the relevant contact person of Customer to the relevant contact person of Bots & People. Bots & People’s staff will not be integrated into the operational organization of Customer. Bots &People may in its sole discretion decide how and where to utilize its resources(including Bots & People’s staff) and plan its performances under the ServicesContract (and the related Order) in accordance with the agreed contents and limits of the Additional Services.
7.4 Customer shall reimburse Bots & People for travel and other expenses (at cost)incurred in connection with the Additional Services (if any).
7.5 Additional Services shall be performed on business days (a business day means Monday through Friday, excluding national holidays, during normal working hours, in the location where the Additional Services are provided).
7.6 The cooperation of Bots & People and Customer hereunder, in particular with regard to Additional Services, builds upon mutual trust between Bots &People and Customer. Therefore, during the Initial Service Term and any RenewalService Term, and in each case for a period of twelve (12) months thereafter, without Bots & People’s prior written approval, Customer shall not solicit for employment or consultancy any of Bots & People’s employees who participated in the performance of Additional Services.
8. Payment Of Fees
8.1 Customer shall pay the fees described in the Order for the Services and AdditionalServices in accordance with the terms therein (“Service Fees”).
8.2 If Customer’s use of the Services exceeds the capacity set forth in the Order (“Service Capacity”) or otherwise requires the payment of additional fees per the terms of the Services Contract,Customer shall be billed for such usage and Customer shall pay the additional fees as provided herein.
8.3 Bots & People may change the Service Fees for the following Renewal Service Term at its reasonable discretion upon at least sixty (60) days’ prior notice to the end of the Initial Service Term or the end of the then current Renewal ServiceTerm.
8.4 Unless otherwise specified, Customer shall make all payments via any of the payment methods offered by Bots & People. Bots & People may choose to bill through an invoice, in which case, full payment for invoices must be received by Bots & People fourteen (14) days after the mailing date of the invoice. TheCustomer acknowledges that Bots & People will use electronic invoicing solutions only.
8.5 Following notice in text form under § 126b German Civil Code (simple email shall be sufficient), Bots & People shall be entitled to suspend Customer’s access to the Services in accordance with § 320 German Civil Code if payments are not received by Bots & People within thirty (30) days of the due date.
8.6 In the event the number of Licenses in the Customer account falls below the amount initially ordered for the then-current Initial Service Term or Renewal ServiceTerm, Customer shall remain obliged to pay to Bots & People the full amount of the corresponding Service Fees for such Licenses initially ordered.
8.7 All Service Fees are exclusive of, and Customer shall pay, all taxes, duties, and assessments, however designated, which are levied or imposed upon such ServiceFees, excluding only taxes based on Bots & People net income.
8.8 Customer may only invoke a right to set-off and assert a right of retention to the extent that its claims have been (A) finally established by a court of law; (B) are uncontested; or (C) have been acknowledged by Bots & People.
9. Confidentiality| Customer Data
9.1 Customer and Bots & People understand that they have disclosed or may disclose to each other business, technical or financial information relating to their business(“Confidential Information”). ConfidentialInformation of Bots & People includes but is not limited to non-public information regarding the content, features, functionality and performance of the Services, including any training material and content. ConfidentialInformation of Customer includes non-public data provided by Customer to Bots& People to enable the provision of the Services or during the use of theServices (“Customer Data”).
9.2 Customer and Bots & People shall take reasonable precautions to protect each other’sConfidential Information, and not to use (except in performance of the Services or as otherwise permitted herein) or divulge to any third person any such ConfidentialInformation. This shall not apply with respect to any information after five(5) years following the disclosure thereof or to any information that Customer or Bots & People respectively can document (A) is or has become generally available to the public; or (B) was in Customer’s or Bots & People’s respective possession or known by Customer or Bots & People prior to receipt; or (C) was rightfully disclosed to Customer or Bots & People respectively without restriction by a third party; or (D) was independently developed without use of any Confidential Information or (E) is required to be disclosed by law.
9.3 Bots & People may collect and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including, without limitation, information concerning the Customer Data and data derived therefrom), and Bots & People shall be free(during and after the term of a given Service Contract) to use and disclose such data and information in aggregated or other de-identified form to improve and enhance the Services, for other development, diagnostic and corrective purposes in connection with the Services, and for other purposes relating to its business.
10. Proprietary Rights | Trade Names and Logos | Use of Feedback
10.1 Bots & People and its respective suppliers own and shall retain all ownership and intellectual property rights, including all copyright, database rights, patent, trade secret, trademark and all other intellectual property rights and technical solutions, in and to the Services. Customer acknowledges that the rights granted under a Services Contract do not provide Customer with title toor ownership of the Services.
10.2 Customer shall retain all right, title and interest in and to the Customer Data and anyContent, as well as any data that is based on or derived from the Customer Data and any Content. Customer grants to Bots & People during the term of theServices Contract a non-exclusive, transferable, sublicensable, worldwide and unlimited right and license to use the Customer Data and any Content free of charge and solely to the extent necessary for the provision of the Services. Bots& People shall have no liability for the Customer Data and any Content.
10.3 Customer agrees that Bots & People may refer to Customer by its trade names and logos, and may briefly describe the Customer’s business in Bots & People’s marketing materials and on Bots & People’s websites.
10.4 Customer may from time to time provide Bots & People with suggestions for new features or functionalities of and with feedback regarding the Services. Bots& People shall be free to take such suggestions or feedback into consideration. Customer grants to Bots & People, without charge, the fully paid-up, perpetual, sublicensable right to exploit such feedback for any purpose.
11. Data Privacy | IT Security
11.1 Customer and Bots & People shall at all times comply with the requirements of applicable data privacy and data protection legislation, including but not limited to the EU General Data Protection Regulation.
11.2 To the extent that a data processing agreement is mandatory under such legislation, the Data Processing Terms in Schedule A hereto shall supplement these Terms and shall become an integral part of any applicable ServicesContract.
11.3 Bots & People shall adopt reasonable measures to ensure that the security of theServices meet relevant industry standards.
12. Term | Termination
12.1 Subject to earlier termination as provided below, the Services Contract begins on the date specified in the Order (“Effective Date”)and shall remain in effect for an initial term as specified in the Order (“Initial Service Term”). The Initial ServiceTerm shall automatically and continuously renew for additional periods, each of which correspond with the Initial Service Term (“Renewal Service Term”), unless either party requests termination of the Services Contract at least ninety (90) days prior to the end of then-current term.
12.2 Neither Customer nor Bots & People may terminate the Services Contract for convenience with effect prior to the end of the Initial Service Term or any Renewal Service Term (Ausschluss der ordentlichen Kündigung). However, if a ramp up phase is agreed in an Order (“Ramp up Phase”), Customer may, during the first four (4) weeks of the InitialService Term, terminate the Services Contract for convenience with effect to the end of such four (4) weeks period.
12.3 Customer’s and Bots & People’s right to immediately terminate the Services Contract for good cause (außerordentlicheKündigung aus wichtigem Grund) shall remain unaffected. Such good cause shall in particular exist for both parties, if a party commits a material breach of the Services Contract, and such breach has not been cured within thirty(30) days after receipt of written notice thereof (simple email shall suffice).Such good cause shall also exist for Bots & People if (A) Customer is in default of payment by more than forty-five (45) days; (B) Customer breaches the use restrictions under Clause 3; or (C)Customer ceases its due payments or suffers a significant deterioration in its asset situation.
12.4 Upon termination of the Services Contract or lapse of its Initial Term or RenewalService Term taking effect, Bots & People may suspend Customer’s access to the Services and delete any Content (if any) in the possession of Bots &People after a period of thirty (30) days. Customer shall be solely responsible for extracting all such Content before any suspension. Upon Customer’s request and as part of the Additional Services, Bots & People may choose to extract and/or modify Customer’s Content against an additional Service Fee.
12.5 Bots & People or Customer may terminate any agreement for Additional Services for convenience in accordance with its terms and applicable law.
13. LimitedWarranty
13.1 Customer has checked that the specification of the Services as described in theDocumentation meets its needs and wishes. Customer is aware of the essential functionalities and features of the Services. The extent, nature and quality of the goods and services to be delivered by Bots & People are determined by theseTerms, the Order, and the Documentation. Any other information or requirements only form part of the Services Contract if Customer and Bots & People so agree in writing. Product descriptions, illustrations, test programs, etc.represent mere service specifications but do not constitute guarantees (Garantien) or agreements on certain specifications (Beschaffenheitsvereinbarungen).In order to be valid, an agreement on a guarantee must be confirmed by a director of Bots & People in writing.
13.2 Bots & People warrants (gewährleistet) that the Services will, in all material respects, conform to the functionality described in the then-currentDocumentation for the applicable Services version. In case of a breach of this warranty Bots & People shall be required to use commercially reasonable efforts to modify the Services to conform in all material respects to theDocumentation, and if Bots & People is unable to materially restore such functionality within thirty (30) days from the date of written notice of said breach, Customer may terminate the Services Contract upon written notice and receive a pro-rata refund of the unused Service Fees which have been paid in advance (if any) for unused access to the Services. In order tobe eligible for the foregoing remedy, Customer shall notify Bots & People in writing of any warranty breaches and Customer must have used and configured the Services in accordance with the Documentation. Any no-fault liability (verschuldensunabhängige Haftung) of Bots& People for the existence of initial errors (anfängliche Mängel) under § 536a German Civil Code shall be excluded. Customer’s claims for damages for a breach of this warranty are subject to the limitations set forth in Clause 15.
13.3 Customer may not obtain the source code of the Services for any reason.
14. Third-Party Claims
14.1 Bots & People shall, at its expense, defend Customer against (or, at Bots & People’s option, settle)any third-party claim to the extent such claim alleges that the Services infringe or misappropriate any patent, copyright, trademark, other intellectual property right or trade secret of a third party (“Third-Party Claim”), and Bots & People shall pay all costs and damages finally awarded against Customer by a court of competent jurisdiction as a result of any Third-Party Claim. In the event that the use of the Services is, or in Bots & People’s sole opinion is likely to become, subject to a ThirdParty Claim, then Bots & People, at its option and expense, may (A) replace the applicable Services with functionally equivalent non-infringing services; (B)obtain a license for Customer’s continued use of the applicable Service; or (C)immediately terminate the Services Contract in whole or in part and provide a pro-rata refund of the Service Fees that have been paid in advance for the applicable Services (beginning on the date of termination).
14.2 Clause 14.1 shall not apply: (i) if the Services are modified by Customer or any User; (ii) if theServices are combined with other non-Bots & People products, applications, or processes, but solely to the extent the alleged infringement is caused by such combination; or (iii) in the event of any unauthorized use of the Services.
14.3 Clause14.1 shall beCustomer’s sole remedy with respect to any Third-Party Claim.
15. Limitation Of Liability
15.1 Bots & People shall be unrestrictedly liable for (A) injury to life, body or health caused by Bots& People, its legal representatives (gesetzlicheVertreter) or assistants in performance (Erfüllungsgehilfen); (B) damage caused intentionally (vorsätzlich) or with gross negligence (grob fahrlässig) by Bots & People, or its legal representatives; (C) damage caused intentionally by Bots & People’s assistants in performance not mentioned in (B); (D) damage resulting from the absence of any guaranteed (garantiert)characteristics; and (E) claims under the German Product Liability Act (Produkthaftungsgesetz).
15.2 Bots & People shall be liable for damage resulting from the breach of its primary obligations (Kardinalpflichten) hereunder by Bots& People, its legal representatives or assistants in performance. Primary obligations are such basic duties which form the essence of the Services Contract, which were decisive for the conclusion of the Services Contract and on the performance of which Customer may rely. If the breach of such primary obligation was caused(A) through simple negligence by Bots & People, its legal representatives or executive staff; or (B) through simple or gross negligence by Bots &People’s assistants in performance not mentioned in (A), then Bots & People’s ensuing liability shall be limited to the amount which was foreseeable by Bots& People at the time the respective Service was performed.
15.3 Subject always to Clauses 15.1 and 15.2, Bots &People shall not be liable for damage resulting from the breach of non-primary obligations through (A) simple negligence of Bots & People, or its legal representatives; or (B) simple or gross negligence of Bots & People’s assistants in performance not mentioned in (A).
15.4 Bots & People shall be liable for loss of data only up to the amount of typical recovery costs which would have arisen had proper and regular data backup measures been taken by Customer.
15.5 Subject always to Clause 15.1, the total liability of Bots & People arising out of or in connection with theServices Contract, whether in contract or tort or otherwise shall in no circumstances exceed a sum equal to the total Service Fees paid (plus ServiceFees payable) by Customer in the twelve (12) months immediately preceding the event which gave rise to the liability.
15.6 Neither Bots & People nor Customer shall be liable for any failure or delay in performance to the extent that such failure or delay is caused by force majeure, i.e., causes beyond their reasonable control and occurring with out their fault or negligence.
15.7 Anymore extensive liability of Bots & People arising out of or in connection with the Services Contract (including these Terms and Schedule A (if applicable)) that is not covered by this Clause 15 is excluded on the merits.
16. Assignment | Novation
16.1 Customer may not assign (übertragen) the ServicesContract without the prior written approval of Bots & People and any purported assignment in breach of this Clause 16 shall be void. Bots & People may at its discretion assign, or transfer to third parties the Services Contract or any rights pertaining thereto in whole or in part.
16.2 Customer shall, at Bots & People’s request, promptly, and in any event within fifteen (15) days, enter into a novation agreement in such form as Bots &People shall reasonably specify in order to enable Bots & People to exercise its rights pursuant to this Clause 16.
16.3 Without prejudice to mandatory applicable law, Customer shall not assign any of its rights or obligations under any Services Contract and these Terms to any third party without the prior written consent of Bots & People.
17. Severability
Should any provision of the Services Contract including the Order and these Terms be or become ineffective or invalid in whole or in part, the effectiveness and validity of the other provisions shall not be affected. Such ineffective or invalid provision shall be replaced by a provision which comes as close as legally possible to what Bots & People and Customer would have agreed, pursuant to the meaning and purpose of the original provision and of theServices Contract if they had recognized the ineffectiveness or invalidity of the original provision. If the ineffectiveness or invalidity of a provision is based on the determination of a certain level of performance or a certain time(deadline or fixed date), such ineffective or invalid level or time shall be replaced by the level or time which comes as close as legally possible to the original level or time. The foregoing shall also apply to any possible omission in the Services Contract including the Order and these Terms that was not intended by Bots & People and Customer.
18. Entire Agreement | Revisions
18.1 The Services Contract including the Order, these Terms and Schedule A (if applicable) shall represent the entire agreement between Customer and Bots& People in respect of its subject matter and supersede and extinguish all prior negotiations, arrangements, understanding, course of dealings or agreements made between the Parties in relation to its subject matter, whether written or oral.
18.2 Without prejudice to Clause 18.3, valid amendments or supplements to these Terms including Schedule A (if applicable) must be mutually agreed in writing. The same shall apply to any agreement to deviate from or cancel this requirement of written form.
18.3 Bots& People may amend and/or update these Terms includingSchedule A (if applicable) for existing Services Contracts with future effect from time to time and as necessary for technical, economic or legal reasons provided that this would neither constitute a change affecting the basis of the legal relationship between Bots & People and Customer nor is equivalent to the conclusion of anew contract. Any revision of these Terms shall be announced to Customer in text form (simple email shall be sufficient) no later than six (6) weeks before their proposed effective date. Customer may either approve or object to the revision before their proposed effective date. The revision shall be deemed approved by Customer, unless Customer objects to the revision before their proposed effective date. Bots & People shall expressly inform Customer thereof in the respective announcement. Bots& People may amend and/or update these Terms for future Services Contracts at any time for any reason without notice.
19. Governing Law | Jurisdiction
19.1 The Services Contract including these Terms and Schedule A (if applicable) and any issues, disputes or claims (whether contractual or non-contractual) arising out of or in connection with it or its subject matter or formation shall be governed by the laws of the Federal Republic of Germany excluding its conflict of laws provisions. The United Nations Convention on Contracts for theInternational Sale of Goods (CISG) shall not apply.
19.2 The courts of Berlin (Germany) shall have exclusive jurisdiction to settle any dispute or claim (whether contractual or non-contractual) that arises out of orin connection with the Services Contract including these Terms and Schedule A(if applicable) or its subject matter or formation.
20. Miscellaneous
20.1 The person signing or otherwise accepting the Order and these Terms for Customer represents that it is duly authorized by all necessary and appropriate corporate action to enter the Services Contract on behalf of Customer.
20.2 Bots & People shall be entitled to retain subcontractors, including third party software suppliers, for the performance of any of its obligations in accordance with the Services Contract.
20.3 No agency, partnership, joint venture, or employment is created as a result of theServices Contract and Customer does not have any authority of any kind to bind Bots& People in any respect whatsoever.
Bots and People Product GmbH
District Court of Berlin Charlottenburg, Germany HRB 229115
November 2022
Data Processing Terms
1. Scope
1.1 Customer has commissioned Bots & People for the services specified in the Services Contract. Part of the execution of the ServicesContract is the processing of personal data. In particular, Art. 28 GDPR imposes specific requirements on such commissioned processing. To comply with these requirements, the Parties agree to that these Data Processing Terms (“Data Processing Terms”) shall apply to such processing.
1.2 These Data Processing Terms shall supplement the Bots & People Terms as perClause 11.2 of the Terms.
2. Definitions
2.1 Pursuant to Art. 4 (7) GDPR, the controller is the entity that alone or jointly with other controllers determines the purposes and means of the processing of personal data.
2.2 Pursuant to Art. 4 (8) GDPR, a data processor is a natural or legal person, authority, institution, or other body that processes personal data on behalf of a controller.
2.3 Pursuant to Art. 4 (1) GDPR, personal data means any information relating to an identified or identifiable natural person (“DataSubject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.4 Personal data requiring special protection are personal data pursuant to Art. 9 GDPR revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership of Data Subjects, personal data pursuant to Art. 10 GDPR on criminal convictions and criminal offenses or related security measures, as well as genetic data pursuant to Art. 4 (13) GDPR, biometric data pursuant to Art. 4(14) GDPR, health data pursuant to Art. 4 (15) GDPR, and data on the sex life or sexual orientation of a natural person.
2.5 According to Article 4 (2) GDPR, the processing is any operation or set of operations that is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.6 Pursuant to Article 4 (21) GDPR, the supervisory authority is an independent state body established by a Member State pursuant to Article 51 GDPR.
3. General Provisions
3.1 Bots & People provide the Services specified in the Services Contract for Customer. In doing so, Bots & People obtains access to personal data, which Bots & People processes as processor for Customer as controller exclusively on behalf of and in accordance with Customer’s instructions. The scope and purpose of the data processing by Bots & People are set out in the Services Contract and any associated service descriptions. Customer shall be responsible for assessing the admissibility of the data processing.
3.2 The purpose of these Data Processing Terms is to specify the mutual rights and obligations under data protection law. In case of doubt, the provisions of these Data Processing Terms shall take precedence over the provisions of the Services Contract.
3.3 The provisions of these Data Processing Terms shall apply to all activities related to the Services Contract in which Bots & People and its employees or persons authorized by Bots & People come into contact with personal data originating from Customer or collected for Customer.
4. Right of Instruction
4.1 Bots & People may only collect, process or use data within the scope of the Services Contract and in accordance with the instructions of Customer; this applies in particular with regard to the transfer of personal data to a third country or to an international organization. If Bots & People is required to carry out further processing by the law of the European Union or the Member States to which it is subject, it shall notify Customer of these legal requirements prior to the processing.
4.2 The instructions of Customer shall initially be determined by these Data Processing Terms. Thereafter, they may be amended, supplemented, or replaced by Customer in writing or text form by individual instructions (individual instructions). Customer shall be entitled to issue such instructions at any time. This includes instructions with regard to the correction, deletion, and blocking of data.
4.3 All instructions issued shall be documented by Customer.Instructions that go beyond the Service agreed in the Services Contract shall be treated as a request for a change in Service.
4.4 If Bots & People is of the opinion that an instruction of Customer violates data protection provisions, it shall notify Customer thereof without undue delay. Bots & People shall be entitled to suspend the implementation of the relevant instruction until it is confirmed or amended by Customer.Bots & People may refuse to carry out an obviously unlawful instruction.
5. Types of Data Processed, Group of Data Subjects
5.1 Within the scope of the implementation of the ServicesContract, Bots & People shall have access to the personal data specified in more detail in Attachment 1.
5.2 The category of Data Subjects affected by the data processing is listed in Attachment 1.
6. Protective Measuresof Bots & People
6.1 Bots & People shall be obliged to observe the statutory provisions on data protection and not to disclose information obtained from Customer’s domain to third parties or expose it to their access.Documents and data shall be secured against disclosure to unauthorized persons, taking into account the state of the art.
6.2 Bots & People shall organize the internal organization within its field of responsibility in such a way that it meets the special requirements of data protection. It shall have taken the technical and organizational measures specified in Attachment 2 to adequately protect Customer’s data pursuant to Art. 32 GDPR, which Customer acknowledges as adequate. Bots & People reserves the right to change the security measures taken while ensuring that the contractually agreed level of protection is not undercut.
6.3 The persons employed in the data processing by Bots& People are prohibited from collecting, processing or using personal data without authorization. Bots & People shall oblige all persons entrusted by it with the processing and performance of the Services Contract (“Employees”) accordingly (obligation of confidentiality, Art. 28 (3) lit. b GDPR) and shall ensure compliance with theseData Processing Terms with due care.
6.4 Bots & People has appointed a data protection officer. Bots & People’s data protection officer is heyData GmbH, Kantstraße99, 10627 Berlin, Germany, datenschutz@heydata.eu, www.heydata.eu.
7. Information Obligations of Bots & People
7.1 In the event of disruptions, suspected data protection violations or breaches of contractual obligations of Bots & People, suspected security-related incidents or other irregularities in the processing of personal data by Bots & People, by persons employed by it within the scope of the Services Contract or by third parties, Bots & People shall inform Customer without undue delay. The same shall apply to audits of Bots& People by the data protection supervisory authority. The notification of a personal data breach shall contain at least the following information:
(a) a description of the nature of the personal data breach, including, to the extent possible, the categories and the number of Data Subjects affected, the categories affected and the number of personal data records affected;
(b) a description of the measures taken or proposed by Bots & People to address the breach and, where applicable, measures to mitigate its possible adverse effects;
(c) a description of the likely consequences of the personal data breach.
7.2 Bots & People shall immediately take the necessary measures to secure the data and to mitigate any possible adverse consequences for the Data Subjects, inform Customer thereof and request further instructions.
7.3 In addition, Bots & People shall be obliged to provide Customer with information at any time insofar as Customer’s data are affected by a breach pursuant to Clause 7.1 of this Schedule.
7.4 Bots & People shall inform Customer of any significant changes to the security measures pursuant to Clause 6.2 of this Schedule.
8. Control Rights of Customer
8.1 Customer may satisfy itself of the technical and organizational measures of Bots & People prior to the commencement of data processing and thereafter regularly on a yearly basis. For this purpose, Customer may, for example, obtain information from Bots & People, obtain existing certificates from experts, certifications or internal audits or, after timely coordination, personally inspect the technical and organizational measures of Bots& People during normal business hours or have them inspected by a competent third party, provided that the third party is not in a competitive relationship with Bots & People. Customer shall carry out checks only to the extent necessary and shall not disproportionately disrupt the operations of Bots &People in the process.
8.2 Bots & People undertakes to provide Customer, upon the latter’s verbal or written request and within a reasonable period of time, with all information and evidence required to carry out a check of the technical and organizational measures of Bots & People.
8.3 Customer shall document the results of the inspection and notify Bots & People thereof. In the event of errors or irregularities which Customer discovers, in particular during the inspection of the results of the inspection, Customer shall inform Bots & People without undue delay. If facts are found during the control, the future avoidance of which requires changes to the ordered procedure, Customer shall notify Bots & People of the necessary procedural changes without delay.
9. Use of Sub-processors
9.1 The contractually agreed services shall be performed with the involvement of the service providers named in Attachment 3 (the “Sub-processors”). Customer grants Bots & People its general authorization within the meaning of Article 28 (2) s. 1 GDPR to engage additional Sub-processors within the scope of its contractual obligations or to replace Sub-processors already engaged.
9.2 Bots & People shall inform Customer in advance bye-mail newsletter of any intended change regarding the involvement or replacement of a Sub-processor. The email newsletter will be received by Customer after sending an email with the subject “Subscribe” to info@botsandpeople.comCustomer may object to an intended enlistment or substitution of aSub-processor for good cause under data protection law.
9.3 The objection to the intended involvement or replacement of a Sub-processor must be raised within 2 weeks of the information being sent in the email newsletter. If no objection is raised, the involvement or replacement shall be deemed approved. If there is a good cause under data protection law and a mutually agreeable solution cannot be found between Customer and Bots & People, Customer shall have a special right of termination at the end of the month following the objection.
9.4 When engaging Sub-processors, Bots & People shall oblige them in accordance with the provisions of these Data Processing Terms.
9.5 A Sub-processor relationship within the meaning of these provisions does not exist if Bots & People commissions third parties with services that are regarded as purely ancillary services. These include, for example, postal, transport and shipping services, cleaning services, telecommunications services without any specific reference to services provided by Bots & People to Customer and guarding services. Maintenance and testing services constitute Sub-processor relationships requiring consent insofar as they are provided for IT systems that are also used in connection with the provision of services for Customer.
10. Requests and Rights of Data Subjects
10.1 Bots & People shall support Customer with suitable technical and organizational measures in fulfilling Customer’s obligations pursuant to Articles 12 to 22 and 32 to 36 GDPR.
10.2 If a Data Subject asserts rights, such as the right of access, correction or deletion with regard to his or her personal data, directly against Bots & People, the latter shall not react independently but shall refer the Data Subject to Customer and await Customer’s instructions.
11. Termination of the Services Contract
11.1 After termination of the Services Contract, Bots & People shall return to Customer all documents, data and data carriers provided to it or - at the request of Customer, unless there is an obligation to store the personal data under Union law or the law of the Federal Republic of Germany- delete them. This shall also apply to any data backups at Bots & People. Bots& People shall on request provide documented proof of the proper deletion of any data.
11.2 Customer shall have the right to control the complete and contractual return or deletion of the data at Bots & People in an appropriate manner.
11.3 Bots & People shall be obligated to keep confidential the data of which it has become aware in connection with the ServicesContract even beyond the end of the Services Contract. These Data ProcessingTerms shall remain valid beyond the end of the Services Contract as long as Bots& People has personal data at its disposal which have been forwarded to itby Customer or which it has collected for Customer.
Description of Types and Categories of Data and Categoriesof Data subjects
Types of Personal Data
Categories of Data Subjects
E-mail addresses, names, IP addresses
Customer, customers of Customer, third parties
Technical and Organizational Measures
1. Introduction
1.1 This document summarizes the technical and organizational measures taken by Bots& People within the meaning of Article 32 (1) of the GDPR. These aremeasures with which the processor protects personal data. The purpose of thedocument is to support the processor in fulfilling its accountabilityobligations under Art. 5 (2) GDPR.
2. Confidentiality (Art. 32 (1)(b) GDPR)
2.1 Entry Control
Thefollowing implemented measures prevent unauthorized persons from gaining accessto the data processing facilities:
- Chipcard/transponder locking system
- Key regulation/ key book
- Visitors onlyaccompanied by staff
2.2 Admission Control
The following implemented measures prevent unauthorized persons from accessing the dataprocessing systems:
- Authenticationwith user and password
- Use ofanti-virus software
- Management ofuser permissions
- Creation ofuser profiles
- Centralpassword rules
- Use of 2-factorauthentication
- Key control /key book
2.3 Access Control
The followingimplemented measures ensure that unauthorized persons do not have access topersonal data:
- Use of anauthorization concept
- Number ofadministrators is kept as small as possible
- Management ofuser rights by system administrators
3. Integrity(Art. 32 (1)(b) GDPR)
3.1 Transfer Control
It is ensured thatpersonal data cannot be read, copied, changed or removed without authorizationduring transfer or storage on data carriers and that it is possible to checkwhich persons or bodies have received personal data. The following measures areimplemented to ensure this:
- WIFI encryption(WPA2)
3.2 Input Control
The following measures ensure that it is possible to check who has processed personal data indata processing systems and at what time:
- Clear responsibility for deletions
- Instruction toemployees not to delete data without consultation
4. Availabilityand resilience (Art. 32 (1) (b) GDPR)
The followingmeasures ensure that personal data is protected against accidental destructionor loss and is always available to the client:
- Regular backups
- Hosting (atleast of the most important data) with a professional hoster
5. Proceduresfor regular review, assessment and evaluation (Art. 32(1)(d) GDPR; Art. 25(1)GDPR)
5.1 Data ProtectionManagement
The followingmeasures ensure that an organization that meets the basic requirements of dataprotection law is in place:
- Use of theheyData platform for data protection management
- Appointment ofthe data protection officer heyData
- Commitment ofemployees to data secrecy
- Regulartraining of employees in data protection
- Keeping anoverview of processing activities (Art. 30 DSGVO)
- Conducting dataprotection impact assessments, if required (Art. 35 DSGVO)
5.2 Incident ResponseManagement
The followingmeasures are intended to ensure that notification processes are triggered inthe event of data privacy breaches:
- Notificationprocess for data protection breaches pursuant to Art. 4 No. 12 GDPR vis-à-vissupervisory authorities (Art. 33 GDPR)
- Data breachnotification process pursuant to Art. 4 No. 12 DSGVO vis-à-vis data subjects(Art. 34 DSGVO)
- Involvement ofthe data protection officer in security incidents and data mishaps
- Use ofanti-virus software
5.3 Privacy-friendlyDefault Settings (Art. 25 (2) GDPR)
The following implemented measures take into account the requirements of the principles “Privacyby design” and “Privacy by default”:
- Training ofemployees in “Privacy by design” and ”Privacy by default”.
- No morepersonal data is collected than is necessary for the respective purpose.
5.4 Order Supervision
The following measures ensure that personal data can only be processed in accordance with theinstructions:
- Written instructions to the contractor or instructions in text form (e.g. by DataProcessing Agreement).
- Ensuring thatdata is destroyed after completion of the order, e.g. by requestingcorresponding confirmations
- Confirmation from contractors that they commit their own employees to data secrecy(typically in the Data Processing Agreement)
Attachment 3 to Data Processing Terms
Current Sub-processors
Learnworlds Ltd., Gladstonos 120, Foloune Building, 2nd Floor, B1, Limassol, 3032, Cyprus a Learning Management System data hosted in the EU
Integromat s.r.o., Voctarova 2449/5, 180 00 Prague 8, Czech Republic , Automations between applications, data hosted in the EU
Hotjar, Dragonara Business Centre, 5th Floor, Dargonara Road, Paceville, St. Julian's STJ 3141, Malta, Analytics Application, data hosted in the EU
Google Analytics, Google LLC., 1600 Amphitheatre Parkway, Mountain View CA 94043, USA, Analytics Application, data hosted in the USA
Google Tag Manager, Google LLC., 1600 Amphitheatre Parkway, Mountain View CA 94043, USA, Tag management application, data hosted in the USA