Terms & Conditions

§ 1 Subject matter

1. Depending on the purchase of the licence in accordance with §§ 5-6 of these GTC, the subject matter of this contract is the temporary or permanent provision of the MAXQDA standard software in the selected functional scope against or without payment (e.g. demo licence) together with the corresponding granting of the rights of use described in §§ 10, 11. The customer has no claim to the transfer and use of the source code of the software.
2. The provider of goods and services under this Agreement is VERBI Software. Consult. Sozialforschung GmbH, Invalidenstr. 74, 10557 Berlin (hereinafter referred to as “VERBI”).
3. Subject to explicit contrary provisions in these GTC/EULA, VERBI is the manufacturer und author of the standard software “MAXQDA” and its product family (hereinafter referred to as “the Software”). Product information, support and warranties are provided by VERBI.
4. The customer is informed that the MAXQDA standard software uses open source components for its operation. These open source components are listed conclusively at https://www.maxqda.com/open-source-software, naming the applicable licence in each case. The customer expressly agrees to the use of these open source components in connection with the operation of the Software and undertakes to observe the licence conditions reproduced at https://www.maxqda.com/open-source-software when using, processing and passing on the open source components.
5. The owed quality and the scope of functions of the Software selected by the customer are conclusively defined in the functional descriptions, which are available at https://www.maxqda.com/products.
6. The MAXQDA standard software and its related product family are distributed – apart from VERBI directly – through VERBI’s resellers. If the MAXQDA standard Software and the related product family are used by a reseller, this results in a direct contract between this reseller and the customer. In this case, the customer cannot assert contractual claims arising from the contract with the reseller against VERBI, but exclusively against the reseller.

§ 2 General – Scope

These VERBI GTC/EULA govern the legal relationship between VERBI and the customer.

§ 3 Conclusion of contract (offer / order, confirmation and acceptance)

1. Product presentations, in particular on the VERBI website, do not constitute an offer to conclude a contract.
2. Information provided by VERBI by telephone is non-binding.
3. The customer has the option of concluding a contract for the purchase of usage rights to the MAXQDA standard software via the shop integrated on the VERBI website. To do this, the customer first selects the corresponding product on VERBI’s website. After selecting the product, the customer is automatically redirected to the website of VERBI’s e-sales partner cleverbridge AG. The General Terms and Conditions of cleverbridge AG and cleverbridge, Inc., available at https://shop.maxqda.com/107/?scope=optandc&id=NMzXPfVl9N, apply to the conclusion of the contract via the webshop. The serial number for activating the Software as well as the download link will be provided to the customer by cleverbridge immediately after conclusion of the contract..
4. If the customer acts as an entrepreneur (§ 14 BGB), the customer can also send VERBI a request for the conclusion of a contract for the acquisition of usage rights to the MAXQDA standard software or the associated product family. In response to an enquiry sent to VERBI by the customer, VERBI will prepare a binding offer for the conclusion of a contract for the acquisition of usage rights to the MAXQDA standard software or the associated product family and send this to the customer. The customer declares acceptance of VERBI’s offer by signing and returning the signed offer.

§ 4 Information of the customer

1. The customer is obligated to truthfully and completely provide the information required by VERBI for the proper execution of the contract. This information results either from the offer sent by VERBI in accordance with § 3 or the information provided as part of the order in accordance with § 3. Additional costs incurred by VERBI, e.g. due to incorrect/incomplete address information, shall be borne by the customer.
2. The customer warrants that he/she selects the correct type of licence entitlement (§ 6) or discount level (only for commercial users, see § 5) when placing the order. If an incorrect, more favourable licence entitlement/discount level is selected, VERBI is entitled to demand the difference.

§ 5 Discount Levels

VERBI offers special discounts for various customer groups. The customer undertakes to ensure that the licence is only made available to the authorised group of persons in each case. § 5 only applies insofar as the customer acts as an entrepreneur (§ 14 BGB).

1. Education
   Training licences can only be used by universities, universities of applied sciences and other schools as well as persons belonging to these by contract.
2. Reduced
   Discounted licences may be claimed by all other public institutions, non-profit associations and non-governmental organisations not already mentioned under item 1, as well as persons belonging to them by contract.
3. Commercial
   Commercial licences are valid for all purchasers provided that none of the criteria for discounted licences or educational licences apply to them.

§ 6 Forms of licence acquisition

1. Purchase
   1. Purchase licences are available exclusively for entrepreneurs as defined by § 14 BGB (German Civil Code) (non-private customers) such as universities, research institutions, other companies or entrepreneurs.
   2. The purchase of a licence entitles the user to use the Software for an unlimited period of time. Purchase licences include all services listed under § 12.
2. Students / doctoral candidates
   1. Student / doctoral candidate licenses are personal licenses that can only be purchased for time-limited use by student / doctoral candidate who have proven their student / doctoral candidate status during the ordering process (as required there). The recipient of the invoice and the delivery must be the student / doctoral candidate with his/her private address.
   2. Student / doctoral candidate licenses may only be used by this student / doctoral candidate and may not be sold or given away. The purchase is limited to one license per person. The use is limited to private purposes (e.g. studies, qualification work, etc.). Use for professional activities or commercial purposes is not permitted. The purchase of student / doctoral candidate licenses by institutions is not permitted.
   3. Student / doctoral candidate licenses entitle the holder to use the software for a limited period of time in accordance with the product descriptions on the website www.maxqda.com and include all the services listed under § 12 for the term of the agreement.
   4. Student / doctoral candidate licenses are valid for exactly 2 years from the date of purchase. Semester licenses are valid for exactly 6 months from the date of purchase. Both licenses can be extended with the purchase of another student / doctoral candidate licenses if required.
   5. Student / doctoral candidate licenses (24 months) may be used by the student / doctoral candidate on two private computers. The two installations may not be used simultaneously and in no case by other persons. The semester license (6 months) may be used by the student / doctoral candidate on one private computer. Both licenses can be transferred to a new computer at any time with a license move.
3. Subscription and private license
   1. The subscription is available exclusively to entrepreneurs within the meaning of § 14 BGB (non-private customers) such as universities, research institutions, other companies or entrepreneurs.
   2. In the case of a subscription, the leased number of MAXQDA licences is available to the customer for the term of the contract at the subscription rate listed on the invoice.
   3. Consumers may purchase a personal licence. This personal licence may only be used for purposes which can predominantly neither be attributed to the commercial nor the independent professional activity of the customer. Use by institutions and companies is prohibited.
   4. Private licences entitle the customer to use the product for a limited period of time in accordance with the product descriptions for the term of the contract from the date of conclusion of the contract.
   5. In the case of an agreed annual payment, both the subscription and the private licence shall be automatically renewed for a further year unless notice of termination is given by either party 2 months before the end of the term. In case of agreed one-time payment, no automatic renewal of the contract takes place. The subscription and the private licence include all services listed under § 12. In addition, they will be converted to any new version of the Software free of charge (free upgrade).
4. Free licences
   1. The customer has the option to activate and use a free trial version limited to 14 days.
   2. VERBI also provides a reader version of the Software – MAXQDA Reader – for free download on the VERBI website. The Reader version has a limited range of functions.
   3. In addition, there is a free licence for participants of teaching courses. The teaching licence is a free time-limited MAXQDA licence and can only be applied for by teachers for the duration of their official courses at VERBI. The respective course must be listed on the university’s website / course catalogue. The student participants of the respective course will each receive their own MAXQDA licence for installation on their private computers for the duration of the course, for which the provisions of these GTC/EULA on free licences apply, insofar as they are aimed at consumers. The licence may only be used within the framework of the seminar. The use of the teaching licence is not permitted for the preparation of qualification theses, such as bachelor’s, master’s or diploma theses.
5. Updates and Upgrades
   1. Licence holders of a MAXQDA licence receive programme updates (bug fixes) within the purchased programme version free of charge. If updates are available, they can be downloaded via a function of the Software.
   2. Registered licence holders of a purchase licence (available to entrepreneurs (§ 14 BGB) only) receive a one-time reduction on the new price (upgrade price) for the number of already existing licences when a new version of MAXQDA is released. The entitlement to purchase an upgrade must be proven by providing the serial number(s). The upgrade right expires if the licence holder has not exercised his/her right to upgrade for two programme versions in succession.
   3. VERBI is entitled to create updates to the Software at its own discretion.
   4. Users of free licences are not entitled to updates of the Software they use.

§ 7 Delivery, delivery period

1. The delivery of the ordered goods takes place in accordance with the respective delivery information on VERBI’s website. The customer receives access to a website with a download link. The installation of the Software requires the entry of a serial number, which is sent to the customer by e-mail.
2. Orders will usually be processed within one week of receipt.
3. If Software is offered to the customer electronically in the form of a download link for downloading the Software from VERBI’s servers, the customer shall be obliged to collect the Software (“Holschuld”). After receiving the necessary data, the customer alone decides whether and when to download the Software.

§ 8 Copyright

1. The Software product is protected by German copyright law and international copyright treaties as well as by other laws and treaties on intellectual property.
2. The ownership and copyright exploitation rights in the Software product (including but not limited to images, photographs, animations, video, audio, music, text and “applets” contained in the Software product), the printed accompanying material and all copies of the Software product are owned by VERBI.
3. The Software product shall be treated as any other copyrighted material except that a copy of the Software product may be made for backup or archival purposes. By possessing, installing or using the Software, the customer does not acquire any rights to the intellectual property of the Software apart from the rights of use granted to him/her on the basis of these GTC/EULA.

§ 9 Activation of the Software

1. When purchasing a MAXQDA licence, the customer receives a serial number. This represents the key to using the Software in accordance with the licence rights acquired.
2. In order to use the Software, the customer must activate it with his/her serial number. VERBI expressly points out that an internet connection is mandatory for activating the Software. Activation requires the transmission of various information about the computer used by the customer and the system environment in which the Software is to be operated. This information may also contain personal data, as explained in the separate data protection declaration.

§ 10 Scope of use of the Software

1. The temporal scope of the rights to use the Software transferred to the customer depends on which licence the customer has acquired. If the customer has selected a purchase licence, the customer shall receive a simple, non-exclusive right of use to the Software downloaded by the customer or delivered to the customer to the extent granted in these GTC/EULA. If the customer has chosen a time-limited licence or a licence free of charge, the rights of use shall be granted for a limited period of time for the term of the underlying agreement.
2. The rights to use upgrades, if provided, shall be granted to the customer in accordance with the underlying licence type. If the customer has received and activated an upgrade, the rights of use for those parts of the standard Software which are replaced by the upgrade shall expire at the time of installation and activation of the respective upgrade. Any right of the customer to resell the replaced Software shall also expire at this time.
3. The customer is entitled to use the Software in accordance with the provisions of the respective licence type (§ 6) – subject to full payment of the remuneration. Furthermore, the customer is entitled to make a backup copy of the Software. This must be marked as such. VERBI may demand that all other unlawfully produced or distributed copies or copies intended for unlawful distribution be destroyed.
4. The customer may not alter or remove any copyright, trademark, proprietary or other notices affixed to the data carriers, in the programme or on the documentation. The symbols integrated in the Software may only be used within the framework of the normal, contractual use of the Software. Separate use or exploitation of the symbols is expressly prohibited.
5. The customer is not entitled to reverse engineer, decompile or disassemble the Software product. However, this shall only apply to the extent that the applicable law, notwithstanding this limitation, does not expressly permit such a possibility. The Software product is licensed as a single product. The customer is not entitled to separate its components in order to use them on more than one computer.
6. Special obligations apply with regard to the Foxit PDF SDK, which is an integral part of MAXQDA: The intellectual property rights of the PDF SDK belong to Foxit. The customer is not entitled to use, make available to others, modify or reverse engineer individual components or the entirety of the Foxit PDF SDK outside of MAXQDA.
7. Licence holders of a purchase licence (available to entrepreneurs (§ 14 BGB) only) are only entitled to permanently transfer the rights to use the Software (including all previous versions and backup copies) provided that all documentation and media are transferred and no copies are retained by the customer. In the event of transfer of the Software to a third party, the customer shall immediately cease any further use of the Software and completely remove the programme from his/her computer.
   VERBI points out that in the event of a transfer of the rights of use in the aforementioned sense, there is no obligation on the part of VERBI to also provide support services to the purchaser of the Software and/or to supply upgrades for the Software, unless the purchaser concludes a separate agreement on this with VERBI. The leasing of the Software is not permitted.
8. Holders of other licences are not entitled to transfer the rights to use the Software.
9. The customer’s rights to the Software expire and immediately revert to VERBI if the customer violates the above terms and conditions of use. Notwithstanding other rights, VERBI is entitled to revoke the customer’s rights of use if there is a serious breach of the terms and conditions of these GTC/EULA. In both cases, the customer is obliged to destroy all copies of the Software product and its components or to hand them over to VERBI. The customer must confirm this by e-mail.

§ 11 Terms of Use by Licence Type

1. Single user licences
   The single user licence may be used by the authorised person. This person may install the licence on two devices. The two installations may not be used simultaneously and in no case by other persons.
2. Network licences
   1. Network licences are only available to entrepreneurs as defined by § 14 BGB (German Civil Code) (non-private customers) such as universities, research institutions, other companies or entrepreneurs.
   2. Network licences are server-based licences that allow simultaneous use of the Software in the amount of the number of licences purchased, starting with 5 licences. The installation and use of the “MAXQDA Netlic Manager” software developed by VERBI is required to manage the network licences. This software is provided by VERBI free of charge and installed on a server computer of the customer in a Windows environment (Windows 8 or higher). Network licences are issued to a group of the customer’s institution defined by the customer for use in accordance with the number of licences purchased. The total number of authorised users may be twice the number of licences purchased (concurrent use). Under no circumstances may the Software be used by an unlimited number of persons. The use of other types of network licences shall be negotiated directly with VERBI in each case – the terms of use shall be regulated individually in each case.

§ 12 Support services

1. VERBI offers licence holders of a paid MAXQDA licence free online support at its own discretion to an extent to be determined by VERBI; users of a free licence are not entitled to the support services. Online support provides technical assistance with questions about the functions as well as difficulties with the installation and activation of the Software product. Online support does not provide consulting or research advice. Before using the support, the information provided by VERBI (instructions, manuals, FAQs, etc.) must be consulted.
2. VERBI offers free online support for the use of the current and the previous version of the Software. Support for older versions is no longer provided.
3. Further individual support services (consulting) are subject to a charge and require a separate agreement with VERBI.
4. In the event of serious breaches of the GTC/EULA, VERBI reserves the right to refuse support services to the extent permitted by law. This does not apply if support services for the purchased licence are part of the main service owed in accordance (“geschuldete Hauptleistung”) with these GTC/EULA.

§ 13 Data protection

The customer has taken note of the data protection declaration for the use of the software.

§ 14 Warranty – Limitation of Liability

1. Warranty is only granted if the Software is installed according to the system requirements described on the VERBI webpage (http://www.maxqda.com/products/system-requirements). VERBI is therefore not required to ensure that the Software’s functions meet the specific requirements of the customer or work in conjunction with components in the customer’s specific hardware configuration. The selection, installation and use of the Software as well as the desired results are the responsibility of the customer.
2. Any warranty or liability is excluded for consequences resulting from alterations made by the customer or a third party to the Software or through improper handling or incorrect operation of the Software.
3. VERBI does not accept any liability for the loss of data or damages to systems due to the use of the product, unless VERBI caused the loss intentionally or through gross negligence and the customer had taken reasonable precautions to ensure that a data backup was carried out according to the latest technological standards and at appropriate intervals (at least once per day), so that the data could reasonably be reconstructed.
4. VERBI is liable without limitation for intent and gross negligence as well as for slight negligence in the event of damage resulting from injury to body, life or health. In other cases of slight negligence, VERBI is only liable in the event of a breach of such obligations that make the reasonable and proper performance of the contract possible in the first place and on the fulfilment of which the customer accordingly relies and may rely (cardinal obligations) and only limited to compensation for the foreseeable, typically occurring damage. Other claims for damages are excluded. Furthermore, limitations and exclusions in this clause do not apply to claims by the customer in the event of fraudulent concealment of a defect by VERBI due to the absence of an assured characteristic, the breach of a warranty promise and claims in accordance with §§ 1, 4 of the Product Liability Act (Produkthaftungsgesetz).
5. VERBI is not liable to the customer for delays in performance resulting from force majeure, namely circumstances beyond VERBI’s control. The same applies if VERBI is unable to provide its service in accordance with these GTC/EULA due to a lack of information or cooperation from the customer.
6. Insofar as VERBI’s liability is excluded or limited, this also applies to the personal liability of VERBI’s employees, representatives and vicarious agents.

§ 15 High-risk activities

The Software is not fault-tolerant and is not designed or intended for use in hazardous environments requiring fail-safe performance, including without limitation, in the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, weapons systems, direct life-support machines, or any other application in which the failure of the Software could lead directly to death, personal injury, or severe physical or property damage (collectively, High Risk Activities). VERBI GmbH expressly disclaims any express or implied warranty of fitness for High Risk Activities.

§ 16 Special conditions for entrepreneurs

The following provisions are aimed exclusively at entrepreneurs within the meaning of § 14 BGB (non-private customers) such as: Universities, research institutions, other companies or entrepreneurs.

1. Scope of application
   1. These GTC/EULA apply exclusively; VERBI does not recognise any terms and conditions of the customer that conflict with or deviate from these GTC/EULA unless VERBI has expressly agreed to their validity in writing. These GTC/EULA also apply if VERBI executes the customer’s order without reservation in the knowledge that the customer’s terms and conditions conflict with or deviate from these GTC/EULA.
   2. All agreements made between VERBI and the customer for the execution of an order must be recorded in writing or in text form (e.g. by e-mail or fax).
2. Prices and terms of payment for orders outside the webshop
   1. Unless otherwise indicated, te prices stated in VERBI’s offer at the time of the order apply to the delivery.
   2. Orders from European countries must be placed in EURO; orders in US dollars are not permitted. Irrespective of the place of the order, the above provisions shall apply in the same way to deliveries to European countries. Orders as well as deliveries in US dollars are only permitted from American, South and East Asian, Oceanic and African countries.
   3. Unless otherwise stated, the prices quoted are exclusive of VAT (which shall be shown separately on the invoice at the statutory rate on the date of invoicing), but inclusive of shipping or transport costs to the agreed place of delivery.
   4. Payment of the purchase price is due immediately after conclusion of the contract. Payments must be made by the methods listed on the website; other methods of payment require the prior consent of VERBI. With the exception of purchases on account, payment is made before delivery. Annual licences must be paid for in full in advance for the entire licence period. If the customer has purchased products or services with recurring payment obligations (subscriptions), the prices are due at the agreed interval.
   5. The deduction of cash discount is subject to a prior separate agreement.
   6. In the case of purchases on account, the invoice amount shall be paid without deduction immediately upon receipt of the invoice, unless otherwise stated in the order confirmation. The customer shall bear any costs of money transfer itself.
   7. Should the customer be in default of payment, VERBI is entitled to demand interest on arrears and a further lump sum of EUR 40.00, unless the customer can prove that no damage or lower damage has been incurred. The interest rate shall be 9 (nine) percentage points higher than the given base rate. If VERBI is able to prove higher damages caused by the default, VERBI is entitled to claim these damages. Any lump sum already claimed under this provision shall be credited towards the claim for damages.
   8. The customer shall only be entitled to offset rights if his counterclaims have been legally established or acknowledged by VERBI. The customer is only entitled to exercise a right of retention to the extent that his counterclaim is based on the same contractual relationship.
   9. If the customer is in default of acceptance or if they violate other cooperation obligations, VERBI is entitled to demand damages incurred, including possible additional charges. In this case, the risk of accidental loss or accidental deterioration of the contractual item also passes to the customer at the time at which the latter is in default of acceptance.
3. Restrictions to the Transfer of Usage Rights and Right of Revocation
   1. In the event that permanent rights of use to the standard software are to be transferred to the customer, VERBI reserves the right to delay the transfer of said usage rights to the customer until VERBI has received the full sum stated in the delivery contract, including additional costs (e.g. exchange costs, financing costs, interest, etc.). Until to this point, the customer is only granted temporary rights, which can be revoked by VERBI in accordance with the following provisions.
   2. Until the time of the transfer of permanent rights of use pursuant to Paragraph 1, the customer shall be obligated to notify VERBI immediately in the event of seizure or other interventions by third parties so that VERBI may bring an action pursuant to § 771 ZPO (German Code of Civil Procedure). If the third party is not in a position to reimburse VERBI for the judicial and extrajudicial costs of a prevailing complaint pursuant to § 771 ZPO, the customer shall be liable for the failure incurred by VERBI.
   3. A serious breach by the Customer of the GTC/EULA entitles VERBI to revoke the contract with the Customer. The parties agree that a serious breach is given in particular if the Customer uses the license contrary to the terms of use in in § 11.
4. Warranty and limitation of liability

   In addition to § 14, the following provisions on warranty and limitation of liability shall apply to the acquisition and use of the Software:

   1. The customer is not entitled to remedy defects itself and to demand reimbursement of the expenses required for this unless the customer has properly notified VERBI of the defect and provided VERBI with the information required to reproduce the defect and VERBI has not remedied the defect within a reasonable period of time.
   2. Claims for compensation for damages and expenses for reimbursement shall become statute barred at the completion of 12 months. This 12-month period begins at the earliest with the notification of the defect by the Customer and at the latest at the end of the year in which the Customer recognized the defect or could have recognized it without negligence.
   3. VERBI is not liable for damage that has not occurred to the Software itself; in particular, VERBI is not liable for lost profits of the customer that are attributable to the use of the products.
5. Miscellaneous
   1. VERBI is entitled to name the customer as a reference on the website for the purpose of external presentation. This can also take place in the use of the logo (corporate identity), with which the customer agrees. VERBI reserves the right to name the reference up to 3 calendar years after termination of the contract.
   2. In the case of contracts with merchants, legal entities under public law or special funds under public law, the place of performance for delivery and payment and the place of jurisdiction shall be the registered office of VERBI in Berlin.

§ 17 Special conditions for consumers

The following provisions are directed exclusively at consumers within the meaning of Section 13 of the German Civil Code (BGB) (private customers), i.e. customers who, in accordance with these GTC/EULA, acquire rights of use for purposes that can predominantly be attributed neither to their commercial nor to their independent professional activity.

Withdrawal policy

1. Right of withdrawal
   1. You have the right to withdraw from this contract within 14 days without giving any reason. The withdrawal period will expire after 14 days from the day of the conclusion of the contract.
   2. To exercise the right of withdrawal, you must inform us, (VERBI Software. Consult. Sozialforschung GmbH, Invalidenstr. 74, 10557 Berlin, Tel.: +49 (0)30 206 22 5922, Fax: +49 (0)30 206 22 59 29, E-Mail: cs@maxqda.com), of your decision to withdraw from this contract by an unequivocal statement (e.g. a letter sent by post or email). You may use the attached model withdrawal form, but it is not obligatory.
   3. To meet the withdrawal deadline, it is sufficient for you to send your communication concerning your exercise of the right of withdrawal before the withdrawal period has expired.
2. Effects of withdrawal
   1. If you withdraw from this contract, we shall reimburse to you all payments received from you, including the costs of delivery (with the exception of the supplementary costs resulting from your choice of a type of delivery other than the least expensive type of standard delivery offered by us), without undue delay and in any event not later than 14 days from the day on which we are informed about your decision to withdraw from this contract. We will carry out such reimbursement using the same means of payment as you used for the initial transaction, unless you have expressly agreed otherwise; in any event, you will not incur any fees as a result of such reimbursement.
   2. You are only liable for any diminished value of the goods resulting from the handling other than what is necessary to establish the nature, characteristics and functioning of the goods.
3. Important note
   According to Section 356 para. 5 of the German Civil Code (BGB), in the case of a contract for the supply of digital content that is not contained in a tangible medium, the right of withdrawal becomes extinct if
   1. VERBI began with the performance of the contract,
   2. the consumer had expressly consented to VERBI beginning with the performance of the contract prior to expiry of the withdrawal period,
   3. consumer had acknowledged that by their consent, they would lose the right to withdraw from the contract upon the performance of the contract having commenced, and
   4. VERBI has provided the consumer with a confirmation of the contract.
   VERBI begins with the execution of the contract in the sense described above at the time when the consumer starts a download process.
4. Model withdrawal form
   (Complete and return this form only if you wish to withdraw from the contract).

   To: VERBI Software. Consult. Sozialforschung GmbH Invalidenstr. 74 10557 Berlin e-mail: cs@maxqda.com:

   I/We (*) hereby give notice that I/We (*) withdraw from my/our (*) contract of sale of the following goods (*)/for the provision of the following service (*),

   Ordered on (*)/received on (*),

   Name of consumer(s),

   Address of consumer(s),

   Signature of consumer(s) (only if this form is notified on paper),

   Date

   ((*) Delete as applicable

§ 18 Final provisions

1. The law of the Federal Republic of Germany shall apply. The provisions of the Vienna UN Convention for the International Sale of Goods (CISG) of 11.04.1980 on contracts for the international sale of goods (UN Sales Convention) shall not apply. The statutory provisions on the limitation of the choice of law and on the applicability of mandatory provisions of the state in which the customer has his/her habitual residence as a consumer shall remain unaffected.
2. The rights and obligations arising from an agreement concluded between the parties on the basis of these GTC/EULA may not be transferred to third parties without the prior written consent of VERBI. § Section 354a of the German Commercial Code (HGB) remains unaffected if the customer acts as an entrepreneur (Section 14 BGB).
3. Should a provision in these GTC/EULA or a provision within the scope of other agreements be or become invalid, this shall not affect the validity of all other agreements or provisions. The statutory provision shall apply in place of the invalid provision.
4. VERBI is entitled to unilaterally amend these GTC/EULA if there is a valid reason for doing so (e.g. in the case of a necessary adjustment to changes in the legal or technical framework conditions). Customers will be informed of an amendment in advance by e-mail, stating the content of the amended provisions. If the customer does not object to the notification of amendment within 4 weeks after receipt of the e-mail, the amended provisions shall be deemed agreed.
5. The language of the contract shall be German. These GTC/EULA have been drawn up in German and English. The German version shall be authoritative. The English version is for information purposes only.
6. The European Commission has created an Internet platform for online dispute resolution. Further information on this contact point for the out-of-court settlement of disputes can be found at http://ec.europa.eu/consumers/odr/. VERBI is neither legally or contractually obliged to participate in a dispute resolution procedure before a consumer arbitration board, nor is it voluntarily prepared to do so.

Last update: November 2023

The VERBI Consult. Software. Sozialforschung GmbH (“VERBI”) offers its customers the possibility to extend the standard software “MAXQDA” with additional functions (such as MAXQDA AI Assist) or to use the MAXQDA TeamCloud in addition to the use of the standard software (together hereinafter “Add-Ons”).

General part

§ 1 Scope of application

1. The separate GTC/EULA apply to the use of the standard software “MAXQDA”. Furthermore, the GTC/EULA for the standard software “MAXQDA” also apply to the use of the Add-Ons, unless the GTC/EULA below contain more specific provisions.
2. In the event of a conflict between the general part of these GTC, GTC/EULA for the standard software “MAXQDA” and these GTC for the MAXQDA Add-Ons, the following priority shall apply:
   1. Specific T&Cs for the individual Add-Ons as part of these T&Cs,
   2. General part of these GTC,
   3. GTC/EULA for the standard software “MAXQDA”.

§ 2 Conclusion of contract

For the conclusion of the contract, the provisions in the GTC/EULA for the standard software “MAXQDA” shall apply accordingly to the Add-Ons, provided that no deviating provisions are contained in these GTC.

§ 3 Prices and terms of payment

The prices stated in the VERBI offer at the time of the order apply to the use of the Add-Ons. Furthermore, the provisions in the GTC/EULA for the MAXQDA standard software regarding prices and payment terms for the Add-Ons shall apply accordingly.

§ 4 Requirements for the use of the Add-Ons

The prerequisite for the use of the Add-Ons is the existence of a paid subscription by the customer for the use of the MAXQDA standard software in accordance with the provisions of the GTC/EULA for the MAXQDA standard software. The details may be found in the relevant section of these GTC for the respective Add-On.

§ 5 Data protection

§ Section 5 shall not apply insofar as the customer is a natural person and the processing of personal data is carried out in the course of a purely personal or household activity.

1. Data processing agreement
   1. Schedule 1 to these GTC contains the VERBI Data Processing Agreement (“DPA”). This DPA constitutes the mutual agreement of the parties with respect to the processing of personal data by VERBI when the customer uses the Add-Ons in accordance with these GTC.
   2. The DPA forms an integral part of the GTC. Upon the customer’s consent to these GTC, the DPA shall also become effective between the parties.
   3. In the event of any conflict or inconsistency between the DPA and these GTC, the DPA shall prevail to the extent of such conflict or inconsistency.
2. Standard contractual clauses
   1. If the customer is located in a country outside the European Economic Area for which the European Commission has not issued an adequacy decision, Schedule 2 shall further apply to the customer’s use of the Add-Ons in accordance with these GTC.
   2. Schedule 2 to these GTC/EULA contains the European Commission’s standard contractual clauses in the form of Module 4 (Transfer from a Processor to a Controller) (“SCC”).
   3. The SCC form an integral part of the GTC. Upon the customer’s consent to these GTC, the SCC shall also become effective between the Parties.
3. Definitions
   Terms not otherwise defined in the DPA and/or the SCC shall have the meaning set out in the GDPR.

§ 6 Liability

1. VERBI is liable without limitation for intent and gross negligence. VERBI shall also be liable for slight negligence in the event of damage resulting from injury to body, life or health in accordance with the statutory requirements. In other cases of slight negligence, VERBI is only liable in the event of a breach of such obligations that make the reasonable and proper performance of the contract possible in the first place and on the fulfilment of which the Customer accordingly relies and may rely (cardinal obligations) and only limited to compensation for the foreseeable, typically occurring damage. Furthermore, limitations and exclusions in this clause do not apply to claims by the Customer in the event of fraudulent concealment of a defect by VERBI due to the absence of an assured characteristic, the breach of warranty promise and claims in accordance with §§ 1, 4 of the Product Liability Act (Produkthaftungsgesetz).
2. Any further liability, irrespective of the legal basis, is excluded.

§ 7 Withdrawal Policy

§ 7 only applies insofar as the customer acts as a consumer (§ 13 BGB).

1. Right of withdrawal
   1. You have the right to withdraw from this contract within 14 days without giving any reason. The withdrawal period will expire after 14 days from the day of the conclusion of the contract.
   2. To exercise the right of withdrawal, you must inform us, (VERBI Software. Consult. Sozialforschung GmbH, Invalidenstr. 74, 10557 Berlin, Tel.: +49 (0)30 206 22 5922, Fax: +49 (0)30 206 22 59 29, E-Mail: cs@maxqda.com), of your decision to withdraw from this contract by an unequivocal statement (e.g. a letter sent by post or email). You may use the attached model withdrawal form, but it is not obligatory.
   3. To meet the withdrawal deadline, it is sufficient for you to send your communication concerning your exercise of the right of withdrawal before the withdrawal period has expired.
2. Effects of withdrawal
   1. If you withdraw from this contract, we shall reimburse to you all payments received from you, including the costs of delivery (with the exception of the supplementary costs resulting from your choice of a type of delivery other than the least expensive type of standard delivery offered by us), without undue delay and in any event not later than 14 days from the day on which we are informed about your decision to withdraw from this contract. We will carry out such reimbursement using the same means of payment as you used for the initial transaction, unless you have expressly agreed otherwise; in any event, you will not incur any fees as a result of such reimbursement.
   2. You are only liable for any diminished value of the goods resulting from the handling other than what is necessary to establish the nature, characteristics and functioning of the goods.
3. Important note
   According to Section 356 para. 5 of the German Civil Code (BGB), in the case of a contract for the supply of digital content that is not contained in a tangible medium, the right of withdrawal becomes extinct if
   1. VERBI began with the performance of the contract,
   2. the consumer had expressly consented to VERBI beginning with the performance of the contract prior to expiry of the withdrawal period,
   3. the consumer had acknowledged that by their consent, they would lose the right to withdraw from the contract upon the performance of the contract having commenced, and
   4. VERBI has provided the consumer with a confirmation of the contract.
   VERBI begins with the execution of the contract in the sense described above at the time when the consumer starts a download process.
4. Model withdrawal form
   (Complete and return this form only if you wish to withdraw from the contract).

   To VERBI Software. Consult. Sozialforschung GmbH Invalidenstr. 74 10557 Berlin e-mail: cs@maxqda.com:

   I/We (*) hereby give notice that I/We (*) withdraw from my/our (*) contract of sale of the following goods (*)/for the provision of the following service (*),

   Ordered on (*)/received on (*),

   Name of consumer(s),

   Address of consumer(s),

   Signature of consumer(s) (only if this form is notified on paper),

   Date

   (*) Delete as applicable

AI Assist

This section only applies to customers who have concluded a contract with VERBI for the use of MAXQDA AI Assist in addition to the use of the standard software “MAXQDA”.

AI Assist is a virtual research assistant. AI Assist contains various modules that complement the standard software “MAXQDA”. Among other things, AI Assist offers the customer the possibility of text editing and analysis as well as transcription. The use of AI Assist is subject to the following specific terms of use:

§ 1 Subject matter of the contract

1. The subject matter of the contract is the use of AI Assist.
2. AI Assist consists of different modules (see § 3).
3. VERBI offers AI Assist in two variants:
   • AI Assist (free)
   • AI Assist (premium)

The variants differ in the respective available volume of the individual modules of AI Assist.

§ 2 Ordering AI Assist

1. The prerequisite for the use of AI Assist (premium) is the existence or conclusion of a paid user contract (subscription) for the standard software MAXQDA. The existence or conclusion of a free demo licence is not sufficient.
2. AI Assist (free) is available to all customers. All that is required is the existence or conclusion of a free demo licence.
3. AI Assist can be added by the customer in the shop. Afterwards, AI Assist is visible to the customer in MAXQDA. Before using AI Assist for the first time, the customer must create an AI Assist account in MAXQDA if no account already exists.

§ 3 Subject matter of AI Assist

1. General
   1. The functions of AI Assist are based on the use of artificial intelligence or machine learning. Artificial intelligence and machine learning are based on probabilities. This can lead to erroneous results when using artificial intelligence and machine learning. This means that the results produced by artificial intelligence and machine learning may not be correct in all cases. The customer is aware of the possible limitations in reliability in relation to the use of AI Assist.
   2. VERBI uses various third-party services from external service providers for the individual functions in AI Assist. If necessary, VERBI prepares and/or post-processes the files provided by the customer before passing them on to the respective service provider. Corresponding pre-/post-preparations relate exclusively to formal adjustments (e.g. splitting if file exceeds permissible length). VERBI has no influence on the results produced by the service provider. In particular, VERBI does not review the content of the results before passing them on to the customer.
2. Data analysis with integration of AI
   1. Data analysis with integration of AI offers the customer a variety of options for text processing and analysis. This includes, for example, automatically summarising and/or paraphrasing texts. Furthermore, the customer can carry out text analysis in order to generate code suggestions or to code text passages directly.
      For this purpose, the customer transmits the texts to be processed/analysed to VERBI via an interface to Open AI (see under § 2.2).
   2. The data analysis with integration of AI of the customers is not carried out by VERBI itself, but by a service provider used by VERBI, currently OpenAI, L.L.C. (“OpenAI”). OpenAI uses artificial intelligence or machine learning for this purpose.
3. MAXQDA Transcription
   1. MAXQDA Transcription offers the customer the possibility to have audio files transcribed automatically. For this purpose, the customer uploads the audio file on the website “MAXQDA Account” and VERBI forwards it via an interface to Cantab Research Limited (see under § 3.2). The customer can download the created transcript from the “MAXQDA Account” website and then import it into MAXQDA. Furthermore, the customer has the possibility to enter parameters for the transcription (e.g. with regard to the language or technical terms).
   2. The automated transcription of the customer’s audio file is not performed by VERBI itself, but by a service provider used by VERBI, currently Cantab Research Limited, 296 Cambridge Science Park, Milton Road, Cambridge, CB4 0WD, United Kingdom (“Cantab Research Limited”). Cantab Research Limited uses artificial intelligence and/or machine learning for the transcription.

§ 4 Scope and limitation of use

1. The scope of use of AI Assist is limited for the customer. The available volume (unless unlimited) is displayed to the user directly in MAXQDA. If the available volume is used up, there is the possibility to order volume for individual modules of AI Assist via the shop. If the customer uses AI Assist (free), additional volume can currently only be booked for the MAXQDA Transcription module, but not for data analysis with AI integration.
2. The customer is not permitted to use AI Assist in a manner that violates laws or the rights of third parties or unlawfully affects their rights or otherwise violates the provisions of these GTC or those of the service providers (as amended from time to time). In particular, the use of the function for the following purposes or the provision of the following content is prohibited:
   • • Illegal activities;
   • • Content about child sexual abuse or content that exploits or harms children;
   • • Creation of hate, harassment or violence content
   • • Malware generation
   • • Activities that pose a high risk of physical harm, including weapons development, military and war activities, management or operation of critical energy, transport and water infrastructures
   • • Content that incites, encourages or depicts self-harming acts such as suicide, cutting and eating disorders.
   • • Activities that carry a high risk of economic harm, including multi-level marketing, gambling, lending, automated eligibility decisions, employment, education or public assistance services;
   • • Fraudulent or deceptive activities;
   • • Adult content, adult industries and dating apps, including pornography;
   • • Political campaigning or lobbying;
   • • Activities that violate the privacy of individuals;
   • • Unauthorised practice of law or offering tailored legal advice without a qualified person having reviewed the information;
   • • Tailored financial advice without verification of information by a qualified person;
   • • Providing information that he or she has or does not have a particular health condition or giving instructions on how to cure or treat a health condition;
   • • Government decisions.
3. The terms and conditions of use of the service providers are available online at
   • • Open AI: https://openai.com/policies/usage-policies sowie https://openai.com/policies/sharing-publication-policy
   • • Cantab Research Limited: https://www.speechmatics.com/legal/terms-of-service
4. The customer is also not permitted,
   • • to claim that the result produced with the help of AI Assist was generated by humans, when this is not the case.
5. The customer shall not, and shall not permit or enable any third party to, edit, modify or alter the software (in whole or in part) or disassemble, decompile, reverse engineer or convert the software (in whole or in part). The customer shall further not use the software to create, train or improve (directly or indirectly) a similar or competing product or service.

§ 5 Term and termination

1. The use of AI Assist by the customer ends in any case with the termination of the customer’s contract for the use of the standard software “MAXQDA”.
2. After termination of use, access to AI Assist will be blocked for the customer.

§ 6 Liability

The results produced by AI Assist are done through the integration of third-party services. VERBI has no influence on this performance and in particular is not liable for its accuracy, completeness and/or reliability.

§ 7 Data protection

§ Section 7 shall not apply insofar as the customer is a natural person and the processing of personal data is carried out in the course of a purely personal or household activity.

1. Data analysis with integration of AI
   1. The following information contains the relevant information for Annex II of the DPA and Annex I Section B of the SCC:

      Categories of data subjects whose personal data is processed

      All persons whose personal data is included in the texts provided by the customer in AI Assist.

      Categories of personal data processed

      All data contained in the texts provided by the customer in AI Assist.

      Sensitive data processed (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

      Sensitive personal data are not specifically processed. If a text of the customer contains relevant sensitive data, the customer shall pseudonymise or anonymise such data before uploading the project to AI Assist, provided that the pseudonymisation or anonymisation of the data does not prevent the fulfilment of the purpose of the processing.

      The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis)

      Continuously during the customer’s use of AI Assist.

      Nature of the processing

      Automated text analysis using artificial intelligence and machine learning.

      Purpose(s) of the data transfer and further processing

      Automated text analysis using artificial intelligence and machine learning.

      The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

      The data provided by the customer in AI Assist will be deleted immediately when the need for processing ceases to exist, but at the latest after 30 days.

      In the case of processing by (sub)processors, subject matter, nature and duration of the processing..

      When using AI Assist, data is stored on an AWS cloud server and shared with OpenAI OpCo, LLC, 3180 18th St., San Francisco, CA 94110. The processing is used to prepare the texts and for the analysis by OpenAI. The data will be deleted immediately after the need for processing ceases to exist, but at the latest after 30 days.

   2. The following information contains the relevant information for Annex I Section A of the SCC:

      Activities relevant to the data transferred under these clauses:

      Provision of AI Assist.

2. MAXQDA Transcription
   1. The following information contains the relevant information for Annex II of the DPA and Annex I Section B of the SCC:

      Categories of data subjects whose personal data are processed

      All persons whose personal data is contained in the files provided by the customer for transcription via MAXQDA Transcription.

      Categories of personal data processed

      All data contained in the files provided by the customer for transcription via MAXQDA Transcription.

      Sensitive data processed (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

      Sensitive personal data are not specifically processed. The customer shall take reasonable steps to exclude as far as possible that a Data File contains sensitive data, provided that this does not prevent the fulfilment of the purpose of the processing.

      The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis)

      Continuously during the customer’s use of MAXQDA Transcription.

      Nature of the processing

      Automated transcription of an audio file using artificial intelligence and machine learning.

      Purpose(s) of the data transfer and further processing

      Automated transcription of an audio file using artificial intelligence and machine learning.

      The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

      The data provided by the customer in Speechmatics will be deleted immediately when the need for processing ceases. For the uploaded audio file, deletion takes place 7 days after upload. We delete the transcript created 7 days after download by the customer if the customer does not initiate the deletion beforehand.

      In the case of processing by (sub)processors, subject matter, nature and duration of the processing.

      When using MAXQDA Transcription, data is stored on an AWS cloud server and shared with Cantab Research Limited. The processing serves to prepare the files for transcription as well as the transcription by Cantab Research Limited, 296 Cambridge Science Park, Milton Road, Cambridge, CB4 0WD, United Kingdom. The data will in turn be deleted immediately after the need for processing has ceased. For the uploaded audio file, the deletion takes place 7 days after upload. We delete the transcript created 7 days after download by the customer, unless the customer initiates the deletion beforehand.

   2. The following information contains the relevant information for Annex I Section A of the SCC:

      Activities relevant to the data transferred under these clauses:

      Provision of AI Assist.Bereitstellung von AI Assist.

MAXQDA TeamCloud

This section only applies to customers who have concluded a contract with VERBI for the use of MAXQDA TeamCloud in addition to the use of the standard software “MAXQDA”. The MAXQDA TeamCloud is currently only available to universities, research institutions and companies, but not to private customers..

§ 1 Subject matter of the contract

1. The subject matter of the contract is the use of MAXQDA TeamCloud for the storage of projects created with the standard software “MAXQDA”.
2. The MAXQDA TeamCloud is hosted on servers of Amazon Web Services (“AWS”). The customer is aware that VERBI does not operate the MAXQDA TeamCloud on its own servers and that the provision is therefore subject to conditions that are not determined by VERBI but by AWS. The use of MAXQDA TeamCloud by the customer is therefore not only governed by these GTC/EULA, but is also subject to the AWS Service Terms, available at: https://aws.amazon.com/de/service-terms/. By agreeing to these GTC/EULA, the customer therefore also accepts the AWS Service Terms.

§ 2 Requirements for use

1. The prerequisite for the acquisition of a licence for the use of MAXQDA TeamCloud is a subscription by the customer for the use of the standard software “MAXQDA” in accordance with the provisions of the GTC/EULA for the standard software “MAXQDA”. In the case of other licence types (e.g. purchase), licence acquisition for MAXQDA TeamCloud is not possible. The pure use of MAXQDA TeamCloud is possible with any paid licence (subscription and purchase).
2. The customer must create an online account in order to use MAXQDA TeamCloud.

§ 3 Scope of use

1. The permissible scope of use of MAXQDA TeamCloud by the customer shall be governed by these GTC/EULA and the AWS Service Terms (as amended from time to time, available online at: https://aws.amazon.com/de/service-terms/). In the event of a conflict or inconsistency between the AWS Service Terms and these GTC/EULA, the AWS Service Terms shall prevail to the extent of such conflict or inconsistency.
2. The customer has access to storage capacities of up to 25 GB in the MAXQDA TeamCloud standard configuration.
3. After purchasing a licence for the use of MAXQDA TeamCloud, the customer designates a so-called TeamLead who can use MAXQDA TeamCloud. This TeamLead can invite up to four other persons (“Members”) to use MAXQDA TeamCloud with him. The invitation is sent by email. Once the members have accepted the invitation, the TeamLead can add them to a project (file). Each member only has access to the projects to which they have been invited, regardless of the number of projects the TeamLead has in the MAXQDA TeamCloud.

§ 4 Restrictions on use

1. The customer is aware that sensitive data within the meaning of Article 9 (1) of the General Data Protection Regulation (GDPR) is particularly worthy of protection. If a project of the customer contains corresponding sensitive data, the customer shall pseudonymise or anonymise this data before uploading the project in MAXQDA TeamCloud, provided that the pseudonymisation or anonymisation of the data does not prevent the fulfilment of the processing purpose.
2. Furthermore, the customer is not permitted to store content in the MAXQDA TeamCloud that violates laws or the rights of third parties or unlawfully affects their rights or otherwise violates the provisions of these GTC/EULA or the AWS Terms.
3. In addition, the use of MAXQDA TeamCloud by the customer is subject to the restrictions arising from the AWS Terms. This also applies to possible restrictions on availability, for example in the event of maintenance.

§ 5 Term and termination

1. The use is limited in time to the duration of the underlying usage contract with VERBI.
2. Access to MAXQDA TeamCloud will be disabled for the customer after expiration of use. The customer is solely responsible for downloading all relevant data in time before expiry of the period of use.

§ 6 Data protection

§ Section 6 shall not apply insofar as the customer is a natural person and the processing of personal data is carried out in the course of a purely personal or household activity.

1. The following information contains the relevant information for Annex II of the DPA and Annex I Section B of the SCC:

   Categories of data subjects whose personal data are processed

   All persons whose personal data is contained in the projects stored by the customer in MAXQDA TeamCloud.

   Categories of personal data processed

   All data contained in the projects stored by the customer in MAXQDA TeamCloud.

   Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures

   Sensitive personal data is not specifically processed. If a project of the customer contains corresponding sensitive data, the customer will pseudonymise or anonymise this data before uploading the project to MAXQDA TeamCloud, provided that the pseudonymisation or anonymisation of the data does not prevent the fulfilment of the processing purpose.
   Furthermore, the AWS security standards apply in the respective current version (Annex 1 to the AWS Order Processing Agreement).

   Frequency of transmission (e.g. whether the data is transferred on a one-off or continuous basis)

   Continuously during the use of MAXQDA TeamCloud by the customer.

   Nature of the processingArt der Verarbeitung

   Hosting of the customer projects.

   Purpose(s) of the data transfer and further processing

   Storage of customer projects in the MAXQDA TeamCloud.

   The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

   The duration of the agreement is based on the duration of the customer’s subscription. Three months after the end of the contract, the customer’s project data will be deleted from TeamCloud.

   In the case of processing by (sub)processors, subject matter, nature and duration of the processing

   The MAXQDA TeamCloud is stored on a cloud server from AWS. The processing serves the hosting of the MAXQDA Cloud. The duration of the processing is again based on the duration of the customer’s subscription.

   The Parties waive the obligation under clause 7.7 lit. (e), according to which the Processor is obliged to agree on a third-party beneficiary clause with the sub-processors.

2. The following information contains the relevant information for Annex I Section A of the SCC:

   Activities relevant to the data transferred under these clauses

   Provision of MAXQDA TeamCloud.

Schedule 1

Commission Implementation decision (EU) 2021/95 of 4 June 2021 on standard contractual clauses between controllers and processors under Art. 28 (7) GDPR

STANDARD CONTRACTUAL CLAUSES

SECTION I

Clause 1

Purpose and scope

1. The purpose of these Standard Contractual Clauses (the Clauses) is to ensure compliance with Article 28(3) and (4) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
2. The controllers and processors listed in Annex I have agreed to these Clauses in order to ensure compliance with Article 28(3) and (4) of Regulation (EU) 2016/679 and/or Article 29(3) and (4) of Regulation (EU) 2018/1725.
3. These Clauses apply to the processing of personal data as specified in Annex II.
4. Annexes I to IV are an integral part of the Clauses.
5. These Clauses are without prejudice to obligations to which the controller is subject by virtue of Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725.
6. These Clauses do not by themselves ensure compliance with obligations related to international transfers in accordance with Chapter V of Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725.

Clause 2

Invariability of the Clauses

1. The Parties undertake not to modify the Clauses, except for adding information to the Annexes or updating information in them.
2. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a broader contract, or from adding other clauses or additional safeguards provided that they do not directly or indirectly contradict the Clauses or detract from the fundamental rights or freedoms of data subjects.

Clause 3

Interpretation

1. Where these Clauses use the terms defined in Regulation (EU) 2016/679 or Regulation (EU) 2018/1725 respectively, those terms shall have the same meaning as in that Regulation.
2. These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679 or Regulation (EU) 2018/1725 respectively.
3. These Clauses shall not be interpreted in a way that runs counter to the rights and obligations provided for in Regulation (EU) 2016/679 / Regulation (EU) 2018/1725 or in a way that prejudices the fundamental rights or freedoms of the data subjects.

Clause 4

Hierarchy

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties existing at the time when these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

Clause 5

Docking clause

[intentionally left blank]

SECTION II – OBLIGATIONS OF THE PARTIES

Clause 6

Description of processing(s)

The details of the processing operations, in particular the categories of personal data and the purposes of processing for which the personal data is processed on behalf of the controller, are specified in Annex II.

Clause 7

Obligations of the Parties

• 7.1. Instructions
  • (a) The processor shall process personal data only on documented instructions from the controller, unless required to do so by Union or Member State law to which the processor is subject. In this case, the processor shall inform the controller of that legal requirement before processing, unless the law prohibits this on important grounds of public interest. Subsequent instructions may also be given by the controller throughout the duration of the processing of personal data. These instructions shall always be documented.
  • (b) The processor shall immediately inform the controller if, in the processor’s opinion, instructions given by the controller infringe Regulation (EU) 2016/679 / Regulation (EU) 2018/1725 or the applicable Union or Member State data protection provisions.
• 7.2. Purpose limitation

  The processor shall process the personal data only for the specific purpose(s) of the processing, as set out in Annex II, unless it receives further instructions from the controller.

• 7.3. Duration of the processing of personal data

  Processing by the processor shall only take place for the duration specified in Annex II.

• 7.4. Security of processing
  • (a) The processor shall at least implement the technical and organisational measures specified in Annex III to ensure the security of the personal data. This includes protecting the data against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to the data (personal data breach). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purposes of processing and the risks involved for the data subjects.
  • (b) The processor shall grant access to the personal data undergoing processing to members of its personnel only to the extent strictly necessary for implementing, managing and monitoring of the contract. The processor shall ensure that persons authorised to process the personal data received have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
• 7.5. Sensitive data

  If the processing involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offences (“sensitive data”), the processor shall apply specific restrictions and/or additional safeguards.

• 7.6. Documentation and compliance
  • (a) The Parties shall be able to demonstrate compliance with these Clauses.
  • (b) The processor shall deal promptly and adequately with inquiries from the controller about the processing of data in accordance with these Clauses.
  • (c) The processor shall make available to the controller all information necessary to demonstrate compliance with the obligations that are set out in these Clauses and stem directly from Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. At the controller’s request, the processor shall also permit and contribute to audits of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non-compliance. In deciding on a review or an audit, the controller may take into account relevant certifications held by the processor.
  • (d) The controller may choose to conduct the audit by itself or mandate an independent auditor. Audits may also include inspections at the premises or physical facilities of the processor and shall, where appropriate, be carried out with reasonable notice.
  • (e) The Parties shall make the information referred to in this Clause, including the results of any audits, available to the competent supervisory authority/ies on request.
• 7.7. Use of sub-processors
  • (a) The processor has the controller’s general authorisation for the engagement of sub-processors from an agreed list. The processor shall specifically inform in writing the controller of any intended changes of that list through the addition or replacement of sub-processors at least five business days in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor shall provide the controller with the information necessary to enable the controller to exercise the right to object.
  • (b) Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub- processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub- processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725.
  • (c) At the controller’s request, the processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy.
  • (d) The processor shall remain fully responsible to the controller for the performance of the sub- processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the subprocessor to fulfil its contractual obligations.
  • (e) The processor shall agree a third party beneficiary clause with the sub-processor whereby – in the event the processor has factually disappeared, ceased to exist in law or has become insolvent – the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.
• 7.8. International transfers
  • (a) Any transfer of data to a third country or an international organisation by the processor shall be done only on the basis of documented instructions from the controller or in order to fulfil a specific requirement under Union or Member State law to which the processor is subject and shall take place in compliance with Chapter V of Regulation (EU) 2016/679 or Regulation (EU) 2018/1725.
  • (b) The controller agrees that where the processor engages a sub-processor in accordance with Clause 7.7. for carrying out specific processing activities (on behalf of the controller) and those processing activities involve a transfer of personal data within the meaning of Chapter V of Regulation (EU) 2016/679, the processor and the sub-processor can ensure compliance with Chapter V of Regulation (EU) 2016/679 by using standard contractual clauses adopted by the Commission in accordance with of Article 46(2) ofRegulation (EU) 2016/679, provided the conditions for the use of those standard contractual clauses are met.

Clause 8

Assistance to the controller

1. The processor shall promptly notify the controller of any request it has received from the data subject. It shall not respond to the request itself, unless authorised to do so by the controller.
2. The processor shall assist the controller in fulfilling its obligations to respond to data subjects’ requests to exercise their rights, taking into account the nature of the processing. In fulfilling its obligations in accordance with (a) and (b), the processor shall comply with the controller’s instructions
3. In addition to the processor’s obligation to assist the controller pursuant to Clause 8 (b), the processor shall furthermore assist the controller in ensuring compliance with the following obligations, taking into account the nature of the data processing and the information available to the processor:
   • (1) the obligation to carry out an assessment of the impact of the envisaged processing operations on the protection of personal data (a ‘data protection impact assessment’) where a type of processing is likely to result in a high risk to the rights and freedoms of natural persons;/li>
   • (2) the obligation to consult the competent supervisory authority/ies prior to processing where a data protection impact assessment indicates that the processing would result in a high risk in the absence of measures taken by the controller to mitigate the risk;
   • (3) the obligation to ensure that personal data is accurate and up to date, by informing the controller without delay if the processor becomes aware that the personal data it is processing is inaccurate or has become outdated;
   • (4) the obligations in Article 32 of Regulation (EU) 2016/679.
4. The Parties shall set out in Annex III the appropriate technical and organisational measures by which the processor is required to assist the controller in the application of this Clause as well as the scope and the extent of the assistance required.

Clause 9

Notification of personal data breach

In the event of a personal data breach, the processor shall cooperate with and assist the controller for the controller to comply with its obligations under Articles 33 and 34 of Regulation (EU) 2016/679 or under Articles 34 and 35 of Regulation (EU) 2018/1725, where applicable, taking into account the nature of processing and the information available to the processor.

• 9.1 Data breach concerning data processed by the controller

  In the event of a personal data breach concerning data processed by the controller, the processor shall assist the controller:

  • (a) in notifying the personal data breach to the competent supervisory authority/ies, without undue delay after the controller has become aware of it, where relevant/(unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons);
  • (b) in obtaining the following information which, pursuant to Article 33(3) of Regulation (EU) 2016/679, shall be stated in the controller’s notification, and must at least include:
    • (1) the nature of the personal data including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
    • (2) the likely consequences of the personal data breach;
    • (3) the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

    Where, and insofar as, it is not possible to provide all this information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.

  • (c) in complying, pursuant to Article 34 of Regulation (EU) 2016/679, with the obligation to communicate without undue delay the personal data breach to the data subject, when the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons.
• 9.2 Data breach concerning data processed by the processor

  In the event of a personal data breach concerning data processed by the processor, the processor shall notify the controller without undue delay after the processor having become aware of the breach. Such notification shall contain, at least:

  • (a) description of the nature of the breach (including, where possible, the categories and approximate number of data subjects and data records concerned);
  • (b) the details of a contact point where more information concerning the personal data breach can be obtained;
  • (c) its likely consequences and the measures taken or proposed to be taken to address the breach, including to mitigate its possible adverse effects.

  Where, and insofar as, it is not possible to provide all this information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.

  The Parties shall set out in Annex III all other elements to be provided by the processor when assisting the controller in the compliance with the controller’s obligations under Articles 33 and 34 of Regulation (EU) 2016/679.

SECTION III – FINAL PROVISIONS

Clause 10

Non-compliance with the Clauses and termination

1. Without prejudice to any provisions of Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725, in the event that the processor is in breach of its obligations under these Clauses, the controller may instruct the processor to suspend the processing of personal data until the latter complies with these Clauses or the contract is terminated. The processor shall promptly inform the controller in case it is unable to comply with these Clauses, for whatever reason.
2. The controller shall be entitled to terminate the contract insofar as it concerns processing of personal data in accordance with these Clauses if:
   • (1) the processing of personal data by the processor has been suspended by the controller pursuant to point (a) and if compliance with these Clauses is not restored within a reasonable time and in any event within one month following suspension;
   • (2) the processor is in substantial or persistent breach of these Clauses or its obligations under Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725;
   • (3) the processor fails to comply with a binding decision of a competent court or the competent supervisory authority/ies regarding its obligations pursuant to these Clauses or to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725.
3. The processor shall be entitled to terminate the contract insofar as it concerns processing of personal data under these Clauses where, after having informed the controller that its instructions infringe applicable legal requirements in accordance with Clause 7.1 (b), the controller insists on compliance with the instructions.
4. Following termination of the contract, the processor shall, at the choice of the controller, delete all personal data processed on behalf of the controller and certify to the controller that it has done so, or, return all the personal data to the controller and delete existing copies unless Union or Member State law requires storage of the personal data. Until the data is deleted or returned, the processor shall continue to ensure compliance with these Clauses.

ANNEX I – LIST OF PARTIES

Controller:

The controller is the customer in accordance with the General Terms & Conditions (GTC) and End User License Agreement (EULA) of VERBI Software. Consult. Sozialforschung GmbH.

Signature and accession date: Effective with agreement to the General Terms & Conditions (GTC) by the customer.

Processor:

Name: VERBI Software. Consult. Sozialforschung GmbH

Address: Invalidenstr. 74, 10557 Berlin

Contact person’s name, position and contact details: The data protection officer of VERBI GmbH can be reached at kontakt@datenschutzrechte.de.

Signature and accession date: Effective with agreement to the General Terms & Conditions (GTC) by the customer.

ANNEX II – DESCRIPTION OF THE PROCESSING

See relevant information in the respective data protection sections of these GTC.

ANNEX III – TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

Description of the technical and organisational security measures implemented by the processor(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, as well as the risks for the rights and freedoms of natural persons.

1. Measures for the security of processing (Art. 32 para. 1 GDPR)
   1. Access control

      Measures suitable for preventing unauthorised persons from gaining access to data processing systems with which personal data are processed or used.

      • • Alarm system
      • • Security locks
      • • Locking system with code card
      • • Bell system with camera
      • • Visitors’ book
      • • Care in the selection of security staff
      • • Care in the selection of the cleaning service
   2. Access control

      Measures suitable for preventing data processing systems (computers) from being used by unauthorised persons.

      • • Login with user name + password
      • • Use of anti-virus software
      • • Use of firewall software
      • • Use of VPN for remote access
      • • Creation of user profiles
      • • Assignment/administration of user authorisations
      • • Allocation of passwords
      • • Guidelines for: “Secure password” and “Delete/Destroy”
   3. Access control

      Measures to ensure that those authorised to use a data processing system can only access the data subject to their access authorisation and that personal data cannot be read, copied, modified or removed without authorisation during processing, use and after storage.

      • • Use of shredders
      • • Physical erasure of data media
      • • Proper destruction of data media (DIN 32757)
      • • Logging of access to applications, specifically when entering, changing and deleting data
      • • Administration of rights by system administrator or
      • • Number of administrators reduced to the “bare minimum”
   4. Segregation control

      Measures to ensure that data collected for different purposes can be processed separately.

      • • Separation of development and test environment
      • • Strictly separate storage of data in different client systems
      • • Providing data records with purpose attributes/data fields
      • • Determination of database rights
      • • Control via authorisation concept
   5. Pseudonymisation

      The processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to appropriate technical and organisational measures:

      • • Internal instruction to anonymise / pseudonymise personal data where possible in the event of disclosure.
2. Procedures for regular review, assessment and evaluation (Art. 32 para. 1 lit. d GDPR; Art. 25 para. 1 GDPR)
   1. Data Protection measures
      • • Software solutions for data protection management in use
      • • Central documentation of all procedures and regulations on data protection with access for employees as required / authorised on the intranet
      • • Regular review of the effectiveness of the technical protection measures
      • • Appointment of an external data protection officer (Sebastian Dramburg; kontakt@datenschutzrechte.de)
      • • Staff training: trained and committed to confidentiality/data secrecy
      • • Data protection impact assessment is carried out as required
      • • VERBI GmbH complies with the information obligations according to Art. 13 and 14 GDPR
      • • Formalised process for processing requests for information from data subjects is in place.
   2. Incident response management

      Support in responding to security breaches

      • • Documentation of security incidents and data breaches, e.g. via the ticket system.
      • • All employees are instructed and trained to ensure that data protection incidents are recognised and reported immediately to the DPO.
   3. Order control (outsourcing to third parties)

      Measures to ensure that personal data processed on behalf of the client can only be processed in accordance with the client’s instructions.

      • • Selection of the contractor under due diligence aspects (in particular with regard to information security).
      • • Regular monitoring of contractors
      • • The principle of necessity and data minimisation is taken into account.
      • • The necessary agreements on commissioned processing or EU standard contractual clauses are concluded.

   Description of the specific technical and organisational measures to be taken by the processor to be able to provide assistance to the controller:

   The current version of the AWS Security Standards (Annex 1 to the AWS DPA) apply.

Schedule 2

Commission implementing decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council

Standard Contractual Clauses

MODULE FOUR: Transfer processor to controller

SECTION I

Clause 1

Purpose and scope

1. The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)1 for the transfer of personal data to a third country.
2. The Parties:
   • (i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter “entity/ies”) transferring the personal data, as listed in Annex I.A. (hereinafter each “data exporter”), and
   • (ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A. (hereinafter each “data importer”),
   have agreed to these standard contractual clauses (hereinafter: “Clauses”).
3. These Clauses apply with respect to the transfer of personal data as specified in Annex I.B..
4. The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.

* Handelt es sich bei dem Datenexporteur um einen Auftragsverarbeiter, der der Verordnung (EU) 2016/679 unterliegt und der im Auftrag eines Organs oder einer Einrichtung der Union als Verantwortlicher handelt, so gewährleistet der Rückgriff auf diese Klauseln bei der Beauftragung eines anderen Auftragsverarbeiters (Unterauftragsverarbeitung), der nicht unter die Verordnung (EU) 2016/679 fällt, ebenfalls die Einhaltung von Artikel 29 Absatz 4 der Verordnung (EU) 2018/1725 des Europäischen Parlaments und des Rates vom 23. Oktober 2018 zum Schutz natürlicher Personen bei der Verarbeitung personenbezogener Daten durch die Organe, Einrichtungen und sonstigen Stellen der Union, zum freien Datenverkehr und zur Aufhebung der Verordnung (EG) Nr. 45/2001 und des Beschlusses Nr. 1247/2002/EG (ABl. L 295 vom 21.11.2018, S. 39), insofern als diese Klauseln und die gemäß Artikel 29 Absatz 3 der Verordnung (EU) 2018/1725 im Vertrag oder in einem anderen Rechtsinstrument zwischen dem Verantwortlichen und dem Auftragsverarbeiter festgelegten Datenschutzpflichten angeglichen sind. Dies ist insbesondere dann der Fall, wenn sich der Verantwortliche und der Auftragsverarbeiter auf die im Beschluss 2021/915 enthaltenen Standardvertragsklauseln stützen.

Clause 2

Effect and invariability of the Clauses

1. These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.
2. These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.

Clause 3

Third-party beneficiaries

• (c) Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions
  • (i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;
  • (ii) Clause 8.1 (b) and Clause 8.3(b);b
  • (iii) [intentionally left blank];
  • (iv) [intentionally left blank];
  • (v) Clause 13;
  • (vi) Clause 15.1(c), (d) and (e);
  • (vii) Clause 16(e);
  • (viii) Clause 18.
• (d) Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.

Clause 4

Interpretation

• (e) Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation. .
• (f) These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
• (g) These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.

Clause 5

Hierarchy

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

Clause 6

Description of the transfer(s)

The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.

Clause 7

Docking Clause

[intentionally left blank]

SECTION II – OBLIGATIONS OF THE PARTIES

Clause 8

Data protection safeguards

The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.

• 8.1 Instructions
  • (a) The data exporter shall process the personal data only on documented instructions from the data importer acting as its controller.
  • (b) The data exporter shall immediately inform the data importer if it is unable to follow those instructions, including if such instructions infringe Regulation (EU) 2016/679 or other Union or Member State data protection law.
  • (c) The data importer shall refrain from any action that would prevent the data exporter from fulfilling its obligations under Regulation (EU) 2016/679, including in the context of sub-processing or as regards cooperation with competent supervisory authorities.
  • (d) After the end of the provision of the processing services, the data exporter shall, at the choice of the data importer, delete all personal data processed on behalf of the data importer and certify to the data importer that it has done so, or return to the data importer all personal data processed on its behalf and delete existing copies.
• 8.2 Security of processing
  • (e) The Parties shall implement appropriate technical and organisational measures to ensure the security of the data, including during transmission, and protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter “personal data breach”). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature of the personal data7, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects, and in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.
  • (f) The data exporter shall assist the data importer in ensuring appropriate security of the data in accordance with paragraph (a). In case of a personal data breach concerning the personal data processed by the data exporter under these Clauses, the data exporter shall notify the data importer without undue delay after becoming aware of it and assist the data importer in addressing the breach.
  • (g) The data exporter shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
• 8.3 Documentation and compliance
  • (a) The Parties shall be able to demonstrate compliance with these Clauses.
  • (b) The data exporter shall make available to the data importer all information necessary to demonstrate compliance with its obligations under these Clauses and allow for and contribute to audits.

Clause 9

Use of sub-processors

[intentionally left blank]

Clause 10

Data subject rights

The Parties shall assist each other in responding to enquiries and requests made by data subjects under the local law applicable to the data importer or, for data processing by the data exporter in the EU, under Regulation (EU) 2016/679.

Clause 11

Redress

(c) The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.

Clause 12

Liability

• (d) Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.
• (e) Each Party shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages that the Party causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter under Regulation (EU) 2016/679.
• (f) Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.
• (g) The Parties agree that if one Party is held liable under paragraph (c), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its / their responsibility for the damage.
• (h) The data importer may not invoke the conduct of a processor or sub-processor to avoid its own liability.

Clause 13

Supervision

[intentionally left blank]

SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES

Clause 14

Local laws and practices affecting compliance with the Clauses

[intentionally left blank]

Clause 15

Obligations of the data importer in case of access by public authorities

[intentionally left blank]

SECTION IV – FINAL PROVISIONS

Clause 16

Non-compliance with the Clauses and termination

• (i) The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.
• (j) In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).
• (k) The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:
  • (i) the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;
  • (ii) the data importer is in substantial or persistent breach of these Clauses; or
  • (iii) the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.

  In these cases, it shall inform the competent supervisory authority of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.

• (l) Personal data collected by the data exporter in the EU that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall immediately be deleted in its entirety, including any copy thereof. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
• (m) Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.

Clause 17

Governing law

rights. The Parties agree that this shall be the law of Germany.

Clause 18

Choice of forum and jurisdiction

Any dispute arising from these Clauses shall be resolved by the courts of Germany.

APPENDIX

EXPLANATORY NOTE:

It must be possible to clearly distinguish the information applicable to each transfer or category of transfers and, in this regard, to determine the respective role(s) of the Parties as data exporter(s) and/or data importer(s). This does not necessarily require completing and signing separate appendices for each transfer/category of transfers and/or contractual relationship, where this transparency can be achieved through one appendix. However, where necessary to ensure sufficient clarity, separate appendices should be used.

ANNEX I

A. LIST OF PARTIES

Data exporter:

Name: VERBI Software. Consult. Sozialforschung GmbH

Address: Invalidenstr. 74, 10557 Berlin

Contact person’s name, position and contact details: See relevant information in the respective sections on data protection of these GTCs

Signature and date: Siehe relevante Informationen in den jeweiligen Abschnitten zum Datenschutz dieser AGB

Unterschrift und Datum: Effective with agreement to the General Terms & Conditions and End User License Agreement (EULA) by the customer.

Role (controller/processor): Processor

Data importer: The controller is the customer in accordance with the General Terms & Conditions (GTC) and End User License Agreement (EULA) of VERBI Software. Consult. Sozialforschung GmbH.

Activities relevant to the data transferred under these Clauses: See relevant information in the respective sections on data protection of these GTCs

Signature and date: Effective with agreement to the General Terms & Conditions (GTC) and End User License Agreement (EULA) by the customer.

Role (controller/processor): Controller

B. DESCRIPTION OF TRANSFERG

See relevant information in the respective data protection sections of these GTC.