§ 1 Subject of the Terms of Use

(1) The subject of these terms of use is the provision of the software application tamanguu.contacts (hereinafter: APPLICATION) by the provider Tamanguu GmbH & Co. KG, Science Center Kiel, Fraunhoferstrasse 13, 24118 Kiel, Germany, for the use of its functionalities, the technical enabling of the use of the APPLICATION and the granting of rights of use to the APPLICATION as well as the provision of storage space for the data generated by the customer through the use of the APPLICATION and/or the data required for the use of the APPLICATION (hereinafter: APPLICATION DATA) by the provider towards the customer.
(2) These Terms of Use determine the supply of the services by the provider and the use of these services by the customer. Deviating general terms and conditions of the customer shall not become part of the contractual relationship.

§ 2 Changes to the Terms of Use

The provider reserves the right to change these terms of use at any time with effect also within the existing contractual relationships. The provider shall notify the customer of such changes at least 30 calendar days prior to the planned entry into effect of the changes. If the customer does not object within 30 days of receipt of the notification and the use of the services continues even after expiry of the objection period, the changes shall be deemed to be validly agreed from the expiry of the period. In the event of a contradiction by the customer, the contract will be continued under the previous conditions. In the notification of change, the provider will inform the customer of his right of objection and of the consequences.

§ 3 Registration

(1) The use of the APPLICATION requires the registration. A legal claim does not exist. The provider is entitled to reject registrations without giving reasons. The registration is only permitted to the customer if the registration is carried out in the exercise of his commercial or self-employed professional activity. Consumers are not allowed to register.
(2) After the customer has provided and sent the data requested in the registration or order process, the provider submits a binding offer to the customer by e-mail to conclude a contract in the desired version. By clicking on the link contained in the e-mail, the customer accepts the offer of the provider. This is how the contract comes into being.
(3) In the event of input errors, the customer can make corrections using the available buttons and input fields before submitting his contractual declaration.
(4) The provider stores the text of the contract beyond the conclusion of the contract. However, access by the customer to the contract text via the provider is no longer possible after conclusion of the contract. The customer is therefore required to archive the contract text himself.
(5) The contractual language is English.

§ 4 Providing the APPLICATION and storage space for APPLICATION DATA

(1) The Provider holds the most current version of the APPLICATION on a central data processing system or several data processing systems as well as storage space for the customer’s APPLICATION DATA ready for use.
(2) The scope of the functions of the APPLICATION and the size of the storage space for the APPLICATION DATA of the customer are determined by the respective contractual agreements, otherwise by the functionalities currently available in the APPLICATION or by the storage space currently available for the customer.
(3) The APPLICATION DATA shall be backed up regularly, at least daily. The customer is responsible for compliance with retention periods under commercial and tax law.
(4) The transfer point for the APPLICATION and APPLICATION DATA is the router output of the provider’s data center.
(5) The prerequisite for using the APPLICATION is a current version of a common browser. The provider is not responsible for the quality of the required hardware and software on the part of the customer or for the telecommunication connection between the customer and the provider up to the delivery point.

§ 5 Availability of APPLICATION and access to APPLICATION DATA

(1) The provider owes in his area of responsibility an availability of the APPLICATION and the APPLICATION DATA at the transfer point for use by the customer of 99 % on a quarterly average. The calculation of availability does not include the regular maintenance windows of the APPLICATION, which are between 2:00 and 8:00 CET every Saturday or in exceptional cases are announced by the provider with a lead time of 2 days.
(2) In all other respects, the customer is only entitled to use the APPLICATION within the scope of the technical and operational possibilities of the provider. The provider makes every effort to ensure that his services can be used as uninterruptedly as possible. However, technical malfunctions (such as power supply interruptions, hardware and software errors, technical problems in the data lines) can result in temporary restrictions or interruptions.

§ 6 Nonfulfilment of main performance obligations

If, after the operational provision of the APPLICATION and/or the APPLICATION DATA, the provider fails to meet the agreed obligations in whole or in part, the monthly flat-rate usage fee shall be reduced proportionately for the time during which the APPLICATION and/or the APPLICATION DATA were not available to the customer to the agreed extent or the storage space was not available to the agreed extent.

§ 7 Other services of the provider

(1) The provider provides the customer within the APPLICATION a FAQ written in English for the APPLICATION. The provider will update the FAQ continuously.
(2) Further services of the provider can be agreed in text form at any time, in particular advisory services concerning the APPLICATION or the business activity of the customer. Such further services shall be provided against reimbursement of the proven costs at the generally applicable prices of the provider at the time of the order.

§ 8 Rights of Use and Use of the APPLICATION

(1) The customer receives simple (not sublicensable and not transferable) rights of use in the APPLICATION limited to the term of the contract in accordance with the following regulations.
A physical transfer of the APPLICATION to the customer does not take place. The customer may only use the APPLICATION for his own business activities.
This may include - as far as available as functionality in the APPLICATION - that the customer acquires and manages accesses for his employees or business partners and/or the customer pays the remuneration for accesses registered by employees or business partners.
The customer is not entitled to any rights not expressly granted to the customer above. In particular, the customer is not entitled to use the APPLICATION beyond the agreed use or to have it used by third parties or to make the APPLICATION accessible to third parties. In particular, it is not permitted to reproduce, sell or transfer the APPLICATION for a limited period, in particular not to rent or lend it.
(2) The customer is prohibited from any activities on or in connection with the portal that violate applicable law, infringe the rights of third parties or violate the principles of the protection of minors as well as any activities that are likely to impair the smooth operation of the portal, in particular to overload the systems of the service provider.
Should the customer become aware of any illegal, abusive, non-contractual or otherwise unauthorized use of the portal, he or she will contact the provider. The provider will then examine the process and, if necessary, take appropriate steps.
In case of suspicion of illegal or criminal acts, the provider is entitled and if necessary also obliged to check the activities of the customer and, if necessary, take appropriate legal action.
(3) If the customer violates the above regulations for reasons for which he is responsible, the provider can block the customer’s access to the APPLICATION or the APPLICATION DATA or delete the affected APPLICATION DATA if the violation can be remedied by this. If the customer continues or repeats the regulations despite a warning from the provider and if he is responsible for this, the provider can terminate the contract without notice.
(4) For each case in which the customer culpably enables the use of the APPLICATION by third parties, the customer has to pay an immediately due contractual penalty in the amount of the fee for the use of the APPLICATION. The right to claim damages remains reserved; in this case the contractual penalty shall be offset against the claim for damages.

§ 9 Remuneration and expiration date

(1) The remuneration for the services to be provided by the granting of use with regard to the APPLICATION and the provision of storage space and the expiration date of the remuneration shall depend on the respective contractual agreements.
(2) The provider is entitled to increase the remuneration for the first time after expiry of one year after the start of the contract with a written announcement of one month to the beginning of the following month, provided and insofar as his costs incurred for the proper execution of the contract have increased. The customer has the right to terminate the contractual relationship in writing within a period of one month after receipt of the announcement. The provider will point out this right of termination to the customer together with every announcement.
(3) Other services shall be provided by the provider on a time & material basis at the general list prices of the provider applicable at the time of the order.
(4) Remuneration is owed plus VAT at the statutory rate applicable in each case.

§ 10 Data security and data protection

(1) The contracting parties shall observe the respectively applicable data protection regulations, in particular those valid in Germany.
(2) If the customer collects, processes or uses personal data, he is responsible for ensuring that he is entitled to do so in accordance with the applicable, in particular data protection regulations and indemnifies the provider against third-party claims in the event of a violation.
(3) The contracting parties shall conclude the data processing agreement attached to this contract. In the event of contradictions between this contract and the agreement on data processing, the latter shall take precedence.

§ 11 Liability and limits of liability

(1) The provider is liable for all damages caused by him as well as his legal representatives or vicarious agents in cases of intent or gross negligence without limitation.
(2) In case of slight negligence, the provider is liable without limitation in case of injury to life, body or health.
(3) In all other respects, the provider is only liable if he has violated an essential contractual obligation. Material contractual obligations are such obligations which are of particular importance for the achievement of the contractual objective, as well as all those obligations which, in the event of a culpable breach, may endanger the achievement of the contractual purpose. In these cases the liability is limited to the compensation of the foreseeable, typically occurring damage. The no-fault liability of the provider for damages (§ 536a of the German Civil Code/BGB) for defects existing at the conclusion of the contract is excluded; paragraphs 3 and 4 remain unaffected.
(4) The liability according to the Product Liability Act remains unaffected.

§ 12 Term, Cancellation

(1) The contract term agreed in each case shall apply.
If the contracting parties agree on a contractual term of one month, the contract shall be extended by a further month in each case, unless one party terminates the contract subject to a period of notice of one month before expiry of the respective contractual term.
If the contracting parties agree on a contractual term of one or two years, the contract shall be extended by a further year in each case, unless one party terminates the contract with one month’s notice before expiry of the respective contractual term.
(2) The right to extraordinary cancellation remains unaffected. If the contractual partner entitled to cancel has knowledge of the circumstances justifying the extraordinary cancellation for more than two months, he can no longer base the cancellation on these circumstances.
(3) The provider may cancel the contract without notice if the customer is in arrears with payment of the prices or a not inconsiderable part of the prices for two consecutive months or in a period which extends over more than two months with payment of the remuneration in the amount of an amount which reaches the remuneration for two months.
(4) Cancellation can be made in text form (in particular by e-mail).

§ 13 Concluding clauses

(1) The contractual relationship shall be governed by German substantive law to the exclusion of the UN Sales Convention.
(2) Any invalidity of individual provisions of this contract shall not affect the validity of the remaining content of the contract.
(3) Exclusive place of jurisdiction is, unless a standard requires a different place of jurisdiction, the registered office of the provider.

Data Processing Addendum

(1) Scope of Application

In the course of rendering services as per the Main Agreement, the Processor processes personal data which has been provided by the Controller in order to render the services and with regard to which the Controller acts as controller in terms of data protection law (“Controller Data”). This Addendum specifies the data protection obligations and rights of the parties in connection with the processing of Controller Data to render the services under the Main Agreement.

(2) Scope of the commissioning/Right of the Controller to issue instructions

(2.1) The Processor shall process the Controller Data exclusively on behalf of and in accordance with the instructions of the Controller, unless the Processor is legally required to do so. In the latter case, the Processor shall inform the Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
(2.2) The processing of Controller Data by the Processor comprises exclusively the type, scope and purpose determined in the Main Agreement; the processing relates exclusively to the types of personal data and categories of data subjects identified therein.
(2.3) The duration of processing corresponds to the duration of the Main Agreement.
(2.4) The Controller reserves the right to issue instructions about the type, extent, purpose and means of the processing of Controller Data.

(3) Personnel requirements

(3.1) The Processor shall obligate all personnel engaged in the processing of Controller Data to confidentiality with regard to processing of Controller Data.
(3.2) The Processor shall ensure that natural persons acting under his authority who have access to Controller Data shall process such data only on his instructions; unless they are obliged to process the data in accordance with the law of the Union or the Member States.

(4) Security of processing

(4.1) The Processor shall take all appropriate technical and organizational measures, taking into account the state of the art, the implementation costs and the nature, the scope, circumstances and purposes of the processing of Controller Data, as well as the different likelihood and severity of the risk to the rights and freedoms of the data subject, in order to ensure a level of protection appropriate to the risk of Controller Data.
(4.2) The Processor shall have the right to modify technical and organizational measures during the term of the agreement, as long as they continue to comply with the statutory requirements.

(5) Engagement of further processors

(5.1) The Controller hereby authorizes the Processor to engage further processors in a general manner. The further processors currently engaged by the Processor are:

(5.2) The Processor shall inform the Controller of any intended changes concerning the addition or replacement of further processors. The Processor shall notify the Controller of any intended changes in relation to the consultation or replacement of further processors. In individual cases, the Controller has the right to object to the engagement of a potential further processor. An objection may only be raised by the Controller for important reasons which have to be proven to the Processor. Insofar as the Controller does not object within 28 days after receipt of the notification, his right to object to the corresponding engagement lapses. If the Controller objects, the Processor is entitled to terminate the Main Agreement and this agreement with a notice period of 3 months.
(5.3) The Processor shall contractually impose the same data protection obligations on each further processor as set out in this Annex with respect to the Processor.
(5.4) The Processor shall prior to each engagement and regularly throughout the engagement monitor that appropriate technical and organizational measures have been taken by the further processors and that the measures are carried out in such a way that the processing of Controller Data is carried out in accordance with this Addendum.

(6) Data subjects’ rights

(6.1) The Processor shall to a reasonable extent support the Controller with technical and organisational measures in fulfilling his obligation to respond to requests for exercising data subjects’ rights.
(6.2) The Processor shall in particular:

(7) Other support obligations of the Processor

(7.1) The Processor shall notify the Controller immediately after becoming aware of any breach of Controller Data, in particular any incidents that lead to the destruction, loss, alteration or unauthorized disclosure of or access to Controller Data. If possible, the notification shall contain a description of:

(7.2) In the event that the Controller is obligated to inform the supervisory authorities and/or data subjects in accordance with Art. 33, 34 of GDPR, the Processor shall, at the request of the Controller, assist the Controller to comply with these obligations.
(7.3) The Processor shall to a reasonable extent assist the Controller with data protection impact assessments to be carried out by him and, if necessary, subsequent consultations with the supervisory authority pursuant to Art. 35, 36 GDPR.

(8) Deletion and return of Controller Data

Upon the instruction of the Controller, the Processor shall, upon termination of the Main Agreement, either completely and irrevocably delete or return back to the Controller all Controller Data, unless the Processor is obligated by law to further store Controller Data.

(9) Evidence and audits

(9.1) The Processor shall provide the Controller, at the latter’s request, with all information required and available to the Processor to prove compliance with his obligations under this agreement.
(9.2) The Controller shall be entitled to audit the Processor with regard to compliance with the provisions of this agreement, in particular the implementation of the technical and organizational measures; including inspections.
(9.3) At the discretion of the Processor, proof of compliance with the obligations under this agreement may be provided, instead of an inspection, by submitting an appropriate, current opinion or report from an independent authority (e.g. auditor, audit department, data protection officer, IT security department, data protection auditors or quality auditors) or a suitable certification by IT security or data protection audit - e.g. according to BSI-Grundschutz - (“audit report”), if the audit report makes it possible for the Controller in an appropriate manner to convince himself of compliance with the contractual obligations.