GENERAL TERMS AND CONDITIONS
1. GENERAL INFORMATION
1.1 Echte Liebe – Agentur für digitale Kommunikation – GmbH (hereinafter referred to as: Echte Liebe) is an agency for programmatic marketing. Echte Liebe supports customers with a targeted delivery of advertisements as part of digital marketing. Mainly data-driven technologies are used, enabling an audience-specific placement of online advertisements.
1.2 The following General Terms and Conditions (“T&Cs”) apply to all orders between the customer and Echte Liebe. The agreement is concluded when the order signed by the customer is returned.
1.3 The client’s General Terms and Conditions do not become part of the agreement.
2. GENERAL SERVICES
2.1 In the event that service provision is commissioned, Echte Liebe uses the budget specified by the customer to achieve the goals defined with the customer. Echte Liebe is free to choose the activities for attaining the goals, unless otherwise specified in the order.
2.2 The customer has been informed about the fact that the activities performed by Echte Liebe as part of the campaign are made based on automated decisions. In this context, no guarantees are made for achieving the advertising goals, using the marketing materials at a certain frequency, or using them on a certain website.
2.3 Insofar as agreed as part of the order, Echte Liebe uses part of the budget provided by the customer to source targeting data enabling a more efficient execution of necessary activities. The costs incurred in this respect are not disclosed to the customer unless otherwise specified in the order.
2.4 Unless otherwise specified in the order, Echte Liebe decides at its own discretion what portion of the marketing budget is used to source targeting data.
2.5 At the customer’s request, Echte Liebe informs them at any time about type and scope of the performed activities. These entail, insofar as the information is available to Echte Liebe, the URLs of the reserved environments, the number of ad impressions and the clicks on the served advertisements.
3. MARKETING MATERIALS
3.1 Echte Liebe informs the customer about the necessary marketing materials to be delivered by the customer (photos, videos, logos, etc.). The customer creates the marketing materials according to the technical specifications stipulated by Echte Liebe and transmits the marketing materials to Echte Liebe. Insofar as Echte Liebe itself develops the marketing materials, the above does not apply.
3.2 In the event that the marketing materials fail to comply with specifications stipulated by Echte Liebe, Echte Liebe is entitled to refuse it. This also applies if Echte Liebe believes the use of the marketing materials may be unlawful.
3.3 If the delivery of marketing materials not complying with the technical specifications stipulated by Echte Liebe incurs costs or delays the order realization, the customer bears responsibility for it. The customer is to bear the costs.
3.4 The customer bears sole responsibility for the lawfulness of the transmitted marketing materials and their use as part of global online advertisements. This also includes the responsibility that the marketing materials are free of third-party rights.
4. CUSTOMER’S DUTY TO COOPERATE
4.1 The customer bears responsibility for making the websites that the marketing materials link to available for the entire duration of the contractually agreed campaign. Any downtimes are promptly communicated to Echte Liebe in writing. In the event that, failing a prior announcement, a website is not available, he customer is unable to claim that the media targets were not attained. The customer bears in full the costs incurred to Echte Liebe due to this shortfall.
4.2 The customer is obligated to implement the software code (“tracking pixel”) provided by Echte Liebe into their own Internet presence at the agreed places and to leave it there for the entire duration of the contractually agreed campaign term. This tracking pixel delivers anonymous information to Echte Liebe in the form of data used by Echte Liebe during the campaign for optimizing the campaign.
4.3 The customer is to refrain from finding out the information transmitted through the tracking pixel. The customer is prohibited from modifying the tracking pixel. The customer bears sole responsibility for any disadvantages in terms of campaign optimization and goal attainment caused by removing the tracking pixel.
4.4 The customer operates their Internet presence in accordance with all laws applicable in that respect. Insofar as embedding a tracking pixel has been agreed with the customer, the customer must also fulfill their duty, that exists in that respect, to users to communicate information on their website.
4.5 The customer indemnifies Echte Liebe from any third-party claims asserted against Echte Liebe due to breaches of provisions in Clause 4 of these T&Cs.
5. USAGE RIGHTS
5.1 Both parties remain the owners of the usage rights they are entitled to. Echte Liebe is granted usage rights to the marketing materials provided by the customer only insofar as they are required for fulfilling the placed order. The customer acquires no usage rights to the technologies used by Echte Liebe.
5.2 Once the order is placed, Echte Liebe assumes ownership of all the data obtained as part of campaigns. This includes, in particular, data acquired as described in Clause 4.2. Provision of such data to the customer is at Echte Liebe’s discretion.
6. FINAL APPROVAL BEFORE USING MARKETING ACTIVITIES
Before using the marketing activities, the customer is obligated to check their legal admissibility in terms of German Unfair Competition Act (UWG), German Copyright Act (UrhG), German Trade Mark Act (MarkenG), Regulation on the European Union trade mark, etc. Echte Liebe will only use the marketing activities after final approval by the customer. The customer bears sole responsibility in the event that non-compliance with these legal requirements causes damage. Echte Liebe is to be indemnified from third-party claims. In the event that the marketing activities are unlawful, Echte Liebe has the right to immediate termination. Echte Liebe can invoice the costs incurred and services rendered until the discontinuation of the marketing activities.
7.1. Echte Liebe treats any information confidentially that it receives from the customer before or during the order. Echte Liebe makes them internally accessible only to those employees who need it to fulfil their obligations.
7.2 The obligation to confidentiality does not include the information (i) assigned to the receiving party according to the provisions of these T&Cs for use for its own purposes; and (ii) already known or becoming known to the receiving party without this being based on a third-party breach of a confidentiality obligation.
7.3 Both parties are entitled to disclose confidential information insofar as it is required to comply with legal duties.
7.4 After completing an order, the obligation to confidentiality continues to be in force for an unlimited duration.
7.5 Echte Liebe is entitled to list customer and advertiser as reference customers by mentioning their names and depicting their logos.
8. REMUNERATION AND PAYMENT TERMS
8.1 In the event that an advance payment was agreed, Echte Liebe is not obligated to fulfil the order until full payment has been received.
8.2 After fulfilling an order, Echte Liebe issues an invoice to the customer using the invoice address specified in the order. The survey procedures and reporting used by Echte Liebe is authoritative for invoicing.
9. DATA PROTECTION AND DATA SECURITY
Both parties bear sole responsibility for complying with relevant applicable data protection regulations. Insofar as Echte Liebe also works as a contractor of order processing in terms of Art. 28 GDPR on behalf of the customer, both parties conclude, on conclusion of these T&Cs, the order processing agreement enclosed as Annex 1.
Echte Liebe is fully liable in the event of intent, gross negligence, or bodily harm. In the event of a slightly negligent breach of an essential contractual duty, liability is limited to typically foreseeable damage. With the exception of Sentence 1, liability is also limited to a maximum of twice the amount of the remuneration for that order. Liability for any data loss suffered by the customer is excluded insofar as this data loss could have been prevented by appropriate data backups by the customer.
11. FINAL PROVISIONS
11.1 All changes and amendments to these T&Cs or an order must be made in writing. This also applies to changes to this written form clause.
11.2 The right of the Federal Republic of Germany applies. The UN law on the sale of goods (CISG) and the regulations of international private law are excluded.
11.3 Exclusive place of jurisdiction is Cologne, Germany, insofar as there is no other individual agreement. This applies to all disputes from or in connection with an order.
With the agreement on including the T&Cs of Echte Liebe – Agentur für digitale Kommunikation – GmbH, this order processing agreement in terms of Art. 28 GDPR is concluded at the same time, provided that Echte Liebe acts as an external processor:
ORDER PROCESSING AGREEMENT
contractual partner of Echte Liebe – Agentur für digitale Kommunikation – GmbH
– Data Controller – hereinafter referred to as client –
Echte Liebe – Agentur für digitale Kommunikation – GmbH
– External Processor – hereinafter referred to as contractor
1. OBJECT AND DURATION OF THE ORDER
This agreement applies to all the services rendered by the contractor to the client. These regulations apply in particular to all online and mobile marketing activities rendered by the contractor to the client.
Further details result from the individual order concluded with the contractor (in the following referred to as “performance agreement”).
The term of this agreement corresponds to the term of the performance agreement.
2. SUBSTANTIATION OF THE ORDER CONTENTS
(1) Type and purpose of the intended processing of data:
Client data are collected, processed and used during contract data processing according to type, scope, and purpose of that data processing:
Purpose of data processing:Serving marketing materials in mobile apps for interest-based advertisements and modelling, visualization, analyses, and reporting, retargeting, geolocation
Type and scope of data collection, data processing, and data usage: when serving marketing materials, IP addresses, cookie IDs, IDFAs, Google Advertiser ID, order IDs (and other identifiers) may be transmitted, if applicable
Types of data: pseudonymized data (eg, IP addresses, cookie IDs, IDFAs, Google Advertiser ID, ad Ids, order IDs (and other identifiers) may be transmitted
Data subjects: customers, interested parties, website visitors, users of mobile apps
The data are exclusively processed in the territory of the Federal Republic of Germany, in a Member State of the European Union or in another contracting state of the Agreement on the European Economic Area, using the systems and service providers specified above. Insofar as systems are used that store and process the tracked data also outside of the European Union, these systems meet the requirements of the EU-US Privacy Shield agreement or have concluded agreements with the contractor (eg, EU standard contractual clauses), ensuring a data protection level according to GDPR stipulations. Any outsourcing into a third country requires the client’s prior consent and may only take place if the special requirements of Art. 44 con seq. GDPR are met.
3. TECHNICAL ORGANIZATIONAL MEASURE
(1) Before processing begins, the contractor is to document the implementation of the required technical and organizational measures set forth prior to order placement, in particular in terms of the specific order execution, and to hand it over for inspection at the contractor’s request. If accepted by the client, the documented measures become fundamentals of the order. Insofar as the client’s inspection / audit finds a need for adjustments, these are to be consensually implemented.
(2) The contractor is to create the security according to Art. 28 Para. 3 lit. c, 32 GDPR, in particular in connection with Art. 5 Para. 1, Para. 2 GDPR. On the whole, the measures to be taken are ones of data security and to guarantee a protection level that is adequate to the risk in terms of confidentiality, integrity, availability, and system resilience. Here, state of the art, implementation costs, and type, scope, and purposes of processing as well as the different probabilities of occurrence and severity of the risk to the rights and freedoms of natural persons in terms of Art. 32 Para. 1 GDPR are to be considered. The contractor’s specific measures are to be queried from the contractor.
(3) The technical and organizational measures are subject to technical progress and further development. Insofar, the contractor is permitted to implement alternative adequate measures. Here, the security level of the defined measures must not be undercut. Essential changes are to be documented.
4. CORRECTION, LIMITATION, AND DELETION OF DATA
(1) The contractor is not permitted to arbitrarily correct, delete, or limit the processing of the data to be processed as part of the order, but only upon the client’s documented instruction. Insofar as a data subject directly contacts the contractor on the issue, the contractor promptly forwards this request to the client.
(2) Insofar as it is included in the performance scope, deletion concept, right to be forgotten, correction, data portability, and information are to be directly ensured according to the client’s documented instruction.
5. QUALITY ASSURANCE AND OTHER DUTIES OF THE CONTRACTOR
In addition to complying with the provisions of this order, the contractor assumes legal duties according to Art. 28 to 33 GDPR; insofar, they ensure compliance with the following stipulations:
a. Written order from a data protection officer who performs their duties according to Art. 38 and 39 GDPR. At the client’s request, the data protection officer’s contact data are to be shared. The client is to be promptly informed about a change of data protection officers.
b. Maintaining confidentiality according to Art. 28 Para. 3 Sent. 2 lit. b, 29, 32 Para. 4 GDPR. To perform the work, the contractor only uses personnel who have been bound to confidentiality and familiarized themselves with the relevant data protection provisions beforehand. The contractor and any of their subordinates with access to personal data may exclusively process these data according to the client’s instruction, including the authorizations granted in this agreement, unless they are legally obligated to process the data.
c. On request, client and contractor collaborate with the supervisory authority in fulfilling their tasks.
d. Promptly informing the client about the supervisory authority’s monitoring measures and activities, insofar as they relate to this order. This also applies insofar as a competent government authority performs an investigation at the contractor’s as part of proceedings for a regulatory or criminal offence.
e. Insofar as the client themselves is subject to monitoring by the supervisory authority, a proceeding for a regulatory or criminal offence, a liability claim from a data subject or a third party, or another claim arising from the contractor’s order processing, the contractor is to support them to the best of their ability.
f. The contractor periodically monitors the internal processes as well as the technical and organizational measures to ensure that the processing in their sphere of responsibility complies with the requirements of the applicable data protection law and that the protection of the rights of the data subject are ensured.
g. Verifiability against the client of the technical and organizational measures taken, as part of their monitoring authorizations according to Clause 7 of this agreement.
(1) Sub-contractual relationships in terms of this regulation are services directly relating to rendering the main service. This does not include incidental services used by the contractor, such as telecommunication services; mail and transport services; maintenance and user service; or the disposal of data carriers; as well as other activities to ensure the confidentiality, availability, integrity, and resilience of the hardware and software of data processing systems. The contractor is, however, obligated to take appropriate and lawful contractual agreements and monitoring measures to guarantee that the client’s data are protected and safe even in outsourced incidental services.
(2) The contractor may commission subcontractors (other external processors) only after the client’s prior express written and/or otherwise documented consent. They already agree, however, to the subcontractors visible via this link.
Changing the existing subcontractor is allowed, insofar as:
- the contractor informs the client within an appropriate advance notice in writing or in text form about such outsourcing to subcontractors;
- the client has not objected to the contractor in writing or text form against the planned outsourcing until the time when the data are handed over; and
- a contractual agreement in accordance with Art. 28 Para. 2-4 GDPR is in place provided that order processing is performed.
(3) Sharing the client’s personal data with the subcontractor and their first commencing their activities are not allowed until all the requirements for subcontracting are fulfilled.
(4) In the event that the subcontractor renders the agreed service outside of the EU/EEA, the contractor ensures admissibility in terms of data protection legislation through corresponding measures. The same applies if service providers in terms of Para. 1 Sentence 2 are to be used.
7. CLIENT’S MONITORING RIGHTS
(1) In consultation with the contractor, the client has the right to perform audits or to have audits performed by auditors who are to be named on a case-by-case basis. They have the right to perform spot checks, which typically are to be announced in due time, to make sure that the contractor complies with this agreement in their business operations.
(2) The contractor ensures that the client can make sure that the contractor’s duties according to Art. 28 GDPR are complied with. The contractor undertakes to provide the client at their request with the required information and, in particular, to evidence the implementation of the technical and organizational measures.
(3) The contractor may claim remuneration for enabling the client’s monitoring activities.
8. NOTIFICATION OF THE CONTRACTOR’S BREACHES
(1) The contractor supports the client in complying with the duties specified in Articles 32 to 36 GDPR to secure personal data, notification duties in case of data breaches, data protection impact assessments, and prior consultations. This includes, among others:
a. ensuring an appropriate protection level through technical and organizational measures considering the circumstances and purposes of processing as well as the predicted probability and severity of a potential legal breach from security vulnerabilities, and an immediate identification of relevant infringement events;
b. the obligation to promptly notify the client of any breaches of personal data;
c. the obligation to support the client as part of their duty of information to the data subject and, in that context, to promptly make all the relevant information available to them;
d. supporting the client with their data protection impact assessments; and
e. supporting the client as part of prior consultations with the supervisory authority.
(2) The contractor can claim remuneration for support services that are not contained in the functional tender or cannot be attributed to any wrongdoing by the contractor.
9. CLIENT’S AUTHORITY TO ISSUE INSTRUCTIONS
((1) The data are managed exclusively as part of the agreements concluded and according to the client’s instruction. As part of the order description concluded in this agreement, the client reserves a comprehensive authority to give directives, which they may substantiate by individual instructions, about type, scope, and procedure for data processing. Changes to the processing object and procedural changes are to be coordinated together and documented. The contractor may provide information to third parties or the data subject only after the client’s prior consent in writing.
The client promptly confirms oral instructions in writing or by e-mail (in text form). The contractor uses the data for no other purposes and is, in particular, not entitled to share them with third parties. Copies and duplicates are not created without the client’s knowledge. Excluded from this are backup copies insofar as they are required to guarantee proper data processing, and data required with regard to complying with legal retention duties.
(2) The contractor is to promptly inform the client if they are of the opinion that an instruction breaches data protection regulations. The contractor is entitled to suspend the execution of the respective instruction until the client has confirmed or amended it.
10. DELETION AND RETURN OF PERSONAL DATA
(1) Copies or duplicates of the data are not created without the client’s knowledge. Excluded from this are backup copies insofar as they are required to guarantee proper data processing, and data required with regard to complying with legal retention duties.
(2) Upon conclusion of the contractually agreed works or earlier, at the client’s request—no later than upon termination of the performance agreement—the contractor is to hand over to the client all the documents that have come into their possession, any created processing and usage results, and any data assets in context with the order relationship, or to destroy them upon prior consent in a data protection-compliant manner. The same applies to testing and scrap materials. The deletion log is to be presented on request.
(3) Documentation that serves as proof of proper data processing as ordered is to be retained by the contractor for the relevant retention period after termination of the agreement. The contractor may hand them over to the client upon termination of the agreement.
Liability depends on the statutory provisions, in particular those of the GDPR.