ABOUT THIS TRANSLATION
Disclaimer: The German version of this legal document shall be the legally binding version. While every effort has been made to provide an accurate English translation, in the event of any discrepancies or conflicts between the German and English versions, the German version shall prevail.
GENERAL TERMS AND CONDITIONS
Date: March 2023
PREAMBLE
FORMATION GmbH, Urbanstraße 71, 10967 Berlin (hereinafter: “Provider”) offers customers an innovative workforce-worksite management platform, accessible via both a web application and an app (hereinafter collectively: “Platform”). The core of the services is to create interactive maps within the platform’s functionalities, individualize them with information relevant to the respective users (hereinafter: “Users”), and make them usable.
The following General Terms and Conditions (hereinafter “GTC”) apply to all services to be provided by the Provider for Users:
1. CONTRACTUAL BASIS
1.1.
The Provider will provide the respective Services agreed under these GTC for the Users during the term of the contract. Unless otherwise agreed, these are free of charge for the User.
1.2.
The specific services to be provided by the Provider shall be determined by the applicable service description and these GTC.
2. SERVICES OF THE PROVIDER
2.1.
Unless otherwise agreed, the Provider shall make the Platform available as it was available at the time of contract conclusion (“as is”).
2.2.
The Provider is responsible for the functioning and provision of the Platform. The Platform shall be provided through an online access (SaaS solution) or an app. Any further provision or release of the Platform or its underlying source code is not owed.
2.3.
The handover point for the tool and the data points and datasets is the router output of the server used by the Provider.
3. RIGHTS AND OBLIGATIONS OF USERS
3.1.
The User acknowledges that the Provider, as a technical service provider, only stores the information generated during the execution of the Services for the respective contractual partner.
3.2.
The User is obligated to keep their password confidential and protect it against unauthorized use by third parties. If the User becomes aware of misuse of their access data or if such misuse is imminent, the User shall inform the Provider immediately. The User is liable for any misuse of their profile; this does not apply if the User is not responsible for the misuse.
3.3.
The content stored by the User on the Platform may be protected by copyright and data protection regulations. The User hereby grants the Provider the right to reproduce and transmit the content stored on the respective server for the purpose of fulfilling the contract, to analyze it for the improvement of the services, and to reproduce it for the purpose of data backup.
3.4.
The User supports the Provider in fulfilling its contractual obligations and provides all cooperation necessary for the execution of the contract completely, without request, timely, and at their own expense.
3.5.
The User is responsible for ensuring compliance with legal provisions regarding content they upload. The User will observe applicable law and respect the rights of third parties. In particular, the User is prohibited from:
- Violating third-party protective rights such as trademarks, copyrights, naming rights, personal rights, or data protection rights, as well as
- Using mechanisms, software, and/or scripts that extend beyond the functionalities and interfaces provided by the Provider on the Platform, especially if the Platform or Provider’s systems are blocked, modified, copied, and/or overwritten.
3.6.
The provider may, at its reasonable discretion (§ 315 BGB), taking into account the interests of the user, impose one or more sanctions if the content posted by the user violates these terms and conditions or if there is an important reason. This is particularly the case if the user culpably violates the provisions of section 4.5. The severity of the sanctions depends on the severity of the respective infringement. The sanction remains in force until the sanctioned action is stopped by the respective user and any risk of repetition is eliminated.
3.7.
Possible sanctions include: (i) deactivation or blocking of individual services or content for the user; (ii) deletion of the content posted by the user; (iii) complete blocking of access to the platform, including the profile; and (iv) complete deletion of an account. The provider’s right to terminate the contract without notice for an important reason remains unaffected, as does the assertion of further claims.
3.8.
If it becomes apparent to the user that, within the scope of the entire contractual relationship between the parties, assumptions, specifications, and statements are incorrect, incomplete, or ambiguous, or if their execution is or becomes impossible, the user will promptly notify the provider of this circumstance.
4. USAGE RIGHTS
4.1.
The provider grants the user the worldwide, non-exclusive and unlimited content rights, limited in time to the respective contractual relationship with the provider, to use the platform and – if applicable – the individually created map within the scope of the available functionalities. Sub-licensing for profit or any other transfer or provision to third parties is not permitted.
4.2.
Users are not authorized to modify the platform, in particular to change, translate, develop back and forth, decompile or disassemble and re-adapt, unless allowed in this Section 4 or a statutory exemption exists.
4.3.
A revision is permissible if it is necessary for the correction of a defect and the provider is in default with the correction of the defect, the provider unjustly refuses to rectify the defect or is unable to rectify the defect immediately for other reasons within his area of responsibility.
4.4.
Decompiling the platform is only allowed if the conditions and requirements specified in § 69 e (1) UrhG are met. The information obtained in this way may not be used or disclosed contrary to the provisions of § 69 e (2) UrhG.
4.5.
The granting of usage rights, which are wholly or partially owned by third parties, is not owed by the provider unless expressly agreed otherwise.
5. TERM AND TERMINATION
5.1.
The contractual relationship begins at the time the contract is concluded and runs for an indefinite period.
5.2.
The contractual relationship can be terminated by the contracting parties at any time without notice and without stating reasons.
6. LIABILITY AND WARRANTY
6.1.
The parties shall be liable to each other for direct and indirect material and financial damages caused by them, their legal representatives or vicarious agents or third parties involved by them, in particular subcontractors, in accordance with the following provisions.
6.2.
The provider shall be liable – except in case of breach of essential contractual obligations, injury to life, body or health, or claims under the Product Liability Act – only for intent and gross negligence. Essential contractual obligations are those the fulfillment of which is necessary to achieve the purpose of the contract. In other respects, the liability standards of §§ 521ff. BGB apply.
6.3.
The provider shall not be liable for damages resulting from technical malfunctions or performance disruptions of the user or other third parties. The provider shall also not be liable for damages that the user could have prevented by taking reasonable measures, in particular regular program and data backup in accordance with section 3.5. Liability for damages caused by system failures, hacker attacks or other external attacks is excluded. The liability for damages independent of fault for defects, in particular pursuant to § 536a BGB, which already existed at the time the contract was concluded, is excluded.
6.4.
These claims shall otherwise be governed by the statutory provisions.
7. DATA PROTECTION AND COMPLIANCE
7.1.
The user is responsible for ensuring that all compliance requirements are met within the scope of the contractual relationship and that – if personal data is processed – the provisions of data protection (GDPR, BDSG, TTDSG, etc.) are implemented and continuously observed in compliance with the law. To ensure the security and confidentiality of data subject to data protection, the user shall in particular take and maintain the necessary technical and organizational measures.
7.2.
In the event that the provider acts as a processor within the scope of the contractual relationship in accordance with Art. 28 GDPR, the additional agreement on order data processing shall apply. In case of contradictions between this contract and the agreement on order data processing, the latter takes precedence over the former.
8. FINAL PROVISIONS
8.1.
The entire contractual relationship between the parties and the services provided by the parties hereunder shall be governed exclusively by the laws of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods and the conflict of laws rules; Art. 3 EGBGB remains unaffected.
8.2.
In relation to entrepreneurs within the meaning of § 14 BGB, the registered office of the provider shall be deemed the place of performance and jurisdiction for mutual claims arising from the contractual relationship, unless otherwise specified. In relation to entrepreneurs, the provider is entitled to sue them at their general place of jurisdiction.
8.3.
Should individual provisions of these license terms be or become invalid or lose their validity due to a later occurring circumstance, the validity of the respective contract shall remain unaffected. The same applies to gaps in these terms and conditions.
PRIVACY POLICY
Last updated: March 2023
1. NAME AND ADDRESS OF THE RESPONSIBLE PARTY
The responsible party within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
FORMATION GmbH
Urbanstraße 71
10967 Berlin
Germany
mail: info@tryformation.com
2. ACCESS DATA AND SERVER LOG FILES
When you visit our platform, access data is automatically saved in server log files. This includes the date and time of retrieval and possibly the entered search term.
Temporary storage of the IP address by the system is necessary to deliver the platform and its contents to your device. For this, your IP address must be stored for the duration of the session.
The legal basis for the temporary storage of your data and the log files is Art. 6 Para. 1 lit. b GDPR. This data is evaluated exclusively to ensure the continuous and trouble-free operation of the platform, improve the content of our platform, and ensure the security of our information technology systems. Your personal data will not be analyzed for marketing purposes in this context.
The collection of data for the provision of the platform and the storage of data in log files is necessary for the operation of our platform. As a result, there is no possibility of objection.
3. USE OF COOKIES
To make the use of our platform attractive and to enable certain functions, we use so-called “Cookies”. These are small text files that are stored on your device via a browser. Cookies may contain a so-called Cookie ID. It consists of a sequence of characters by which this Cookie ID can be assigned to a specific browser where the respective Cookie was stored.
The following data is stored and transmitted in cookies: language settings, entered search terms, frequency of page views, use of platform functions, origin of the user, operating system used, device used, browser used, device resolution.
Your data collected on our platform is anonymized by technical precautions. Therefore, the data cannot be assigned to you anymore. The data is not stored together with any of your other personal data.
The legal basis for the processing of personal data using cookies is Article 6 paragraph 1 lit. a GDPR.
The purpose of using technically necessary cookies is to simplify the use of our platform for you (e.g., your settings are saved). The features of our platform cannot be offered without the use of cookies. This is necessary as we need to ensure that you have agreed to our platform’s terms of use. Therefore, it is important that you are recognized as a platform user in anonymized form. If you do not accept or deactivate cookies, the functionality of our platform may be limited.
4. DATA PROCESSING WHEN USING THE APP
When using the app, we process the following information described below based on Article 6 paragraph 1 lit. b) GDPR to enable the convenient use of features. If you want to use the app, we process the following data, which is technically necessary for us to offer you the app’s features and ensure stability and security, in particular: the IP address of the device used, date and time of use, access status/HTTP status code, browser you are using, operating system and its interface, language and version of the browser software, etc.
5. MAPTILER
For the provision of our services and the displayed maps, we use Maptiler, a service of MapTiler AG, Höfnerstrasse 98, Unterägeri, Zug 6314, Switzerland (hereinafter: “Maptiler”), on the basis of Art. 1 lit. b) GDPR.
When you use our maps, the maps and coordinates are processed via Maptiler’s servers. We have concluded a contract with Maptiler for data processing according to Art. 28 GDPR, in which Maptiler commits to process the received data only according to our instructions and to comply with the EU data protection level. You can find additional information about Sendgrid and data protection at Sendgrid in the privacy policy of the provider.
The IP addresses of MapTiler Cloud visitors are stored for a limited time, a maximum of 20 minutes, and then automatically destroyed. The collection and temporary storage are necessary for logging security-relevant activities on the Maptiler infrastructure. How you use the map itself is not recorded by MapTiler.
For more information on data protection by MapTiler, please visit:
www.maptiler.com/privacy-policy/index.html
6. SANDGRID
For the provision of our services and the maps displayed, we use Maptiler, a service provided by MapTiler AG, Höfnerstrasse 98, Unterägeri, Zug 6314, Switzerland (hereinafter: “Maptiler”), based on Art. 1 lit. b) GDPR.
For email communication with customers and prospects, such as registration and appointment confirmations, we use the shipping software Sendgrid, a service of Sendgrid Inc., 1801 California Street, Denver, CO 80202, USA (hereinafter: “Sendgrid”) based on Art. 6 para. 1 lit. b GDPR. In this case, the following data: email address, name, first name, contents of the respective transaction, IP address, etc. are processed via Sendgrid servers in the USA. We have entered into a contract with Sendgrid for data processing according to Art. 28 GDPR, in which Sendgrid commits to process the received data only according to our instructions and to comply with the EU data protection level. You can find additional information about Sendgrid and privacy policy at Sendgrid in the provider’s privacy policy .
7. E-MAIL AND CONTACT FORM
On our website, due to legal requirements, we provide information under “Contact” allowing for quick electronic contact and direct communication with us via email. If you contact us by email, the personal data you provide will be automatically stored.
The legal basis for processing the data transmitted in the course of sending an email is Art. 6 para. 1 lit. b GDPR. We use the personal data you provide solely to process your specific request. The submitted data will always be treated confidentially.
The data will be deleted as soon as they are no longer necessary for the purpose they were collected. For the personal data sent by email, this is the case when the conversation with you has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
When you contact us, you may object to the storage of your personal data at any time. In such a case, the conversation cannot continue.
8. GOOGLE FIREBASE
For the purpose of demand-oriented design and continuous user-specific optimization of our app, we use Firebase, a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Firebase”), to manage push notifications. By allowing the app to send you push messages, you agree that an anonymized device ID (push notification token) and status and technical data will be stored on our servers together with the associated app settings of the respective user and processed via Firebase servers. The legal basis for this is Art. 6 para. 1 lit. a) GDPR.
We have entered into a contract with Firebase for data processing in accordance with EU standard contractual clauses in line with Art. 28 GDPR to ensure the security of this data processing.
You can revoke your consent to this data processing at any time with future effect by disabling push notifications in your device settings, or by simply informing us that you no longer wish to have such processing in the future. For this, please use the contact options provided above. You can find more information on Firebase and Firebase privacy in the provider’s privacy policy under this revoke, by disabling push notifications in your device settings, or by simply informing us that you no longer wish to have such processing in the future. For this, please use the contact options provided above. More information about Firebase and privacy at Firebase can be found in the provider’s privacy policy under this link .
9. HUBSPOT
For managing our customer data and prospects, we use the CRM platform from Hubspot, a service of HubSpot Inc., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland (hereinafter: “Hubspot”). This helps us to record customer data, communicate with the customer, document this contact, and create offers according to their wishes. If you have contacted us, e.g. via the questionnaire, the following data will be processed through Salesforce’s servers: name, email address, offers for the customer, data about interactions with emails, etc. The legal basis for these data processing operations is Art. 6 para. 1 sentence 1 lit. b GDPR. Hubspot uses so-called “cookies”, text files that are stored on your computer and that enable analysis of the use of the website by you. The information generated by the cookie about your use of this website will be processed and stored on a Hubspot server. We have concluded a contract with Hubspot on processing according to Art. 28 GDPR, in which Hubspot commits to process the received data only according to our instructions and to maintain the EU data protection level. You can find more information about data protection at Hubspot in the provider’s data protection provisions by clicking on this link click.
10. DATA SECURITY
We secure our platform and other systems through numerous technical and organizational measures against loss, destruction, access, alteration, or dissemination of your data by unauthorized persons. Despite regular checks, complete protection against all risks is not possible and cannot be guaranteed by us. For this reason, you are free to transmit your personal data to us using other means, such as by telephone or post, at any time.
11. DATA DELETION AND STORAGE DURATION
Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies or you revoke your consent. Storage may also take place if required by European or national legislators in Union regulations, laws, or other provisions to which the controller is subject. If the purpose of storage no longer applies, you revoke your consent or a storage period prescribed by the European Directive and Regulation Giver or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with legal requirements, unless there is a need to continue storing the data for a contract conclusion or contract fulfillment.
12. RIGHT TO INFORMATION
You also have the right to obtain free information about the personal data relating to you that is stored by us and a copy of this information at any time. You also have the right to access the following information:
the purposes of processing,
the categories of personal data being processed,
the recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly recipients in third countries or international organizations,
if possible, the planned duration for which the personal data will be stored, or if this is not possible, the criteria for determining this duration,
the existence of a right to rectify or delete your personal data or to restrict its processing by the controller, or a right to object to such processing,
the existence of a right to lodge a complaint with a supervisory authority,
if the personal data is not collected from the data subject: all available information about the source of the data and,
the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
In addition, you have a right to know whether personal data has been transmitted to a third country or an international organization. If this is the case, you also have the right to obtain information about the appropriate safeguards relating to the transfer.
13. RIGHT TO RECTIFICATION
You have the right to request immediate rectification and/or completion of your inaccurate or incomplete personal data. We shall make the correction without undue delay.
14. RIGHT TO RESTRICTION OF PROCESSING
You have the right to demand from us the restriction of processing if one of the following conditions applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful, the data subject opposes the erasure of the personal data and requests instead the restriction of their use.
- The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
- The data subject has objected to processing pursuant to Article 21(1) GDPR, pending verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted concerning your personal data, such data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
If processing has been restricted under the above conditions, you will be informed by us before the restriction is lifted.
15. RIGHT TO ERASURE
You have the right to request from us the immediate erasure of your personal data, provided that one of the following reasons applies and processing is not necessary:
- The personal data is collected or otherwise processed for purposes for which they are no longer necessary.
- The data subject withdraws the consent on which the processing is based according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
- The personal data has been processed unlawfully.
- The erasure of the personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
If we have made the personal data public and are obliged to delete it as the controller pursuant to Article 17(1) GDPR, we shall take appropriate measures, including technical measures, considering the available technology and the cost of implementation, to inform other data controllers processing the published personal data that the data subject has requested the deletion of all links to this personal data or of copies or replications of this personal data from those other data controllers, insofar as processing is not necessary.
The right to erasure does not exist if processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i), and Article 9(3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes according to Article 89(1) GDPR, in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defense of legal claims.
16. RIGHT TO INFORMATION
If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure of data or restriction of processing, unless this proves impossible or involves disproportionate effort.
You have the right to be informed about these recipients against us.
17. RIGHT TO DATA PORTABILITY
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6 Para. 1 letter a GDPR or Art. 9 Para. 2 letter a GDPR or on a contract pursuant to Art. 6 Para. 1 letter b GDPR and the processing is carried out using automated procedures, provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of public authority vested in us.
You also have the right, when exercising your right to data portability pursuant to Art. 20 Para. 1 GDPR, to obtain that personal data is transferred directly from us to another controller, insofar as this is technically feasible and provided that it does not adversely affect the rights and freedoms of other persons.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
18. RIGHT TO OBJECT
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is carried out pursuant to Art. 6 Para. 1 letters e or f GDPR. This also applies to profiling based on these provisions.
In the event of an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. This also applies to profiling, insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
You also have the right to object, on grounds relating to your particular situation, to the processing of your personal data for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 Para. 1 GDPR, unless such processing is necessary for the performance of a task in the public interest.
In order to exercise the right to object, you may contact us at any time. You are also free, in connection with the use of information society services, regardless of Directive 2002/58/EC, to exercise your right to object through automated procedures that use technical specifications.
19. RIGHT TO WITHDRAW CONSENT FOR DATA PROTECTION
You have the right to withdraw your consent to the processing of personal data at any time. The withdrawal of consent does not affect the legality of the processing carried out based on the consent until the withdrawal.
20. RIGHT TO AUTOMATED DECISIONS IN INDIVIDUAL CASES INCLUDING PROFILING
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, provided that the decision
- is not necessary for the conclusion or fulfillment of a contract between you and us or
- is permissible under European Union or European Member State law to which we are subject and that law contains appropriate measures to safeguard your rights, freedoms, and legitimate interests or
- is made with your explicit consent.
If the decision
- is necessary for the conclusion or fulfillment of a contract between you and us or
- is made with your explicit consent,
we shall implement suitable measures to safeguard your rights, freedoms, and legitimate interests, which includes at least the right to obtain the intervention of a person by us, to express your point of view, and to contest the decision.
21. EXISTENCE OF AUTOMATED DECISION-MAKING
We do not conduct automated decision-making or profiling.
22. RIGHT TO FILE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint was lodged informs the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR. The supervisory authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstraße 219, 10969 Berlin.