Customer Service Agreement
86633 Neuburg a.d. Donau
USt.ID Nr: DE332269527
Responsible for Content §55 Abs. 2 RStV
Erwin Arnold, Schießhausstraße 155, 86633 Neuburg a.d. Donau is responsible for the content on thalox.com.
Please read our Customer Service Agreement carefully.
Our Customer Service Agreement is a contract that governs our customers use of Thalox services. It consists of the following documents:
- Customer Service Agreement: These contain the core legal and commercial terms that apply to your subscription.
- Data Processing Agreement (DPA): This explains how we process your data and includes the EU Standard Contractual Clauses.
- Acceptable Use Policy (AUP): This is the definitive rulebook setting out what you can and can’t do while using our products and services.
These Terms of Service govern your use of the website located at http://thalox.com and any related services provided by Thalox AG.
By accessing thalox.com, you agree to abide by these Terms of Service and to comply with all applicable laws and regulations. If you do not agree with these Terms of Service, you are prohibited from using or accessing this website or using any other services provided by Thalox AG.
We, Thalox AG, reserve the right to review and amend any of these Terms of Service at our sole discretion. Upon doing so, we will update this page. Any changes to these Terms of Service will take effect immediately from the date of publication.
These Terms of Service were last updated on 15 July 2022.
Limitations of Use
By using this website, you warrant on behalf of yourself, your users, and other parties you represent that you will not:
- modify, copy, prepare derivative works of, decompile, or reverse engineer any materials and software contained on this website;
- remove any copyright or other proprietary notations from any materials and software on this website;
- transfer the materials to another person or “mirror” the materials on any other server;
- knowingly or negligently use this website or any of its associated services in a way that abuses or disrupts our networks or any other service Thalox AG provides;
- use this website or its associated services to transmit or publish any harassing, indecent, obscene, fraudulent, or unlawful material;
- use this website or its associated services in violation of any applicable laws or regulations;
- use this website in conjunction with sending unauthorized advertising or spam;
- harvest, collect, or gather user data without the user’s consent; or
- use this website or its associated services in such a way that may infringe the privacy, intellectual property rights, or other rights of third parties.
The intellectual property in the materials contained in this website are owned by or licensed to Thalox AG and are protected by applicable copyright and trademark law. We grant our users permission to download one copy of the materials for personal, non-commercial transitory use.
This constitutes the grant of a license, not a transfer of title. This license shall automatically terminate if you violate any of these restrictions or the Terms of Service, and may be terminated by Thalox AG at any time.
Our website or service and the materials on our website or service are provided on an ‘as is’ basis. To the extent permitted by law, Thalox AG makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties including, without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property, or other violation of rights.
In no event shall Thalox AG or its suppliers be liable for any consequential loss suffered or incurred by you or any third party arising from the use or inability to use this website or the materials on this website, even if Thalox AG or an authorized representative has been notified, orally or in writing, of the possibility of such damage.
In the context of this agreement, “consequential loss” includes any consequential loss, indirect loss, real or anticipated loss of profit, loss of benefit, loss of revenue, loss of business, loss of goodwill, loss of opportunity, loss of savings, loss of reputation, loss of use and/or loss or corruption of data, whether under statute, contract, equity, tort (including negligence), indemnity, or otherwise.
Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.
Accuracy of Materials
The materials appearing on our website or service are not comprehensive and are for general information purposes only. Thalox AG does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on this website, or otherwise relating to such materials or on any resources linked to this website.
Thalox AG has not reviewed all of the sites linked to its website and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement, approval, or control by Thalox AG of the site. Use of any such linked site is at your own risk and we strongly advise you make your own investigations with respect to the suitability of those sites.
A monthly fee agreed in the subscription and based on your chosen plan shall be charged for the SaaS services. The fees incurred shall be invoiced in advance over a period of time.
Terms of payment
Payments are made by direct debit or credit card clearing. If the payment deadline is exceeded, services may be restricted in the event of default.
The customer is not entitled to offset claims against Thalox unless they are legally established claims or claims recognised in writing by Thalox.
Right to Terminate
We may suspend or terminate your right to use our website or service and terminate these Terms of Service immediately upon written notice to you for any breach of these Terms of Service.
Any term of these Terms of Service which is wholly or partially void or unenforceable is severed to the extent that it is void or unenforceable. The validity of the remainder of these Terms of Service is not affected.
These Terms of Service are governed by and construed in accordance with the laws of Germany. You irrevocably submit to the exclusive jurisdiction of the courts in that State or location.
Data Processing Agreement — Your Company
This Data Processing Agreement (“Agreement“) forms part of the Contract for
Services (“Principal Agreement“) between
(the “Company”) and
(the “Data Processor”)
(together as the “Parties”)
- (A) The Company acts as a Data Controller.
- (B) The Company wishes to subcontract certain Services, which imply the processing of personal data, to the Data Processor.
- (C) The Parties seek to implement a data processing agreement that complies with the requirements of the current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- (D) The Parties wish to lay down their rights and obligations.
IT IS AGREED AS FOLLOWS:
1. Definitions and Interpretation
1.1 Unless otherwise defined herein, capitalized terms and expressions used in this Agreement shall have the following meaning:
1.1.1 “Agreement” means this Data Processing Agreement and all Schedules;
1.1.2 “Company Personal Data” means any Personal Data Processed by a Contracted Processor on behalf of Company pursuant to or in connection with the Principal Agreement;
1.1.3 “Contracted Processor” means a Subprocessor;
1.1.4 “Data Protection Laws” means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;
1.1.5 “EEA” means the European Economic Area;
1.1.6 “EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;
1.1.7 “GDPR” means EU General Data Protection Regulation 2016/679;
1.1.8 “Data Transfer” means:
22.214.171.124 a transfer of Company Personal Data from the Company to a Contracted Processor; or
126.96.36.199 an onward transfer of Company Personal Data from a Contracted Processor to a Subcontracted Processor, or between two establishments of a Contracted Processor, in each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws);
1.1.9 This service is based on different AWS (Amazon Web Services) services hosted in Frankfurt – Germany.
1.1.10 “Subprocessor” means any person or service on behalf of Processor to process Personal Data on behalf of the Company in connection with the Agreement.
1.2 The terms, “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
2. Processing of Company Personal Data
2.1 Processor shall:
2.1.1 comply with all applicable Data Protection Laws in the Processing of Company Personal Data; and
2.1.2 not Process Company Personal Data other than on the relevant Company’s documented instructions.
2.2 The Company instructs Processor to process Company Personal Data.
3. Processor Personnel
Processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to the Company Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Company Personal Data, as strictly necessary for the purposes of the Principal Agreement, and to comply with Applicable Laws in the context of that individual’s duties to the Contracted Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
4.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor shall in relation to the Company Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.
4.2 In assessing the appropriate level of security, Processor shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
5.1 Processor shall not appoint (or disclose any Company Personal Data to) any Subprocessor unless required or authorized by the Company.
6. Data Subject Rights
6.1 Taking into account the nature of the Processing, Processor shall assist the Company by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Company obligations, as reasonably understood by Company, to respond to requests to exercise Data Subject rights under the Data Protection Laws.
6.2 Processor shall:
6.2.1 promptly notify Company if it receives a request from a Data Subject under any Data Protection Law in respect of Company Personal Data; and
6.2.2 ensure that it does not respond to that request except on the documented instructions of Company or as required by Applicable Laws to which the Processor is subject, in which case Processor shall to the extent permitted by Applicable Laws inform Company of that legal requirement before the Contracted Processor responds to the request.
7. Personal Data Breach
7.1 Processor shall notify Company without undue delay upon Processor becoming aware of a Personal Data Breach affecting Company Personal Data, providing Company with sufficient information to allow the Company to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
7.2 Processor shall co-operate with the Company and take reasonable commercial steps as are directed by Company to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
8. Data Protection Impact Assessment and Prior Consultation Processor shall provide reasonable assistance to the Company with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Company reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Company Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.
9. Deletion or return of Company Personal Data
9.1 Subject to this section 9 Processor shall promptly and in any event within
10 business days of the date of cessation of any Services involving the Processing of Company Personal Data (the “Cessation Date”), delete and procure the deletion of all copies of those Company Personal Data.
10. Audit rights
10.1 Subject to this section 10, Processor shall make available to the Company on request all information necessary to demonstrate compliance with this Agreement, and shall allow for and contribute to audits, including inspections, by the Company or an auditor mandated by the Company in relation to the Processing of the Company Personal Data by the Contracted Processors.
10.2 Information and audit rights of the Company only arise under section 10.1 to the extent that the Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law.
11. Data Transfer
11.1 The Processor may not transfer or authorize the transfer of Data to countries outside the EU and/or the European Economic Area (EEA) without the prior written consent of the Company. If personal data processed under this Agreement is transferred from a country within the European Economic Area to a country outside the European Economic Area, the Parties shall ensure that the personal data are adequately protected. To achieve this, the Parties shall, unless agreed otherwise, rely on EU approved standard contractual clauses for the transfer of personal data.
12. General Terms
12.1 Confidentiality. Each Party must keep this Agreement and information it receives about the other Party and its business in connection with this Agreement (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that:
(a) disclosure is required by law;
(b) the relevant information is already in the public domain.
12.2 Notices. All notices and communications given under this Agreement must be in writing and will be delivered personally, sent by post or sent by e-mail to the address or e-mail address set out in the heading of this Agreement at such other address as notified from time to time by the Parties changing address.
13. Governing Law and Jurisdiction
13.1 This Agreement is governed by the laws of Germany.
13.2 Any dispute arising in connection with this Agreement, which the Parties will not be able to resolve amicably, will be submitted to the exclusive jurisdiction of the courts of Germany.
IN WITNESS WHEREOF, this Agreement is entered into with effect from the date first set out below.
This acceptable use policy covers the products, services, and technologies (collectively referred to as the “Products”) provided by Thalox AG under any ongoing agreement. It’s designed to protect us, our customers, and the general Internet community from unethical, irresponsible, and illegal activity.
Thalox AG customers found engaging in activities prohibited by this acceptable use policy can be liable for service suspension and account termination. In extreme cases, we may be legally obliged to report such customers to the relevant authorities.
This policy was last reviewed on 15 July 2022.
We provide our facilities with the assumption your use will be “business as usual”, as per our offer schedule. If your use is considered to be excessive, then additional fees may be charged, or capacity may be restricted.
We are opposed to all forms of abuse, discrimination, rights infringement, and/or any action that harms or disadvantages any group, individual, or resource. We expect our customers and, where applicable, their users (“end-users”) to likewise engage our Products with similar intent.
We regard our customers as being responsible for their own actions as well as for the actions of anyone using our Products with the customer’s permission. This responsibility also applies to anyone using our Products on an unauthorized basis as a result of the customer’s failure to put in place reasonable security measures.
By accepting Products from us, our customers agree to ensure adherence to this policy on behalf of anyone using the Products as their end users. Complaints regarding the actions of customers or their end-users will be forwarded to the nominated contact for the account in question.
If a customer — or their end-user or anyone using our Products as a result of the customer — violates our acceptable use policy, we reserve the right to terminate any Products associated with the offending account or the account itself or take any remedial or preventative action we deem appropriate, without notice. To the extent permitted by law, no credit will be available for interruptions of service resulting from any violation of our acceptable use policy.
Copyright infringement and access to unauthorized material
Our Products must not be used to transmit, distribute or store any material in violation of any applicable law. This includes but isn’t limited to:
- any material protected by copyright, trademark, trade secret, or other intellectual property right used without proper authorization, and
- any material that is obscene, defamatory, constitutes an illegal threat or violates export control laws.
The customer is solely responsible for all material they input, upload, disseminate, transmit, create or publish through or on our Products, and for obtaining legal permission to use any works included in such material.
SPAM and unauthorized message activity
Our Products must not be used for the purpose of sending unsolicited bulk or commercial messages in violation of the laws and regulations applicable to your jurisdiction (“spam”). This includes but isn’t limited to sending spam, soliciting customers from spam sent from other service providers, and collecting replies to spam sent from other service providers.
Our Products must not be used for the purpose of running unconfirmed mailing lists or telephone number lists (“messaging lists”). This includes but isn’t limited to subscribing e-mail addresses or telephone numbers to any messaging list without the permission of the e-mail address or telephone number owner, and storing any e-mail addresses or telephone numbers subscribed in this way. All messaging lists run on or hosted by our Products must be “confirmed opt-in”. Verification of the address or telephone number owner’s express permission must be available for the lifespan of the messaging list.
We prohibit the use of e-mail lists, telephone number lists or databases purchased from third parties intended for spam or unconfirmed messaging list purposes on our Products.
This spam and unauthorized message activity policy applies to messages sent using our Products, or to messages sent from any network by the customer or any person on the customer’s behalf, that directly or indirectly refer the recipient to a site hosted via our Products.
Unethical, exploitative, and malicious activity
Our Products must not be used for the purpose of advertising, transmitting, or otherwise making available any software, program, product, or service designed to violate this acceptable use policy, or the acceptable use policy of other service providers. This includes but isn’t limited to facilitating the means to send spam and the initiation of network sniffing, pinging, packet spoofing, flooding, mail-bombing, and denial-of-service attacks.
Our Products must not be used to access any account or electronic resource where the group or individual attempting to gain access does not own or is not authorized to access the resource (e.g. “hacking”, “cracking”, “phreaking”, etc.).
Our Products must not be used for the purpose of intentionally or recklessly introducing viruses or malicious code into our Products and systems.
Our Products must not be used for purposely engaging in activities designed to harass another group or individual. Our definition of harassment includes but is not limited to denial-of-service attacks, hate-speech, advocacy of racial or ethnic intolerance, and any activity intended to threaten, abuse, infringe upon the rights of, or discriminate against any group or individual.
Other activities considered unethical, exploitative, and malicious include:
- Obtaining (or attempting to obtain) services from us with the intent to avoid payment;
- Using our facilities to obtain (or attempt to obtain) services from another provider with the intent to avoid payment;
- The unauthorized access, alteration, or destruction (or any attempt thereof) of any information about our customers or end-users, by any means or device;
- Using our facilities to interfere with the use of our facilities and network by other customers or authorized individuals;
- Publishing or transmitting any content of links that incite violence, depict a violent act, depict child pornography, or threaten anyone’s health and safety;
- Any act or omission in violation of consumer protection laws and regulations;
- Any violation of a person’s privacy.
Our Products may not be used by any person or entity, which is involved with or suspected of involvement in activities or causes relating to illegal gambling; terrorism; narcotics trafficking; arms trafficking or the proliferation, development, design, manufacture, production, stockpiling, or use of nuclear, chemical or biological weapons, weapons of mass destruction, or missiles; in each case including any affiliation with others whatsoever who support the above such activities or causes.
Unauthorized use of Thalox AG property
We prohibit the impersonation of Thalox AG, the representation of a significant business relationship with Thalox AG, or ownership of any Thalox AG property (including our Products and brand) for the purpose of fraudulently gaining service, custom, patronage, or user trust.
About this policy
This policy outlines a non-exclusive list of activities and intent we deem unacceptable and incompatible with our brand.
We reserve the right to modify this policy at any time by publishing the revised version on our website. The revised version will be effective from the earlier of:
- the date the customer uses our Products after we publish the revised version on our website; or
- 30 days after we publish the revised version on our website.