Terms of service

Last Modified: January 3, 2024

This terms of service includes important information about your personal data and we encourage you to read it carefully.

Our terms of service is a contract that governs our customers use of thalox services. It consist of the following documents:

Customer Service Agreement

§ 1 | Scope |

(1) These General Terms and Conditions (hereinafter: “GTC”) apply to all contracts between Thalox AG, represented by the Executive Board, Erwin Marc Arnold, Schießhausstraße 155, 86633 Neuburg a.d. Donau, Germany (hereinafter: “Provider” or “Thalox”) and its customers (hereinafter: “Customer”), which have as their object the temporary provision of the software solution “thalox for marketers” (hereinafter: “Software” or “Application”) as Software as a Service or extensions or further services thereto, even if this is not separately agreed again. Insofar as the application merely relies on services of third parties, in particular HubSpot Inc., HubSpot, Inc. 25 First Street, Cambridge, MA 02141 USA (hereinafter “HubSpot”) or is capable of cooperating with them, the services of third parties are not the subject of performance and are not covered by this agreement.

(2) Unless expressly agreed otherwise, these GTC shall apply exclusively in the version valid at the time of conclusion of the contract.

By accepting the offer, at the latest by registering an account on https://go.thalox.com, the customer expressly agrees to these GTC and waives the assertion of his own deviating terms and conditions or terms and conditions of purchase and payment. Other terms and conditions do not apply even if Thalox does not expressly object to them in individual cases. Deviating terms and conditions of the customer shall only apply if they have been agreed separately, expressly and in writing. If the customer does not agree with this, he must immediately inform the supplier of this in writing.

(3) Customers within the meaning of these GTC are exclusively entrepreneurs, i.e. any natural or legal person or partnership with legal capacity who, when concluding the contract, acts in the exercise of their commercial or independent professional activity. Conclusion of a contract with consumers is excluded.

(4) Individual agreements made with the Customer in individual cases, in particular within the framework of the “Enterprise” variant (including ancillary agreements, supplements and amendments) shall in all cases take precedence over these GTC. Subject to proof to the contrary, a written contract or written confirmation by the Provider shall be authoritative for the content of such agreements.

(5) Thalox is entitled to make changes to the service descriptions or these general terms and conditions and other conditions. Thalox will only make these changes for valid reasons, in particular due to new technical developments, changes in case law or other equivalent reasons. If the amendment significantly disturbs the contractual balance between the parties, the amendment shall not be made. Otherwise, changes require the consent of the customer

§ 2 | Subject matter of performance |

(1) The subject matter of the contract is the provision of the application as well as the technical facilitation of the use of the application by means of browser access and the granting or procurement of rights of use to the application as well as the provision of storage space for the data generated by the customer through the use of the application and/or the data required for the use of the application (hereinafter: application data) by the provider to the customer against payment of the agreed fee.

(2) The application establishes an interface to the third-party provider HubSpot and enables the evaluation of customer communication. This includes in particular

The object of the application is exclusively the evaluation of customer communication. The application itself does not select any marketing measures or content to be transmitted to customers. The application does not check the correctness or completeness of the content of the customer entries or any third-party data included. The calculated engagement score, reports, visualizations and other presentations are not advisory services or recommendations for action, but non-binding reports which the client can include at his own discretion as part of his planning. The remuneration listed in § 9 is paid exclusively for the technical provision or granting of rights of use to the software and does not constitute a consultancy fee.

(3) The application is offered in four variants:

The content and scope of services of the respective variant as well as the permissible number of users can be found on the provider’s website at https://thalox.com/customer-segmentation-tool-pricing.

(4) The provision of third party services is not the subject of the service. Thalox does not assume any warranty for the functionality and maintenance of third-party services, in particular HubSpot or other platforms operated by third parties.

(5) Insofar as the booking of the chargeable service is preceded by a free phase, the customer cannot assert any claims in this respect beyond the statutory liability claims. Multiple use of the test phase is excluded.

§ 3 | Registration and conclusion of contract |

(1) Use of the application requires prior registration. There is no entitlement to the opening of a customer account. Only persons with unlimited legal capacity who are acting in the exercise of their commercial or independent professional activity are entitled to register. At the Provider’s request, the Customer must send the Provider proof of identity (e.g. a copy of his identity card) or state his VAT identification number and document his registration. Within the scope of registration, the Provider shall request the Customer’s data. The data required to create the user account must be provided by the customer completely and truthfully. After providing the data, the customer receives a verification code to the e-mail address provided by the customer. After confirmation of the e-mail address, registration for the application takes place by entering the deposited e-mail address and the password assigned by the customer himself. The customer is obliged to keep his password secret and not to disclose it to third parties under any circumstances.

(2) After registration, the customer may use the software in the “Free” variant free of charge for 30 days.

(3) Prior to the expiry of the 30-day period pursuant to para. 2, the customer shall be informed of the impending end of the free-of-charge usage period and shall be offered the option of switching to a paid variant. For this purpose, the customer will be requested to provide a billing address and a means of payment. During the ordering process, the process can be cancelled at any time by clicking on the “back” symbol (“< “). Once the information has been entered in full, the customer is shown an order overview. The contract is concluded by clicking on “Sign Up”.

(4) Insofar as the customer’s personal or company details change, the customer himself is responsible for updating them. All changes must be communicated to the Provider via the input mask in the personal area or in text form.

§ 4 | Provision of the application |

(1) The Provider shall keep the application in the version current at the time of conclusion of the contract available for use in accordance with the following provisions from the time of conclusion of the contract (§ 3) on one or more central data processing systems which it rents from third parties (hereinafter: server).

(2) The Provider shall ensure that the provided application is

whereby the provider owes the care customary in the industry. In determining whether the provider is at fault, it must be taken into account that software cannot technically be created completely free of errors.

(3) The security measures to be observed by the customer result from § 8 of these GTC.

Data Processing

Contract on commissioned processing







as the responsible person (herein referred to as the “Principal“)

and the

Thalox AG

represented by the Executive Board, Erwin Arnold,

as contact person for data protection

Schießhausstraße 155

86633 Neuburg a.d.Donau

(herein referred to a “Contractor“)


The Client uses the SaaS solution “thalox for marketers” operated by the Contractor. The Client wishes to commission the Contractor with the services specified in § 3. In the course of the performance of the contract, personal data may be processed. In particular, Art. 28 DSGVO imposes certain requirements on such commissioned processing. In order to comply with these requirements, the Parties enter into the following agreement, the performance of which shall not be remunerated separately unless this is expressly agreed.

§ 1 | Definitions |

(1) Pursuant to Art. 4 (7) DSGVO, the controller is the body which alone or jointly with other controllers determines the purposes and means of the processing of personal data.

(2) Pursuant to Article 4 (8) of the GDPR, a processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller.

(3) Pursuant to Article 4(1) of the GDPR, personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

(4) Personal data requiring special protection are personal data pursuant to Art. 9 GDPR revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership of data subjects, personal data pursuant to Art. 10 GDPR on criminal convictions and offences or related security measures, and genetic data pursuant to Art. 4 (13) GDPR. 10 GDPR on criminal convictions and offences or related security measures as well as genetic data pursuant to Art. 4 (13) GDPR, biometric data pursuant to Art. 4 (14) GDPR, health data pursuant to Art. 4 (15) GDPR and data on the sex life or sexual orientation of a natural person.

(5) According to Article 4 (2) of the GDPR, processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

(6) Pursuant to Article 4 (21) of the GDPR, the supervisory authority shall be an independent state body established by a Member State pursuant to Article 51 of the GDPR.

§ 2 | Indication of the competent data protection supervisory authority |

(1) The competent supervisory authority for the principal shall be determined by the principal’s registered office.

(2) The competent supervisory authority for the Contractor is the Bavarian State Commissioner for Data Protection.

(3) The contracting authority and the contractor and, where appropriate, their representatives shall cooperate, on request, with the supervisory authority in the performance of their duties.

§ 3 | Formation of the contract, subject matter of the contract |

(1) This agreement shall enter into force upon confirmation by the client in electronic form. For this purpose, the client shall set a corresponding check mark in the course of setting up his user account and thereby confirm the conclusion of the contract. The contract ends with the termination of the main contractual relationship.

(2) The Contractor shall provide services for the Client in the form of making available a software platform on server capacities rented from third parties for use via the Internet. In doing so, the contractor may obtain access to personal data and process these exclusively on behalf of and according to the instructions of the client. The scope and purpose of the data processing by the contractor are set out in the main contract (and the associated service description). The Client shall be responsible for assessing the permissibility of the data processing.

(3) The Parties conclude the present Agreement to specify the mutual rights and obligations under data protection law. In case of doubt, the provisions of this agreement shall take precedence over the provisions of the main contract.

(4) The provisions of this contract shall apply to all activities which are connected with the main contract and in the course of which the contractor and its employees or persons commissioned by the contractor come into contact with personal data originating from the client or collected for the client.

(5) The term of this contract shall be based on the term of the main contract, insofar as no further obligations or rights of termination arise from the following provisions.

§ 4 | Right to issue instructions |

(1) The contractor may only collect, process or use data within the framework of the main contract and in accordance with the client’s instructions; this applies in particular with regard to the transfer of personal data to a third country or to an international organisation. If the Contractor is obliged to carry out further processing by the law of the European Union or of the Member States to which it is subject, it shall inform the Client of these legal requirements prior to the processing.

(2) The Client’s instructions shall initially be determined by this contract and may thereafter be amended, supplemented or replaced by the Client in writing or in text form by individual instructions (individual instructions). The Client is entitled to issue corresponding instructions at any time. This includes instructions with regard to the correction, deletion and blocking of data. Unless otherwise agreed, the data protection officer of the Client shall be the person authorised to issue instructions. In the event of a change or a longer-term prevention of the appointed persons, the successor or representative shall be named to the contractual partner in text form without delay.

Accept Use Policy (AUP)

This acceptable use policy covers the products, services, and technologies (collectively referred to as the “Products”) provided by Thalox AG under any ongoing agreement. It’s designed to protect us, our customers, and the general Internet community from unethical, irresponsible, and illegal activity.

Thalox AG customers found engaging in activities prohibited by this acceptable use policy can be liable for service suspension and account termination. In extreme cases, we may be legally obliged to report such customers to the relevant authorities.

This policy was last reviewed on December 2022.

Fair use

We provide our facilities with the assumption your use will be “business as usual”, as per our offer schedule. If your use is considered to be excessive, then additional fees may be charged, or capacity may be restricted.

We are opposed to all forms of abuse, discrimination, rights infringement, and/or any action that harms or disadvantages any group, individual, or resource. We expect our customers and, where applicable, their users (“end-users”) to likewise engage our Products with similar intent.

Customer accountability

We regard our customers as being responsible for their own actions as well as for the actions of anyone using our Products with the customer’s permission. This responsibility also applies to anyone using our Products on an unauthorized basis as a result of the customer’s failure to put in place reasonable security measures.

By accepting Products from us, our customers agree to ensure adherence to this policy on behalf of anyone using the Products as their end users. Complaints regarding the actions of customers or their end-users will be forwarded to the nominated contact for the account in question.

If a customer — or their end-user or anyone using our Products as a result of the customer — violates our acceptable use policy, we reserve the right to terminate any Products associated with the offending account or the account itself or take any remedial or preventative action we deem appropriate, without notice. To the extent permitted by law, no credit will be available for interruptions of service resulting from any violation of our acceptable use policy.

Prohibited activity

Copyright infringement and access to unauthorized material

Our Products must not be used to transmit, distribute or store any material in violation of any applicable law. This includes but isn’t limited to:

The customer is solely responsible for all material they input, upload, disseminate, transmit, create or publish through or on our Products, and for obtaining legal permission to use any works included in such material.

SPAM and unauthorized message activity

Our Products must not be used for the purpose of sending unsolicited bulk or commercial messages in violation of the laws and regulations applicable to your jurisdiction (“spam”). This includes but isn’t limited to sending spam, soliciting customers from spam sent from other service providers, and collecting replies to spam sent from other service providers.

Our Products must not be used for the purpose of running unconfirmed mailing lists or telephone number lists (“messaging lists”). This includes but isn’t limited to subscribing e-mail addresses or telephone numbers to any messaging list without the permission of the e-mail address or telephone number owner, and storing any e-mail addresses or telephone numbers subscribed in this way. All messaging lists run on or hosted by our Products must be “confirmed opt-in”. Verification of the address or telephone number owner’s express permission must be available for the lifespan of the messaging list.

We prohibit the use of e-mail lists, telephone number lists or databases purchased from third parties intended for spam or unconfirmed messaging list purposes on our Products.

This spam and unauthorized message activity policy applies to messages sent using our Products, or to messages sent from any network by the customer or any person on the customer’s behalf, that directly or indirectly refer the recipient to a site hosted via our Products.

Unethical, exploitative, and malicious activity

Our Products must not be used for the purpose of advertising, transmitting, or otherwise making available any software, program, product, or service designed to violate this acceptable use policy, or the acceptable use policy of other service providers. This includes but isn’t limited to facilitating the means to send spam and the initiation of network sniffing, pinging, packet spoofing, flooding, mail-bombing, and denial-of-service attacks.

Our Products must not be used to access any account or electronic resource where the group or individual attempting to gain access does not own or is not authorized to access the resource (e.g. “hacking”, “cracking”, “phreaking”, etc.).

Our Products must not be used for the purpose of intentionally or recklessly introducing viruses or malicious code into our Products and systems.

Our Products must not be used for purposely engaging in activities designed to harass another group or individual. Our definition of harassment includes but is not limited to denial-of-service attacks, hate-speech, advocacy of racial or ethnic intolerance, and any activity intended to threaten, abuse, infringe upon the rights of, or discriminate against any group or individual.

Other activities considered unethical, exploitative, and malicious include:

  1. Obtaining (or attempting to obtain) services from us with the intent to avoid payment;
  2. Using our facilities to obtain (or attempt to obtain) services from another provider with the intent to avoid payment;
  3. The unauthorized access, alteration, or destruction (or any attempt thereof) of any information about our customers or end-users, by any means or device;
  4. Using our facilities to interfere with the use of our facilities and network by other customers or authorized individuals;
  5. Publishing or transmitting any content of links that incite violence, depict a violent act, depict child pornography, or threaten anyone’s health and safety;
  6. Any act or omission in violation of consumer protection laws and regulations;
  7. Any violation of a person’s privacy.

Our Products may not be used by any person or entity, which is involved with or suspected of involvement in activities or causes relating to illegal gambling; terrorism; narcotics trafficking; arms trafficking or the proliferation, development, design, manufacture, production, stockpiling, or use of nuclear, chemical or biological weapons, weapons of mass destruction, or missiles; in each case including any affiliation with others whatsoever who support the above such activities or causes.

Unauthorized use of Thalox AG property

We prohibit the impersonation of Thalox AG, the representation of a significant business relationship with Thalox AG, or ownership of any Thalox AG property (including our Products and brand) for the purpose of fraudulently gaining service, custom, patronage, or user trust.

About this policy

This policy outlines a non-exclusive list of activities and intent we deem unacceptable and incompatible with our brand.

We reserve the right to modify this policy at any time by publishing the revised version on our website. The revised version will be effective from the earlier of: