1 General
1.a
The following General Terms and Conditions (“GTC”) of DESIGNA Verkehrsleittechnik GMBH (“DESIGNA”) shall apply to all contractual relationships between the Client and DESIGNA and its subsidiaries, irrespective of how they are concluded. They shall also apply to further deliveries or services. Provisions agreed in individual contracts within a contractual relationship shall take precedence over these GTC. Deviating terms and conditions of the Client shall apply only if they are accepted in writing by the authorised representative body of DESIGNA on behalf of the company; otherwise they shall not bind DESIGNA without express written acknowledgement, even if reference is made to them in the Client's order letter. An implied acceptance of the Client's GTC is expressly excluded.
1.b
All agreements deviating from and/or supplementing these GTC must be made in writing and shall require the signature of the body authorised to represent the company for their validity. DESIGNA employees are not authorised to make agreements deviating from these GTC. The Client is therefore not authorised to claim any prima facie powers of attorney.
1.c
DESIGNA reserves the right to amend the GTC. The Client shall be notified of any changes in text form so that an objection can be raised, if necessary. If no objection is raised within a period of one month, this shall be deemed to be consent.
2 Offer and acceptance, rights to documents
2.a
Offers and cost estimates submitted by DESIGNA are always without obligation and are prepared by the responsible department at DESIGNA to the best of its knowledge and belief. They shall be understood exclusively as invitations from DESIGNA to the Client to submit an offer on this basis, which shall require separate acceptance by DESIGNA in order to bring about the conclusion of a contract. Acceptance by DESIGNA can take the form of either an express declaration to the Client or by commencement of the execution of the commissioned services. Information contained in brochures or similar documents or in an offer, such as illustrations, drawings, descriptions, dimensions, weights, performance and consumption data are only approximate and as such not binding unless expressly designated as binding or warranted. We reserve the right to make technical and design changes. Purchase orders placed by the Client shall require acceptance by written order confirmation from DESIGNA by post, fax or e-mail.
2.b DESIGNA reserves all property rights and rights of use to cost estimates, drawings and other documents (hereinafter: Documents). Documents may only be made accessible to third parties with the prior consent of DESIGNA and must be returned to DESIGNA immediately on request if the order is not placed.
3 Delivery periods and delivery dates
3.a
Insofar as delivery periods and delivery dates are agreed as binding periods and dates, these shall be subject to correct and timely delivery to DESIGNA by its suppliers, insofar as DESIGNA has concluded a congruent hedging transaction with the corresponding suppliers. The start of the delivery period shall be deemed to be the day on which the order is clarified in all details and preparations at the site (cf. clause 4.d and e) by the Client have been completed.
In the event of subsequent amendments or additions to the order, the delivery periods shall be extended accordingly. If a forward transaction is desired, this must be expressly agreed.
3.b
Prerequisites for compliance with the delivery and commissioning dates are in any case fulfilment of the Client’s obligations defined in clause 4.d and e, timely receipt of agreed instalment payments, completion of the individual steps in the project process according to the schedule specified by DESIGNA and completion of any agreed partial acceptance procedures (site acceptance, software acceptance, factory acceptance and training, if applicable).
3.c
A further prerequisite for compliance with the delivery and commissioning dates is that all technical questions between DESIGNA and the Client have been finally clarified and the Client has fulfilled all its obligations, such as in particular provision of any necessary official permits or certificates, approvals or plans and has made any agreed advance payments. If these prerequisites are not satisfied on time, the dates shall be extended accordingly; this shall not apply if the delay is attributable to DESIGNA.
3.d
Unless a fixed price contract has been expressly agreed, DESIGNA shall invoice according to the deliveries and services actually made, whereby material shall be invoiced at the usual sales prices including any other cash expenses and labour at DESIGNA's usual hourly rates. The services shall be provided during the normal working hours customary in the industry. If the performance of the service requires a deviation from these normal working hours, the additional costs shall be invoiced separately. DESIGNA reserves the right to engage third parties for the provision of services, if necessary.
3.e
An extension of an order by the Client can be made both in writing and verbally, and shall only be valid if accepted by DESIGNA in writing. The existing contract shall then apply mutatis mutandis to the extended scope. This also means that in the case of extensions to the system, the associated services shall be invoiced on a pro rata basis. The written order confirmation (or supplement) shall be authoritative for the scope of supplies and services.
3.f
In the event that the material costs increase by more than 5 % in relation to the respective individual item of the contract, DESIGNA shall be entitled to a price adjustment if and insofar as the increase is not attributable to DESIGNA.
3.g
Deviations of the ordered or delivered products from the order, in particular with regard to material and design, are reserved within the scope of technical progress.
3.h
Increases or decreases during the course of the site inspection of up to 15 % of the contractually agreed quantity are permissible and will be taken into account at the latest in the final invoice.
3.i
If the purchase is financed by leasing and the lessor becomes contract partner, the Client shall be liable as if the Client had concluded the contract directly as contract partner. DESIGNA shall also be entitled to assert all claims arising out of this contract directly against the Client. Insofar as official permits also have to be obtained for the execution of the specific order, the Client expressly authorises DESIGNA to inspect these official files. The Client also undertakes to inform DESIGNA in good time of any restraints that could hinder the execution of the order. In the event that such information is not provided in good time, DESIGNA shall be entitled to charge the Client for any additional costs incurred as a result.
3.j
The Client shall only be entitled to withdraw from the contract due to default after setting a reasonable grace period, unless the setting of a grace period is dispensable by law. If delivery of finished goods is not possible due to default of payment or lack of site preparation (cf. 4.c) by the Client, DESIGNA reserves the right to charge storage fees.
3.k
In the event of withdrawal due to default (non-performance) or withdrawal due to poor performance, §323 German Civil Code (BGB) shall apply.
3.l
If the provision of the service is partially or totally impossible, the provisions of §326 BGB shall apply.
4 Delivery and commissioning
4.a
DESIGNA generally provides contractual services and work services. Work services to be provided by DESIGNA in connection with the delivery and installation of goods shall nevertheless be expressly designated as work services when the order is placed. If DESIGNA provides work services, these services shall require acceptance by the Client in accordance with the following provisions.
4.b
In the case of contractual services and work services, the risk shall pass to the Client upon dispatch of the delivery ex works Kiel. This shall also apply if delivery is made as part of an installation or if the transport is organised by DESIGNA. Unless otherwise agreed, place of fulfilment shall be the registered office of DESIGNA. Partial deliveries are permissible. Delivery is made by a third party. Delivery is for the account of the Client. The engagement of subcontractors is permitted at any time.
4.c
Insofar as DESIGNA provides work services, the work must be accepted by the Client in accordance with 4.q. and 4.r. The existence of merely insignificant defects shall not entitle the Client to refuse acceptance. Commissioning of the work shall effect acceptance if the Client does not draw up a list of defects within three days and send it to DESIGNA in text form.
4.d
The Client shall be responsible for the timely execution of the site preparations (such as laying of foundations, including the installation aids provided, establishing the standardised power supply, establishing the network connections between the locations of individual devices) in accordance with DESIGNA's specifications and installation of the devices required for the site preparations at the intended locations.
4.e
The Client must undertake all the following preparations required for installation and assembly for its own account and complete them in good time:
• All preparatory earthworks, construction work and other ancillary work which does not fall within the scope of work in this sector, including the necessary skilled and unskilled labour, building materials and tools.
• The goods and materials necessary for installation and commissioning, such as scaffolding, lifting gear and other devices, fuels and lubricants.
• Power and water at the place of use including connections, heating and lighting, sufficiently large, suitable, dry and lockable rooms at the installation site for the storage of machine parts, apparatus, materials, tools etc. and appropriate work and recreation rooms for the installation personnel, including sanitary facilities appropriate to the circumstances; in addition, the Client shall take the same measures to protect the property of DESIGNA and the installation personnel on the construction site that it would take to protect its own property.
• Protective clothing and protective devices that are required due to special circumstances at the installation site and to complete them in good time.
4.f
Before the start of the installation work, the Client shall provide the necessary information on the location of concealed electricity lines, gas and water pipes or similar installations as well as the necessary structural data without being asked.
4.g
Prior to the start of installation or assembly, the materials and objects necessary for the start of the work must be available at the installation or assembly site and all preparatory work must have progressed to such an extent that installation and assembly can be started as agreed and carried out without interruption. Access routes and the installation/assembly site must have been levelled and cleared.
4.h
If the installation, assembly or commissioning work is delayed for reasons beyond the control of DESIGNA, the Client shall bear reasonable costs for waiting time and any additional travel by DESIGNA personnel.
4.i
DESIGNA shall provide commissioning of the purchased goods by connecting the pre-assembled assemblies at the intended locations and the installing of the programs, provided that commissioning has been contractually agreed. This shall not include work for which DESIGNA is not licensed (e.g. electrician's licence – installations above 230 volts).
4.j
Depending on the order, the software shall be delivered on the virtual or physical central computer supplied, via data transfer to the Client's own virtual machine or by providing a link and access data to the CLOUD hosting platform.
4.k
DESIGNA shall only carry out the installation in accordance with a separately commissioned chargeable service.
4.l
If the CLOUD hosting service has been booked by DESIGNA for hosting the system, the systems are controlled via the central computer provided, a workstation provided or via the access data provided for the CLOUD platform. For troublefree functioning of the systems it is absolutely essential that the Client should send a software data catalogue with the necessary local configuration data according to the DESIGNA specifications to DESIGNA not less than two (2) weeks before the planned delivery date. Should the Client fail to meet this obligation or meets this obligation too late, DESIGNA shall decide whether the host computer should be delivered on the basis of a standard configuration or should not be delivered at all.
4.m
In the event that the provision of the service is delayed by events not attributable to DESIGNA, its legal representatives or vicarious agents, in particular if preparatory services of the Client or third parties are not completed to the agreed extent, DESIGNA shall be released from the obligation to provide the service for the duration of the hindrance, without the Client being entitled to a right of cancellation, compensation or any other type of claim against DESIGNA. DESIGNA may invoice the Client separately for any resulting additional expenses.
4.n
If the Client is in default with acceptance, the storage costs incurred shall be borne by the Client. In the event of refusal of acceptance by the Client, DESIGNA shall be entitled to demand an agreed advance payment, but at least 15 % of the contract amount.
4.o
Brand names and type designations of standard hardware are given without obligation. DESIGNA shall supply the current products at the time of execution of its discretion; these shall, however, at least correspond to the specifications ordered. If software programs are put into operation on computers provided by DESIGNA, commissioning shall be charged separately at actual cost.
4.p
The contract parties shall agree on a one-off training for the Client's personnel in the operation, troubleshooting and maintenance of the contract matter to the extent agreed. Follow-up or refresher training and training for new employees of the Client shall be invoiced separately.
4.q
DESIGNA shall notify the Client of the completion of the work performance and request the Client to declare acceptance as part of a joint acceptance. Unless otherwise agreed, acceptance shall take place within 12 working days of receipt of the notification by the Client. Acceptance of the service produced in accordance with the contract shall take place as part of an inspection to be carried out by the Client as part of a joint acceptance meeting, during which an acceptance report shall be drawn up.
4.r
If an acceptance test by the Client does not take place within the 12-day period in accordance with 4.q, DESIGNA may request the Client to accept the service by setting a grace period of 7 working days. If this period expires without the Client having expressly refused acceptance to DESIGNA, stating at least one defect, acceptance shall be deemed to have been declared. DESIGNA undertakes to specifically draw the Client's attention to the significance of its behaviour in the letter of request. Acceptance shall also be deemed to have been declared if the Client puts the service to be accepted into live operation and does not expressly refuse acceptance within seven working days of the start of live operation. Any agreed test operation phases shall remain unaffected by this.
5 Rights of use to software programs
5.a
Insofar as DESIGNA provides the Client with software produced by DESIGNA, DESIGNA shall grant the Client a simple, non-exclusive and non-transferable right to use the software specified in the respective order confirmation for the agreed purpose and for the agreed duration under the following conditions and subject to the condition precedent of full payment of the agreed remuneration. All other rights shall remain with DESIGNA. By paying the remuneration, the Client therefore only acquires the right to use the software for the agreed purpose for the duration of the contract.
5.b
The Client shall not be authorised to modify or edit, copy or otherwise reproduce, decode, decompile or transfer the software and the associated documentation to other computers.
5.c
A right of use granted by DESIGNA to software (software licence) which is required for the operation of hardware (firmware or operating system software) may only be transferred to third parties with the prior written consent of DESIGNA. A software licence for application software is not transferable under any circumstances. The Client may neither grant sub-licences nor pass on the software to third parties through leasing or other transfer agreements.
5.d
Copies of delivered software may only be made for backup and archiving purposes or for troubleshooting, including the property rights notice of the original software, and must be destroyed once their purpose has been fulfilled. The Client shall be obliged to ensure that the software and documentation as well as copies thereof are not made accessible to third parties.
5.e
In the event of the delivery of software or the transfer of rights of use to programs from third parties, the corresponding rights of use and licence conditions of the respective manufacturer shall apply. If, in addition to the delivery of standard software, DESIGNA also makes Client-specific modifications to the software (customising), this shall require a separate order from the Client. DESIGNA shall provide the customising in accordance with the individually prepared offer at the remuneration individually specified therein.
5.f
In the event of customising for the Client, the Client shall have the same rights of use to the software components affected by the customising as otherwise to the standard software. The Client is not granted any further rights to this software.
5.g
DESIGNA shall be entitled, but not obliged, to integrate the results of the customising carried out for the Client into future standard software applications from DESIGNA.
5.h
Further details of the type and scope of the rights of use to the software acquired by the Client are set out in the documents on which the software provision is based or which supplement the software provision, namely the order confirmation, purchase agreement or purchase & service contract or the system certificate and the data sheets belonging to the order confirmation. In particular, these show the maximum number of front ends authorised for use and information on the software packages activated for the system.
6 CLOUD hosting service
6.a
The provisions set out in this section 6 shall only apply to the contractual relationship if the DESIGNA CLOUD hosting service has been agreed.
6.b
If the CLOUD hosting service has been booked by DESIGNA for the hosting of the system, DESIGNA shall ensure that a data centre accessible via the Internet is available for the parameterisation of the systems, for the import of transaction data from installed devices (front ends) and for the output of reports. Unless otherwise agreed and specified in the Annex to this contract, a number of users shall be set up by DESIGNA for the use of the system in accordance with the offer. The data centre is located in Vienna.
6.c
If software functions subject to licence are activated on a central computer, they may only be used simultaneously on as many terminals/workstations as expressly agreed. The right of use also extends to the necessary use of the documentation or manuals belonging to the software. The agreed number of connected workstations or central computers must not be exceeded under any circumstances.
6.d
The cloud services serve solely to host the operator software provided by DESIGNA, which enables Client access to the Client's own data of the car park operated by the Client. The operator software is standard software which is provided alongside the CLOUD hosting service for ongoing use.
6.e Server availability
6.e.l DESIGNA guarantees 99 % availability of the server, its network and the interfaces used to connect to the Internet on an annual average, not including downtimes caused by scheduled maintenance work.
6.e.II If the Client's DESIGNA car park systems are affected by server failures as defined in this contract, the car park systems remain fundamentally operational by automatically switching to emergency operation. Emergency operation means that in the event of such server faults or faults in the link between server and car park, the respective DESIGNA car park management system continues to work independently of the server with the basic functions provided, depending on the ticket system used. However, the following functions are not available in such a case: parking space counting, ticket validation at the exit, online credit card authorisation, online discounting, LPR (license plate recognition), server-bound activities such as ticket queries, master data maintenance, reporting, operation of the system and other functions based on interfaces with third-party systems or software.
6.e.IIl The Client's network used for the deployment of the contractual services must be separated from any other networks of the Client by suitable state-of-the-art virus protection measures/firewalls. No devices not manufactured, supplied or authorised by DESIGNA may be integrated into the contractual DESIGNA parking management system network without prior express approval. This applies to both directions of data exchange with the virtual machine (VM).
6.f
The annual fees include all internal service work required by DESIGNA for the CLOUD service to ensure the function and availability of the service. The prices quoted do not include the Client's costs for the use of data transmission equipment and connection charges or the provision and installation of the required VPN (IPSEC)-capable firewalls and routers on the parking system side. If necessary, the DESIGNA-certified supplier "Anexia Deutschland GmbH" can be consulted on this.
7 Maintenance of the software programs
7.a
The following provisions in this section 7 on maintenance of the software programs shall apply only in the event that a corresponding service has been agreed between the contract parties in the Purchase & Service contract. All services under this section shall only be provided during the support hours in accordance with 7.d.VII.
7.b
Insofar as a contract containing software services is concluded between Client and DESIGNA, the Client has a right to support and maintenance of the software programs in accordance with the provisions contained therein. If the Client orders a separate installation of the software updates by DESIGNA, this shall only be carried out against separate payment.
Maintenance of the software programs shall be carried out at the maintenance flat rate contained in the contract. During the term of the contract, DESIGNA shall ensure that the support services in accordance with clauses 7.d to 7.f are carried out by appropriately qualified personnel and with appropriate care and diligence. The work shall be carried out during DESIGNA's business hours by remote maintenance. DESIGNA can also carry out support services on the Client's business premises according at its discretion.
7.c
If the provision of an updated or modified version would result in a permanent limitation of the functions or restrictions in the usability of previously generated data, DESIGNA shall notify the Client of this in text form at least four weeks before such a change comes into effect. If the Client does not object to a change in text form within a period of two weeks from receipt of the change notification, the change shall be implemented and the software in the modified version shall become part of the contract. DESIGNA shall draw the Client's attention to the above-mentioned deadline and to the consequences of expiry if the option to object is not exercised whenever corresponding changes are announced.
7.d Troubleshooting (bug-fix service)
7.d.I A fault to be remedied shall be deemed to exist if the respective contractual software program exhibits reproducible behaviour deviating from the corresponding performance description in the respective valid version. The fault shall be eliminated by installing a bug-fix, a software update or an appropriate alternative solution.
7.d.II Recognised faults must be resolved by DESIGNA within a reasonable period of time. DESIGNA shall be released from this obligation for as long as the rectification of the fault is necessary due to a failure on the part of the Client to co-operate in accordance with clause 8 and the Client fails to do so.
7.d.III DESIGNA shall be authorised at any time to engage subcontractors to carry out the support services without requiring the Client's consent.7.d.lV Provision of a helpdesk
7.d.V DESIGNA shall provide a central e-mail address and telephone number for the receipt of support questions and for support services during the agreed periods.
7.d.VI DESIGNA shall respond to the Client's enquiries within a reasonable period of time.
7.d.VII Support requests are categorised according to three levels of urgency (3=low, 2=medium, 1=high). Faults that prevent operation are assigned to urgency level 1. Serious malfunctions that still allow operation are assigned to urgency level 2 and all other enquiries to urgency level 3. For requests at urgency levels 1 and 2, DESIGNA shall ensure a response time to incoming fault reports of one working day (within normal office hours from 8:00 a.m. to 6:00 p.m., Mondays to Fridays, excluding public holidays in the federal state of Schleswig-Holstein) and three working days at other times, in each case starting from the time of notification by the Client. Enquiries at urgency level 3 shall be processed within a reasonable period of time.
7.d.VIII The support services include application advice by telephone or e-mail as well as assistance in the event of faults resulting from the use of the products by the Client and can only be requested by the Client's appropriately trained personnel.
7.d.IX Shifting of daily service operations are not included in the scope of services for software maintenance and are charged separately (e.g. creation of a new tariff, reconfiguration of a system, etc.).
7.e Software update service
7.e.I DESIGNA issues various releases for its software programs as part of its support services. Update services include the provision of new releases with the original range of functions.
7.e.II DESIGNA is not obliged to supply software upgrades (i.e. new versions, releases or inline releases) unless the supply of upgrades or the payment of upgrade fees is stipulated in a separate special agreement (e.g. contract including software maintenance).
8 Cooperation obligations of the Client
8.a.l For fast and successful processing of fault reports, the Client shall address these to DESIGNA, stating his contract number and a description of the error.
8.a.II The Client undertakes to follow DESIGNA's guidance and instructions and to make every reasonable effort to enable DESIGNA to carry out service and maintenance, to provide DESIGNA with information, support, materials and access to operating resources, insofar as this is necessary and reasonable, to promptly install all service packs and hotfixes provided and to procure, install or maintain all operating resources, telephone lines, Internet access, communication interfaces and hardware necessary for the use of the DESIGNA product.
8.a.III The Client must employ sufficiently qualified and trained personnel to use the products licensed to him.
8.a.IV The Client is obliged to fulfil all data protection provisions, in particular its own obligations arising from the GDPR (cf. 9 and the Security Policy) or those arising from the contract. Should DESIGNA be held liable by a third party in this respect, the Client undertakes to indemnify DESIGNA against all such claims unless it is not responsible for the preceding acts of infringement.
8.a.V The Client is obliged to provide the computer system, software programs, protocols, diagnostic documents and data used, as well as an online connection for remote diagnosis and remote maintenance, free of charge for the use of the contractual services and to support DESIGNA in this respect to a reasonable extent.
9 Period and invoicing of service and maintenance services
9.a.I Service and maintenance agreements are concluded with a minimum term of five years. Thereafter the contractual relationship shall be renewed for a period of 12 months in each case, unless one of the contract parties gives three months' notice of termination to the end of the respective term. The total term of the Purchase & Service contract shall not exceed the maximum duration of nine years (not even through automatic continuation). Any term in excess of this shall require a separate written agreement.
9.a.II This shall not affect the right to extraordinary termination without notice for good cause. Good cause for extraordinary termination shall be deemed to exist if the continuation of the contractual relationship is unreasonable, taking into account all circumstances of the individual case, in particular if
>insolvency proceedings are opened against the assets of a contract party, an application for the opening of insolvency proceedings is rejected for lack of sufficient assets or the conditions for the opening of such proceedings or the rejection of such an application are met – insofar as permitted by law;
>a contract party breaches its contractual obligations and this breach is not terminated within a reasonable period of time upon written request by the other contract party;
9.a.III The remuneration for maintenance shall be invoiced monthly at the beginning of each invoicing month.
9.b
Price adjustments for ongoing fees such as for annual rights of use to software and for maintenance and support services:
9.b.l These ongoing fees are hedged on the basis of the consumer price index (CPI) published by the Federal Statistical Office of Germany (DESTATIS) in the currently valid version such that the obligation to pay the agreed fee increases or decreases to the extent that the consumer price index rises or falls. If the above-mentioned index is no longer published, the value shall be hedged in accordance with the index that replaces it and guarantees at least approximately the same economic effect or such a hedging clause.
9.b.II Costs for travel, accommodation and travelling time for the DESIGNA personnel engaged to carry out maintenance services shall be charged separately or determined by a pre-agreed flat-rate travel allowance. (Hotel category: 3 star, rail class: 2, kilometre allowance: for car journeys, flights: Economy, for overseas flights Premium Economy).
9.b.III These flat-rate fees do not include services resulting from changes to the operating system or hardware and/or changes to mutually program-dependent software programs and interfaces not covered by the contract, individual program modifications or reprogramming and program modifications due to changes in legal regulations if they require a change to the program logic, the elimination of faults caused by improper handling, failure to take prescribed measures such as data backups or by third parties and data conversions, restoration of databases and interface modifications.
9.b.lV DESIGNA shall be released from all service and maintenance obligations under the present contract if modifications to the contractual software programs are attempted or carried out by employees of the Client or third parties without the prior consent of DESIGNA, unless these changes are unrelated to the services to be provided by DESIGNA. This shall apply accordingly to use of the software programs in a manner contrary to the contract.
10 Supply of tickets and accessories
10.a
Printing documents produced by DESIGNA, such as typesets, printing plates, lithographs, photographically produced films and plates, cutting dies and other work aids provided for the production process, shall remain the unalienable property of DESIGNA, even if the Client has paid partial or full compensation for their value. This also applies to working aids provided by another company on behalf of DESIGNA.
10.b
DESIGNA guarantees perfect usability of the tickets supplied on the dispensing devices and readers. The provisions regarding storage and recommended service life of the respective products must be observed. Tickets and chip cards are subject to ageing effects during storage and use. DESIGNA recommends careful examination of the respective operating conditions.
10.c
Colour deviations may occur within or between different deliveries for production and material reasons. Proofs and sample tickets are therefore only approximately binding for the actual colours of the tickets supplied. Plastic tickets are essentially resistant to breakage and cracking in an ambient temperature range of -20 °C to +50 °C. Information on permissible storage periods and storage conditions is printed on the packaging.
10.d
Excess or short deliveries of up to 10 % of the ordered print run shall be recognised by the Client against payment. DESIGNA reserves the right to make partial deliveries. DESIGNA cannot be held liable for printing and production errors overlooked by the Client in the proofs designated by him as ready for printing. Typesetting changes ordered by telephone or telegraphically shall be carried out by DESIGNA without liability for correctness. The Client is strongly recommended to order changes in text form in an approval process. Orders manufactured as custom products cannot be changed after order confirmation and the full order quantity must be accepted.
10.e
The warranty period for tickets shall be limited to the permissible storage period indicated on the packaging, but shall not exceed two years. Within the warranty period, DESIGNA shall provide a warranty by repairing or replacing the goods at its own discretion, to the exclusion of any further claims. Complaints must be made in writing immediately after the defect is discovered, describing the fault and enclosing samples of the goods to which the complaint relates. Replaced goods shall in any case become the property of DESIGNA. This shall also apply in the event that the tickets supplied by DESIGNA are intended for use on systems not supplied by DESIGNA and these tickets exhibit a comparatively above-average number of functional errors when issued on the dispensing devices or when used on the reading devices and these errors are clearly attributable to the poor quality of the tickets supplied. If DESIGNA provides proof within a reasonable period of time that any functional errors are not attributable to the defective quality of the tickets supplied, the above obligations shall not apply.
10.f
Complaints regarding printing errors or delivery quantities must be made in text form within eight days of receipt of the goods. Rejected products must be kept until the complaint has been settled and, on request, shall be sent to DESIGNA or to a third party nominated by DESIGNA, at the Client's expense and risk, in the original packaging.
10.g
DESIGNA retains the copyright to and the right to reproduce its own designs. The Client shall be solely responsible for the right of reproduction of all artwork, logos or fonts, etc. provided by the Client. Insofar as DESIGNA is the owner of the rights of use under copyright and ancillary copyright law to the delivered printed products or parts thereof, the Client shall only acquire the right to distribute the delivered products upon acceptance of the delivery (§ 17 German Copyright Act); otherwise the rights of use, in particular the right of reproduction, shall remain solely in the hands of DESIGNA. DESIGNA shall have the exclusive right to use the means of reproduction (typesetting, films, etc.) and printed products produced by DESIGNA for the production of reproductions. DESIGNA shall not be obliged to check whether the Client has the right to reproduce the artwork provided or otherwise use it in the intended manner, but shall be authorised to assume that the Client is entitled to all the rights necessary for the execution of the order vis-à-vis third parties. The Client undertakes to indemnify DESIGNA against all claims asserted in this respect by third parties arising from infringements of copyrights, ancillary copyrights, other industrial property rights or personality protection rights, unless the underlying legal infringements are not attributable to the Client. DESIGNA must notify the Client of such claims without delay and, in the event of a legal claim, notify the Client of the dispute. If the Client does not join the proceedings as a party to the dispute in response to the notice of dispute, DESIGNA shall be entitled to recognise the claim of the plaintiff and to claim damages from the Client regardless of the legality of the recognised claim.
10.h
DESIGNA shall be authorised to print its company name or brand name on the printed products to be produced, even without special authorisation from the Client.
11 Duty to give notice of defects, warranty and liability
11.a
The Client must inspect deliveries and services immediately upon receipt for conformity with the contract. Short deliveries and incorrect deliveries as well as recognisable defects must be reported to DESIGNA immediately in writing, and defects recognisable at a later date must be reported immediately from the time of recognition, stating the reasons for complaint. This shall not affect the obligations to give notice of defects under commercial law.
11.b
Claims by the Client due to a defect in the item are initially limited to rectification or delivery of defect-free replacement goods at the discretion of DESIGNA. If the rectification fails, if it is unreasonable for the Client or if DESIGNA seriously and definitely refuses the rectification, the Client may reduce the price or withdraw from the contract at its discretion.
11.c
The commencement of the warranty period shall be governed by the statutory provisions. In the case of contractual services, the warranty period begins with the transfer of risk in accordance with §§ 446, 447 BGB. In the case of work services, the warranty period shall commence upon acceptance in accordance with § 640 BGB. This shall not affect any deviating statutory provisions.
11.d
Warranty claims become statute-barred after 12 months.
11.e
Warranty limitations: The devices, including the associated software, may only be operated by the Client in accordance with the instructions for use, operating instructions and licence terms. DESIGNA assumes no liability for defects and faults due to improper use or the use of unauthorised materials by the Client or third parties, improper or incorrect operation and care, or for natural wear.
11.f
Minor deviations, in particular with regard to surface finish, colour shades, design or software, shall not be deemed to be defects within the customary commercial tolerances and shall not entitle the Client to assert warranty claim
11.g
Malfunctions and defects due to defective and/or unstable preparatory services, in particular energy supplies, networks, etc. are completely excluded from warranty and/or compensation claims.
The warranty shall be voided in the event of unauthorised modifications or interventions in the subject matter of the contract.
11.h
DESIGNA generally delivers new parts to the Client. For certain spare parts, works-overhauled replacement parts (R parts) are available as an alternative at reduced prices and are offered as such. If the Client purchases R parts for replacement of a damaged part, the Client shall be obliged to return the defective part (D part) to DESIGNA within 30 days. The reduced prices for R parts are only possible due to the continuous return of D parts by the Client. If, after the return delivery, DESIGNA determines during the examination that a cost-effective reconditioning of the delivered part is possible, DESIGNA shall purchase the D part and credit the Client’s account with the amount according to the current DESIGNA price list that shall be made available to the Client on request. If the Client does not return any D parts to DESIGNA or if the majority of the D parts supplied cannot be cost-effectively reconditioned, DESIGNA shall have the right to exclude the Client from the possibility of purchasing R parts at any time with effect for the future.
11.i
DESIGNA shall not be liable for service interruptions due to force majeure. DESIGNA shall only be liable for other service interruptions to the extent that these exceed the permissible downtimes in accordance with clause 6.e.i.
11.j
If DESIGNA is prevented from the timely fulfilment of the delivery obligation by circumstances that only became apparent after the conclusion of the contract, in particular by force majeure, natural disasters, labour disputes, interventions by public authorities, supply difficulties, traffic disruptions, unforeseeable operational disruptions, dangers due to war or terrorist conflicts, unforeseeable, missing or untimely delivery by upstream suppliers or for other similar reasons, the delivery obligation shall be suspended for the duration of the hindrance and to the extent of its effect. DESIGNA must inform the Client immediately in text form that the temporary hindrance or impossibility of delivery or performance has occurred and for what reasons.
11.j.I If the suspension of the performance obligation is unreasonable for the Client, the Client shall be entitled to withdraw from the contract after the expiry of a reasonable grace period to be set by the Client.
12 Special warranty provisions for software
12.a Notwithstanding the applicability of clause 10, the following paragraphs contain special provisions for software. These shall always additionally apply, also and in particular to software provided by DESIGNA pre-installed on hardware supplied by DESIGNA.
12.b DESIGNA warrants that the software corresponds to the contractually agreed specifications, is free from third-party rights and has no faults which nullify or reduce the serviceability in relation to these specifications. This shall not apply in case of an insignificant reduction in the value or serviceability.
12.c If faults occur during the use of the software, the Client must report this to DESIGNA in text form immediately and in a comprehensible form, indicating all information necessary for identifying the fault. The Client shall support DESIGNA to a reasonable extent in eliminating faults and shall – as far as possible – demonstrate faults in a reproducible and conclusive manner.
12.d After receipt of the fault report, DESIGNA shall initially be entitled to rectify the problem. This shall be carried out at the discretion of DESIGNA by providing a data carrier with a fault-free version, by providing a work-around suitable for rectifying the problem (insofar as this is not unreasonable for the Client) or by online provision of a fault-free version. If the rectification fails, if DESIGNA refuses to rectify the fault or if it is unreasonable for the Client, the Client can demand a reduction of the remuneration or, if the restriction of use is unreasonable for the Client with regard to the overall performance, cancellation of the contract subject to the statutory conditions.
12.e Claims by the Client for faults in the software shall lapse if the Client modifies the affected software itself or has it modified by a third party without the consent of DESIGNA. This shall not apply if the Client proves that the faults still in question were not caused by the program modification carried out by him or the third party.
12.f DESIGNA shall not be liable for errors and damage caused by improper or non-contractual use of the software.
12.g DESIGNA shall only be liable for the loss of data and its recovery in accordance with the general limitations of liability pursuant to clause 10 if such a loss could not have been avoided by appropriate data backup measures on the part of the Client and only to the extent that the damage would have occurred even if such appropriate data backup measures had been taken.
12.h DESIGNA shall not be liable for disruptions in the retrievability of data stored on the contractual storage space on the Internet or other access to the server which are not attributable to the DESIGNA server or network, including the interface to the Internet, such as in particular faults due to the failure of lines or networks of other operators.
13 Compensation for damages
13.a
DESIGNA shall only be liable for damage caused by DESIGNA, its legal representatives or vicarious agents in the event of intent or gross negligence. The statutory liability for intentionally or negligently caused damage from injury to life, body or health as well as under the Product Liability Act and for the absence of a quality for which DESIGNA has assumed a guarantee and for the liability for the culpable breach of cardinal contractual obligations shall remain unaffected. In abstract terms, cardinal contractual obligations are such obligations whose fulfilment is mandatory to permit the very proper performance of the contract, and on the observance of which a contractual partner can regularly rely. Liability for breaches of cardinal contractual obligations caused by simple negligence shall be limited to compensation for the typically foreseeable damage, but up to a maximum amount of € 100,000 per claim. DESIGNA maintains corresponding cover of at least € 1 million for business liability insurance. A higher maximum sum shall require a new calculation and corresponding separate agreements between the contract partners.
13.b
The limitation period for claims for damages by the Client against DESIGNA is one year. The respective statutory limitation periods shall apply to claims under the Product Liability Act and in the event of grossly negligent or intentional behaviour on the part of DESIGNA and in the event of injury to life, limb or health and in the event of the assumption of a guarantee in accordance with clause 12.a sentence 2.
14 Payment
14.a
Prices and payment terms are set out in the respective order confirmation and are to be understood as net, duty unpaid and untaxed ex works prices. DESIGNA may request a bank guarantee to secure payments. If no other currency has been agreed, payments shall be made in EURO.
14.b
Unless otherwise agreed, the following payment terms shall apply: 50 % of the order value when the order is placed, 40 % of the order value when the goods are ready for delivery and 10 % of the order value 30 days after delivery.
14.c
Invoices issued by DESIGNA are payable 10 days from receipt of the invoice, free of charges and without any deductions. Payment orders, cheques and bills of exchange shall only be accepted with all associated charges if agreed separately, and in any case only on account of payment. In the event of default in payment, of an agreed or actually granted deferral, reminder fees of EUR 15.00 shall be agreed in each case.
14.d
If the Client is more than four weeks in arrears with a due payment, DESIGNA shall be released from all further service and delivery obligations, as well as warranty obligations and all other obligations for the duration of the delay.
14.e
Payments shall be deemed to have been made when the outstanding amount has been credited to one of the accounts listed on our invoice forms.
14.f
The Client may only offset undisputed or legally established counter-claims. The Client shall not be entitled to a right of retention due to claims that do not originate from the same contractual relationship.
14.g
If an agreement on securities has been made in the contract, DESIGNA shall be obliged to release the securities to which DESIGNA is entitled at the Client's request insofar as the realisable value of the securities exceeds the claims to be secured by more than 10 %; the choice of securities to be released shall be at the discretion of DESIGNA.
15 Retention of title
15.a
DESIGNA shall retain the title to the goods delivered until fulfilment of all claims against the Client.
15.b
The Client shall be obliged to expressly mark the goods as the property of DESIGNA until the passage of ownership.
15.c
The Client shall be obliged to treat the goods supplied under retention of title with care; in particular, the goods must be insured adequately at replacement value against fire, water damage and theft at the Client’s expense. If maintenance and inspection work is required, this must be carried out by the Client in good time at his own expense.
15.d
The Client shall also be obliged to prevent access by third parties to the goods supplied under retention of title with reference to DESIGNA's rights and to inform DESIGNA accordingly without delay.
15.e
In the event of default of payment, the Client shall be obliged to return the goods and the software products provided to DESIGNA immediately upon request. However, DESIGNA's demand for return shall only be deemed a cancellation of the contract if DESIGNA expressly declares this in writing. DESIGNA shall be entitled to utilise its retention of title to the goods and the rights of use in the software products provided elsewhere on the open market, whereby the proceeds shall be offset against its claim against the Client. In the event of default of payment, DESIGNA shall furthermore be entitled to perform future deliveries/services of any kind only against advance payment.
16 Final provisions
16.a
The GTC shall apply unless expressly stipulated otherwise in the contract. Collateral agreements, extensions and amendments must be made in writing for their validity. This shall also apply to any waiving of this requirement for the written form. No verbal ancillary agreements have been made and are deemed to have anyway been waived by mutual agreement upon conclusion of the contract.
16.b
The Client's general terms and conditions shall not apply. The absence of an express contradiction of such deviating terms and conditions shall not be interpreted as consent on the part of DESIGNA.
16.c The Client shall only carry out a permissible transfer or sale of the subject matter of the contract or parts thereof to third parties in compliance with and in accordance with statutory export bans and export restrictions.
16.d
The contract partners undertake to keep business and trade secrets or other confidential information secret for an indefinite period of time. "Confidential information" in this context is all information made available to the other contract partner verbally, in writing, on data carriers or in any other way, which is labelled "confidential", is readily recognisable as requiring confidentiality and/or any information which a prudent businessman would consider worthy of protection for the company holding the information. The obligation to maintain confidentiality shall not apply to such information a) that was known to the informed contract partner prior to the time of the information, and which the informed contract partner used freely and without confidentiality obligations; b) that was made accessible before or after the time of the information by an authorised third party for the purpose of free use and without any obligation to maintain confidentiality; or c) was known or generally accessible to the public before the time of the information; or d) became known or generally accessible to the public without violation of the present provisions at or after the time of the information. The obligation of confidentiality shall also not apply in the case of judicial/official obligations to disclose the information; in this case, however, only to the extent necessary vis-à-vis the respective court or authority.
16.e
The rights and obligations arising out of this agreement shall be transferred to the respective legal successors and/or the contract partners undertake to transfer rights and obligations arising out of this agreement to legal successors with legal effect.
16.f
The contractual relationship shall be governed exclusively by the laws of the Federal Republic of Germany, to the exclusion of the conflict of laws provisions. The provisions of the UN Convention on Contracts for the International Sale of Goods shall not apply.
16.g
Sole venue for all and any disputes arising out of or in conjunction with the contract shall be the court responsible for the registered office of DESIGNA if the Client is a merchant, a legal entity under public law or a special fund under public law. Notwithstanding the above, DESIGNA shall also be entitled to bring action at the Client's place of business. The agreement on the place of jurisdiction shall also apply if the Client has no general place of jurisdiction in Germany.
16.h
Contract language shall be either German and/or English, at the discretion of DESIGNA. Notwithstanding any translated versions of these General Terms and Conditions, the original German version shall apply exclusively in the event of any ambiguities or contradictions between the translated version and the German version.
Security Policy
dated 22/08/2022
1 Preamble
The object, scope, type and purpose of data processing result from the business relationship on the basis of the contract concluded between the parties. This Security Policy supersedes all previous agreements on this subject. This Security Policy supplements the contract concluded between the Client and DESIGNA, insofar as it relates to the processing of Client data, and shall be deemed to be an integral part of the contract. DESIGNA guarantees the following IT security measures within the scope of the relationship with the Client.
2 General technical and organisational measures
DESIGNA takes all measures necessary for the processing of the transmitted data in the data processing systems at all times in accordance with the GDPR and ensures that the internal organisation is structured in such a way that it meets the requirements of data protection. The following provisions apply regardless of where the server is hosted.
2.1 Monitoring of the intended use
The following measures ensure that data collected for different purposes is processed separately:
> Software-based (e.g. client separation)
> Separation through access control (database principle)
> Separation of test and current data
> Separation of test and operative systems (technology, programs)
2.2 Pseudonymisation
As far as possible for the respective data processing, the primary identification features of the personal data in the respective data application are removed and stored separately.
2.3 Input control
Input control guarantees that it is subsequently possible to check and determine whether and by whom personal data is entered into, changed in or removed from data processing systems. DESIGNA documents and records inputs/log files for this purpose.
>> Designa company head office at Faluner Weg 3, 24109 Kiel, Germany
- Logging in the ERP system
>> DESIGNA CLOUD
- Database tracing possible for 4 weeks
2.4 Privacy by Design & Privacy by Default
Appropriate default settings as part of the technical and organisational measures ensure that only that personal data is processed whose processing is necessary for the specified purpose of processing.
> Personal data is only collected if it is necessary for the processing of the purchase contract (e.g. season tickets, etc.)
> The setting of cookies in DESIGNA webshops is only possible with the user's consent
> The use of personal data for marketing purposes is only permitted with the active consent of the user
3 Technical and organisational measures for cloud hosting by DESIGNA
If the CLOUD hosting service is ordered via the contract, this ensures that security areas and the group of authorised persons or access authorisations are defined, access routes are secured accordingly and data carriers are controlled and stored securely. The following measures only apply if the server is hosted by DESIGNA.
3.1 Admission control
Unauthorised persons are prohibited from accessing data processing systems in which data is processed. The computer rooms are located in an office building that is categorised as earthquake-proof. Only IT, Facility Management and management staff have access to the rooms. Admission control is ensured by the following measure:
>> Designa company head office at Faluner Weg 3, 24109 Kiel, Germany
Key for server room only in the IT department, separate keyholder group
- Video surveillance of the server rooms
- Access to buildings only with key/chip card, alarm system
Presence in the security zone is recorded. Unauthorised personnel and external persons (service technicians, consultants, cleaning staff, etc.) may only enter the rooms when accompanied by authorised persons. Admission control is supported by the following additional organisational/technical measures:
>> DESIGNA CLOUD
- Access only for authorised persons with a collocation pass
- Video surveillance
3.2 Physical access control
Use of the data processing systems by unauthorised persons is prevented by the following measures:
>> Designa company head office at Faluner Weg 3, 24109 Kiel, Germany
- Passwords must have the defined complexity
- must contain at least 3 of the 4 categories upper case letters, lower case letters, numbers and special characters, and
- must not contain the account name or more than 2 consecutive characters of the user's real name.
- Password history 1 saved password
- The account will be blocked for 30 minutes after 30 unsuccessful login attempts
- Systems with WIN10 are encrypted with BitLocker
- Network sockets are protected by MAC address security (in the case of unknown devices, the socket is barred and can only be enabled by an administrator)
- Mobile access to Exchange mailboxes is only possible with administrator approval
Each authorised person has their own password, known only to them, which must be changed at regular intervals. Automatic log files are created of all activities on the data processing and telecommunications system. The use of data processing systems by means of data transmission devices by unauthorised persons is prevented by the following measures:
>> DESIGNA CLOUD
- Passwords must have the defined complexity
- must contain at least 3 of the 4 categories upper case letters, lower case letters, numbers and special characters, and
- must not contain the account name or more than 2 consecutive characters of the user's real name.
- Password history 1 saved password
- The account will be blocked for 1 minute after 30 unsuccessful login attempts
- Access to the network only via VPN/MPLS
3.3 Data access control
Measures are taken to ensure that the persons authorised to use a data processing system can only access their authorised data and that data cannot be read, copied, edited or deleted without authorisation during processing, use and storage. The restriction of the authorised person's access to the data exclusively subject to their access authorisation is ensured by the following measures:
>> Designa company head office at Faluner Weg 3, 24109 Kiel, Germany
- Authorisations to drives and mailboxes granted by the responsible department head based on the need-to-know principle, taking into account the higher-level authorisation concept
>> DESIGNA CLOUD
- Access only for administrators and Support
- Client authorisations only for own home and log directories
3.4 Transfer control
Measures are taken to ensure that personal data cannot be read, copied, edited or deleted without authorisation during electronic transmission or during its transport or storage on data carriers and that it is possible to check and determine at what point in time a transmission of personal data by data transmission devices is intended. The dispatch of data carriers is documented and controlled by registration and accompanying documents. It is not permitted to bring private data carriers into the rooms and use them. Data carriers are destroyed in the following manner:
> Magnetic data carriers by overwriting and physical destruction (external service provider)
Where the Internet is used to transfer personal data, the following security measures are used:
>> Designa company head office at Faluner Weg 3, 24109 Kiel, Germany and DESIGNA CLOUD:
- Access only encrypted (iPsec VPN or SSL-VPN), https
3.5 Separation control
Separate processing of data that has been collected for different purposes, e.g. multi-client capability, sandboxing;
>> Designa company head office at Faluner Weg 3, 24109 Kiel, Germany
- Via ERP system (Navision)
- Through unique system numbers (e.g. DE_xxxx) in the helpdesk
>> DESIGNA CLOUD
- Separation of individual Clients, separate SQL instances, separate organisational units, groups and users in the active directory, separate releases on file servers
3.6 Availability control
Protection against accidental or wilful destruction or loss, e.g. backup strategy (online/offline; on-site/off-site), uninterruptible power supply (UPS), virus protection, firewall, reporting channels and contingency plans
>> Designa company head office at Faluner Weg 3, 24109 Kiel, Germany
- Backup of the systems to disc (daily incremental, weekly full), copy of the full backup to encrypted tapes, storage in the bank's vault
- Backup system spatially separated
- Centralised virus protection
- Redundant firewall
- UPS for controlled shutdown of the systems
- Reporting channels and contingency plans
>> DESIGNA CLOUD
- Backup of the databases spatially separated
- Redundant Internet connection
- Redundant firewall
- Centralised virus protection
- UPS also using generators
- Reporting channels and contingency plans
- Rapid restorability (Art. 32 (1) lit. c GDPR);
3.7 Data protection management
Measures are taken to ensure that a data protection management system is in place and implemented. Data protection management is divided into the following points:
> Records of processing activities
> Data processing
> Data protection impact assessment
> Incident response management
> Reporting of breaches of data protection
> Further training
> PDCA (Plan, Do, Check, Act): regular reviews
3.8 Incident management
Measures have been taken on how the controllers should react to possible scenarios. These include data security breaches, DoS (Denial of Service), DDoS (Distributed Denial of Service), gaps in the firewall, outbreaks of viruses or malware and threats from insiders.
Incident response management is broken down into six important phases:
> Preparation: Both users and IT staff are trained or informed that potential incidents may occur and what steps need to be taken.
> Identification: Determining whether an event is a breach of data protection.
> Containment: Limitation of the damage caused by the incident and isolation of the affected systems to prevent further damage.
> Elimination: Determination of the cause or trigger of the incident and removal of the affected systems from the productive environment.
> Recovery: Integration of affected systems back into the productive environment after ensuring that there are no further threats.
> Findings: Completion of the incident documentation and analysis of what the team or company can learn from the incident. In this way, future responses can possibly be improved.
4 Access to Client data
In order to be able to provide appropriate support in the event of problems, DESIGNA as data processor reserves the right to access the Client's system or data, provided that such access is covered by the purchase agreement between DESIGNA and the Client or the Client has consented to such access, or the reseller has forwarded the desired service request to DESIGNA on behalf of the Client.
DESIGNA guarantees that:
> Physical access to the data centre hardware only takes place if the Client has purchased cloud hosting services from DESIGNA;
> Access to the Client's data via the remote maintenance tool only takes place in the case described above and only with the consent of or on behalf of the reseller and/or the Client;
> Access to the local devices is only granted in the event of support at the request of the Client or the reseller.
5 Processing
In addition to the present business relationship, these provisions on processing ensure that all mutual obligations under the General Data Protection Regulation ("GDPR") are fulfilled.
DESIGNA processes personal data on behalf of the Client, whereby the subject matter, scope, type, categories of data processed, the purpose of the processing and the categories of data subjects (Client data) as well as the duration of the processing result from the respective purchase contract between the contract parties. These provisions on processing therefore supplement all contracts concluded between the Client and DESIGNA insofar as they relate to the processing of personal data.
Data processing by DESIGNA takes place exclusively in a member state of the European Union, whereby cross-border data processing in accordance with Art. 4 (23) GDPR (within the Union) must be communicated to the Client as the controller in good time before the start of processing so that the Client can object. Silence in response to this notification means consent to the processing.
5.1 Obligations of the processor
With the signing of the purchase contract, the Client agrees to the technical and organisational measures set out in this policy. By implementing this policy and complying with the Client's general and individual instructions with regard to personal data (e.g. erasure of Client data, anonymisation of data), DESIGNA guarantees a state-of-the-art level of protection of the contractual data applications, so that claims of any kind can only be asserted in the event of a breach.
DESIGNA is obliged to appoint a data protection officer who performs his or her duties in accordance with Art. 38 and 39 GDPR. The processor shall provide the Client with the contact details of the data protection officer on request. The Client must be informed immediately of any change of data protection officer. The latest contact details of the data protection officer are easily accessible on the processor's website.
Changes to the technical and organisational measures that ensure a consistent level of protection (or increase the level) for processed personal data shall be deemed approved and shall be communicated to the Client on request, but must not be communicated to the Client by DESIGNA.
DESIGNA shall take the technical and organisational measures described above to ensure that the Client can exercise the rights of data subjects in accordance with Chapter III of the GDPR (information, access, rectification, erasure, restriction, data portability, objection and automated decision-making in individual cases) within the statutory time limits.
5.2 Data processing
DESIGNA undertakes to process personal data only within the framework of existing contracts and in accordance with the Client's individual documented instructions. Insofar as DESIGNA is legally obliged to disclose the data to third parties, DESIGNA shall inform the Client of the legal obligation to disclose the data. Any other forwarding of data for purposes outside the contractual relationship shall only take place on the instructions of the Client on the basis of a written order.
DESIGNA shall ensure that all persons entrusted with data processing are bound to data secrecy before commencing their activities – and also after termination of their activities – or are subject to a corresponding statutory duty of confidentiality.
5.3 Information obligation
DESIGNA supports the Client in the fulfilment of the obligations specified in Art. 32 to 36 GDPR (security of processing, notification of personal data breaches to the supervisory authority, notification of the data subject affected by a personal data breach, data protection impact assessment, prior consultation) and in the fulfilment of its obligations with regard to data subject rights under Art. 12 to Art. 22 GDPR (in particular duty to provide information, right of access, rectification, erasure, restriction of processing and data portability; right to object).
On request, DESIGNA shall provide the Client with all necessary information (e.g. existing certifications, technical and organisational measures, etc.) in order to demonstrate compliance with the obligations specified in Article 28 GDPR (obligations of the processor).
In addition, DESIGNA enables and contributes to the performance of audits – including inspections – by the Client or another auditor authorised by the Client.
DESIGNA shall inform the Client immediately if there is a breach of the GDPR or if DESIGNA is of the opinion that an instruction from the Client breaches the data protection provisions of the Union or the Member States.
5.4 Processing control
Measures are taken to ensure that personal data that is processed on behalf of the Client is only processed in accordance with the Client's documented instructions. DESIGNA maintains contracts with external parties for the following types of processing:
> Data processing by external parties
> Data carrier destruction / disposal by external parties
> Maintenance and remote maintenance by external parties
> Administration / remote administration by external parties
The processing of personal data on behalf of the Client – only in accordance with the Client's instructions – is guaranteed by the following measures.
> Written instructions
> Offer and order confirmation
> Pseudonymisation
5.5 Sub-processors
DESIGNA shall be authorised to use sub-processors for the processing of personal data. Intended changes with regard to the sub-processor must be notified to the Client in writing in good time so that the Client can object to the change. Exceptions to this rule are situations in which notification is not possible or feasible (in particular in the event of imminent danger). DESIGNA concludes a written contract with the sub-processors and agrees with them mutatis mutandis the same data protection obligations as described in this chapter.
The following sub-processors are engaged by DESIGNA:
> Designa Digital Solutions GmbH
> Anexia lnternetdienstleistungs GmbH
> DESIGNA Verkehrsleittechnik GmbH
In the case of a purchase contract with an official DESIGNA reseller, DESIGNA shall supply data only to the respective contract partner (partner or reseller).
6 Confidentiality
DESIGNA guarantees that all persons involved in data processing are obliged to maintain confidentiality before commencing their activities – whereby confidentiality remains in force even after the end of their activities – or that they are subject to an appropriate legal obligation to maintain confidentiality.
7 Return and erasure
DESIGNA undertakes to delete or return all personal data after completion of the provision of the processing services in accordance with the Client's payment and to delete the existing copies, unless there is an obligation to store the personal data under Union law or the law of the Member States.
8 Termination of the contract
Upon termination of the underlying business relationship, DESIGNA shall return all personal data to the Client in a format customary for data processing or delete it, unless there is an obligation to retain the personal data under Union law or the law of a Member State.
9 Final provisions
The Security Policy has the same term as the business relationship between DESIGNA and the Client. Its final provisions shall apply accordingly to the processing contract.
