Terms of service, terms of use and privacy information for the

IDERI note mobile push notification service

 

I. Service description

1. procedure

a) Test order / Order

In the first step, the customer must order the licenses online in a binding manner and agree on the associated order processing provisions. This also applies to the free order of test licenses.

b) Installation of certificates on the customer's push server

For the installation the customer needs the company name exactly as it is stored at IDERI and his license key. Then, at the customer's instigation, the private and public keys of the customer's push server are generated and a Certification Signing Request as well as customer name and license number are sent to the IDERI note Push-Relay . There, the license is verified and, if positive, a certificate is generated for the customer using the self-signed Certification Authority key. The customer's license information contains the license data (number, term) in encrypted form.

c) Entry in the directory

The certificate and the private key (complete certificate chain in PEM format) must be entered by the customer in the local registration database of the IDERI note server, so that it can also authenticate the mobile devices, which cannot themselves be members of the customer's AD.

d) App download and registration of the mobile devices

The user downloads the IDERI note app from the Google Play Store or Apple App Store. Next, he must agree to the present Terms of Use for the functional explanation of the service and for the use of his personal data, otherwise the service cannot be provided. At the same time, he receives the data protection information according to Art. 13 GDPR in this document.

The individual user must first register with the Apple Push Notification Services (APNS; for IOS devices) or Firebase Cloud Messaging (FCM; for Android devices) and with the customer's IDERI Push Server. In doing so, the user receives a push token from the respective gateway and the public keys required for end-to-end encryption are exchanged between the user and the IDERI note Server.

e) Sending of Push Messages

Push notifications can only be received if the user has explicitly agreed to the push procedure. 

Push messages are sent via the customer's IDERI note server and the IDERI note Push Relay of IDERI GmbH, which sends the push messages to the respective push gateway of the mobile operating system provider (IOS and Android). The IDERI Push Relay is operated in the EU or Germany Cloud by Microsoft Azure from Microsoft Ireland. The maintenance of the EU and Germany Cloud is partly done from countries outside the EU and EEA.

The data is then sent encrypted via the push gateways of Google and Apple, but these can only read metadata, the content data is end-to-end encrypted with the recipient's public key in addition to the transport layer encryption and cannot be read by the push gateway operators.

IDERI GmbH has concluded data protection agreements with Microsoft, Google and Apple, as well as the validity of the EU standard contractual clauses of 4.6.21.

f) Log files

For the operation of the IDERI note server, relays and gateways and for troubleshooting on server, relay and gateway, the validity period, IP address, sender and length of the message are each recorded as a log file and stored for 6 months. The encrypted content data will be stored for the period of 6 months as well.

 

II. Terms of Use

1. registration to receive push messages

To register for the push messages, you must consent to receive push messages. In this process, the registration time, device ID and push token assigned by the push gateway will be stored. In addition, a key pair is created for you, which ensures the end-to-end encryption of the push messages from the operator of the IDERI note server to you. The legal basis for the processing is Art. 6 I a GDPR.

2. receipt of push messages

If you have registered and consented to receive push messages, you will receive messages from the operator of the associated IDERI note server. In the process, the time of the message, the validity period, the sender and the IP address of the recipient are recorded by the operator of the IDERI note server (sender) and the push relay (IDERI GmbH). The validity period of the message, the push token and the IP of the recipient are recorded by the operator of the push gateway (Google or Apple). The content of the message is not known to the operator of the relay or the operator of the gateway, as the message is end-to-end encrypted.

3. purposes of processing

The data is only used for the operation of the push dispatch as well as for its verification in case of errors and discrepancies during dispatch on the basis of Art. 6 I a GDPR vis-à-vis the user and according to Art. 6 I b vis-à-vis the IDERI note server operator. In addition, the data is evaluated in anonymous form for statistical purposes on the basis of Art.6 I f GDPR.

4. consent

You can revoke your consent to the use of your personal data to receive our push notifications at any time with effect for the future. You can revoke your consent in the settings for receiving push notifications in the IDERI note app or centrally in the settings of your device for the permissions of the IDERI note app. You can object to the use for statistical purposes at any time, as long as this data has not been anonymized.

5 License management

The operator of the IDERI note server is obliged to prove the number of licenses used and the consent of the recipients by technical means or by separate declaration to IDERI GmbH. For this purpose the customer can show to the company e.g. the list of issued certificates for the mobile gateway access. The user agrees with the license control, as this is necessary for the operation of the services.

6. content restriction for push messages

The IDERI note Relay may not be used for vital purposes and purposes required for the operation of critical infrastructure or concerning their data (e.g. stock exchange announcements).

7. liability

Due to the technical design and the lack of verifiability of the push message dispatch, the respective delivery of the push message can neither be guaranteed by the operator of the push relay nor by the operator of the push gateway (Google or Apple, respectively). For this reason, no liability can be assumed for the actual delivery, it is only assured that at least one forwarding of the push message to the push gateway is undertaken. Depending on the feedback of the gateway and the respective validity period of the message, it is possible that further delivery attempts will be made, but no liability can be assumed for this, nor for the correct feedback of the push gateway for the receipt of the message, as this is beyond the control of the relay operator.

In addition, the general terms and conditions of the relay operator apply.

 

III. data protection information

1. name and contact details of the responsible person

The responsible party within the meaning of Art. 13 Para. 1 Letter a DS-GVO is

IDERI GmbH

Gerhard-Koch-Str. 2

73760 Ostfildern

Telephone: +49 (0)711 34167060

Fax: 49 (0)711 34167061

E-Mail: info@ideri.com

Managing director authorized to represent:

Alexander Knopp

2. contact details of the data protection officer

You can reach our data protection officer at the following e-mail address: datenschutz@ideri.com.

3. purposes and legal basis of processing

We offer the Push Notification Service exclusively on the basis of a contract with the customer and the user's consent. The legal basis vis-à-vis the customer is Art. 6 I b GDPR and vis-à-vis the user Art. 6 I a GDPR.

If the processing is necessary to protect vital interests of the data subject or another natural person, it is also possible to send information on the basis of Art. 6 I d GDPR.

4. recipients of personal data

Recipients of messages are the employees designated by the customer or other authorized recipients on behalf of the customer. The data is sent encrypted via the push gateways of Google and Apple, but these can only read metadata, the content data is end-to-end encrypted with the recipient's public key in addition to the transport encryption and cannot be read by the push gateway operators.

5. storage period

The contents of the messages will be deleted no later than 6 months after the initial sending of the message. This also applies to metadata and log data, unless longer storage is necessary for the defense of legal claims or to combat abuse or troubleshooting. Log data is also stored for a maximum of 6 months and then either deleted or completely anonymized for further use for statistical purposes.

6. data subject rights

You have a right to information (Art. 15 DS-GVO) as well as a right to correction (Art. 16 DS-GVO) or deletion (Art. 17 DS-GVO) or to restriction of processing (Art. 18 DS-GVO) or a right to object to processing (Art. 21 DS-GVO) as well as a right to data portability (Art. 20 DS-GVO).

You also have the right to lodge a complaint with the data protection supervisory authorities in the European Union. The competent data protection supervisory authority is the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart.

 

General Terms and Conditions of IDERI GmbH for mobile push services

(as of 01.01.2022)

1 SCOPE

1.1 Our offers, services and deliveries are made exclusively on the basis of these terms and conditions. These terms and conditions shall be deemed accepted at the latest upon receipt of the service. Counter-confirmations with reference to our own terms and conditions are hereby contradicted unless we have explicitly agreed to their validity.

1.2 Individual agreements take precedence over these terms and conditions.

 

2 OFFER

2.1 Our offers are always subject to change and non-binding.

2.2 We reserve the right to make technical and design deviations from descriptions and information in brochures, catalogues and written documents, as well as changes in the course of technical progress, without this giving rise to any rights against us.

 

3 PRICES

3.1 All prices are ex registered office Ostfildern. Any agreements to the contrary must be expressly confirmed.

3.2 Price quotations which are recognisably directed exclusively at commercial customers shall, in case of doubt, be understood to be exclusive of statutory value added tax.

 

4 PERFORMANCE TIME

4.1 The dates and deadlines stated by us are non-binding unless expressly agreed otherwise.

4.2 Delays in performance due to force majeure and/or due to events that make performance significantly more difficult or impossible for us, e.g. operational disruptions, strikes, difficulties in procuring materials, official directives, etc., shall entitle us to postpone delivery for the duration of the hindrance plus a reasonable start-up period or to withdraw from the contract in whole or in part due to the part that has not yet been fulfilled.

4.3 Otherwise, we shall only be in default if the customer has set us a grace period of at least one month in writing. In the event of default, the customer shall be entitled to compensation for default in the amount of 0.5% for each full week of default, but in total up to 5% of the invoice value of the services affected by the default. Claims beyond this, in particular claims for damages of any kind, are excluded.

4.4 If, at the request of the client, services already scheduled have to be cancelled or postponed less than 10 working days before the agreed start of the service, we shall charge the following cancellation fees: cancellation costs incurred for travel in the full amount and a cancellation fee of 25% of the scheduled amount for the cancelled services. In the event of cancellation or postponement less than 5 working days before the agreed commencement of services, the cancellation fee shall be increased to 50%; in the event of cancellation or postponement less than 2 working days before the agreed commencement of services, the cancellation fee shall be increased to 100% of the scope provided for the cancelled services. The customer reserves the right to prove that the cancellation has not led to any damage or to a significantly lower damage than this flat rate.

4.5 Partial services and their separate invoicing are permissible insofar as this is reasonable for the customer.

 

5 WARRANTY

5.1 The warranty period vis-à-vis consumers is 24 months, vis-à-vis entrepreneurs 12 months. In the case of digital products or services, notwithstanding this No. 5, the statutory warranty and limitation periods of §§ 327 ff. BGB.

5.2 The customer shall notify obvious defects in writing without delay as soon as he becomes aware of them.

5.3 If a defect occurs, the customer is obliged to report it in writing within two weeks of its first occurrence. Within the scope of the written notice of defect, the defect and its manifestation shall be described in such detail that it is possible to verify the defect.

5.4 If the notice of defect proves to be justified, the customer shall set us a reasonable deadline for subsequent performance. The customer shall inform us which type of subsequent performance - improvement of the delivered item or delivery of a new, defect-free item - he wishes. However, we shall be entitled to refuse the chosen subsequent performance if this can only be carried out at disproportionate cost and if the other type of subsequent performance, in the case of software e.g. by means of updates or patches or workarounds, would not entail any significant disadvantages for the customer. We may also refuse subsequent performance altogether if it can only be carried out at disproportionate cost.

5.5 We are entitled to two attempts within the set period to carry out subsequent performance for the same or directly related defect. After the second failed attempt at subsequent performance, the customer may withdraw from the contract or reduce the remuneration. The right of withdrawal or reduction may already be exercised after the first unsuccessful attempt at subsequent performance if further attempts within the set period cannot reasonably be expected of the customer. Withdrawal due to an insignificant defect is excluded.

5.6 In the event of material defects in hardware and standard software supplied by third parties as well as in the event of the involvement of third parties for maintenance services, we shall be entitled to assign our corresponding claims against our supplier, the manufacturer or other third parties to the customer for the purpose of rectification or replacement delivery, unless this is unreasonable for the customer.

5.7 Damage caused by improper or non-contractual measures taken by the customer during set-up, connection, installation, operation or storage shall not give rise to any claim against us.

5.8 In the event of interventions by the customer in the subject matter of the contract, in particular in the programme code, which are not expressly permitted by the operating instructions or other instructions for use, the customer shall not be entitled to any claims for defects if the customer cannot demonstrate and prove to us that the defect is not due to the intervention.

 

6. LIABILITY

6.1 Liability - irrespective of the legal grounds and in particular due to loss of confidentiality, availability or integrity of data or consequential damage arising therefrom - is excluded insofar as liability arises from the following provisions. We shall be liable for intent and gross negligence in accordance with the statutory provisions. In the event of slight negligence, we shall only be liable if a cardinal obligation (obligation the fulfilment of which is a prerequisite for the proper performance of the contract and the observance of which the contractual partner may regularly rely on) is breached or in the event of default or impossibility. In the event of liability arising from slight negligence, this liability shall be limited to such damages as are foreseeable or typical, but no more than the agreed remuneration. This limitation of liability shall also apply in the case of liability for slight negligence in the event of initial incapacity. Liability for the absence of warranted characteristics, for fraudulent intent, for personal injury, defects of title, under the Product Liability Act and the Federal Data Protection Act shall remain unaffected.

6.2 Liability due to interruption, malfunction or other events causing damage, which are based on telecommunication services provided by us or by third parties for which we are liable, is limited to the amount of the recourse possible for us against the respective telecommunication service provider. We shall not be liable for the functionality of the communication facilities to the servers that are the subject of the contract, in the event of power failures and in the event of failures of servers that are not within our sphere of influence.

6.3 We are not responsible for material defects in deliveries that we obtain from third parties and deliver to the customer unchanged as agreed; liability in the event of intent or gross negligence remains unaffected.

6.4 Liability for open source software provided free of charge to the customer for installation alongside the software supplied by us is excluded. In cases where our software does not function without the open source software, liability for the open source software is limited to intent and gross negligence. No liability is assumed for the contents of the customer's data backups.

6.5 All claims directed against us are not assignable without our written consent and can only be asserted by the customer itself, insofar as §354a of the German Commercial Code (HGB) does not conflict with this.

 

7 PAYMENT

7.1 All prices are exclusive of statutory VAT and, in the case of deliveries of goods, exclusive of ­transport and insurance costs.

7.2 If acceptance has been agreed for the delivery or service, we shall be entitled to invoice partial services already rendered, which may be invoiced on a monthly basis.

7.3 Unless otherwise agreed, our invoices are due for payment immediately without deduction.

7.4 We shall be entitled to set off payments against the customer's older debt first, despite the customer's provisions to the contrary. If costs and interest have already been incurred, the payments shall be set off against the costs, then against the interest and finally against the principal claim.

7.5 If the customer is in default, we shall be entitled to charge interest from the relevant date at the rate customary in banking, but at least 8% above the base rate.

7.6 If the customer does not fulfil his payment obligations in accordance with the contract or if he suspends his payments or if we become aware of other circumstances which call into question the creditworthiness of the customer, we shall be entitled to declare the entire remaining debt due or to demand advance payments or the provision of security.

7.7 The customer is only entitled to set-off, retention or reduction, even if notices of defects or counterclaims are asserted, if we expressly agree or if counterclaims have been legally established.

 

8. Retention of title

8.1 We retain title to the delivered goods until full payment of the goods, vis-à-vis entrepreneurs until payment of all claims to which we are entitled and which may still arise, irrespective of the legal grounds.

8.2 Processing or transformation shall always be carried out on our behalf, but without any obligation on our part. If our (co-)ownership expires due to combination, it is already agreed now that the customer's (co-)ownership of the uniform object shall pass to us in proportion to the value (invoice value). The customer shall keep our (co-)ownership in safe custody free of charge. Goods to which we are entitled to (co-)ownership are hereinafter referred to as reserved goods.

8.3 The customer is entitled to process and sell the reserved goods in the ordinary course of business as long as he is not in default. Pledges or transfers by way of security are not permitted. The customer hereby assigns to us by way of security all claims arising from the resale or other legal grounds in respect of the goods subject to retention of title. We authorise the customer in a manner that is always revocable to collect the claims assigned to us for his invoices in his own name. Upon our request, the customer shall disclose the assignment and provide and submit the necessary information and documents.

8.4 In the event of access by third parties to the goods subject to retention of title, in particular in the event of seizure, the customer shall draw attention to our ownership and notify us immediately. Any costs incurred shall be borne by the customer.

8.5 In the event of conduct by the customer in breach of the contract, in particular in the event of default in payment, we shall be entitled to take back the reserved goods at the customer's expense or, if necessary, to demand assignment of the customer's claim for return against third parties.

 

9 BACKUPS

9.1 The customer shall regularly make backup copies of data and programmes (including the operating system) on a suitable backup medium at short intervals and to an extent corresponding to the risk.

9.2 The Customer shall ensure through regular tests that the backups are readable and can be properly restored.

9.3 The Client shall ensure that backup data from the last six months can be restored.

 

10 SERVICES

10.1 Projects may only be terminated in accordance with the Contract at the end of the relevant Project Phase as set out in the Statement of Work.

10.2 The contract shall only contain the respective scope of services specified at the beginning of the project. Contract amendments are only possible with our consent. We are not obliged to make substantial changes to the contract. The customer undertakes to extend agreed deadlines appropriately in the event of contract amendments.

 

11 SOFTWARE

11.1 We do not guarantee that the software will meet the customer's special requirements or that it will work together with the customer's programmes or the customer's existing hardware, unless this has been expressly promised by us in writing.

11.2 The software development services to be provided by us shall be governed by the specifications agreed by both parties as part of the contract; clause10 .2 shall apply accordingly.

 

12 PROPERTY RIGHTS AND COPYRIGHTS

12.1 Third-party software that we are to install on the customer's systems at the customer's request must be provided by the customer. The customer shall ensure that the required number of software licences is provided in accordance with the terms of the licensor.

12.2 We shall indemnify the customer against all claims brought against him in connection with the use of the software created by us for infringement of copyrights, patents or other intellectual property rights, provided that

- the customer informs us immediately of any allegations of infringement made,

- the customer does not acknowledge any such claims without our consent,

- the customer allows us to conduct all negotiations and proceedings and gives us the necessary support, whereby all negotiation and procedural costs shall be borne by us.

12.3 The foregoing obligation shall not apply if the copyright or patent infringement or other impairment of rights is due to the fact that the software or parts thereof are used with devices or programs which were not supplied by us or the combined use of which was not consented to.

12.4 The foregoing provisions shall govern our entire liability in connection with any infringement of copyright, patent rights or other intellectual property rights.

 

13. Acceptance for work performance

13.1 After the installation or completion of the subject matter of the contract and its testing, we shall notify the customer in writing of its functionality and request the customer to accept it.

13.2 The customer may then check the functionality. In the event that acceptance capability exists, the customer shall declare acceptance in writing without delay - in case of doubt within ten working days.

13.3 If the customer does not accept the goods within this period, acceptance shall nevertheless be deemed to have taken place. The date of receipt of the letter by the customer shall be decisive for the expiry of the deadline. If the customer puts the software into operation or pays the remuneration without written objection, this shall be deemed equivalent to acceptance.

13.4 Acceptance may not be refused due to the existence of insignificant defects.

 

14.  Confidentiality and secrecy

14.1 The parties mutually undertake to keep all business and trade secrets, including offer documents, secret and not to disclose them to third parties or to exploit them in any way. The documents and other information which the respective other contractual partner receives on the basis of the business relationship may only be used by the latter within the scope of the respective purpose of the contract.

14.2 The customer is in particular obliged to use all information about the non-obvious components and properties of software created or adapted by us, such as code and mode of operation, which it receives within the scope of its contractual relationship with us only for the purposes of this contractual relationship and otherwise to keep it secret. Any disclosure of such information to third parties which is necessary for these purposes requires that the customer imposes the same obligation of confidentiality on the recipient of such information. The aforementioned obligation shall not apply to such information which is demonstrably public knowledge or which belongs to the known state of the art or which had already come to the knowledge of the customer before it was disclosed by us or which was disclosed to the customer again after it was disclosed by the other contracting party by third parties who were not subject to any confidentiality obligation vis-à-vis us.

14.3 The parties shall ensure by means of suitable agreements with employees and other auxiliary staff and vicarious agents and suitable organisational measures that they are subject to the same duty of confidentiality.

14.4 These obligations shall continue to apply after termination of the contract.

 

15.  Data protection

15.1 The Customer shall ensure that its IT systems and data files comply with the provisions of the EU Data Protection Regulation as well as the provisions of the Federal Data Protection Act, the State Data Protection Act and the special data protection provisions applicable in each case, depending on the area of application. This applies in particular to the collection, processing and use of data.

15.2 The customer shall ensure that no actions are taken in the course of the performance of the contract that violate existing data protection provisions. In individual cases, the person responsible for data protection (data protection officer) to be appointed by the customer shall coordinate with us.

 

16.  Changes to the terms of the contract

16.1 Unless otherwise provided, we are entitled to amend or supplement these Terms and Conditions as follows; the same applies to the price list on which our services are based, which we may amend at our reasonable discretion (Section 315 (3) BGB).

16.2 We shall notify the customer of any changes or amendments in text form at least six weeks before they take effect. If the customer does not agree with the changes or additions, he may object to the changes with a notice period of one week from the date on which the changes or additions are intended to take effect. The objection must be in text form. If the customer does not object, the changes or additions shall be deemed to have been approved by him. When announcing the changes or additions, we shall specifically draw the customer's attention to the intended significance of his conduct.

16.3 This provision does not apply to consumers pursuant to § 13 BGB.

 

17.  Change Request Procedure FOR INDIVIDUAL SOFTWARE

17.1 The Change Request Procedure shall apply to any change to the content of the Contract, in particular to the software-related services, as well as in all other cases in which the application of the Change Request Procedure is provided for. The Change Request Procedure is initiated by one Party submitting a Change Request. Each Party shall process Change Requests from the other Party without undue delay.

17.2 The Change Request Procedure shall, in the event that the Parties agree, terminate upon the conclusion of a Change Agreement. Neither Party shall be obliged to perform under a Change Request until a corresponding Change Agreement has been concluded.

 

18.  Termination of contract, termination for cause

18.1 The right of each contracting party to terminate the contractual relationship entered into extraordinarily and without notice in the event of good cause shall remain unaffected. Good cause shall be deemed to exist if facts are given on the basis of which the terminating party can no longer be expected to continue the contract, taking into account the interests of all circumstances of the individual case and weighing the interests of the contracting parties.

18.2 An important reason exists for us in particular in any case in which

- the client is in default of payment of the agreed remuneration for two consecutive dates or the client is in default of payment of the remuneration in a period extending over more than two dates in an amount corresponding to the remuneration for two months;

- the customer is insolvent or insolvency proceedings have been opened over his assets or the application for the opening of insolvency proceedings has been rejected for lack of assets; however, after the application for the opening of insolvency proceedings over the customer's assets, we will not terminate the contract due to a delay in the payment of the remuneration that occurred in the period prior to the application for the opening of insolvency proceedings or due to a deterioration in the customer's financial circumstances;

- the customer repeatedly breaches essential contractual obligations.

 

21. Special right of termination at the end of the life cycle of IT systems

21.1 We may terminate contracts for IT systems in writing with three months' notice to the end of any calendar quarter if the customer rejects an offer by us to switch to a current version or design of hardware or software for a reasonable fee or if the life cycle of the contractual hardware or software used by the customer has expired.

21.2 The life cycle of the contractual hardware or software ends two years after the last delivery or installation at the customer's premises.

21.3 If the discontinuation of maintenance represents an unreasonable hardship for the customer because it was already apparent at the time the contract was concluded that maintenance would still be required at a later date, the customer may request the extension of the maintenance in writing six months before the maintenance is discontinued. In this case, we shall provide the maintenance as individual maintenance for an appropriate fee, provided this is technically possible.

 

22 LEGAL ORDER AND JURISDICTION

22.1 In dealings with merchants, legal entities under public law or special funds under public law, Ostfildern is agreed as the place of jurisdiction, insofar as §§ 38, 40 ZPO do not conflict with this.

22.2 The law of the Federal Republic of Germany shall apply exclusively. The application of the UN Convention on Contracts for the International Sale of Goods is expressly excluded.