General Terms of Service
HybridOffice21 GmbH, January 2024
1. General | Scope
1.1 These General Terms of Service (“GTS”) apply to all contracts between HybridOffice21 GmbH registered with the District Court of Berlin Charlottenburg, Germany, under number HRB 226685 with its registered offices at Kastanienallee 98b, 10435 Berlin, Germany (“yoffix”) and business owners (Unternehmern) within the meaning of § 14 of the German Civil Code to whom yoffix provides access to its Services as defined below (“Customer”).
1.2 These GTS shall govern each ordering document or any online or in-app ordering process that references these GTS (each an “Order Form”). The terms of each Order Form will incorporate the terms of these GTS and will form a separate Services Contract with respect to the services under that Order Form (a “Services Contract”).
1.3 These GTS shall also apply as a framework agreement for future contracts with the same Customers without yoffix being required to refer to them again in each individual case. They shall be deemed to be confirmed by Customer at the latest when yoffix provides the Services.
1.4 These GTS apply exclusively. Different, conflicting or supplementary standard terms of business of Customer shall only become part of the contract if and to the extent that yoffix has consented to their application in writing.
1.5 Individual agreements made in writing with Customer in specific cases (including ancillary agreements, supplementary agreements and amendments) shall take priority over these GTS.
1.6 Where these GTS mention the terms ‘written’, ‘in writing’, ‘written form’ or similar, this shall refer to ‘in writing’ in the sense of § 126 German Civil Code. The electronic exchange of copies of signed documents shall suffice in this regard whereas the exchange of simple e-mails shall not be sufficient.
1.7 References to the application of statutory provisions shall be for clarification purposes only. Consequently, statutory provisions shall also apply without such clarification provided that they are not directly amended or expressly ex cluded in these GTS.
2. License Grant
2.1 Subject to the terms and conditions of the Services Contract, yoffix hereby grants to Customer, during the Initial Service Term and any Renewal Service Term, a non-exclusive, non-transferable, non-sublicensable world-wide right and license to use the yoffix software as software-as-a-service and to access and use yoffix’ websites, spaces, services and applications as designated in the Order Form (collectively the “Services”) for internal business pur poses only, and for the number of Users that are registered for the Services (“Licenses”). The Services are offered as prescribed by the yoffix documentation located at an URL further specified by yoffix or attached as an exhibit to the Order Form (as it may be updated from time to time, the “Documentation”).
2.2 Customer may permit its employees, its Affiliates (and employees thereof) to use the Services (collectively “Permitted Users” and any individual using the Services a “User”) provided that (A) Customer shall procure that Permitted Users comply with the terms of these GTS and Customer shall remain responsible and liable for all acts and omissions of Permitted Users; (B) the Services are used solely for the benefit of Customer or any of Customer’s Affiliates. “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under direct or indirect common control with Customer or yoffix respectively, or which is a wholly owned subsidiary of Customer or yoffix respectively, where ‘control’ means owning, directly or indirectly, at least fifty-one percent (51%) of the equity securities or equity interests of such entity.
3. License Restrictions
3.1 Customer shall not (and shall not permit any third party to) directly or indirectly:
(A) sublicense, sell, resell, transfer, assign, distribute, share, lease, rent, make any external commercial use of, outsource, use on a timeshare or service bureau basis, or use in an application service provider or managed service provider environment, or otherwise generate income from the Services;
(B) copy the Services onto any public or distributed network, except for an internal and secure cloud computing environment;
(C) decompile, reverse engineer or disassemble any portion of the Services, or otherwise attempt to discover any source code, object code or underlying structure, ideas, know how or algorithms or other operational mechanisms of the Services;
(D) modify, adapt, translate or create derivative works based on all or any part of the Services (except to the extent expressly permitted by yoffix or authorized within the Services);
(E) modify any proprietary rights notices that appear in the Services or components thereof;
(F) use any Services in violation of any applicable laws and regulations (including any export laws, restrictions, national security controls and regulations) or outside of the license scope set forth in Clause 2;
(G) configure the Services to collect
(i) any data that is defined as sensitive personal data or 'special categories of data' within the meaning of Directive 95/46/EC or any applicable national implementation of it;
(ii) passwords or other authentication credentials,
(iii) any payment or other financial data, biometric data or genetic data; or
(iv) any data relating to a person under the age of 16 years old (collectively, “Prohibited Data”); or
(H) use the Services to (i) store, download or transmit infringing, libelous, or otherwise unlawful or tortious material, or malicious code or malware, or (ii) engage in phishing, spamming, denial-of-service attacks or other fraudulent or criminal activity, (iii) interfere with or disrupt the integrity or performance of third party systems, or the Services or data contained therein, (iv) attempt to gain unauthorized access to the Services or yoffix’ systems or networks, or (v) perform, or engage any third party to perform, authenticated or unauthenticated penetration testing, vulnerability assessments or other security assess ments.
3.2 Customer shall not export or re-export, directly or indirectly, any Services or technical data or any copy, portions or direct product thereof in breach of any applicable laws and regulations. In particular, Customer and its Affiliates will comply with the sanctions imposed by the Federal Republic of Germany, the European Union, the United Nations and with the applicable federal laws of the United States of America insofar as they do not result in a violation of or a conflict with section 7 of the German Foreign Trade and Payments Ordinance (Aussenwirtschaftsverordnung) or a similar applicable anti-boycott statute. Customer shall, at its own expense, obtain all necessary customs, import, or other governmental authorizations and approvals.
3.3 The Services may only be used by Customer as prescribed in the Documentation.
3.4 Although yoffix has no obligation to monitor Customer’s use of the Services, yoffix may do so and may prohibit any use of the Services it believes may be (or alleged to be) in violation of the foregoing.
4. Trial Use and Free Use
4.1 If Customer accesses the Services as part of a trial evaluation (“Trial Use”), the License is granted for the period enabled for the Services provided by yoffix. yoffix shall have the right to downgrade, limit or otherwise modify the Services provided for Trial Use at any time without notice, and no guarantee, indemnity, Maintenance or Support obligations of yoffix will apply to Trial Use. Customer may use the number and type of licenses indicated by yoffix in writing prior to Customer downloading or accessing the Services, which will be enabled by Customer’s specific license key. yoffix has the right to immediately revoke and terminate any Trial Use at any time. Customer agrees to provide feedback related to the Services as reasonably requested by yoffix. Customer grants to yoffix, without charge, the fully paid-up, perpetual, sublicensable right to exploit such feedback for any purpose. Trial Use is not a guarantee of future product features and should not be relied upon in making any purchasing decisions.
4.2 yoffix may grant Customer the right to use the Services free of charge subject to a respective Order Form (“Free Use”). With respect to Free Use, Customer acknowledges that certain features of the Services may be limited and/or restricted and that the actual product features which are accessible under Free Use are determined by yoffix in yoffix sole discretion from time to time. yoffix shall have the right to downgrade, limit or otherwise modify the Ser vices provided for Free Use at any time without notice. Unless required by mandatory law, no warranty, guarantee, indemnity, Maintenance or Support obligations of yoffix will apply to Free Use. § 599 German Civil Code applies. Free Use is not a guarantee of paid or future product features and should not be relied upon in making any pur chasing decisions.
5. Customer’s Responsibilities
5.1 Customer represents and warrants that Customer and its Permitted Users will use the Services only in full compli ance with all applicable laws and regulations. In particular, Customer represents and warrants that it will comply with all applicable German and EU employment legislation when using the Services and when permitting Permitted Users to use the Services and that compliance with such legislation is Customer’s sole responsibility.
5.2 Customer shall be responsible for obtaining and maintaining any equipment and ancillary services needed to con nect to, access or otherwise use the Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like (collectively “Equipment”). Customer shall also be re sponsible for maintaining the security of the Equipment, Customer account, passwords (including but not limited to administrative and user passwords) and files, and for all uses of Customer account or the Equipment with or without Customer’s knowledge or consent.
5.3 Customer shall be solely responsible for the content of all visual, written or audible communications, files, docu ments, videos, recordings, and any other material (“Content”) displayed, posted, uploaded, stored, exchanged or transmitted on or through the Service.
5.4 yoffix has no control over what Customer or its users of the Service post or submit and cannot guarantee the accuracy of any information submitted by any User. Customer shall contact yoffix if Customer becomes aware of misuse of the Services by any person. yoffix may without notice or liability investigate any complaints or suspected violations of the Contract that come to its attention and may take any action that it believes is appropriate, including, but not limited to, rejecting, refusing to post, or removing any Content, or other data, or restricting, suspending, or terminating Customer or any User’s access to the Services, however, yoffix also reserves the right not to take any action.
5.5 Customer shall notify yoffix promptly of any unauthorized use of any password or account or any other known or suspected breach of security or misuse of the Services.
6. Maintenance And Support
6.1 Subject to Customer’s payment of the Service Fees set forth in the applicable Order Form, yoffix will provide Mainte nance and Support for the Service. “Support” is defined as yoffix’ obligations to respond to support requests of Customer by documenting and troubleshooting issues and providing technical and non-technical assistance. “Maintenance” means yoffix’ obligations related to error resolution, bug fixes and the provision of updates and upgrades made generally commercially available by yoffix in its sole discretion.
6.2 E-mail Support is provided via support@yoffix.com from Monday to Friday 9:00 am to 5:00 pm (CET), excluding public holidays in the State of Berlin, Germany.
6.3 yoffix shall use reasonable efforts consistent with prevailing industry standards to maintain the Services in a manner which minimizes errors and interruptions in the Services.
6.4 The fees for Maintenance and Support are included in the Service Fees.
7. Availability and Security
7.1 Subject to Customer’s payment of the Service Fees set forth in the applicable Order Form, yoffix will make the Services available to Customer in accordance with this Clause 7.
7.2 yoffix shall use reasonable endeavors, in its sole discretion, to adopt reasonable measures in order to ensure, that the Services are available to Customer over the Internet. yoffix shall be entitled to take measures that affect the aforementioned accessibility where yoffix deems such to be necessary for technical, maintenance, operational, or security reasons. Customer is aware and acknowledges that Customer’s access to the Internet cannot be guaranteed and that yoffix shall never be liable for deficiencies in Customer’s own Internet connections or equipment.
7.3 Services may be temporarily unavailable for scheduled or for unscheduled emergency Maintenance, either by yoffix or by third-party providers, or because of other causes beyond yoffix’ reasonable control, but yoffix shall use reasonable efforts to provide advance notice in writing or by e-mail of any scheduled service disruption.
8. Professional Services
8.1 Subject to the terms hereof (including payment of any applicable Service Fees set forth in the Order Form), yoffix shall provide additional professional services described in an Order Form, if any (“Professional Services”).
8.2 The Professional Services will be rendered on a one-time fee or a time and materials basis. If the Professional Services purchased have been consumed, yoffix will stop the Professional Services until additional Professional Services have been purchased.
8.3 Customer agrees to provide reasonable cooperation and information as necessary to permit yoffix to perform the Professional Services. With respect to yoffix’ staff providing Professional Services to Customer no lease of personnel (Arbeitnehmerüberlassung) shall take place. Instructions to yoffix’ staff must not be given by Customer’s staff or representatives but only by yoffix’ representatives. Issues arising with yoffix’ staff which affect Customer and/or the Professional Services to be provided must be addressed by the relevant Customer’s contact person to the relevant yoffix’ contact person. yoffix’ staff will not be integrated into the operational organization of Customer. yoffix will in its sole discretion decide how and where to utilize its resources (including yoffix’ staff) and plan its performances under the Services Contract (and the related Order Forms) in accordance with the contents and the agreed limits of the Professional Services.
8.4 When providing Professional Services, yoffix does not owe and will not be liable for any specific outcome or result vis-à-vis Customer (§ 611 German Civil Code).
8.5 Customer will reimburse yoffix for travel and expenses (at cost) incurred in connection with the Professional Services (if any).
8.6 Professional Services will be performed on business days (a business day means Monday through Friday, excluding national holidays, during working hours, in the location where the Professional Services are provided).
8.7 The cooperation of the Parties hereunder, in particular with regard to Professional Services, builds upon mutual trust between yoffix and Customer. Therefore, during the Initial Service Term and any Renewal Service Term, and in each case for a period of twelve (12) months thereafter, without yoffix’ prior written approval, Customer will not solicit for employment or consultancy any yoffix’ employees who participated in the performance of Professional Services.
9. Confidentiality | Customer Data
9.1 Customer and yoffix understand that they have or may disclose to each other business, technical or financial information relating to their business (the “Confidential Information”). Confidential Information of yoffix includes non public information regarding features, functionality and performance of the Service. Confidential Information of Customer include non-public data provided by Customer to yoffix to enable the provision of the Services (“Customer Data”).
9.2 Customer and yoffix agree to take reasonable precautions to protect each other’s Confidential Information, and not to use (except in performance of the Services or as otherwise permitted herein) or divulge to any third person any such Confidential Information. This shall not apply with respect to any information after five (5) years following the disclosure thereof or any information that Customer or yoffix respectively can document (A) is or becomes generally available to the public, or (B) was in Customer’s or yoffix’ respective possession or known by them prior to receipt, or (C) was rightfully disclosed to Customer or yoffix respectively without restriction by a third party, or (D) was independently developed without use of any Confidential Information or (E) is required to be disclosed by law.
9.3 Customer shall own all right, title and interest in and to Customer Data, as well as any data that is based on or derived from Customer Data. yoffix shall have no liability for any Customer Data.
9.4 Notwithstanding anything to the contrary, yoffix shall have the right to collect and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including, without limitation, information concerning Customer Data and data derived therefrom), and yoffix will be free (during and after the term hereof) to (A) use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other yoffix offerings, and (B) disclose such data solely in aggregate or other de-identified form in connection with its business.
10. Proprietary Rights
10.1 yoffix and its suppliers own and shall retain all proprietary rights, including all copyright, database rights, patent, trade secret, trademark and all other intellectual property rights and technical solutions, in and to the Services and the results of any Services. Customer acknowledges that the rights granted under the Services Contract do not provide Customer with title to or ownership of the Services.
10.2 yoffix reserves the right to implement new versions and upgrades of the Services including, but not limited to, changes that affect modifications to the design, operational method, technical specifications, systems, and other functions, etc. of the Services, at any time without prior notice.
10.3 In the event of an agreed case study or similar between Customer and yoffix, all intellectual property rights to material produced, including but not limited to photos, quotes, interviews, videos, testimonials, under such work shall belong to yoffix and may at its sole discretion be used by yoffix in the marketing of the Services.
10.4 Customer agrees that yoffix may refer to Customer by its trade names and logos, and may briefly describe Cus tomer’s business, in yoffix’ marketing materials and website.
11. Data Protection
11.1 Customer and yoffix shall at all times comply with the requirements of any applicable privacy and data protection legislation. To the extent that a data processing agreement is mandatory under applicable privacy and data protection legislation, the Data Processing Terms in Schedule A hereto shall supplement these GTS and shall become an integral part of any applicable Services Contract.
11.2 yoffix may subcontract processing of Customer personal data (if any) provided that it enters into a written agreement with any subcontractor containing terms at least as stringent as those in this Clause 11.
11.3 yoffix may export Customer personal data outside of the European Economic Area provided that it complies with applicable privacy and data protection legislation.
12. Payment Of Fees
12.1 Customer will pay yoffix the fees described in the Order Form for the Services and Professional Services in accordance with the terms therein (the “Service Fees”).
12.2 To the extent that the number of Licenses contained in the Customer’s account exceeds the minimum number of Licenses set forth in the Order Form or that Customer’s use of the Services otherwise requires the payment of additional fees per the terms of the Services Contract, Customer shall be billed for such usage accordingly and Customer agrees to pay the additional fees. Customer agrees that any reduction in the number of Licenses con tained in the Customer’s account shall only become effective upon the beginning of the calendar month following such reduction. Customer shall in any case be obliged to pay for the minimum number of Licenses set out in the Order Form.
12.3 yoffix reserves the right to change the Service Fees for the following Renewal Service Term upon at least sixty (60) days prior to the end of the Initial Service Term or the end of the then current Renewal Service Term.
12.4 Unless otherwise specified, yoffix requires Customers to make all payments via credit card. yoffix will provide a secure link to Customer where they can upload credit card information that will be processed at time of billing. yoffix may offer Customer to make payments via bank wire using the payment details provided by yoffix. yoffix may also choose to bill through an invoice, in which case, full payment for invoices issued in any given month must be re ceived by yoffix fourteen (14) days after the mailing date of the invoice. Yoffix can select external payment and invoicing service provider to process fees payments or to serve as revenue delivery partner.
12.5 Following notice in text form under § 126b German Civil Code (simple email sufficient), yoffix shall be entitled to suspend Customer’s access to the Services if payments are not received within fourteen (14) days of the due date. Suspension of Customer’s access to the Services does not affect yoffix’ right to receive full payment for the remain ing Service Term. Should yoffix not have received payment within three (3) months of the due date, yoffix reserves the right to transfer the right to collect payment to a collections service and add a thirty (30) percent surcharge to cover for collection costs. 12.6 All Service Fees are exclusive of, and Customer shall pay, all taxes, duties, and assessments, however designated, which are levied or imposed upon such Service Fees, excluding only taxes based on yoffix net income.
13. Term | Termination
13.1 Subject to earlier termination as provided below, the Services Contract begins on the date specified in the Order Form (“Effective Date”) and will remain in effect for an initial term as specified in the Order Form (“Initial Service Term”). The Initial Service Term shall automatically and continuously renew for additional periods, each of which correspond with the Initial Service Term (“Renewal Service Term”), unless either party requests termination at least thirty (30) days prior to the end of then-current term. Termination must be requested in writing (e-mail or in app chat message would suffice).
13.2 Neither Customer nor yoffix shall be entitled to terminate the Services Contract for convenience with effect prior to the end of the Initial Service Term or any Renewal Service Term (Ausschluss der ordentlichen Kündigung). Cus tomer’s and yoffix’ right to immediately terminate the Services Contract for good cause (ausserordentliche Kün digung aus wichtigem Grund) shall remain unaffected. Such good cause shall in particular exist, if the other party commits a material breach of the Services Contract, and such breach has not been cured within thirty (30) days after receipt of written notice thereof.
13.3 After termination of the Service Contract or lapse of its Initial or Renewal Service Term and upon Customer’s re quest, yoffix will provide Customer with access to Customer’s content (if any) in the possession of yoffix for a period of thirty (30) days, in then-current standard export format or another industry-standard format mutually agreed by Customer and yoffix, after which such Content may be deleted.
14. Limited Warranty
14.1 Customer has checked that the specification of the Services as described in the Documentation meets his needs and wishes. Customer is aware of the essential functionalities and features of the Services. The extent, nature and quality of the goods and services to be delivered by yoffix are determined by these GTS, the Order Form, and the Documentation. Any other information or requirements do only form part of the Services Contract if Customer and yoffix so agree in writing or if yoffix so confirms in writing. Product descriptions, illustrations, test programs, etc. represent mere service specifications but do not constitute guarantees (Garantien) or agreements on certain spec ifications (Beschaffenheitsvereinbarungen). In order to be valid, an agreement on a guarantee requires the written confirmation from a director of yoffix. 14.2 yoffix warrants (gewährleistet) that the Services will, in all material respects, conform to the functionality described in then-current Documentation for the applicable Services version. In case of a breach of this warranty yoffix shall be required to use commercially reasonable efforts to modify the Services to conform in all material respects to the Documentation, and if yoffix is unable to materially restore such functionality within thirty (30) days from the date of written notice of said breach, Customer shall be entitled to terminate the Services Contract upon written notice and receive a pro-rata refund of the unused Services Fees which have been paid in advance (if any) for unused access to the Services. Customer must notify yoffix in writing of any warranty breaches and Customer must have installed and configured the Services in accordance with the Documentation to be eligible for the foregoing remedy. Any no fault liability (verschuldensunabhängige Haftung) of yoffix for damages caused by the existence of initial errors (anfängliche Mängel) under § 536a German Civil Code shall be excluded. Customer’s claims for damages for a breach of this warranty are subject to the limitations set forth in Clause 16. 14.3 Under no circumstances shall Customer be entitled to obtain the source code of the Services.
15. Indemnity
15.1 Customer agrees to defend, indemnify and hold harmless, at its expense, yoffix and its Affiliates, its suppliers and resellers against any third party claim to the extent such claim arises from or is made in connection with: Customer’s breach of Clause 3 or otherwise from Customer’s use of Services, and Customer shall pay all costs and damages finally awarded against yoffix by a court of competent jurisdiction as a result of any such claim. 15.2 In connection with any claim for indemnity under this Clause 15, yoffix must promptly provide Customer with notice of any claim that yoffix believes is within the scope of the obligation to indemnify, provided, however, that the failure to provide such notice shall not relieve Customer of its obligations under this Clause 15, except to the extent that such failure materially prejudices Customer’s defense of such claim. yoffix may, at its own expense, assist in the defense if it so chooses, but Customer shall control the defense and all negotiations related to the settlement of any such claim. Any such settlement intended to bind Customer party shall not be final without yoffix’ written consent, which consent shall not be unreasonably withheld, conditioned or delayed. 15.3 yoffix agrees at its expense to defend Customer against (or, at yoffix’ option, settle) any third-party claim to the extent such claim alleges that the Services infringe or misappropriate any patent, copyright, trademark or trade secret of a third party, and yoffix shall pay all costs and damages finally awarded against Customer by a court of competent jurisdiction as a result of any such claim. In the event that the use of the Services is, or in yoffix’ sole opinion is likely to become, subject to such a claim, yoffix, at its option and expense, may (a) replace the applicable Service with functionally equivalent non-infringing technology, (b) obtain a license for Customer’s continued use of the applicable Service, or (c) terminate the license and provide a pro-rata refund of the Service Fees that have been paid in advance for the applicable Service (beginning on the date of termination). The foregoing indemnity obligation of yoffix will not apply: (1) if the Service is modified by Customer or its agent; (2) if the Service is combined with other non-yoffix products, applications, or processes, but solely to the extent the alleged infringement is caused by such combination; or (3) to any unauthorized use of the Service. The foregoing shall be Customer’s sole remedy with respect to any claim of infringement of third party intellectual property rights.
16. Limitation Of Liability
16.1 yoffix shall be unrestrictedly liable for (A) injury to life, body or health caused by yoffix, its legal representatives (gesetzliche Vertreter) or assistants in performance (Erfüllungsgehilfen); (B) damage caused intentionally (vorsätz lich) or with gross negligence (grob fahrlässig) by yoffix, its legal representatives or executive staff; (C) damage caused intentionally by yoffix’ assistants in performance not mentioned in (B); (D) damage resulting from the ab sence of any guaranteed (garantiert) characteristics; and (E) claims under the German Product Liability Act (Produk thaftungsgesetz). 16.2 yoffix shall be liable for damage resulting from the breach of its primary obligations (Kardinalpflichten) hereunder by yoffix, its legal representatives, senior executives or assistants in performance. Primary obligations are such basic duties which form the essence of the Services Contract, which were decisive for the conclusion of the Services Contract and on the performance of which Customer may rely. If the breach of such primary obligation was caused (A) through simple negligence by yoffix, its legal representatives or executive staff or (B) through simple or gross negligence by yoffix’ assistants in performance not mentioned in (A), then yoffix’ ensuing liability shall be limited to the amount which was foreseeable by yoffix at the time the respective service was performed. 16.3 Subject always to Clauses 16.1 and 16.2, yoffix shall not be liable for damage resulting from the breach of non primary obligations through (A) simple negligence of yoffix, its legal representatives or executive staff or (B) simple or gross negligence of yoffix’ assistants in performance not mentioned in (A). 16.4 yoffix shall not be liable for any loss, damage or harm suffered by Customer that is directly or indirectly caused by Customer’s unauthorized use of the Services to process Prohibited Data. 16.5 yoffix shall be liable for loss of data only up to the amount of typical recovery costs which would have arisen had proper and regular data backup measures been taken. These include a data backup to be performed by yoffix at least every twenty-four (24) hours. 16.6 Subject always to Clause 16.1, the total liability of yoffix arising out of or in connection with the Services Contract, whether in contract or tort or otherwise shall in no circumstances exceed a sum equal to 100% of the total Service Fees paid (plus Service Fees payable) by Customer in the twelve (12) months immediately preceding the event which gave rise to the liability. 16.7 Any other liability of yoffix arising out of or in connection with the Services Contract (including these GTS and Schedule A (if applicable)) that is not covered by this Clause 16 shall be excluded on the merits.
17. Security
17.1 Customer shall ensure that User identities, passwords, and equivalent obtained by Customer in conjunction with registration for the Services are stored and used in a secure manner and cannot be accessed and thereby used by third parties. Customer shall be liable for any unauthorized use of the Services. 17.2 Where it is suspected that any unauthorized person has become aware of a User identity and/or password, Customer shall immediately inform yoffix thereof and also change such User identity and/or password. 17.3 Customer shall be liable for losses or damage incurred by yoffix where Customer intentionally or negligently reveals a user identity/password to a third party or where a user identity and password otherwise become known to an unauthorized party, unless Customer notifies yoffix immediately upon suspicion that such has occurred. 17.4 yoffix shall adopt reasonable measures to ensure that the security of the Services meet relevant industry standards. yoffix security measures are set forth in TOM (Annex 1 to Schedule A).
18. Use of Subcontractors | No Set-Off | Limitation Of Right Of Retention
18.1 yoffix shall be entitled to retain subcontractors, including third party software suppliers, for the performance of any of its obligations in accordance with the Services Contract. 18.2 Customer may only invoke a right to set-off and assert a right of retention to the extent that its claims have been (A) finally established by a court of law; (B) are uncontested; or (C) have been acknowledged by yoffix.
19. Assignment | Novation
19.1 Customer may not assign the Services Contract without the prior written approval of yoffix and any purported assignment in breach of this Clause 19 shall be void. yoffix may at its discretion assign, transfer, subcontract or novate the Services Contract and/or any associated rights to assign the Services Contract in whole or in part. 19.2 Customer shall, at yoffix’ request, promptly, and in any event within fifteen (15) days, enter into a novation agreement in such form as yoffix shall reasonably specify in order to enable yoffix to exercise its rights pursuant to this Clause 19.
20. Severance
20.1 Should any provision of the Services Contract including the Order Form and these GTS be or become ineffective, impracticable or unenforceable in whole or in part, (a “Defective Provision”) the effectiveness and the enforceability of the other provisions shall remain unaffected. Instead, Customer and yoffix undertake to replace the Defective Provision with a provision which comes as close as legally possible to what Customer and yoffix would have agreed, pursuant to the meaning and purpose of the Services Contract, if they had recognized the defectiveness of the provision. If the defectiveness of a provision is based on the determination of a certain level of performance or a certain time (deadline or fixed date), the provision is deemed to have been agreed with the level or time which comes as close as legally possible to the original level or time. The same shall apply for any possible omission in the Services Contract including the Order Form and these GTS. It is the express intention of Customer and yoffix that this savings Clause does not just have the effect of shifting the burden of proof, but rather that § 139 German Civil Code is excluded.
21. Entire Agreement | Changes
21.1 The Services Contract including the Order Form, these GTS and Schedule A (if applicable) represent the entire agreement between Customer and yoffix in respect of its subject matter and supersede and extinguish all prior negotiations, arrangements, understanding, course of dealings or agreements made between the Parties in relation to its subject matter, whether written or oral.
21.2 Valid amendments or supplements to these GTS including Schedule A (if applicable) must be made in writing. The same shall apply to any agreement to deviate from or cancel this requirement of written form.
21.3 yoffix may amend and/or update these GTS including Schedule A with future effect from time to time and as necessary for technical, economic or legal reasons. Any revision of these GTS shall be announced to Customer in text form (simple email shall suffice) no later than six (6) weeks before their proposed effective date. Customer may either approve or object to the revision before their proposed effective date. The revision shall be deemed approved by Customer, unless Customer objects to the revision before their proposed effective date. yoffix shall expressly inform Customer thereof in the respective announcement.
22. Governing Law | Jurisdiction
22.1 The Services Contract including these GTS and Schedule A (if applicable) and any issues, disputes or claims (whether contractual or non-contractual) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the laws of the Federal Republic of Germany. The United Nations Convention on Services Contracts for the International Sale of Goods (CISG) shall not apply. 22.2 The parties agree that the courts of Berlin (Germany) shall have exclusive jurisdiction to settle any dispute or claim (whether contractual or non-contractual) that arises out of or in connection with the Services Contract including these GTS and Schedule A (if applicable) or its subject matter or formation.
23. Miscellaneous
23.1 The person signing or otherwise accepting the Order Form and these GTS for Customer represents that s/he is duly authorized by all necessary and appropriate corporate action to enter the Services Contract on behalf of Customer.
23.2 Without prejudice to § 354a of the German Commercial Code, Customer shall not assign any of its rights or obligations under any Order Form and these GTS without the prior written consent of yoffix.
23.3 No agency, partnership, joint venture, or employment is created as a result of the Services Contract and Customer does not have any authority of any kind to bind yoffix in any respect whatsoever.
HybridOffice21 GmbH
Kastanienallee 98b, 10435 Berlin, Germany
District Court of Berlin Charlottenburg, Germany HRB 226685
January 2024
Schedule A - Data Processing Terms
1. Scope
1.1 These Data Processing Terms (“Data Processing Terms“) shall apply to the processing of personal data related to the Services Contract by yoffix or by third parties commissioned by yoffix. These Data Processing Terms shall supplement the yoffix GTS as per Clause 11.1 of the GTS.
1.2 Under these Data Processing Terms yoffix shall provide the following data processing services to and on behalf of Customer (“Data Processing”): Software-as-a-Service provided by yoffix to Customer that enables Customer to organize, manage and optimize hybrid work. Further details can be found in the Services Contract.
1.3 It cannot be ruled out that yoffix will, during the Data Processing, gain access to or obtain knowledge of or process the following personal data: Types of Personal Data: Email, name, photograph, office, department, position, office days. Categories of Data Subjects: Employees and other personnel of Customer.
Further details can be found in our Privacy Policy.
2. General Rights and Obligations of the Parties
2.1 The Data Processing shall be conducted by yoffix on behalf of Customer. Customer shall be responsible for compliance with applicable data protection laws.
2.2 yoffix may process personal data only within the scope of these Data Processing Terms and in accordance with the instructions of Customer, unless required otherwise by the laws of the European Union or its Member States to which the yoffix is subject. In particular, yoffix shall only correct, delete or limit the processing of personal data according to the instructions of Customer. In the event that an affected data subject addresses yoffix directly in such regard, yoffix shall, where reasonably possible, immediately forward such request to Customer.
2.3 Customer shall issue verbal instructions to yoffix only in urgent cases and immediately thereafter confirm such instructions at least in text form.
2.4 yoffix shall process personal data only within the territory of a member state of the European Union or of a signatory state of the Agreement on the European Economic Area. Any transfer and processing of personal data to third countries shall require the prior written consent of Customer and shall only take place if the conditions of Art. 44 et. seq. General Data Protection Regulation of the European Union (GDPR) are met.
2.5 yoffix shall regularly audit its internal processes and data protection security mechanisms for compliance with applicable data protection laws.
2.6 If required by law, yoffix shall appoint a data protection officer in writing. yoffix shall notify Customer of the contact details of such data protection officer to allow Customer to directly contact such data protection officer.
2.7 yoffix shall within its capabilities assist Customer in fulfilling Customer’s obligations under Art. 12 through 22 GDPR and Art. 32 to 36 GDPR. The costs thereof shall be borne by Customer.
2.8 yoffix shall only delegate the Data Processing to such employees who are bound by confidentiality obligations or who are subject to an appropriate statutory duty of confidentiality. Persons subordinated to yoffix, having access to personal data of Customer, shall process such data exclusively in accordance with the instructions of Customer, unless such persons are legally obliged to process such data.
2.9 Upon completion of the Data Processing and upon termination of the Services Contract in its entirety at the latest, yoffix shall, at the choice of the Customer, and as far as yoffix is not bound by statutory retention duties, either return all personal data as well as all documents, data and copies obtained in connection with these Data Processing Terms to Customer, or upon the prior written consent of Customer, delete or destroy such personal data, documents, data and copies.
3. Information Obligations
3.1 In the event yoffix becomes aware that an instruction of Customer violates any data protection laws, yoffix shall immediately notify Customer thereof. yoffix shall be entitled to suspend the execution of such instruction until such instruction is confirmed or altered in writing by Customer.
3.2 yoffix shall immediately notify Customer of control actions and measures of investigating and supervisory authorities, to the extent such measures are related to the Data Processing.
3.3 In the event yoffix becomes aware of any violation of the protection of personal data in relation to these Data Processing Terms, yoffix shall immediately notify Customer thereof.
4. Technical and Organizational Measures
4.1 yoffix shall implement technical and organizational measures for the protection of personal data appropriate to comply with the requirements of the GDPR, in particular measures ensuring confidentiality, integrity, availability and resilience of the systems and services used for Data Processing (each of these technical and organizational measures hereinafter individually “TOM“, jointly “TOMs“).
4.2 The particular TOMs implemented by yoffix are further described in Attachment 1 hereto.
4.3 yoffix shall be entitled to replace any of the implemented TOMs at any time with alternative measures that provide a comparable level of protection.
5. Subcontractors
5.1 yoffix shall be entitled to subcontract certain parts of the Data Processing to third parties (“Subcontractors”) only with Customer’s prior written consent. Customer shall not withhold its consent unless on important grounds of data protection law.
5.2 Customer hereby consents to the commissioning of Subcontractors by yoffix as follows: Subcontractor Address Subcontractor’s Services Location of Data ProcessingAmazon Web Services EMEA SARL38 avenue John F. Kennedy, L-1855 Luxembourg Cloud Services EuropeGoogle Inc 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USACloud Services Europe
5.3 yoffix shall impose its data protection obligations under these Data Processing Terms on any Subcontractor.
5.4 Clauses 5.1 and 5.2 shall apply mutatis mutandis to the replacement of any Subcontractor by yoffix and to the further subcontracting of the Data Processing to another third party by Subcontractor.
6. Proof of Compliance
6.1 yoffix shall allow Customer or an external auditor commissioned by Customer to verify yoffix’s compliance with these Data Processing Terms (including the implementation of the TOMs pursuant to Clause 4). yoffix may demonstrate compliance with these Data Processing Terms by providing suitable evidence.
6.2 If necessary for the purposes laid down in Clause 6.1, yoffix shall enable Customer to carry out, once per calendar year during normal business hours and without disrupting yoffix’s business, inspections at yoffix’s business premises. Such inspections shall be announced by Customer at least 14 business days in advance and shall only be performed by independent external auditors. Such auditors shall not be entitled to gain access to company secrets, business secrets or confidential information of yoffix or to any data which is not subject to these Data Processing Terms. yoffix may object to the appointment of an external auditor for good cause, in particular, where an auditor is a competitor of yoffix. Customer shall bear the costs of any inspections and supporting actions of yoffix hereunder (if any).
Attachment 1 Description of Technical and Organizational Measures (TOMs)
TOMs implemented by yoffix:
1. Confidentiality Measures
1.1 Physical Access Control Physical measures to prevent unauthorized persons from accessing data processing systems. We deploy security locking systems with keys. We carefully select our cleaning and maintenance personnel.
1.2 Systems Access Control Measures to prevent the use of data processing systems by unauthorized persons. We have two-factor authentication (2FA) and strong password policies for all IT services that our employees use.
1.3 Data Access Control Measures to ensure that persons authorized to use data processing systems have access to only such data that is covered by their authorization and that personal data cannot be read, copied, altered or removed during processing, use or after storage. All data is encrypted both at rest and in transit. Only our tech team has direct access to Data Processing systems.
1.4 Separation Control Measures to ensure that data collected for different purposes can be processed separately. Our production and development environment, as well as the different web and mobile clients we use or offer are isolated systems.
2. Integrity Measures
2.1 Disclosure Control Measures to ensure that personal data cannot be read, copied, altered or removed during electronic transmission, transport or storage on data carriers, and to ensure that it is possible to verify and establish the points envisaged for the transfer of personal data by data transmission systems. Our Services are served entirely over HTTPS. All data sent to or from us is encrypted in transit using 256 bit encryption, utilizing AES_128_GCM and ECDHE_RSA as key exchange mechanism. Our API and application endpoints are TLS/SSL only. In addition, all connections from our application servers to our data bases are TLS encrypted.
2.2 Input Control Measures to ensure retrospective verification and assessment whether and by whom personal data has been en tered, changed or removed within the relevant data processing systems.
We are able to follow-up on all logs into the system and see who is using which services and when. The foregoing statement is also valid for our Subcontractors.
3. Availability and Resilience Measures
Measures to ensure that personal data are protected against accidental or willful destruction or loss and can be recovered quickly after an incident. We run daily database backups that are also stored on AWS. Additionally, we also create backups of each application build that we deploy, for both our servers and our clients. This enables us to rapidly rollback a database, server or client application, should any incidence occur. AWS deploys uninterruptible power sup plies.
4. Testing, Assessment and Evaluation Processes
4.1 Data Protection Management Measures to plan and organize data protection requirements. We run a security briefing as part of our onboarding process for every new employee that joins yoffix. Our internal HR tool enforces the completion of this step, so we can be sure it will not be skipped. We review our data protection processes and TOMs twice a year. In addition, our product and engineering teams are in close contact with the management on data protection issues and consult it whenever changes are made to our Services that could have an impact on our data processing.
4.2 Incident-Response-Management Measures to respond to detected or suspected security incidents within the area of data processing systems used. If we become aware of a data incident, we will immediately notify our CTO (if not involved yet) or contact our Engineering lead over the phone. We have backup lines available but our technical executives ensure access to internet and availability over the phone whenever possible. We will ensure that reasonable measures are taken to mitigate the harmful effects of the incident and to prevent further unauthorized access or disclosure. Following that, we will promptly notify affected Customers and describe, to the extent possible, the details of the incident, the steps we have taken to mitigate the potential risks, and any suggestions we have for the Customer to minimize the impact of the incident.
4.3 Order Control Measures that ensure that personal data processed on behalf of Customer can only be processed in accordance with the instructions of Customer. All our employees are contractually obliged to treat any data they handle as confidential. We have a strict process for changing our Subcontractors, to ensure that they only access and use data to the extent required to perform the obligations subcontracted to them, and do so in accordance with our agreements and these Data Processing Terms.