GENERAL TERMS AND CONDITIONS
1. SCOPE OF THE CONTRACT
1.1 Zeitgeist Sommelier (hereinafter referred to as ZS) and the undersigned contract partner (“customer”) agree to fulfil the performance they have promised each other in the contract concluded on the basis of these General Terms and Conditions and the ZS price list. The General Terms and Condition, product-specific terms and conditions and the ZS price list apply on an exclusive basis. Any terms and conditions of the customer that conflict with or deviate from these General Terms and Conditions will not be recognised unless ZS has given express written consent to their validity.
1.2 These terms and conditions will also apply to all future transactions with the customer in the version valid at the time of the last conclusion of contract. However, they only apply to entrepreneurs as defined by Austrian Civil Code https://www.ris.bka.gv.at/defaultEn.aspx
2. CONCLUSION OF CONTRACT
2.1 The contract will be concluded if ZS receives the acceptance of the contract offer with date and signature in the original, as a fax or copy, as a PDF or in other electronic form, or as soon as ZS confirms an order by the customer in writing or by e-mail, if ZS publishes the customer’s job advert in the Internet, or if ZS sends the customer the password in writing or by e-mail and the customer therefore has access for advert management.
2.2 Offers or confirmations of orders by ZS which have their content changed by the customer will be deemed to be a new offer by the customer; in this case the contract will only be concluded if it is expressly accepted by ZS and any provision of a service will not be deemed to be implied acceptance.
3. DESCRIPTION OF SERVICES
3.1 The contract requires ZS to publish the products agreed therein as listed on the ZS website and to provide the services set out therein (both collectively: “service elements”) in accordance with these terms and conditions. The respective specification of services set out in the ZS product-related conditions apply in addition.
3.2 The contract entitles ZS to use the customer data for trend analyses and overviews. However, the respective results will be published anonymously.
3.3 Exclusion of competition cannot be granted. ZS has the right to remove from its sites job adverts and any other adverts whose content is in breach of statutory or official prohibitions or offends common decency without notifying the in advance. The customer will be informed of this immediately. This will not entitle the customer to claim compensation or a refund.
4. FEE FOR SERVICES
Unless otherwise is agreed in writing with ZS, the customer will pay for the advert placement the fee which is stated in the current price list which can be accessed online in the Internet at the sites www.sommelier-jobs.com and links coming from domains owned by ZS. The price list which is valid at the time the order is received by ZS and published by ZS in the Internet or communicated to the customer by any other means is relevant. The customer will be sent the price list upon request.
5. SETTLEMENT OF COSTS AND PAYMENT AGREEMENTS
5.1 The payment of the fee pursuant to § 4 will settle all incidental costs such as e-mail, telephone, fax, data transmission costs, postage and photocopies which do not exceed normal levels. If the incidental costs exceed normal levels due to individual orders, ZS will notify the customer of this. The customer will have to refund these additional incidental costs if it approves these.
5.2 The invoice will be issued after one of the service elements has been provided for the first time, and no later than 14 days after the conclusion of the contract, if by this time no service element has been provided and the customer is responsible for this. Notwithstanding this, ZS will have the right though to demand in each case payment in advance. The payment claim will be payable 14 days after receipt of the invoice without deduction. In the event of default of payment or deferment, interest in the amount of 8% above the base rate of the European Central Bank and collection costs will be charged. In addition, ZS will have the right to claim a flat charge for default in the amount of € 40.00. In the event of default of payment, ZS will have the right to defer the publication of individual service elements until full payment. This will not apply if the customer has right of retention. If, in the case of payment by instalments, an instalment is not paid within 30 days of the due date, the total remaining amount will be payable immediately. All prices quoted do not include the statutory VAT applicable at the time the invoice is issued.
5.3 In the case of payment from abroad, we only accept cheques below a total of € 1,000 if the cheque total includes in addition to the invoice amount a processing fee of € 25 otherwise paypal or any other offered payments as seen on the price list. We only accept payment by transfer from abroad if all bank charges incurred are met at the same time by the customer.
5.4 Payments by the customer will always be set against the oldest existing claim. ZS can refuse to provide its service until all due payments have been made by the customer.
6. BASIS FOR THE COOPERATION
6.1 ZS will endeavour to continually optimise the response to the customer’s adverts.
This will also include:
Entering into cooperations in all media (including online, offline, TV, mobile, moving image products and new types of use). The customer agrees that the service elements may be published by ZS without consultation online or offline in print, sound or image, including in print or online media of cooperation partners. In all cooperations ZS will be mindful of the image and quality of the cooperation partner.
· The possibility of publishing employer rankings of users, for example in connection with the customer’s job adverts.
6.2 The customer’s rights under the contract are not transferable and not assignable. Any transfer of the contract to a third party requires ZS’s consent.
6.3 If ZS has obtained in connection with the customer’s order its e-mail address, ZS will have the right to send by e-mail to the customer including after the end of the contract information, questionnaires and other commercial communications concerning the ordered and similar services of ZS. The customer can opt out of this informally and free of charge at any time with effect for the future by sending an e-mail to ZS. ZS will inform of this right to opt out in every e-mail.
6.4 The customer undertakes, in the case of advert building by ZS, to provide in good time all of the information and documents which are necessary and appropriate for the creation of the objectives outlined in the contract. This includes in particular the supplying of advertising texts and layouts in digital form. The customer will also inform ZS immediately if one of the service elements it has ordered is no longer current. The customer also has to observe the duties of cooperation for individual service elements described in the respective product-related terms and conditions or, if these exist, product descriptions. If these requirements are not met in good time, any deadlines for performance of the service for ZS will be extended accordingly.
6.5 The customer will ensure that e-mails from ZS are received without any trouble and in this connection set up ZS as a “trusted server”.
6.6 ZS reserves the right not to fulfil orders placed by the customer, or to remove service elements already published in the Internet, if the published content is in breach of statutory requirements or official prohibitions, violates the rights of third parties, offends common decency or is in breach of the ZS’s terms and conditions (“impermissible content”). The same will apply if links to service elements are set on the customer instructions which lead directly or indirectly to sites with impermissible content. The customer’s obligation to pay will not be affected by this. ZS does not have to check whether the rights of third parties are affected by the advert.
6.7 If a claim is made against ZS for impermissible content or any other breaches of the law for which the customer is responsible, the customer will indemnify ZS at the first time of asking. The indemnification will also include the necessary legal costs.
6.8 In particular the following applies for the published content:
· If self-employed or freelance work is advertised, this has to be clearly identified as such in the text.
· If payments in advance or own financial investments are to be made by the candidate (including attendance of training courses and travel expenses), this has to be made clear in the text. The same applies if commission is paid for the successful recruitment of new members for a self-contained system.
The content has to relate to a vacant position or job. Advertising for club memberships is not allowed. Advertising for participation in illegal pyramid schemes is also not allowed (§ 16 of the Act against Unfair Competition (UWG)
· The job title, job description and company registration number have to be correct and must not be misleading or ambiguous.
· Websites which are named or sent to ZS for linking have to meet the minimum legal requirements and in particular have an impressum which complies with the principles established by law and court decisions.
· The requirements of the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz) have to be met.
· Even if the above requirements are met, content which is not relevant to the job search, for example competitions, non-career-related events, pure promotions etc., may not be published in addition to the content relating to the position or job.
· If these requirements are not met, the content will be deemed to be inadmissible content with the consequences of Number 6.
· ZS accepts no responsibility for supplied data material, advertising texts or storage media relating to this and will in particular not have to store this or return this to the customer.
· ZS has the right to use vicarious agents.
· If the customer, in the case of the agreed advert building by ZS, has not supplied any data material or advertising text, at the earliest three days after the start of the contract term ZS will have the right, but not be obliged to place the advert using a standard layout provided by ZS and to use the logo/images required for this from the customer’s company website. The customer will be informed of this. This service is provided by ZS on a voluntary basis and may be stopped at any time.
· The customer has to configure its own infrastructure in keeping with the current state of technology so that it is neither the target nor the origin of disturbances which are likely to affect the Internet service provided by ZS or the general smooth and flawless network operation.
· The customer will ensure that all of the content or parts of this published by it in the Internet or handed over to ZS for publication are free from the rights of third parties. The customer will compensate ZS for any losses it incurs due to a breach of this provision at the first time of asking.
For service elements which are placed or used on sites which are not operated by ZS, additional restrictions and requirements besides these GTC and the product-related terms and conditions may apply. We point out that there may also be certain statutory requirements and prohibitions for job adverts in other countries. These must be complied with. We would be pleased to provide specific information on further requirements and restrictions for the sites not operated by ZS upon request.
7.1 This contract does not contain any transfer of property rights and rights of use, licences or other rights to the software to the customer. All rights to the software used, to marks, titles, trademarks, copyrights and other commercial rights of ZS will remain entirely with ZS.
7.2 All work results and information published by ZS are subject to ZS’s copyright. Excluded from this are only those work results and information published by ZS that were created by the user or a third party and adopted by ZS unchanged for publication in the Internet.
7.3 With the publication of the job adverts, ZS will obtain the sole database rights to the customer’s job adverts published on the ZS sites.
7.4 The customer will bear the sole responsibility under press and competition law, as well as all other responsibility, for the content provided by it intended for publication.
7.5 The customer confirms with the placement of the order/receipt of the access details that it has acquired all of the rights of use of the holder of copyrights, ancillary copyrights and other rights to the documents and data provided by it required for placement in the Internet and that it can use these as it pleases.
8. WARRANTY, DEFECTS
8.1 ZS will ensure that the services ordered by the customer, to be performed by ZS and published in the Internet will be implemented in line with the generally accepted technical standards.
8.2 The customer will not be able to make claims for defects if there is only a minor deviation from the agreed quality and usability is only slightly affected. Defects are to be notified in writing immediately by the customer, no later than 7 days after placement of the service elements in the Internet. ZS will initially correct the defect by way of supplementary performance in terms of a longer placement. Only if this fails can the customer demand a reduction in price or exercise a right of withdrawal for individual service elements. The customer has to declare upon request by ZS within a reasonable period of time whether it, due to the delay in delivery, will continue to insist on delivery and/or which of the claims and rights it is entitled to it will make or exercise. In repeated cases the customer will have the right to terminate the whole contract for the future. The contract cannot be terminated with effect for service elements that have already been published.
8.3 All warranty claims of the customer will become time-barred in one year, calculated from the time when the customer became aware of the defect or should have become aware of the defect without gross negligence.
9.1 ZS will be liable for compensation for whatever legal reason – in cases of wilful intent and gross negligence and for damages due to injury to life, limb or health, if ZS has fraudulently concealed a defect or guaranteed its absence, as well as for claims under the Product Liability Act (Produkthaftungsgesetz). In cases of ordinary negligence ZS will only be liable for damages due to the breach of a material contractual obligation (fulfilment of such an obligation allows the contract to be performed at all in a properly and orderly manner; the contract partner regularly trusts and may trust that it is complied with); in this case the liability though is limited to compensation for foreseeable, typically occurring damage.
9.2 The customer can only withdraw or terminate due to a breach of duty not involving a defect if ZS is responsible for the breach of duty.
9.3 If a claim is made against the customer by a third party (“property rights claim”) for an infringement of patents, copyrights, trademarks, business designations or business secrets by a service provided by ZS (“property rights infringement”), ZS will indemnify the customer against all costs (including legal defence costs) and claims which it incurs due to final judgements by competent courts or written settlements concluded by ZS, provided that (i) the customer did not cause the property rights violation, for example in the case of the publication of inadmissible content as defined by No. 6.6, (ii) the customer informs ZS in writing within no more than twenty (20) working days of the claim first being made, (iii) ZS retains sole control of the defence against the property rights claim and (iv) the customer provides appropriate support and all of the information so that ZS meet its obligations according to this. The above obligation will not apply for actions or declarations for which ZS has not given its prior consent in writing and not if the customer continues the infringing activity after it has been informed of changes which would have prevented an infringement. If a property rights infringement has been found by a competent court or is considered to be possible by ZS, ZS may at its own discretion and at its own cost either (i) replace or change the services so that a property rights violation no longer exists, or (ii) obtain right of use for the customer to the property right or (iii) if measures pursuant to (i) or (ii) are not possible or not reasonable, terminate this contract extraordinarily with immediate effect.
10.1 ZS agrees to treat as confidential all information marked as “confidential” which ZS receives from the customer under this contract. This obligation will also be met ZS after the contract term ends.
10.2 With the acceptance of the offer, it will be agreed at the same time that both parties will comply with all applicable data protection laws.
10.3 The customer is hereby informed pursuant to the Data Protection Act (Datenschutzgesetz) that ZS stores its data in machine-readable form and processes it by machine for contract purposes.
10.4 When using IDs, passwords, user names or other security devices provided in connection with the services, the customer has to exercise the greatest possible care and take all measures which ensure the confidential, secure handling of the data and prevents its disclosure to third parties. The customer will be held responsible for the use of its passwords or user names by third parties, if it cannot explain convincingly that the access to such data was not caused by the customer itself and the reasons for this were out of its control. The customer has to inform ZS immediately of any potential or already known unauthorised use of its access details. In the event of a breach of one or more of the obligations specified in these GTC by the customer, in particular but not only those stated under this point, ZS will have the right to terminate the services without further notice and remove them from the website, without waiving any payment obligations of the customer.
11. WARNING, COURT RULING
If the customer has received a warning for one of the products published by ZS, if it has already made a cease-and-desist declaration concerning certain adverts (content) or if a corresponding temporary injunction, judgement, court ruling or official order has been made, the customer will have to inform ZS of this immediately in writing. If the customer does not do this, ZS will not be liable. The customer will then have to indemnify ZS against any claim by a third party at the first time of asking and compensate ZS for any damages.
12.1 The term agreed in the contract (“contract term”) will start when the first service element is provided by ZS. It will start at the latest 14 days after it has come into force, if the customer is responsible for the first service element not being provided in good time. It will end automatically at the end of the agreed term, unless otherwise is agreed in the following product-related terms and conditions.
12.2 Agreed service elements can only be accessed within the agreed contract term. With the end of the contract term, the customer’s right to access services not claimed before the end of the contract term will expire.
13. PLACE OF JURISDICTION
The contract and its interpretation are subject to the law of the Republic of Austria. If the customer is a merchant a legal entity under public law or a special asset under public law, the courts in Linz will have exclusive jurisdiction for all disputes arising from or relating to the contractual relationship concerned. In all other cases we or the customer can bring an action before any court of competent jurisdiction on the basis of statutory regulations.
PRODUCT-RELATED TERMS AND CONDITIONS
1. DESCRIPTION OF SERVICES
1.1 These terms and conditions for job adverts (hereinafter: “adverts”) supplement ZS’s general terms and conditions and will prevail over these in cases of doubt. The customer can place one or more adverts on the websites of ZS for the purpose of staff recruitment. The adverts will be published in HTML format in the Internet.
1.2 The adverts to be published must meet the following requirements, otherwise the content will be inadmissible with the consequences of No. 6.6 of ZS’s general terms and conditions:
– In the adverts only links to the customer’s website are allowed to be published.
– Text references and/or links in the advert to other job offers not published on one of the ZS websites are not allowed. These also include the job market on the customer homepage.
– Invitations for speculative applications are not allowed.
– Links to competitors of ZS are not allowed, unless the customer itself is a competitor of ZS and the link is to its website.
– All of the content of an advert has to be immediately visible for the user. Unless they are explicitly offered by ZS as part of special advertising products, own tracking codes of the customer and interactive elements which can be controlled for example by clicks or mouseover are not allowed. This does not include links to other sites and e-mail addresses, whereby § 1.2, bullet points one, two, four and six are to be noted. In each and every case links have to be arranged so that it is clear when they link to external sites.
– Admissible links are only allowed as so-called “no follow” links, this means they are to be set so that they cannot be used by search engines to calculate the popularity of the link.
– Any influence on the search result lists outside of the options provided by ZS (categorisation, title and visible text of the advert) is not allowed. This includes in particular but not exclusively hidden texts (e.g. white texts on white background, text behind an image, use of a CSS to hide text, use of the font size 0) and hidden links.
– The categorisation, title and advertising text of the advert have to be related to the job advertised in the advert.
1.3 ZS has the right, but is under no obligation to also publish the job advert elsewhere, in particular on sites of partners of ZS, or to make appropriate links to sites of third parties. This is an additional and voluntary service provided by ZS. No additional costs will be incurred by the customer for this.
1.4 The customer is aware that it cannot be ruled out completely given the current state of technology that the job adverts published on the websites of ZS and its partners are copied, linked to and/or published by other Internet providers, disguised as their own offer with the help of frames. ZS will endeavour, within the realms of what is technically and legally possible, to prevent any copying, linking and/or framing in the above sense. The customer makes all necessary declarations of consent to this end with the placement of its advertisement order. Any unauthorised publication or any unauthorised linking and/or framing by a third party will not establish the right for the customer to make any claims against ZS.
1.5 Templates provided by the customer for advert building will only be returned by ZS to the customer upon receipt of a specific request in writing by the customer. The obligation to retain ends with the end of the advertising contract.
1.6 ZS is not obliged to retain the placed advertisements for the customer. ZS shall regularly delete advertisements in the customer centre that have not been edited and/or activated for at least three years.
1.7 In order to improve the quality of the advert across all devices, ZS reserves the right to change the layout of the advert accordingly.
1.9 This specification of services is conclusive.
2. TIME OF PLACEMENT OF THE ADVERT
2.1 The advert will be placed and published at the time agreed in writing with the customer. If no such time has been agreed, the customer can publish the advert immediately after the access details for the customer centre have been sent. The access details for the customer centre will be sent to the customer in writing or by e-mail. In this case the advert placement will start on the day that follows the day upon which the access details are received by the customer.
2.2 The customer is responsible for the delivery of the full, defect-free and appropriate advertising material. ZS will not be responsible for delays which occur due to the content of the advertising text provided by the customer for publication, whether for content or technical reasons.
2.3 The customer has to check the job advert as soon as it is activated and published for completeness and accuracy and immediately notify of any defects. If the customer does not notify of the defects, the placement of the advert will be deemed to have been approved as free of defects.
4. NON-BINDING OFFERS: INTERNATIONAL DEALS, FREE SERVICES
4.1 Offers and prices for International Deals are always subject to change and depend on ZS’s continued cooperation with its partners abroad until the advertisement is placed. A change of the conditions for International Deals does not entitle to cancel the framework agreement with Zeitgeist Sommelier.
4.2 ZS may, at its sole discretion and without legal obligation, occasionally offer certain services free of charge under more specifically defined conditions. All free services are subject to change and may also be discontinued at any time without notice or terminated individually or in full. The customer has no legal claim to the use of free services.
5.1 We advise our customers that ZS cannot prevent the unauthorised publication of job adverts by third parties. ZS will though make every effort to prevent such publications within the realms of what is legally and technically possible. The business partner declares its agreement with this.
5.2 If the protected rights of the customer are used in the publication of the advert, in particular trademark rights and copyrights, the customer grants with the advertisement order the authorisation to use these rights. The customer assures that it has the right to grant the authorisation.
5.3 Any offer by ZS quoted at a lower price than in the price list is only valid under the specific conditions for the specific customer. It will not apply if the customer would like a different contract partner, e.g. an agency, to act on its behalf instead.
5.4 The transfer of the contract to a third party by the customer (“reselling”) requires ZS’s prior consent.
II. SPECIAL ADVERTISING PRODUCTS
1 SPECIFICATION OF SERVICES
The specification of services is considered to be a quality agreement and is conclusive. Additional functionalities are not owed.
· Logo of the company A-Z (rotating)
ZS will publish on behalf of the customer a company presentation specified by the customer including the company logo, which will be provided to ZS by the customer. The company presentation includes a link to the customer’s job adverts.
· Newsletter article
ZS regularly sends a newsletter to registered applicants which contains career-specific topics and company presentations. The customer will be presented uniquely with a text specified by the customer or a text drafted by ZS and a logo/image, and highlighted in the current newsletter. This short company presentation will include a link to the customer’s job adverts on the respective job board. .
· Company banner, employer logo, premium company profile
The company banner will be placed in a prominent position in the search results of ZS’s job boards. The customer will provide ZS with the finished company banner as a JPEG or GIF file. If several company banners are posted at the same time, these will appear on a random rotating basis. The employer logo will appear on the homepage on a random rotating basis.
The premium company profile consists of a company presentation in which photos and a video about the company can be integrated. Image files can be supplied in jpg, png or gif format.
The customer can send a link to its video presentation uploaded in its Vimeo or Youtube channel to ZS, which will then be linked to by ZS in the premium company presentation.
The prices and details of the products are based on the ZS price lists or contractual agreements.
· Jobfinder advert, Premium Job and Top Listing
ZS will publish on behalf of the customer an advert specified by the customer in ZS’s Jobfinder which is published regularly (hereafter: “Jobfinder advert”). This will consist of a text advert and an image. The text advert must not exceed 300 characters (including spaces and heading) and the image must not be more than 300 pixels wide. The Jobfinder advert will be published in a ZS Jobfinder in accordance with the requirement under press law to separate adverts from editorial content. A link can be made to ZS job adverts, ZS job overviews, ZS company portraits or recruiting events on the customer homepage.
Only one Jobfinder advert per Jobfinder will be published.
The customer has to send the advertising material to ZS in complete and correct form at the same time as the booking, or alternatively at the latest two days before the planned publication date. If the advertising material is not received by ZS in time and in complete and correct form, the right to publication will expire without replacement. ZS’s claim for payment will remain unaffected.
The customer is aware that the Jobfinder is only sent to subscribers. Subscribers can register to receive the Jobfinder free of charge, whereby they will only receive an edition if it contains at least one job advert which matches the profile specified. Subscribers can unsubscribe and use explicit blocking notices. ZS can therefore not guarantee the number of recipients.
With the booking of Premium Job, the customer’s advert will appear on the homepage on a random rotating basis.
ZS offers with Top Listing the placement of adverts in the upper area of the results list which will appear there on a random rotating basis.
III. ONLINE ORDER
1. SPECIFICATION OF SERVICES
These terms and conditions for online orders of job offers supplement our general terms and conditions.
2. CONCLUSION OF CONTRACT
The contract will be concluded when the order is placed by the customer and accepted by ZS. ZS will accept the order within one week with confirmation by e-mail. The confirmation of receipt of the order nerated automatically and does not constitute any declaration of acceptance. The products and price lists published on the website are always non-binding. We endeavour to publish correct products and price lists at all times. ZS will only be bound to deliver the products at the prices stated after receipt of the declaration of acceptance by ZS.
3. PAYMENT TERMS
3.1 AE commission is NOT granted for online input.
3.2 The invoice is issued upon conclusion of contract, unless otherwise is agreed in the individual contract. ZS reserves the right to demand payment in advance. The payment claim will be payable 10 days after the invoice date without deduction.
3.3 ZS grants refunds in accordance with the statutory requirements.
4. CUSTOMER INFORMATION OBLIGATIONS
4.1 ZS will provide the following information: The customer will be guided to the contract for advert placement by the following individual technical steps:
· Complete the order form including advertising copy
· On some pages a preview of the advert can be viewed until the order is placed. Before completing the order, the order can be checked for input errors by clicking on the “Order now” button. Corrections can be made by returning to the previous steps by clicking on the corresponding button.
· Customer reads and accepts the GTC
· Customer clicks on “Order now”
· Electronic confirmation of receipt of the order by ZS (this is not a confirmation of the order, but serves as confirmation of receipt of the order)
· Confirmation of the order by ZS by e-mail to the customer
· The contract is concluded with the receipt of the confirmation of the order by ZS. The advert is now placed online.
4.2 These terms and conditions (general terms and conditions, the product-related terms and conditions for adverts and the product-related terms and conditions for online input) comprise the complete contract text for the online placement of an advert. The price for online input will be as stated in the price list which is published on the websites of ZS at the time the contract offer made to the customer of ZS is prepared. The legal relationships which are established by the (free) visit to the ZS website are explained in more detail and defined in our terms and conditions of use. After the conclusion of the contract, in the case of online input we store the customer’s entries. After the conclusion of the contract, the data input will not be available to the customer. Furthermore, we point out that we always publish only the current GTC and price lists online and that the GTC and price lists current at the time the contract is concluded will also no longer be available to the customer when they are subsequently updated.
4.4 The language available for the conclusion of contract is German or English.
4.5 ZS is bound by the Austrian data protection standards as well as the codes set out in ZS’s terms and conditions of use and data protection declaration.
2 OBLIGATIONS OF THE CUSTOMER AS CONTROLLER
2.1 The customer is responsible for personal data processed by ZS in accordance with the terms of the contract.
2.2 The customer shall inform ZS immediately and completely if it discovers errors or irregularities with regard to data protection regulations when reviewing the results of the processing.
2.3 The customer shall keep a record of processing activities.
3 OBLIGATIONS OF ZS AS CONTRACTOR
3.1 ZS shall inform the customer immediately if ZS is of the opinion that an instruction violates applicable laws. ZS may suspend execution of the instruction until it has been confirmed or amended by the customer.
3.2 ZS shall comply with the provisions of this contract and relevant data protection rights.
3.3 ZS takes appropriate organisational and technical measures in accordance with the relevant data protection laws, to protect the personal data of the data subjects and their rights and freedoms, taking into account implementation costs, the state of the art, type, scope and purpose of processing as well as the probability of occurrence and severity of the risk. These protective measures are recorded in the overview of technical and organisational measures. The technical and organisational measures are subject to technical progress and further development. In this respect, ZS is obliged to check the effectiveness of the system and adapt it accordingly if progress is made in accordance with the state of the art. Alternative safety measures are permitted as long as they do not fall below the safety level of the defined measures. Significant changes must be documented and reported to the customer without delay. If the measures are changed in such a way that from the customer’s point of view ZS cannot guarantee equivalent or higher protection of the data, the customer has the right to extraordinary termination after unsuccessful issuance of instructions with regard to the services covered by these additional conditions for contract data processing. The same applies if notice of such changes is not provided.
3.4 ZS shall provide the customer with the information necessary for the record of processing activities pursuant to Art. 30 para. 1 GDPR and shall keep a separate list of all categories of processing activities carried out on behalf of the customer pursuant to Art. 30 para. 2 to 5 GDPR.
3.5 All persons who can access personal data processed on behalf of the customer in accordance with the customer’s commission shall be bound to confidentiality in accordance with Art. 28 para. 3 b) GDPR and shall be informed of the special data protection obligations resulting from this commission as well as the existing binding instructions and/or purpose.
3.6 ZS is obliged to appoint a company data protection officer. The latest contact details are easily accessible on ZS’s homepage.
3.7 ZS guarantees the protection of the rights of data subjects and supports the customer to the necessary extent in responding to requests for the exercise of rights of data subjects pursuant to Art. 12 – 23 GDPR. ZS shall inform the customer immediately if a data subject contacts ZS directly for the purpose of providing information, rectification, erasure or restricting the processing of their personal data.
ZS supports the customer in carrying out data protection impact assessments pursuant to Art. 35 GDPR and the resulting consultation of the supervisory authority pursuant to Art. 36 GDPR to the necessary extent. ZS supports the customer with regard compliance with reporting and notification obligations in the event of data protection breaches within the meaning of Articles 33 and 34 GDRP.
3.8 ZS shall immediately inform the customer in text form in the event of operational disruptions, suspected personal data breaches pursuant to Art. 4 No. 12 GDPR in connection with data processing or other irregularities in the processing of the data for the customer. In consultation with the customer, ZS shall take appropriate measures to secure the data and to minimise possible adverse consequences for data subjects insofar as the personal data breach was ZS’s responsibility.
3.9 In the event that the data protection authority investigates ZS, the customer must be informed immediately to the extent the investigation relate to the subject matter of the contract.
3.10 In the event that ZS intends to process data from the customer – including transfer to a third country or an international organisation – without having been instructed to do so by the customer, i.e. because ZS is obliged to do so pursuant to Art. 28 para. 3 sentence 1 a GDPR, ZS will inform the customer immediately of the purpose, legal basis and data concerned, unless and to the extent that such a notification is prohibited by law.
4 AUDITS INCLUDING INSPECTIONS
4.1 ZS shall provide the customer with all necessary information to verify the obligations set out in the contract. ZS permits the customer to conduct audits, including inspections in accordance with Art. 28 para. 3 h) GDPR, before the commencement and during the term of this agreement after reasonable prior notice and during normal business hours (9:00-18:00). The customer is entitled to satisfy itself directly, or through suitable third parties bound to professional secrecy, of the observance of the technical and organisational measures before commencement and during contract data processing, after timely notification at the business premises during normal business hours without disturbing the course of business. The result of these audits shall be documented and signed by both parties.
4.2 As proof of the technical and organisational measures, ZS may also submit current certificates, reports or report extracts from independent bodies (e.g. auditors, auditors, data protection officers, IT security department, data protection auditors, quality auditors) or a suitable certification by IT security or data protection audit (e.g. in accordance with BSI Basic Protection).
5 ADDITIONAL CONTRACT DATA PROCESSORS
5.1 The sub-contractors listed on the list available in Annex 1 are accepted upon commission contract data processing. ZS may award contracts to other contract data processors (subcontractors) by informing the customer in advance of the inclusion or replacement of new subcontractors by notification in text form of the change to the subcontractor directory and the customer does not provide notice of an objection within 4 weeks. In the event of an objection, ZS shall be entitled to discontinue applicant management or the services pursuant to No. 1.3 of the ZS Customer Centre product-related Terms and Conditions.
5.2 ZS shall impose the same data protection obligations on the sub-contractors as those set out in these product-related Terms and Conditions for ZS Contract Data Processing, so that such processing complies with the requirements of the GDPR.
5.3 Further outsourcing by the subcontractor requires the express consent of the primary contractor (at least in text form); all contractual provisions in the contract chain must also be imposed on the additional subcontractor.
5.4 Services used by third parties as ancillary services to assist in the execution of the contract processing shall not be deemed to be sub-processors. These include, for example, telecommunications services, maintenance and user service, cleaning staff, inspectors or the disposal of data media. ZS is, however, obliged to enter into appropriate and legally compliant contractual agreements and to take review measures to guarantee the protection and security of the customer’s data, even in the case of ancillary services provided by third parties.
6 ERASURE AND RETURN
At the end of ZS Customer Centre contract, ZS shall erase the data contained included in the applicant management system. Otherwise, YCG will eras ZS data at the latest one year after receipt of the application in the applicant management system and upon request of the customer.
Annex 1 to the Additional Conditions for ZS Contract Data Processing – Subcontractor Directory
ZS’s subcontractors listed below are approved upon commissioning processing:
Zeitgeist Sommelier – Gruberstr. 78/3/12, 4020 Linz, Austria
– Customer service
– Customer service
· Physical entry control: No unauthorised access to the data-processing facilities, ensured by:
The data centres have a multi-layered security structure. The exterior areas of the data centers are equipped with high-security fences and walls. The entrances are protected by security personnel 24 hours a day, seven days a week. The facilities are monitored by security cameras. Access to the server rooms is secured by magnetic cards. The systems are stored in locked server cabinets.
Comprehensive security measures are also in place at the respective ZS sites. Access is only possible by means of magnetic cards and visitors must be granted special access.
· Access control: No unauthorised system use ensured by means of:
The customer can only access the data processed on their behalf (or to data to which they have been provided access by the customer for whom it was processed) after logging into the customer area with the password defined by them. ZS only stores the log-in details in multi-encrypted form.
The data flow between users and the system is encrypted end-to-end by default, using the Transport Layer Security (TLS) protocol.
ZS has an internal password policy for its employees that requires, among other things, that passwords must be at least eight characters long and be changed regularly, must not be identical or similar to the user name, must contain at least three of the four following characters: i) uppercase letters, ii) lowercase letters, iii) digits, iv) symbols.
· Access control: No unauthorised reading, copying, changing or removal within the system, ensured by means of:
The access rights of the customer are strictly limited to the data that are actually processed on behalf of the respective customer. Only specifically defined ZS personnel can access data that is processed on behalf of the customer, provided this is required for system administration and customer service purposes at the customer’s request.
The system logs all events related to data processing on behalf of the customer.
· Separation control: Separate processing of data collected for different purposes, ensured by:
The ZS customer centre is multi-client capable, so that every single logged in customer can only see the data that is connected to their account (or to data to which they have been provided access by the customer for whom it was processed).
· Pseudonymisation (Art. 32 para. 1 a) GDPR; Art. 25 para. 1 GDPR): Not relevant, as the customer requires non-pseudonymised access to the data.
2. Integrity (Article 32 para. 1 b) GDPR)
· Transfer control: No unauthorised reading, copying, changing or removal during electronic transfer or transport, ensured by:
All data sent over publicly accessible networks is end-to-end encrypted using the Transport Layer Security (TLS) protocol
· Input control: Determining if and by whom personal data has been entered, modified or removed within data processing systems, ensured by:
The ZS system logs the activities of each log-in and log-out.
3. Availability and resilience (Art. 32 para. 1 b) GDPR)
· Availability control: Protection from accidental or intentional destruction or loss, ensured by:
Anti-virus programs and firewalls are used.
The hosting environment is equipped with fire detectors, water leakage detectors and raised floors. Temperature and humidity are constantly monitored to maintain predefined values. There is an uninterrupted power supply for at least 72 hours.
· Timely restoration (Art. 32 para. 1 c) GDPR), ensured by
Uninterruptible power supply (UPS);
Virus protection and firewalls;
Emergency and contingency plans;
4. Procedures for regular review, assessment and evaluation (Art. 32 para. 1 d) GDPR; Art. 25 para. 1 GDPR), ensured by:
· ZS organizes regular audits with external service providers to check its data security standards and processes. Network penetration tests are carried out regularly.
· We track and verify protocols at two levels before the request reaches our application servers. This is done on a firewall and a web application firewall level. This allows us to analyze and block any unusual queries to the database at the data provisioning level, preventing SQL injection attempts. The system itself logs incorrect log-on attempts if the request was made by firewall and WAF.
· Our data protection measures are continuously reviewed in a PDCA cycle.
Linz, August 2019