PakChamp provides web hosting to its clients globally, and we have a responsibility to protect each client and to provide the best possible services.
All clients / accounts & services of PakChamp are subject to the following terms of service:
§ 1 Scope, conclusion of contract
(1) The following provisions apply in their respective version to all contracts concluded between the Provider and a Customer¹ for the services agreed upon with the Customer. Deviating, contradictory or supplementary terms and conditions of a Customer shall only become a part of the contract if agreed in writing.
(2) The following terms and conditions shall also apply to future contractual relationships between the Provider and a Customer, even if this has not been specifically stated again. This also applies if a service is performed while being aware of conflicting terms and conditions of a Customer.
(3) Contracts are concluded upon application by the Customer and acceptance by the Provider, which shall also be constituted by the performance of the services requested.
¹Customers in the sense of this regulation expressly concerns all genders.
§ 2 Services of the Provider
(1) The scope of the individual services is based on the current service description in force at the time of placing the order. Deviating provisions in the service description take precedence over these conditions.
(2) When ordering, the Customer has the option to choose between the server locations USA or EU or to leave the decision to the Provider. Unless the server location EU is chosen, the additional provisions in Annex 3 apply.
(3) If no other agreement has been expressly reached, the Provider shall also be entitled to instruct expert staff or third parties to provide the services incumbent upon him. If active co-operation is required on the Customer's part on another server, e.g. during the transfer of a web space package or other data stored on the Provider's server, the Customer shall provide such co-operation in accordance with the Provider's instructions and within the stipulated time.
(4) The Provider can adapt its services to technical progress or to changes in the legal framework at any time. This includes the relocation of the services to another data center within the server location chosen by the Customer, or between the server locations if the Provider has been given the choice.
(5) If the services to be performed by the Provider also include the provision of specific server, the Customer is only entitled to a device with the performance features from the category ordered. The hardware as well as features that do not influence the performance features are determined by the Provider at his own discretion. If fixed IP addresses are provided to the Customer in this context, the Provider reserves the right to change the IP address(es) assigned to the Customer if this should become necessary for technical or legal reasons. The Provider will inform the Customer of any changes, including changes to IP addresses in accordance with this subsection 5.
§ 3 Obligations of the Customer
(1) The Customer informs the Provider at least of the following data upon conclusion of the contract:
(2) The Customer ensures that the data provided by him to the Provider is correct and complete. This applies in particular to the indication whether the Customer is a consumer or a business customer. The Provider expressly points out that this information is subject to legal consequences and that cases of incorrectness may result in claims for damages.
(3) The Customer undertakes to inform the Provider immediately about changes of the provided data and to confirm the current correctness within seven (7) days upon receipt of a corresponding request from the Provider.
(4) The Customer is obliged to make proper data back-ups on a regular basis. This also applies if special security measures have been agreed upon by the parties.
§ 4 Payment Conditions
(1) If no other agreement has been reached, the Provider shall be entitled to demand payment in advance for all services ordered by the Customer for the respective period. The Provider can make his service dependent on the first receipt of payment.
(2) Should the Provider be commissioned by the Customer to provide services that exceed the duties and responsibilities detailed in these Terms and Conditions and in the service description (e.g. software-configuration, correction of errors or problems etc., that were not caused by the Provider) the Provider shall be entitled to demand adequate remuneration. In this case, a standard payment according to the price list of the Provider shall apply.
(3) The Provider can adjust the prices at any time according to market developments. A price increase requires the consent of the Customer. Consent is deemed to have been given unless the Customer objects to the price increase within 4 weeks of receipt of the notification of change. The Provider undertakes to inform the Customer of the consequences of a failure to object with the notification of change.
(4) Payments made by the Customer shall not be refunded except in the case of an effective revocation, in which case, however, the conditions of § 5 para. 5 shall apply. Should the Customer have paid an amount to the Provider, the amount of which exceeds the payment amounts due up to the end of the contract term and owed by him for the services ordered by him up to that point, it is agreed that the remaining amount does not expire, but that it is used - instead of a refund - as a credit for the provision of further / new services, which the Customer can order from the Provider at any time.
(5) If the Customer chooses the payment method "direct debit" or a payment option of a payment service provider (e.g. PayPal or Skrill), he hereby agrees that any amounts resulting from the services of the Provider will be debited from his account. These monetary amounts can be:
(6) In the case of return debit notes for which the Customer is responsible, the Provider charges a return debit note fee according to the current price list unless the Customer proves that no damage at all or a lower amount has been incurred.
(7) In the case of a failed direct debit, the Customer is generally in default on the day of the failure. If the Customer is in default of payment, the Provider reserves the right to charge the Customer for default costs if these costs were culpably caused by the Customer. This includes interest on arrears at the statutory rate as well as the costs of appropriate legal action, in particular reminder and collection charges, court fees and lawyers' fees. Furthermore, the Provider has the right to interrupt the service contract until full payment has been received. This interruption can also be accompanied by a new allocation of services that are cost-intensive for the Provider and that have been used by the defaulting Customer up to now. In this case, a loss of data cannot be ruled out, for example in the context of a server reallocation to new Customers. For the reactivation of a server or a webspace package, one-time fees according to the current price list shall become due.
(8) The provisions set out in paragraphs (6) and (7) shall also apply in the event of default of payment if the Customer has chosen a payment method via a payment service provider.
(9) Insofar as a contract has been concluded with the Customer without an obligation to pay in advance or if other services subject to payment are provided by the Provider which are not covered by the above provisions, all fees are due for payment fourteen (14) days after the invoice is issued without deduction, plus statutory VAT where applicable.
§ 5 Contract period, withdrawal, termination
(1) Unless otherwise agreed between the parties, all webhosting packages ("webspace") and colocation services and domains offered by the Provider (Pakchamp) assume a minimum service period of twelve months with an automatic extension of the agreement for twelve months.
(2) Terminations have to be made by the Customer by using the Pakchamp-customer login (https://billing.pakchamp.com), alternatively they have to be communicated to the Provider in text from (e.g. telefax or email).
(3) The right to terminate for good cause remains unaffected to either party. An important reason for termination shall in any case exist if the Customer is in default with a payment obligation despite a reminder or culpably violates the regulations in §§ 2, 3, 6 and 7.
(4) The termination of the agreements between the Provider and the Customer has no influence on the registration of an internet domain and the corresponding contract concluded with the registration authority. As far as the Customer wants to cancel the registration contract, this has to be declared explicitly to the Provider (see § 8).
(5) In the event that the Customer is a consumer within the meaning of § 13 BGB and exercises his right of revocation, the following shall apply:
§ 6 Third party rights
(1) The Customer expressly assures that the provision or publication of web page content created either by himself and/or web pages created for him by the Provider based on information provided by the Customer neither infringes German law nor any other law applicable in the Customer’s country of residence, in particular copyright, data protection and competition law. Furthermore, the Customer assures that the contents provided or published by him/her are not contrary to common decency, do not contain pornographic or obscene material, incite racial hatred, violate human dignity, endanger children or adolescents, or are insulting or discriminatory. This also applies to websites of third parties to which the Customer creates a link or has a link created.
(2) If the Provider is requested by third parties to change or delete contents of web pages because they allegedly violate third party rights, the Provider will immediately inform the Customer and request a statement. If the Customer does not respond within a reasonable period of time or if the statement does not sufficiently refute the accusation, the Provider reserves the right to block server access until the matter has been clarified. In this case, the Provider is also entitled to block web space packages or server or to exclude them in another suitable way from access by third parties. The Customer's payment obligations remain unaffected in this case
(3) The subsections above are also applicable for all other products offered by the Provider which are suitable for publishing data, such as VPS or colocated server.
§ 7 Industrial Property Rights, Copyrights
(1) All rights to the services of the Provider made available during the term of contract, specifically software, know-how, trademarks or other industrial property rights remain expressly and unrestrictedly with the Provider. During the term of contract, the Customer is entitled to a non-transferable, non-licensable right of use within the scope of the agreed services. This also applies in the event that Customer-specific adaptations have been made.
(2) Insofar as the agreed services require the use of industrial property rights or copyrights of third parties, their provisions shall apply additionally in any case. This also applies to open source software; the Provider shall make the conditions of such software available to the Customer upon request.
(3) In any case, the provisions pursuant to §§ 17 and 18 of these terms and conditions apply.
§ 8 Internetdomains
(1) Should domain registration or domain hosting form part of the services offered to the Customer, the Provider shall act only in the capacity of mediator between the Customer, DENIC, InterNIC or other domain registration authority. Agreements with such organizations only create rights and obligations for the Customer. In this case, all terms and conditions of the respective registrar shall also become part of the contract without this requiring a separate agreement.
(2) The Provider has no influence on the allocation of domain names. He therefore cannot warrant that the registered domain names are not subject to claims by third parties or that they are unique or permanent. This also applies to sub-domains allocated within the Provider's domain.
(3) If the Customer should be requested by a third party to surrender a domain because it may infringe third party rights, he shall inform the Provider immediately. In such cases the Provider shall be entitled to surrender the Internet domain on behalf of the Customer.
(4) If the Customer wishes to terminate a domain registration, he must notify the Provider in writing at least three months before the end of the registration period. If this notification is omitted, the registration will continue according to the regulations of the registry.
(5) In the event of termination of the contract with the Provider, for any reason, the Customer is obliged to ensure that the domain is moved in good time. If this does not take place, the Provider can transfer the administration of the domain to the registry or, after requesting a statement from the Customer, cancel it if no Customer reply is received.
§ 9 E-Mail and Newsgroups
(1) If the provision of e-mail addresses or e-mail services forms part of the services offered by the Provider, the limitations set out in § 8 (2) shall apply analogously to e-mail addresses provided for the Customer. The Provider reserves the right to delete the Customers e-mail messages if they are not retrieved from the mail server within four (4) weeks of receipt.
(2) If provision of access to public discussion forums (newsgroups) forms part of the services offered by the Provider the time period over which public news is stored shall depend upon operational considerations of the Provider.
(3) The Provider shall not be responsible for the e-mail addresses he provides; their use and management is outside the control of the Provider. In the case of misuse, the Provider shall be entitled to suspend all or individual e-mail addresses. The Customer shall be informed immediately about such measures.
§ 10 Limitation regarding content
(1) For webspace-packages, the following applies: The Customer must ensure that his web site is designed such that the server is not excessively loaded, e.g. caused by CGI/PHP scripts requiring considerable computing power or above average memory usage. Excessive loading shall be defined as such usage of the aforementioned resources such that the operation of a Pakchamp server is noticeably impaired or even crashes. The Provider reserves the right to prohibit Customers or third parties from accessing pages that do not comply with the aforementioned requirements.
(2) If no other agreement has been reached, the following content is forbidden:
(3) For dedicated, colocated and virtual server, the following applies: If no other agreement has been reached, the following content is forbidden:
(4) Should clause 1 or 2 be applicable, the Provider reserves the right to immediately suspend the webspace package or server. This course of action will also be implemented should other sites stored on the server or other server within the network of the Provider be affected by the Customer's site or server. The Customer shall be informed about any such suspension.
(5) The Provider reserves the right to immediately suspend of any server or webspace package on which any kind of proxy service, such as VPN or TOR, is operated, for which the Provider has knowledge of abuse or fraudulent or unlawful use.
(6) In case of such a suspension, solely the Customer, not the Provider shall be accountable for infringements of contracts. In any case the Provider's claim of payment of remuneration remains, for the entire contract period.
§ 11 Server-administration
The following applies for server offers (like dedicated, colocated and virtual server):
(1) The Provider concedes complete and sole administration-rights on rented/colocated server to the Customer. Only the Customer knows the individual administration-password of the server, not the Provider. The Provider is therefore unable to administrate the rented/colocated server. Hence the Customer is solely and entirely responsible for administration and security of his server, at his own expenses and risks. It is his duty to install necessary security-software and to inform himself constantly regarding security issues as well as to fix such by himself. Installation of maintenance software or other software does not absolve the Customer from this duty. It is the Customer's duty to configure his programs in such a way that they are restarted automatically when the hardware or the operating system is restarted. § 2 (5) applies.
(2) If necessary and reasonable, the Customer will assist at simple configuration changes, such as entering the login-data anew, or simple changes of his systems.
§ 12 Performance and Service Level Commitments
(1) The Provider guarantees an annual mean 95%-availability of the physical connection of his webspace packages, dedicated, colocated and virtual server. Exempted hereof are periods of time in which the server are not reachable over the internet due to technical or other problems which do not lie within the Provider's sphere of influence (force majeure, faults of third parties or of the Customer) and for previously announced maintenance work of the Provider.
(2) The server located in the datacenters of the Provider are connected to the internet over a complex network infrastructure. Data traffic is routed over different active and passive network components (routers, switches, and other devices), which have a certain maximum data throughput. Therefore, data throughput capacities can be limited for particular server at particular points and not be equal to the maximum allowed data throughput of the respective switch-port. Unless otherwise agreed, the Provider cannot give a guarantee for the amount of actually available bandwidth for individual server, but makes available bandwidth depending on the technical capability of the datacenter, taking into account obligations towards other Customers.
(3) Customers can use the server of the Provider or own colocated server for an incalculable number of different applications and use various software programs for this purpose at their own discretion. Therefore, millions of different configurations are possible. The wide range of possible applications makes it impossible for the Provider to guarantee the usability and compatibility of server regarding specific applications.
(4) Except for the specifications made in the service description, the Provider cannot guarantee specific server resources being available for individual webspace packages and VPS. Rather, the Provider makes available resources depending on the technical possibilities, taking into account obligations towards other Customers.
§ 13 Data protection
(1) is The Provider renders its services in conformity with the EU regulation 2016/679 (General Data Protection Regulation; GDPR), with the German Federal Data Protection Act (BDSG) and the data protection laws of the states (Lander) as well as with the German Telemedia Act (TMG).
(3) To the extent that further personal data is processed via the services of the Provider on behalf of the Customer and this qualifies as data processing, the Provider is a processor as defined in Art. 28 GDPR. For this purpose, the parties conclude the agreement for processing of data attached as Annex 1; if the processing is performed in a data center outside the EU, the provisions in accordance with Annex 3 additionally apply.
(4) The Provider expressly points out that the protection of data privacy for data transmission across open networks such as the Internet cannot be fully guaranteed with current technology. The Customer is aware that the Provider technically might be able to see the data stored by the Customer on his server at any time. This depends on the ordered hosting product. Other unauthorized Internet users may also be technically able to interfere with network security and control the flow of messages.
§ 14 Liability, limitation of liability, force majeure
(1) The Provider is liable for damages grossly negligently or intentionally caused by him or his vicarious agents (third parties pursuant to § 278 of the German Civil Code - BGB) as provided by law.
(2) In cases of violation of essential contractual obligations (essential are those contractual obligations which are essential for the performance of the agreed services so that the Customer can regularly rely on their provision) caused by slight negligence which lead to financial losses liability shall be limited to a liability insurance procured by the Provider (with regard to the amount of damages) and to predictable, imminent losses (with regard to the nature of damages). In all other respects liability is excluded.
(3) The limitations of liability stated above do not concern claims of the Customer regarding product liability and especially do not apply for damage caused to the Customer's health, or loss of life, fraudulent misrepresentation, or the violation of a guarantee or warranted quality attributable to the Provider.
(4) The liability regulations of § 44a TKG (Telecommunications Act) remain unaffected, to the extent that it is applicable.
§ 15 Indemnity
The Customer indemnifies the Provider against all possible third-party claims arising from any illegal action by the Customer or from errors in the information provided by the latter. This applies in particular to copyright, data protection and competition law violations as well as violations of the obligations under §§6, 7, § 8 and § 9 of the Terms and Conditions. Pakchamp shall not be obliged to check the Customer's websites for possible legal violations.
§ 16 Applicable law, place of jurisdiction
(1) The law of the Federal Republic of Germany exclusively applies, excluding the provisions of private international law and the Convention on International Sale of Goods (CISG).
(2) Any dispute resulting from this agreement shall be referred solely to a court of competent jurisdiction at the place of business of the Provider, unless the Customer is a consumer.
§ 17 Final provisions
(1) All communications by the Provider may be sent to the Customer by electronic means. This also applies to invoices sent for services provided under the agreement.
(2) The Customer may only set off claims against the Provider if the entitlement is recognized by the Provider or confirmed by a final judgement.
(3) The Provider is authorized to list the Customer as a reference-Customer without being obliged to pay a refund.
(4) The Provider has the right to change the subject terms of this contract as long as the changes are reasonable, taking into account the interests of the Provider. The consent of the Customer with such amendments shall be deemed to be given if he does not dissent within 4 weeks after receipt of the message informing him about the change. The Provider is obliged to inform the Customer about the repercussions of not dissenting within 4 weeks.
(5) Should one or more provisions of these General Terms and Conditions be or become invalid or unenforceable, the validity of the remaining provisions shall not be affected. In this case, the parties will agree on a change that corresponds to what was actually and economically intended. The same applies in case of a contractual gap.
(6) We are not obliged to participate in dispute settlement proceedings before a consumer arbitration board and we have chosen not to do so. The link to the platform for online dispute resolution of the European Commission can be found on our website under the imprint (”company details”).
§ 18 Licensing terms for Microsoft products
(1) Provided that the Customer has selected a Microsoft software product (e.g. Windows Server, SQL Server etc.) for installation on his server, the current provisions of the "Microsoft Service Provider Use Rights" (SPUR) and the "End User License Terms" (EULT) which apply within the context of the Microsoft "Service Provider License Agreement" to the Provider shall additionally apply, if the Customer is able to influence the use of the software or could infringe the provisions through use of the software. The Customer thus agrees to comply with the corresponding provisions and is responsible for observing them correctly. These provisions may result in the Customer’s possibility to use licenses acquired elsewhere with the server of the Provider being restricted or entirely removed.
(2) The Provider will supply a license for all Customer orders of Microsoft software products considering the Microsoft Service Provider License Agreement. This license allows the monthly use of the Microsoft software product on the server and limits its utilization permission with regard to some aspects. The Customer particularly must not use Microsoft products which require additional or other licenses according to SPUR or EULT. The Customer is obligated to comply with all these provisions on his own and is liable for violations against this usage policy to the Provider and Microsoft.
§ 19 Special terms for colocation-/housing-/bandwidth-offers
The following applies additionally if colocation-/housing-/bandwidth-offers are subject of the contract:
(1) The Provider is obliged to enable a connection to the internet and a storing position for the server according to the respective product description.
(2) The Provider does not provide any guarantee for hardware damage which can result, for example, from transport to the datacenter, back to the Customer or during going concern.
(3) The Provider grants the Customer access to his server-system during the office-times published on the homepage of the Provider in order to allow the Customer to work on the server-system. This requires, however, a written request which has to be addressed to the support-department of the Provider, at least 48 hours in advance. To access the server-system, the ID Card of the Customer or a statement of authority signed by the Customer is necessary. During the Customer's presence in the datacenter, the Provider has to fulfill various duties of supervision and control. Since this requires the attendance of the Provider's personnel, a fee will be charged according to the price list valid at that time per started hour according to the price list valid at that time. With prior agreement, the Provider can abstain from this at his sole discretion. If the appointment is not kept, the Customer has to cancel it at least 2 hours in advance (if during office hours) or at least 12 hours in advance (if outside of office hours). If there is no cancellation within the stated time periods and the appointment is not kept, the Customer will be billed according to the price list valid at that time.
(4) Reboots are provided for free by the Provider at the Customer's request unless stated otherwise in the product description and unless the number of reboots per month does not create disproportional effort.
(5) Other technical support services are not included with the offer. If the help of a technician is required, costs according to the price list per started 15 minutes incur.
(6) The Provider guarantees the following specifications regarding the availability of peripherals (air conditioning, electricity):
(7) Claims resulting from operational outage of peripherals (air conditioning, electricity) can only be asserted in case of violation of the guarantees mentioned in clause 6 up to the monthly amount for the colocated server and only if the outage has been lasting for over 72 hours (continuously, without breaks). If financial losses are claimed, these have to be substantiated and will be redeemed after verification up to an amount of € 500.00.
(8) The Provider does not assume liability for damage or loss of data.
(9) The Customer is responsible that the colocated equipment is flawless so that no negative impact for other devices can emanate from it.
(10) The Customer is liable for possible damages emanating from the server and is responsible for an adequate insurance.
(11) If the Provider intends to move to a different server location, the Provider informs the Customer immediately, at least one month in advance. Each party has a special termination right and can cancel the performances specified in this contract that are provided in the location which will change using written form. The termination will come into effect on the day the location is about to change. Given that the Provider has informed the Customer accordingly and neither party has made use of their special termination right, the contract continues unchanged at the new location. This subsection does not apply if the reason for the change of the location is a termination without notice of the rental agreement between the Provider and his lessor. In this case, only the following subsection (12) applies.
(12) The Customer is aware of the fact that the Provider himself has to rent the datafloor. If this contract concerns the housing and bandwidth provided in the datacenter, the contract concerning this performance ends automatically at the point of time when the rental agreement between the Provider and his lessor ends by means of an instant dismissal and the Provider has been unable to find a suitable new location. The Provider will inform the Customer immediately. Other agreements remain unaffected.
(13) If the server of the Customer needs more electricity or space than specified in the chosen offer, additional housing-modules are needed - when only noticed later, this change will be retroactive. The number and price of the required additional modules are specified in the price list of the Provider.
(14) The Provider reserves the right to adjust the price for housing accordingly to an increase of rental- additional and electricity-expenses, under the following conditions:
(15) The Customer agrees to the fact that the Provider opens the case of the colocated server and adds a 'Web Resetter' to the reset-pin of the mainboard. Using this device, the Provider is able to restart the server of the Customer at any time if the Customer requests it. Furthermore, the Customer is able to reboot the server himself using the aforementioned device if he orders the necessary upgrade. In case the server is returned to the Customer, the Provider will remove the 'Web Resetter' again.
(16) The Customer is aware of and agrees to the fact that the Provider publishes (Live-)video material and static pictures of his datacenter and that these videos/images might picture equipment or server of the Customer.
(17) If the Customer is in delay of payment for any performance between him and the Provider, the Provider has the right to keep the server and/or equipment of the Customer in his possession until payment is made in full.
(18) The Customer grants the Provider a lien on colocated server and other equipment to back claims resulting from the contract between the Provider and the Customer. The lien only expires once all debt resulting from the contract between the Provider and the Customer has been paid and the contract has ended. Starting with the inception of treaty, the Customer has to inform the Provider immediately should the server not be or cease to be his property, be pledged or assigned. If the Customer is entitled to other rights to the colocated server, especially expectant right, he assigns these to the Provider in order to back debts resulting from the contract between the Provider and the Customer.
(19) The lien and the contractual lien can also be asserted for claims resulting from former services or other claims.
(20) If the Provider exercises his lien, it shall suffice to send a written notice to the last known address of the Customer. No further notice is required.
(21) Legal liens are unaffected by these terms.
(22) If the Customer does not retrieve his server / other equipment within four weeks after the contract has ended, the Provider will stock the items for a fee according to the price list.
This agreement is concluded between the Provider (PAKCHAMP; below also named „supplier“) and the Customer (below also named „client“; together named „contracting parties“) in addition to the existing main contract which is based upon the Customer’s order and the Provider’s general terms and conditions. In case the Provider has to process personal data for which the Customer is responsible according to regulation 2016/679 (General Data Protection Regulation; GDPR), while fulfilling his duties arising from the main contract, the contracting parties precautionary conclude the following agreement for processing of data corresponding to Article 28 Paragraph 9 GDPR in order to substantiate the mutual rights and duties in case of a possible data processing by the Provider.
II. Subject matter and duration of the contract
The subject matter and the duration of the contract result from the current service description and the general terms and conditions in force at the time of placing the order.
III. Specification of the contract details
IV. Technical and organisational measures
V. Rectification, restriction and erasure of data
The supplier may not on its own authority rectify, erase or restrict the processing of data that is being processed on behalf of the Customer, but only on documented instructions from the Customer. Insofar as a data subject contacts the supplier directly concerning a rectification, erasure, or restriction of processing, the supplier will immediately forward the data subject’s request to the Customer.
VI. Quality assurance and other duties of the supplier
In addition to complying with the rules set out in this contract, the supplier shall comply with the statutory requirements referred to in Articles 28 to 33 GDPR; accordingly, the supplier ensures, in particular, compliance with the following requirements:
Data Center Operator
VIII. Supervisory powers of the Customer
IX. Communication in the case of infringements by the supplier
X. Authority of the Customer to issue instructions
XI. Deletion and return of personal data
XII. Term of this agreement / termination
XIII. Final clauses
I. Confidentiality (Article 32 Paragraph 1 Point b GDPR)
II. Integrity (Article 32 Paragraph 1 Point b GDPR)
III. Availability and Resilience (Article 32 Paragraph 1 Point b GDPR)
IV. Procedures for regular testing, assessment and evaluation (Article 32 Paragraph 1 Point d GDPR; Article 25 Paragraph 1 GDPR)
These ONLY become effective if the Customer explicitly agreed to processing in a third country.
STANDARD CONTRACTUAL CLAUSES (PROCESSORS)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection
For the purposes of the Clauses:
a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1);
b) ‘the data exporter’ means the controller who transfers the personal data;
c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
d) ‘the sub-processor’ means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
f) ‘technical and organizational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Third-party beneficiary clause
(1) The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
(2) The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
(3) The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
(4) The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Obligations of the data exporter
The data exporter agrees and warrants:
a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
b) that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
c) that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures specified in Appendix 2 to this contract;
d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
e) that it will ensure compliance with the security measures;
f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
g) to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
i) that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
j) that it will ensure compliance with Clause 4(a) to (i).
Obligations of the data importer (2)
The data importer agrees and warrants:
a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
d) that it will promptly notify the data exporter about:
e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
f) at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
h) that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;
i) that the processing services by the sub-processor will be carried out in accordance with Clause 11;
j) to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.
(1) The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
(2) If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
(3) If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.
Mediation and jurisdiction
(1) The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(2) he parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Cooperation with supervisory authorities
(1) The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
(2) The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
(3) The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).
The Clauses shall be governed by the law of the Member State in which the data exporter is established, namely …
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
(1) The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses (3). Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor’s obligations under such agreement.
(2) The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
(3) The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established, namely …
(4) The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.
Obligation after the termination of personal data-processing services
(1) The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
(2) The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.
This schedule forms part of the Clauses
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Schedule
Categories of data
Special categories of data (if appropriate)
This schedule forms part of the Clauses
Description of the technical and organizational security measures i.mplemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
FURTHERMORE, PakChamp retains the right to change any or all of the above Policies, Guidelines, and Disclaimer without notification.