Service Agreement in accordance with Art. 28 GDPR
Status: April 26, 2025
This service agreement (hereinafter "SA") is valid between the user of the Safina AI service, who acts as the controller within the meaning of Art. 4 No. 7 GDPR (hereinafter "Client" or "Customer"),
and
DK Tech Solutions UG (limited liability) Schwanthalerstr. 141 80339 Munich (hereinafter "Service Provider").
Preamble
This SA is part of the terms of use for the Safina AI service and regulates the rights and obligations of the parties in the context of processing personal data on behalf in accordance with Art. 28 GDPR. It applies to all Clients using the service as entrepreneurs and processing personal data by the Service Provider. This SA becomes effective through the Client's consent to the terms of use of Safina AI and/or the use of the service.
In this context, the parties agree to the following:
I. Subject matter of the contract, scope of application, and responsibility
The subject matter of this contract arises from the terms of use of Safina AI and the service description.
The Service Provider processes personal data on behalf of the Client. This includes activities that are specified in the terms of use and the service description of Safina AI. In particular, it concerns the provision and operation of an AI-controlled mailbox / an AI telephone assistant (Safina AI). This includes, among other things:
Receiving telephone calls on behalf of the Client.
Recording telephone conversations (audio), provided that this function is explicitly activated by the Client (disabled by default).
Transcription of telephone conversations.
Creation of call summaries and analyses (e.g., sentiment assessment, identification of to-dos).
Detection and marking of potential spam or phishing calls.
Storage of call data (audio, transcripts, metadata, summaries).
Providing the processed information to the Client via the Safina AI application and configurable notifications (e.g., push, email).
Management of the Client's contact data and configuration settings as part of the service.
The Client is solely responsible under this contract for complying with the legal provisions of data protection laws, in particular, for the lawfulness of data processing (e.g., informing callers about the recording, obtaining any necessary consents) and for transferring the data to the Service Provider ("Controller" within the meaning of Art. 4 No. 7 GDPR).
The instructions are initially set by the terms of use and the configuration of the service by the Client and may subsequently be changed, supplemented, or replaced by the Client in written form or in an electronic format (text form) to the Service Provider by individual instructions (individual instruction), provided that this allows the functionality of the service. Oral instructions must be confirmed in writing or in text form without delay.
II. Duration of the contract
The duration of this contract (term) is linked to the duration of the use of the Safina AI service by the Client in accordance with the accepted terms of use (e.g., through active payment of a subscription).
The contract remains valid irrespective of the preceding paragraph as long as the Service Provider processes personal data on behalf of the Client (including system-related backups).
To the extent that other agreements between the Client and the Service Provider result in different provisions for the protection of personal data, this contract for data processing shall take precedence, unless the parties expressly agree otherwise.
III. Specification
Type of data
The subject of the collection, processing, and/or use of personal data in the context of providing Safina AI includes the following types/categories of data:
Communication data: Telephone numbers (caller, Client), email addresses (Client for notifications/login), call metadata (date, time, duration).
Audio data: Voice recordings of calls received by Safina AI (only when activated by the Client).
Content data: Conversation transcripts, contents of call summaries, extracted information (e.g., to-dos, names if mentioned in the conversation).
Personal master data: Names of callers (if mentioned or transmitted in the conversation), name and contact details of the Client's users.
Analysis and assessment data: Results of sentiment analysis, spam classification.
Configuration data: Settings chosen by the Client (e.g., voice, tone, forwarding rules, notification preferences, activation status of audio recording).
Contact details of the Client: Possibly the contact data stored or synchronized by the Client in Safina AI for managing call rules.
User data of the Client: Login data, user profile settings.
Circle of persons affected
The circle of persons affected by the handling of their personal data in the context of this contract includes:
Callers: Individuals who contact the Client by phone and whose call is received by Safina AI.
Employees/Users of the Client: Individuals who use and manage the Safina AI service on behalf of the Client.
Contacts of the Client: Individuals whose contact data the Client may have stored or synchronized in Safina AI for configuration.
Place of processing and confidentiality
The processing of the data takes place exclusively in a member state of the European Union or in another contracting state of the Agreement on the European Economic Area (in particular Germany). Any transfer to a third country requires the prior consent of the Client and may only occur if the special conditions of Art. 44 to 50 GDPR are met (e.g., through standard contractual clauses). The Client may not unreasonably withhold consent.
The contracting parties are obliged to maintain confidentiality about all business and trade secrets of the other party, keep them strictly confidential, and not disclose them to third parties – unless the respective other contracting party expressly gives prior written consent or there is a legal obligation to disclose. This confidentiality obligation applies to all non-publicly known information that the contracting parties learn in the context of conducting the cooperation.
The Service Provider processes personal data exclusively within the framework of the Client's instructions and the regulations of the terms of use. It is prohibited for the Service Provider to use the data for purposes other than those agreed upon, in particular for its own purposes or to analyze or disclose to unauthorized third parties. The Service Provider assures that the personal data processed on behalf, especially audio recordings and transcripts, will not be used to train its own or third-party AI models.
IV. Technical-organizational measures
The Service Provider takes all necessary technical-organizational measures in its area of responsibility according to Art. 32 GDPR for the appropriate protection of personal data, considering the nature, scope, circumstances, and purposes of processing, as well as the different likelihood and severity of risks to the rights and freedoms of natural persons. A description of the current TOMs will be provided to the Client upon request or as an attachment to this agreement.
The agreed technical and organizational measures are subject to technical progress and further development. In this regard, the Service Provider is allowed to implement alternative adequate measures. The level of security of the specified measures must not be undercut. Significant changes will be documented by the Service Provider and communicated to the Client upon request.
V. Rights of affected persons
The Service Provider supports the Client in its area of responsibility and to the extent possible by suitable technical-organizational measures in fulfilling the Client's obligations to respond to requests to exercise the rights of affected persons (Art. 12-23 GDPR).
The Service Provider may not independently correct, delete, or restrict processing of the data processed on behalf but may only do so according to documented instructions from the Client. If an affected person (in particular a caller) makes such a request directly to the Service Provider, the Service Provider will forward this request immediately to the Client.
As far as the provision of information, deletion, restriction, or data portability is included in the scope of services and can be carried out by the Client using the functionalities of Safina AI, this is the responsibility of the Client. Otherwise, the Service Provider will provide support as instructed.
VI. Quality assurance and other obligations of the Service Provider
The Service Provider has, in addition to complying with the regulations of this contract, its own legal obligations under the GDPR; in this respect, it ensures in particular compliance with the following requirements:
Maintaining confidentiality in accordance with Art. 28 para. 3 sentence 2 lit. b, 29, 32 para. 4 GDPR. The Service Provider employs only staff who are obliged to confidentiality and have been familiarized with the relevant data protection provisions prior to their work. The Service Provider and any person employed by the Service Provider who has access to personal data may only process such data in accordance with the Client's instructions unless they are legally obliged to process it.
The Client and the Service Provider work together at the request of the supervisory authority in fulfilling their duties.
Immediate notification of the Client about audits and measures of the supervisory authority to the extent that they relate to this contract. This also applies if a competent authority is investigating data processing in the context of the commissioning of the Service Provider in connection with an administrative offense or criminal proceeding.
If the Client itself is subject to an audit by the supervisory authority, an administrative offense or criminal proceeding, a claim for damages from an affected person or a third party, or another claim related to data processing by the Service Provider, the Service Provider shall support it to the best of its ability in the necessary extent.
The Service Provider regularly checks internal processes as well as technical and organizational measures to ensure that processing in its area of responsibility complies with the requirements of applicable data protection law and that the protection of the rights of affected persons is guaranteed.
Demonstrability of the technical and organizational measures taken to the Client within the framework of its control powers according to Section VIII of this contract (e.g., by suitable certifications, attestations, reports, or self-disclosures).
The Service Provider supports the Client in complying with the obligations under Art. 33 and 34 GDPR (reporting data breaches). The Service Provider shall promptly notify the Client of violations of the protection of personal data processed under this contract as soon as it becomes aware of them. The notification shall at least include the information required in Art. 33 para. 3 GDPR.
The Service Provider supports the Client in meeting its information obligations to affected persons and provides them with the necessary information regarding processing by the Service Provider.
Should the Client be obliged to conduct a data protection impact assessment pursuant to Art. 35 GDPR regarding the use of Safina AI, the Service Provider shall support them with the necessary information at its disposal. The same applies to any obligation to consult the supervisory authority pursuant to Art. 36 GDPR.
This contract does not relieve the Service Provider from complying with other requirements of the GDPR.
VII. Subcontracting relationships
The Service Provider is entitled to use subcontractors to provide the contractually owed service (subcontracting relationships). Subcontracting relationships in the sense of this provision are those services that relate directly to the provision of the main service (Safina AI Service). This includes, for example, hosting service providers, providers of AI models for transcription or analysis, and communication service providers.
The Service Provider informs the Client of any intended use or change of a subcontractor. An updated list of the subcontractors used, indicating their locations and the services provided, will be made available to the Client separately (e.g., on the Service Provider's website or as an attachment). The Client has the right to object to the use or change of a subcontractor for important data protection reasons. The objection must be made in writing or in text form to the Service Provider within 14 days of receiving the information. If the Client does not raise an objection in due time, the commissioning of the subcontractor shall be deemed approved.
The Service Provider ensures that a contractual agreement in accordance with Art. 28 para. 2-4 GDPR is concluded with each subcontractor, which essentially corresponds to the obligations of this agreement, in particular regarding technical and organizational measures and confidentiality.
The transfer of personal data from the Client to the subcontractor and the initial activity of the subcontractor are only permissible once the obligation of the subcontractor under Art. 28 para. 4 GDPR has taken place.
If the subcontractor provides the agreed service outside the EU/EEA, the Service Provider ensures the legality of data protection through appropriate guarantees in accordance with Art. 44 et seq. GDPR (e.g., EU standard contractual clauses), unless there is an adequacy decision. The Service Provider regularly checks compliance with the obligations of the subcontractor.
Any further outsourcing by the subcontractor (sub-subcontracting) requires the prior consent of the Service Provider and, if necessary, the information of the Client in accordance with the procedure described above.
VIII. Control rights of the Client
The Client has the right to control compliance with the legal data protection regulations and the contractual agreements by the Service Provider to the necessary extent or to have them controlled by auditors designated in individual cases.
The Service Provider undertakes to provide the Client with all information and evidence necessary for the conduct of the control upon the Client's written request within a reasonable time. This may particularly occur by providing suitable proof such as attestations, reports from independent bodies, self-disclosures, or suitable certifications.
On-site inspections at the Service Provider are possible after timely notice (usually at least 10 working days) during regular business hours and without disturbing business operations. The Service Provider is entitled to request a reasonable reimbursement for expenses, provided the inspection does not occur due to a concrete suspicion of a data protection violation by the Service Provider.
IX. Instruction authority of the Client
The Service Provider processes personal data solely within the scope of the agreements of this contract and according to documented instructions from the Client, unless it is legally obliged to process (Art. 28 para. 3 sentence 2 lit. a GDPR). The initial instructions arise from the terms of use and the use/configuration of Safina AI by the Client.
The Service Provider promptly informs the Client if it believes that an instruction violates the GDPR or other data protection regulations of the Union or the member states. The Service Provider is entitled to suspend the execution of the corresponding instruction until it is confirmed or changed by the Client.
X. Deletion and return of personal data
After termination of the use of the service by the Client (e.g., by termination of the subscription) or at any time at the request of the Client, the Service Provider shall delete all personal data that are the subject of this agreement and are in its control, either in compliance with data protection regulations or return them to the Client, provided that there are no legal retention obligations or legitimate interests of the Service Provider that oppose deletion.
The deletion also includes all existing copies, including system-related backup copies, with the deletion from backups occurring within the technical possibilities and usual backup cycles.
The Service Provider confirms to the Client the deletion or return upon request in writing.
XI. Liability
The statutory provisions apply to the liability of the parties in the event of data protection violations, in particular, Art. 82 GDPR. The Client and the Service Provider are liable to affected persons in accordance with the provisions of Art. 82 GDPR.
XII. Requirement for written form, severability clause
Changes and additions to this agreement and all its components require written form (text form according to § 126b BGB is sufficient). This also applies to the waiver of this requirement for form. There are no oral side agreements.
This agreement is subject to German law, excluding the UN Sales Convention.
If individual provisions of this agreement are wholly or partially ineffective or become so, the validity of the remaining provisions shall not be affected. The parties undertake to replace the ineffective provision with an effective regulation that comes closest to the economic purpose of the ineffective provision. The same applies to any contractual gaps.
For the Service Provider:
Munich
(DK Tech Solutions UG (limited liability) (in formation)) ([Name and title of the signatory for Safina AI, e.g., Managing Director])
Important notes for the website:
Linking: Ensure that your terms of use clearly refer to this SA and explain that it applies to entrepreneurs processing personal data and is accepted by agreeing to the terms of use.
Accessibility: Place the SA clearly visible in the "Legal" section of your website, along with the imprint, privacy policy, and terms of use.
Updating: Keep the "Status" date updated when you make changes. Remember to remove the addition "(in formation)" once the UG is registered in the commercial register.
TOMs & Subcontractors: As mentioned in the SA, you need to keep the list of subcontractors and the description of the TOMs updated and accessible (e.g., as separate documents in the legal area or upon request).
Service Agreement according to Art. 28 GDPR
As of April 26, 2025
This Service Agreement (hereinafter referred to as "SA") applies between the user of the Safina AI service, who acts as the data controller within the meaning of Art. 4 No. 7 GDPR (hereinafter referred to as "Client" or "Customer"),
and
DK Tech Solutions UG (limited liability) Schwanthalerstr. 141 80339 Munich (hereinafter referred to as "Contractor").
Foreword
This SA is part of the terms and conditions for the Safina AI service and regulates the rights and obligations of the parties in the context of processing personal data on behalf according to Art. 28 GDPR. It applies to all Clients who use the service as entrepreneurs and have personal data processed by the Contractor. This SA becomes effective through the Client's acceptance of the Safina AI terms and conditions and/or usage of the service.
In light of this background, the parties agree to the following:
I. Subject of the Contract, Scope and Responsibility
The subject of this contract arises from the terms and conditions of Safina AI and the service description.
The Contractor processes personal data on behalf of the Client. This includes activities that are specified in the terms and conditions and service description of Safina AI. Specifically, it concerns the provision and operation of an AI-controlled mailbox / an AI telephone assistant (Safina AI). This includes, among other things:
Receiving phone calls on behalf of the Client.
Recording telephone conversations (audio), provided this function is explicitly activated by the Client (deactivated by default).
Transcribing phone conversations.
Creating call summaries and analyses (e.g., sentiment evaluation, detection of to-dos).
Identifying and marking potential spam or phishing calls.
Storing call data (audio, transcript, metadata, summaries).
Providing the processed information to the Client via the Safina AI application and configurable notifications (e.g., push, email).
Managing the contact information and configuration settings of the Client in the context of the service.
The Client is solely responsible for complying with the legal provisions of data protection laws, in particular for the legality of data processing (e.g., informing callers about the recording, obtaining any consents), and for transmitting the data to the Contractor ("Data Controller" in the sense of Art. 4 No. 7 GDPR).
The instructions are initially defined by the terms and conditions and the configuration of the service by the Client and can thereafter be amended, supplemented, or replaced in written form or in an electronic format (text form) by individual instructions to the Contractor (individual instruction), provided that the functionality of the service allows it. Oral instructions are to be confirmed in writing or text form without delay.
II. Duration of the Contract
The duration of this contract (term) is tied to the duration of the use of the Safina AI service by the Client in accordance with the accepted terms and conditions (e.g., by active payment of a subscription).
The contract remains in effect notwithstanding the preceding paragraph as long as the Contractor processes personal data on behalf of the Client (including system-related backups).
As far as other agreements between the Client and Contractor provide otherwise regarding the protection of personal data, this contract shall take precedence for data processing unless the parties expressly agree otherwise.
III. Specification
Types of Data
The subject of the collection, processing, and/or use of personal data in the context of the provision of Safina AI includes the following types/categories of data:
Communication data: Phone numbers (caller, Client), email addresses (Client for notifications/login), call metadata (date, time, duration).
Audio data: Voice recordings of calls received by Safina AI (only activated by the Client).
Content data: Dialogue transcripts, contents of call summaries, extracted information (e.g., to-dos, names if mentioned during the conversation).
Personal master data: Names of callers (if mentioned or transmitted during the conversation), name and contact details of the Client's users.
Analysis and evaluation data: Results of sentiment analysis, spam classification.
Configuration data: Settings chosen by the Client (e.g., voice, tonality, forwarding rules, notification preferences, activation status of audio recording).
Client's contact data: Possibly contact data stored or synchronized by the Client in Safina AI for the management of call rules.
Client's user data: Login data, user profile settings.
Circle of affected persons
The circle of individuals affected by the handling of their personal data in the context of this contract includes:
Caller: Individuals who contact the Client by phone and whose call is received by Safina AI.
Employees/Users of the Client: Individuals who use and manage the Safina AI service on behalf of the Client.
Contacts of the Client: Individuals whose contact details the Client may have stored or synchronized in Safina AI for configuration.
Place of processing and confidentiality
The processing of data takes place exclusively in a member state of the European Union or in another contracting state of the Agreement on the European Economic Area (especially Germany). Any relocation to a third country requires the prior consent of the Client and may only occur if the specific conditions of Art. 44 to 50 GDPR are met (e.g., through standard contractual clauses). The consent may not be unreasonably withheld by the Client.
The contracting parties are obliged to maintain confidentiality about all business and trade secrets of each other, to keep them strictly confidential, and not to disclose them to third parties unless the other contracting party explicitly grants prior written consent or there is a legal obligation to disclose. This confidentiality obligation concerns all non-publicly known information that the contracting parties become aware of in the context of executing the collaboration.
The Contractor processes personal data solely within the framework of the instructions from the Client and the regulations of the terms and conditions. It is prohibited for the Contractor to use the data for any purposes other than those agreed, especially to analyze for its own purposes or disclose to unauthorized third parties. The Contractor assures that the personal data processed on behalf, especially audio recordings and transcripts, will not be used to train its own or third-party AI models.
IV. Technical-Organizational Measures
The Contractor takes all necessary technical-organizational measures in its area of responsibility in accordance with Art. 32 GDPR to adequately protect personal data, taking into account the nature, scope, circumstances, and purposes of processing, as well as the varying probabilities and severity of risks to the rights and freedoms of natural persons. A description of the current TOMs will be made available to the Client upon request or as an appendix to this agreement.
The agreed technical and organizational measures are subject to technological progress and further development. In this respect, the Contractor is allowed to implement alternative adequate measures. The security level of the established measures must not be lowered. Significant changes will be documented by the Contractor and communicated to the Client upon request.
V. Rights of Affected Persons
The Contractor supports the Client in its area of responsibility and as far as possible using suitable technical-organizational measures in fulfilling the Client’s obligations to respond to requests for exercising the rights of affected persons (Art. 12-23 GDPR).
The Contractor may not unilaterally correct, delete, or restrict the processing of the data that is processed on behalf, but only comply with documented instructions from the Client. If an affected person (in particular a caller) contacts the Contractor directly regarding this, the Contractor will forward this request to the Client without delay.
As far as the provision of information, deletion, restriction, or data portability is included in the service scope and can be carried out by the Client via the functionalities of Safina AI, this responsibility lies with the Client. Otherwise, the Contractor will support as instructed.
VI. Quality Assurance and Other Obligations of the Contractor
The Contractor has, in addition to complying with the regulations of this contract, its own legal obligations pursuant to GDPR; in this respect, it particularly ensures compliance with the following provisions:
Maintaining confidentiality according to Art. 28 para. 3 sentence 2 lit. b, 29, 32 para. 4 GDPR. The Contractor employs only staff who are committed to confidentiality and have previously been familiarized with the relevant data protection regulations. The Contractor and any person under the Contractor's responsibility who has access to personal data may only process this data in accordance with the instructions from the Client unless they are legally required to process it.
The Client and the Contractor cooperate with the supervisory authority upon request in fulfilling their responsibilities.
The immediate notification of the Client regarding control actions and measures by the supervisory authority, insofar as they relate to this contract. This applies also if a competent authority is investigating regarding the processing of personal data in the context of the contract processing at the Contractor.
As far as the Client is subjected to a control by the supervisory authority, an administrative offense or criminal proceedings, the liability claim of an affected person or a third party, or any other claim in connection with the contract processing by the Contractor, the Contractor shall support the Client to the best of its ability in the necessary scope.
The Contractor regularly checks internal processes and the technical and organizational measures to ensure that processing in its area of responsibility complies with the requirements of applicable data protection law and that the rights of affected persons are protected.
Documentability of the technical and organizational measures taken to the Client in the context of its control rights pursuant to Section VIII of this contract (e.g., through appropriate certifications, attestations, reports or self-disclosures).
The Contractor supports the Client in fulfilling the obligations under Art. 33 and 34 GDPR (notification of data breaches). The Contractor promptly reports breaches of personal data protection processed under this contract to the Client after it becomes aware of it. The report includes at least the information required in Art. 33 para. 3 GDPR.
The Contractor supports the Client in fulfilling its information obligations towards affected persons and provides the necessary information regarding processing by the Contractor.
As far as the Client is obliged to conduct a data protection impact assessment according to Art. 35 GDPR regarding the use of Safina AI, the Contractor assists it with the necessary information available to it. The same applies to any obligation to consult the supervisory authority under Art. 36 GDPR.
This contract does not exempt the Contractor from complying with other provisions of the GDPR.
VII. Subcontracting Relationships
The Contractor is entitled to engage subcontractors to provide the contractual services (subcontracting relationships). Subcontracting relationships in the sense of this regulation are understood as services that directly relate to the provision of the main service (Safina AI Service). This includes, for example, hosting service providers, providers of AI models for transcription or analysis, communication service providers.
The Contractor informs the Client about any intended engagement or change of a subcontractor. An up-to-date list of subcontractors used, indicating their location and the services provided, will be made available to the Client separately (e.g., on the Contractor's website or as an annex). The Client has the right to raise an objection against the use or change of a subcontractor for an important, data protection reason. The objection must be submitted in writing or text form to the Contractor within 14 days after receipt of the information. If the Client does not raise an objection in due time, the commissioning of the subcontractor is deemed approved.
The Contractor ensures that a contractual agreement is concluded with each subcontractor in accordance with Art. 28 para. 2-4 GDPR, which essentially corresponds to the obligations of this agreement, particularly regarding technical and organizational measures and confidentiality.
The transfer of personal data from the Client to the subcontractor and its initial actions are only permitted after the subcontractor's obligation under Art. 28 para. 4 GDPR has been fulfilled.
If the subcontractor provides the agreed service outside the EU/EEA, the Contractor ensures the legal permissibility of data protection through appropriate guarantees according to Art. 44 ff. GDPR (e.g., EU standard contractual clauses), unless there is an adequacy decision. The Contractor regularly checks compliance with the obligations by the subcontractor.
Any further outsourcing by the subcontractor (sub-sub-contracting) requires the prior consent of the Contractor and, if necessary, the Client's information according to the procedure described above.
VIII. Control Rights of the Client
The Client has the right to control the compliance with legal data protection regulations and the contractual agreements by the Contractor to the necessary extent or to have it controlled by designated auditors in individual cases.
The Contractor agrees to provide the Client, upon its written request, all information and evidence necessary for the performance of the inspection within a reasonable time. This may particularly occur through the presentation of appropriate evidence such as attestations, reports from independent parties, self-disclosures, or suitable certifications.
Inspections on-site at the Contractor are possible after timely notification (generally at least 10 working days) during usual business hours and without disturbing operational processes. The Contractor is entitled to request appropriate compensation for expenses unless the inspection is conducted due to a specific suspicion of a data breach by the Contractor.
IX. Instruction Authority of the Client
The Contractor processes personal data exclusively within the framework of the agreements of this contract and according to documented instructions from the Client unless it is legally required to process them by Union or Member State law (Art. 28 para. 3 sentence 2 lit. a GDPR). The initial instructions arise from the terms and conditions and the use/configuration of Safina AI by the Client.
The Contractor informs the Client without delay if it believes that an instruction violates the GDPR or other data protection regulations of the Union or the Member States. The Contractor is entitled to suspend the execution of the corresponding instruction until it is confirmed or amended by the Client.
X. Deletion and Return of Personal Data
Upon termination of the Client's use of the service (e.g., by cancellation of the subscription) or at any time upon the Client's instruction, the Contractor shall delete all personal data that is subject to this agreement and is in its control, either in a data protection-compliant manner or return it to the Client, as per the Client's choice, provided that there are no statutory retention obligations or legitimate interests of the Contractor that prevent deletion.
The deletion also includes all existing copies, including system-related backups, whereby the deletion from backups occurs within the technical possibilities and usual backup cycles.
The Contractor confirms the deletion or return to the Client upon request in writing.
XI. Liability
The liability of the parties in case of data protection violations is governed by statutory provisions, particularly Art. 82 GDPR. Client and Contractor are liable to affected persons according to the provisions of Art. 82 GDPR.
XII. Written Form Requirement, Severability Clause
Changes and additions to this agreement and all its components require written form (text form according to § 126b BGB is sufficient). This also applies to the waiver of this form requirement. There are no verbal subsidiary agreements.
This agreement is subject to German law with the exclusion of the UN Sales Convention.
If individual provisions of this agreement are wholly or partly ineffective or become so, the validity of the remaining provisions shall not be affected. The parties undertake to replace the ineffective provision with an effective regulation that comes closest to the economic purpose of the ineffective provision. The same applies to any contractual gaps.
For the Contractor:
Munich
(DK Tech Solutions UG (limited liability) (in formation)) ([Name and position of the signer for Safina AI, e.g., Managing Director])
Important Notes for the Website:
Linkage: Ensure that your terms and conditions clearly refer to this SA and explain that they apply to entrepreneurs who process personal data and are accepted by agreeing to the terms.
Accessibility: Place the SA prominently in the "Legal" section of your website, together with imprint, data protection declaration, and terms of use.
Updating: Keep the "As of" date current when you make changes. Remember to remove the addition "(in formation)" once the UG is registered in the commercial register.
TOMs & Subcontractors: As mentioned in the SA, you must keep the list of subcontractors and the description of the TOMs up to date and accessible (e.g., as separate documents in the legal area or upon request).