Terms and Conditions

General Terms and Conditions

1. Scope and subject matter of the contract

Marc Mühlenbrink, Riehlerstraße 25, 50668 Köln (hereinafter referred to as “Service Provider” or “we”) provides a plat-form at utopia-liveclub.com, where virtual concerts can be performed and where customers of the Provider can create, offer, manage and host their own virtual concerts (the “Platform”). These General Terms and Conditions govern the contractual relationship between the Service Provider and the customer for the use of the Service Provider’s platform on the basis of orders to be separately concluded between the parties.

2. Conclusion of the contract

The contract comes into effect when the Service Provider accepts an order submitted by the customer about the use of the Platform and/or individual packages (s. art. 5.2 below). Any order forms submitted by the Service Provider to the customer do not constitute an offer in the legal sense, even if they are designated as such.

3. Scope of Services

3.1 The Platform

The provider provides a version of the platform for the customer.which is available via the internet at a subdomain at utopia-liveclub.com.

The platform enables the customer to organize virtual concerts and sell merchandise items.

As part of the hosting of virtual concerts, the customer can create, edit and delete its own virtual concerts with the date of the event and the event time and with an information text and ticket price. Within the limits of the packages pur-chased by the customer, the customer’s users can order tickets for the respective virtual concert created by the cus-tomer via the platform. As part of the ordering process, the customer is obliged to integrate its own payment system on the basis of the apis specified by the provider. After payment has been made via the payment system integrated by the customer via the api, the platform sends the respective user of the customer the ticket (i.e. a link) to participate in the concert by e-mail. A ticket allows simultaneous participation only from one device in the respective virtual concert. This means that the virtual concert cannot be accessed with the same ticket at the same time from several devices.

A maximum of 19,999 tickets can be purchased per concert, i.e. a maximum number of 19,999 participants are possible.

The customer manage purchased tickets for an event vie the platform.

The participation of the respective performing artists in the context of a concert takes place via a configuration created via the platform, which can be sent to the performing artists by e-mail.

The customer can manually start the virtual concerts created by the customer via the platform as a stream. It is only possible to start a concert, if all Packages (s. below section 5.2) from which tickets were sold, have been completely paif before commencement of the concert. Before a concert starts, it is possible to test the stream. By clicking on the link sent to the user, the user can participate in it from the start of the virtual concert. A ticket allows access to a virtual concert only during the current concert. If a concert exceeds the duration possible under the packages purchased from the customer, the concert ends automatically.

The platform also allows a recording of the virtual concerts. The customer can, within the limits of the packages purchased by the customer, also offer its users access to such stored virtual concerts for ordering via the platform and sell such access to them. In this respect, too, the customer is obliged to integrate its own payment system on the basis of the apis specified by the provider. Access to a recorded virtual concert also takes place via a link, which is sent to the customer’s user by e-mail after payment has been made.

As part of the sale of merchandise , the customer can present, edit and delete its articles with a description and prices on the platform. Users of the customer can then place these individual items into a shopping cart and order them. In this respect, too, the customer is obliged to integrate its own payment systems on the basis of the apis specified by the provider.

3.2 The Customer’s Obligations

The customer warrants and guarantees to the Service Provider that it will make available and keep current at its version of the platform any and all legally required documents such as terms and conditions, the right of withdrawal, any legally required imprint and data protection policy in a way that is legally compliant and required. The Service Provider has no obligation to provide any such legal documents to the customer. Insofar as the Service Provider has prepared certain legal documents on the platform, these are solely non-binding templates for which the provider assumes no warranty or guarantee with regard to their correctness, completeness and lawfulness.

The customer warrants and guarantees that it has obtained all the rights necessary for the organization and hosting of the virtual concerts and that its virtual concerts and the merchandise items offered and sold by the customer do not violate any rights of third parties, in particular no copyright or personality rights. This includes in particular the neces-sary clarification of rights with collecting societies and the payment of any necessary payments to them.

The customer warrants and guarantees that the streams in the context of a virtual concert organized and hosted by the customer as well as its merchandise articles do not violate applicable law and do not contain any pornographic, vio-lence-glorifying, youth-endangering, racist or otherwise illegal content.

3.3 Further development

The Service Provider may develop the Platform further and may perform updates and upgrades to the Platform. The provider may at any time provide a version of the Platform that is updated or upgraded compared to the version made available for use at the commencement of the contract, insofar as such change is reasonable for the customer. The cus-tomer is not entitled to be provided with a specific version of the platform.

3.4 Maintenance

In order to ensure a high availability of the platform and install updates, new releases or other changes to the platform, the provider carries out regular maintenance work on the Platform. Such regular maintenance work can result in the the Platform being taken out of service for a short time. The Service Provider is entitled and reserves the right to carry out regular maintenance work once a week outside business hours (Monday to Friday between 09.00 and 18.00).

If there are malfunctions on the Platform that make it impossible to use the Platform, the Service Provider provides emergency maintenance, which can also be carried out during business hours. The Service Provider will carry out the emergency maintenance within the framework of the technical circumstances in the short time as far as possible.

3.5 Availability

The provision of the Platform for use by the customer takes place at the access point of the Service Providers’s data center (“delivery point of the service”). In order to use the Platform, it is necessary that the customer has his own ac-cess to the internet and accesses the Platform at the delivery point.

The availability of the platform shall 98% at the delivery point of the service. The availability is based on the duration of one month and means the ratio a) of the period in which the use of the platform at the delivery point of the service was possible, b) plus the times in which access was not possible due to regular maintenance work or faults that were not within the control of the Service Provider [e.g. force majeure, in particular unforeseeable hardware failures, strikes, natural events, downtime due to virus or hacker attacks, insofar as the Service Provider has taken the usual protective measures, etc.], c) to the length of the individual month, i.e. (a + b) / c. If the agreed availability is not achieved, the cus-tomer shall receive a percentage credit for the following month to the extent that availability was reduced in the previ-ous month.

4. Rights of Use

4.1 For the duration of the contract and subject to the full payment of the agreed remuneration, the Service Provider grants the customer the non-exclusive, non-transferable right to use the Platform exclusively as intended in accordance with No. 4 of these terms and conditions.

4.2 The source code of the platform is not made available to the customer and the customer undertakes not to carry out, nor to cause, nor to enable reverse engineering, disassembly, decompilation, translation or inadmissible disclosures himself insofar as this is not permitted under applicable mandatory law. The customer may only perform adaptations insofar this is covered by the intended use of the Platform.

4.3 The customer may only reproduce the platform or its underlying software insofar as this is covered by the intended use of the Platform. The necessary duplication includes the loading of the Platform or the underlying software into the memory on the server of the Service Provider, but not the (not even an only temporary) installation or storage of the Platform or its underlying software on data carriers (such as hard disks etc.) of the hardware used by the customer.

4.4 The customer grants a non-exclusive, worldwide right to the Service Provider to stream the virtual concerts organized and hosted by the customer via the Platform. This includes in particular the right to store, edit, reproduce and transmit the virtual concerts, as far as necessary in the context of a stream, insofar as this is necessary to fulfill the contractual obligations of the Service Provider. The customer warrants and guarantees to own or have acquired all the rights re-quired in this respect.

5. Compensation and invoicing

5.1 For setting up a version of the Platform for the customer, the customer pays the installation fee defined in the in-dividual contract between the parties to the Serv ice Provider.

5.2 In order to be able to sell tickets for virtual concerts organized and hosted by it, the customer must purchase con-tingents for fixed numbers of participants from the provider (“Packages”). Each package includes a predefined number of admitted participants for one hour of a virtual concert. The customer can only sell tickets for virtual concerts and for the respective duration of the concert via the Platform to the extent possible under the packages purchased by him and not yet consumed. Each ticket sold to an end user reduces the number of participants pos-sible within an existing package by at least one. If a concert lasts longer than one hour, the package is further re-duced by a factor of one for each participant and for each additionally commenced hour. A participant shall be understood as any user of the customer who has purchased a ticket, regardless of whether the link to the concert is accessed by such participant or not. The exact price of the package purchased by the customer is agreed in the respective contract between the parties. After the end of each concert, the provider shall substantiate to the cus-tomer exactly to what extent the respective package has been reduced. A package is not limited to the event of only one concert, i.e. the customer can consume and use packages purchased from him over several concerts. In order to calculate the exact number of remaining time and participants of a Package, the Service Provider can ac-cess the exact number of tickets purchased and participants.

5.3 The provider is entitled to adjust the remuneration unilaterally at its reasonable discretion to the general price development in order toc ompensate for changes in personnel or other operating costs, but not more frequently than every twelve months. If an increase is more than 10%, the customer is entitled to terminate the contractual relationship within four weeks after notification with a notice period of one month to the end of a calendar month. Until the termination takes effect, the old prices apply.

5.4 Invoicing to the customer is done in electronic form.

5.5 All agreed remunerations are net amounts and value added tax shall be charged in the amount required by law.

5.6 The set-off with counterclaims by the customer or the retention of payments due to such claims is only permitted if the counterclaims are undisputed or have been confirmed in a final court judgment.

5.7 Objections to the invoice must be made in writing to the Service Provider within 2 weeks of receipt of the invoice; otherwise, the invoice is deemed to have been approved. Legal claims of the customer in the event of objections after expiry of the deadline remain unaffected.

5.8 The assertion of the statutory rights of retention and refusal of performance is reserved.

5.9 In the event of default by the customer, the Service Provider is entitled to interest for default in the amount de-fined by statutory law.

6. Warranties

6.1 Sections 536 and the following of the German Civil Code (BGB) apply to defects of the platforms. Liability which is independent of fault, is excluded for initial defects. The liability of the Service Provider, which is dependent on fault, remains in place. When determining whether the Service Provider is at fault, the customer acknowledges that software cannot in fact be created completely error-free. Therefore the time required for resolution of issues or the ability to resolve issues may vary inter alia depending on the specific circumstances of each problem, in-cluding, without limitation, the nature of the problem, the completeness and correctness of information available about the problem and the level of customer’s cooperation and responsiveness in providing information, access and support required to resolve the problem, and the Service Provider cannot and does not guarantee that it will be able to resolve any incidents .

6.2 The rectification of defects is carried out at the choice of the Service Provider either by free repair or replace-ment.

6.3 A termination by the customer in accordance with Section 543 para 2, first sentence BGB due to non-granting of the contractual use is only possible if the Service Provider has been given sufficient opportunity to rectify the de-fect and this has failed.

6.4 The Service Provider does shall not be responsible for the Internet access of the customer and/or the users of the customers, in particular for the availability and dimensioning of the internet access. The customer is responsible for its and its users’ internet access at the delivery point of service.

7. Liability and Indemnification

7.1 The Service Provider shall be liable without limitation for damages resulting from injury to life, body or health, which are based on a breach of duty by the Service Provider, a legal representative or vicarious agents of the Serv-ice Provider.

7.2 The Service Provider is liable without limitation for damages caused by the Service Provider or a legal representa-tive or vicarious agent of the Service Provider intentionally or by gross negligence.

7.3 Liability under the Product Liability Act remains unaffected.

7.4 Any other liability of the Service Provider is excluded.

7.5 The limitation period for claims for damages by the customer against the Service Provider is one year except in the cases of paragraphs 7.1, 7.2 or 7.3.

7.6 The customer shall indemnify and hold harmless the Service Provider from and against any costs (including rea-sonable attorney fees), claims and damages resulting from any violation of a warrantee and guarantee given by the customer under these General Terms and Conditions.

8. Data Protection

8.1 In the context of the services provided, the Service Provider processes personal data on behalf of the customer as defined in the contract. The customer is responsible for compliance with the GDPR towards the respective data subjects. In particular, it shall be the customer’s obligation to ensure that a legal basis (e.g. consent or contract) for the use of the services exists and that the information obligations under Articles 13 or 14 of the GDPR are ful-filled. Upon conclusion of the contract, the instruction is given to stream the virtual concerts via the platform of the provider Wowza Media Systems, LLC, 523 Park Point Drive, Suite 300 , Golden, CO 80401 USA. Wowza Me-dia Systems, LLC acts as an independent controller in the sense of data protection law. For this purpose, the cus-tomer will obtain the express consent of the participants.

8.2 The provision of contractually agreed data processing takes place exclusively in the member states of the Euro-pean Union or in another state that is party to the Agreement on the European Economic Area. Any transfer to a third country requires the prior consent of the customer and may only take place if the special conditions of Arti-cle 44 et seq. of the GDPR are fulfilled.

8.3 The subject matter of the processing of personal data is, on the one hand, the enabling of the customer’s version of the customer’s platform to be visited via the Internet by users of the customer and, on the other hand, the provision of the services described in section 3.1 above.

8.4 The categories of data subjects are, on the one hand, the Internet users who visit the customer’s platform version via the Internet and, on the other hand, insofar as they book a ticket for a virtual concert of the customer or buy merchandise articles, these customers of the customer..

8.5 The Service Provider shall establish the security in accordance with Art. 28 sec. 3 lit. c, 32 GDPR in particular in conjunction with Article 5 (1), paragraph 2 GDPR. Overall, the measures to be taken are data security measures to ensure a level of protection appropriate to the risk in terms of confidentiality, integrity, availability and resilience of systems. The state of the art, the implementation costs and the nature, scope and purposes of the processing, as well as the different probability and severity of the risk to the rights and freedoms of natural persons within the meaning of Article 32(1) of the GDPR shall be taken into account. The measures taken are documented in Ap-pendix 1. Appendix 1 shall be the basis of the processing.

The technical and organizational measures are subject to technical progress and further development. In this re-spect, the Service Provider is allowed to implement alternative adequate measures. The level of safety of the measures shall not fall short of the measures laid down. Significant changes shall be documented.

8.6 The Service Provider may not correct, delete or restrict the processing of the data that is processed on behalf of the customer on its own initiative, but only in accordance with the customer’s documented instructions (which generally take place via the Platform). Insofar as a data subject addresses the Service Provider directly in this re-gard, the Service Provider will immediately forward this request to the customer.

8.7 The customer shall be responsible for setting up it’s deletion concept, the right to be forgotten, correction, data portability and information of the data subjects.

8.8 The Service Provider is not obliged to appoint a data protection officer.

8.9 The Service Provider has legal obligations in accordance with Artt. 28 to 33 GDPR; in this respect, it shall ensure compliance with the following requirements:

– The Service Provider shall ensure that any person acting under its authority is obliged to maintain confidentiality and has previously been familiarized with the relevant data protection provisions for it. The Service Provider and any person acting under its authority who has access to personal data may process such data only in accor-dance with the customer’s instructions, which includes the powers granted in this contract, unless required to do so by law.
– The implementation and compliance with all technical and organizational measures required for this order in accordance with Art. 28 sec. 3 p. 2 lit. c, 32 GDPR [Details in Appendix 1].
– The customer and the Service Provider shall cooperate with the supervisory authority in the performance of their tasks upon request.
– The immediate information of the customer about control actions and measures of the supervisory authority, insofar as they relate to the order. This also applies to the extent that a competent authority determines in the context of an administrative or criminal procedure with regard to the processing of personal data during order processing at the Service Provider.
– the Service Provider shall support the customer to the best of its ability insofar as the customer is subject to a control by a supervisory authority, an administrative offence or criminal proceedings, the liability of a data sub-ject or a third party or any other claim in connection with the processing by the Service Provider,.
– The Service Provider regularly monitors internal processes as well as technical and organizational measures to ensure that the processing in its area of responsibility is carried out in accordance with the requirements of the applicable data protection laws.
– Providing evidence of the technical and organizational measures taken within the scope the customer’s rights under clause 8.12.

8.10 The outsourcing to another processor or the replacement of another existing processor are permitted to the ex-tent that: (i) the Service Provider notifies such outsourcing to another processor to the customer with a reason-able time in advance at least in text form, (ii) the customer does not object at least in text form and (iii) the sub-contracting is based on a contractual agreement in accordance with Article 28 paragraphs 2-4 GDPR.

8.11 Subcontracting for the purpose of this Agreement is to be understood as meaning services that relate directly to the provision of the principal service. This does not include ancillary services, such as telecommunication services, postal / transport services, maintenance and user support services or the disposal of data carriers, as well as other measures to ensure the confidentiality, availability, integrity and resilience of the hardware and software of data processing equipment. The Service Provider shall, however, be obliged to make appropriate and legally binding contractual arrangements and take appropriate inspection measures to ensure the data protection and the data security of the customer’s data, even in the case of outsourced ancillary services. The transfer of personal data of the customer to subcontractors and the commencement of processing shall only be undertaken after compliance with all requirements has been achieved. If the subcontractor provides the agreed service outside the EU/EEA, the Service Provider shall ensure compliance with EU Data Protection Regulations by appropriate measures. The same applies if Service Providers are to be used within the meaning of paragraph this paragraph’s second sentence. In the event of further and pre-indicated outsourcing by the subcontractor, all contractual arrangements in the con-tract chain shall also be imposed upon the further subcontractor.

Upon conclusion of the contract, the customer agrees to the use of the subcontractors in accordance with Appen-dix 2.

8.12 The customer has the right to carry out inspections in consultation with the Service Provider or to have it carried out by auditors to be appointed in individual cases. It has the right to convince itself of the Service Provider’s compliance with the contract by random inspections that shall be announced in good time.

The Service Provider shall ensure that the customer can verify compliance with the obligations of the Service Pro-vider in accordance with Article 28 GDPR. The Service Provider undertakes to provide the customer with the nec-essary information upon request and, in particular, to demonstrate the implementation of the technical and or-ganizational measures.

The Service Provider may claim compensation for the possibility of checks by the customer.

8.13 The Service Provider shall assist the customer in complying with the obligations for the security of personal data, data breach reporting requirements, data breaches, data protection assessments and prior consultations, as set out in Articles 32 to 36 of the GDPR. These include:
– Ensuring an adequate level of protection through technical and organizational measures that take into ac-count the circumstances and purposes of the processing as well as the projected probability and severity of a possible infringement of the law as a result of security vulnerabilities and that enable an immediate detection of relevant infringement events.
– The obligation to report personal data breaches to the customer without delay
– The obligation to assist the customer with regard to the customer’s obligation to provide information to the data subject concerned and, in this context, to provide him with all relevant information without delay
– Customer’s support for its data protection impact assessment
– Customer’s support in the context of prior consultations with the supervisory authority

For support services that are not included in the order or are not due to misconduct by the Service Provider, the Service Provider may claim compensation.

8.14 The customer shall immediately confirm oral instructions (at least in text form). The Service Provider shall inform the customer immediately if it considers an instruction to violate Data Protection Regulations. The Service Pro-vider shall then be entitled to suspend the execution of the relevant instructions until the customer confirms or changes them.

8.15 Copies or duplicates of the data shall not be created without the knowledge of the customer, with the exception of back-up copies as far as they are necessary to ensure orderly data processing, as well as data required to meet regulatory requirements to retain data. After conclusion of the contracted work, or earlier upon request by the customer, at the latest upon termination of the Service Agreement, the Service Provider shall hand over to the customer or – subject to prior consent – destroy all documents that have come into its possession, in a data-protection compliant manner. The same applies to any and all connected test, waste, redundant and discarded material. The log of the destruction or deletion shall be provided on request. Documentation, which is used to demonstrate orderly data processing in accordance with the Order or Contract, shall be stored beyond the con-tract duration by the Service Provider in accordance with the respective retention periods. It may hand such documentation over to the customer at the end of the contract duration to relieve the Service Provider of this contractual obligation.

9. Term of the contract; Termination of access

9.1 The initial contract term is agreed in the contract. At the end of the initial term of the contract and each subse-quent renewal period, the term shall be extended by the extension agreed in the order (“contract cycle”) , unless a termination is declared before the expiry of the respective contract term and in compliance with the notice pe-riod. The notice period is one third of the contract cycle (e.g. 4 months notice period for a 12 months contract cy-cle). The right of both parties to terminate the contract without notice for good cause remains unaffected by this.

9.2 In particular, the Service Provider has the right to terminate without notice for good cause in the following cases: (i) the customer becomes insolvent or over-indebted; (ii) an application is made for the opening of insolvency proceedings relating to the customer’s assets (without prejudice to the provisions of Section 112 InsO (German insolvency code)), or (iii) the customer is in default for the payment of the agreed ongoing remuneration for two consecutive months or for part of this which is not insignificant or for a period of more than two months is in de-fault for the payment of the remuneration due that amounts to the remuneration to be paid for two months.

9.3 Termination must always be made in writing (post or email).

9.4 After the end of the contract period, subject to an extension of the contract or the conclusion of a new contract, access to the Platform shall no longer be granted to the customer and the data thereon will be deleted by the Service Provider.

10. Confidentiality

The parties shall not make confidential information available to third parties during and after the end of the contract term and shall not use it for other purposes that do not serve the cooperation of the parties. Confidential information shall be (i) all information on the remuneration agreed between the parties, (ii) all information relating to the term of the contract, (iii) all technical information and know-how made available to the customer, and (iv) other information marked as confidential by either party.

The obligation of confidentiality does not apply to information that has become public or was already known to the other party without breach of confidentiality, or which is must be disclosed to third parties by law, court or authority order.

The customer shall exercise the greatest possible care and take all measures that ensure the confidential, secure han-dling of IDs, passwords, usernames or other security devices provided to access the Platform and use the services the data and shall prevent their disclosure to third parties. The customer will be held responsible for the use of its pass-words or usernames by third parties unless the customer can convincingly demonstrate that the reasons for such unau-thorized access were out of its reasonable control. The customer shall inform the Service Provider immediately of any potential or known unauthorized use of its access details.

11. Changes to the contract

11.1 The Service Provider reserves the right to change the services offered insofar as the respective change is neces-sary to reflect changes that were unforeseeable at the time of the respective placement of the order and if the non-observance of such changes would affect the contractual balance between the Service Provider and the Cus-tomer, in particular to the extent that the Service Provider (i) is obliged to establish conformity of the services with the applicable law, in particular if the applicable legal situation changes; and/or (ii) in order to comply with a court ruling or government decision against the Service Provider, and/or (iii) must adapt the platform(s) due to mandatory technical requirements.

11.2 At no time will the change of services restrict the fulfillment of the main contractual obligations of the Service Provider.

11.3 In cases other than clause 15.1, the Service Provider shall notify the Customer in advance of the changes to the Terms and Conditions. Insofar as the customer does not object to their validity within four weeks of receipt of the notification, the changes shall be deemed to have been accepted with effect for the future. If the customer ob-jects to the changes, the Service Provider is entitled to terminate the contractual relationship. The Service Pro-vider will point out the effect of silence and the right of termination in the notice.

11.4 The power to make amendments as per clause 15.3 shall neither relate to any change in the subject matter of the contract nor to changes of the main performance obligations which would lead to a change in the overall struc-ture of the contract. In such cases, the Service Provider will notify the Customer of the intended changes and offer to continue the contractual relationship on the terms and conditions that are then amended.

12. Right to transfer the contract

The Service Provider may transfer the contract to a third party but shall inform the customer of any intended transfer with a prior written notice of four weeks, during which the customer shall have the right to object to such transfer. In case of such objection the transfer shall not take place, but the Service Provider shall have the right to terminate the contract.

13. Miscellaneous

13.1 The Service Provider may refer to the customer as a reference customer.

13.2 The agreements concluded between the parties are subject to the substantive law of the Federal Republic of Germany with the exclusion of the UN Convention on Contracts for the International Sale of Goods and interna-tional private law.

13.3 The exclusive place of jurisdiction shall be at the registered office of the Service Provider.

13.4 Should one or more provisions of this contract be or become invalid, the validity of the remaining provisions shall not be affected.

13.5 The customer may not transfer the rights and obligations under the user contract to third parties permanently or temporarily without the prior written consent of the Service Provider.

Appendix 1

Technical-organizational measures

1. Confidentiality (Art. 32 sec. 1 lit. b GDPR)
• Access control
No unauthorized access to data processing equipment

• Access control
No unauthorized system use, e.g.: (strong) passwords, automatic blocking mechanisms, encryption of disks

• Access control
No unauthorized reading, copying, modification or removal within the system, e.g.: authorization concepts and on-demand access rights, logging of accesses

• Separation control
Separate processing of data collected for different purposes, e.g. tenancy, sandboxing

2. Integrity (Art. 32 sec. 1 lit. b GDPR)
• Disclosure control
No unauthorized reading, copying, modification or removal in the event of electronic transmission or transport, e.g.: encryption, virtual private networks (VPN), electronic signature

• Input control
Determination of whether and by whom personal data has been entered, modified or removed in data processing systems, e.g.: logging, document management;

3. Availability and resilience (Art. 32 sec. 1 lit. b GDPR)
• Availability control
Protection against accidental or intentional destruction or loss, e.g.: backup strategy (online/offline; on-site/off-site), uninterruptible power supply (UPS), anti-virus protection, firewall, notification paths and contingency plans
• Rapid recoverability (Art. 32 sec. 1 lit. c GDPR);

Uninterruptible power supply (UPS)
Devices for monitoring temperature and humidity in server rooms
Protective socket strips in server rooms
Fire and smoke alarm systems
Fire extinguishers in server rooms
Server rooms not under sanitary facilities
Raid-1 mirroring present

4. Procedures for periodic review, evaluation and evaluation (Art. 32 sec. 1 lit. d GDPR; Article 25 (1) GDPR)
• Data protection management;
• Incident-Response-Management (“IT Störungsmanagement”);
• Privacy-friendly preferences (Art. 25 sec. 2 GDPR);
• Order control
No order data processing within the meaning of Art. 28 GDPR without the appropriate instructions of the client, e.g.: Clear contract design, formalized order management, strict selection of the Service Provider, Pre-convincing, follow-up checks.

Incident response management( IT fault management); Reference to emergency plan, privacy-friendly prefer-ences (Art. 25 sec. 2 GDPR); Authorization concept, possibility of data portability, erasability of data, logging of in-put, modification, deletion of data

Appendix 2

Existing subcontractors:
Subcontractor Address / Country Services