Your Website Security Audit

General Terms and Conditions of

[j]karef GmbH

Status: 23.05.2024
 

§ 1 SUBJECT MATTER OF THE CONTRACT AND SCOPE OF APPLICATION

1. Jouo is a cross-industry platform for cyber security. The subject matter of the contract is the provision of temporary software to analyze the cyber infrastructure of an institution or company to identify vulnerabilities.
2. The software is used by the customer on a web-based basis, i.e. by accessing the cloud software via a browser without additional client software.
3. New versions of the software programs which improve or extend the Contract Products shall become Contract Products within the meaning of this Agreement upon their release by Jouo. Jouo shall mark these new versions as updates or upgrades where necessary. Jouo shall be permitted to make further changes, additions and restrictions to the Contract Products, in particular the inclusion of new Contract Products which are related to the existing Contract Products and the discontinuation of individual Contract Products, within the framework of its general product policy.
4. The subject matter of the Contract is also the provision of a defined range of services which are described in more detail in individual service specifications. In addition to the Service Description, the General Terms and Conditions for Managed Services in the version applicable at the time of conclusion of the Contract shall apply with priority.
    

§ 2 PROVISION OF SERVICES

1. Jouo shall only provide additional services by separate agreement within the scope of the existing technical and operational possibilities for a separate fee in accordance with the Service Level Agreement.
2. Only in the case of web-based software provision shall Jouo be responsible for the supervision, control and monitoring of the provision of services and for the services it provides.
3. Representations in tests and in product and project descriptions are not guarantees.
4. The granting of a guarantee requires the express written confirmation of Jouo.
    

§ 3 TYPE AND SCOPE OF SERVICES

1. The nature and scope of the mutual services shall be governed by the service description. The scope of performance defined in this contract shall be deemed to be the agreed quality. Decisive for this are

• the defined scope of performance of the software as specified in the respective user documentation,
• the suitability for the use stipulated in the contract
• the conditions specified in the contract,
• generally applied technical guidelines and technical norms, in particular the international standards and proposals of the Internet Engineering Task Force (IETF) as documented in the Request for Comments (RFC) and the W3C (World Wide Web Consortium).

1. In the event of discrepancies, the contractual agreements shall apply in the above order.
2. The customer is entitled to use the software to the agreed extent in accordance with the service description.
3. Other types of use are excluded.
    

§ 4 SUPPORT

1. The support services - if separately agreed - of Jouo shall include the provision of the latest program versions of the Software referred to in § 1 para. 1, troubleshooting, updating of the software documentation and advice to the Customer in the event of problems regarding the use of the Software and any program errors to be recorded.
2. The contractual support services do not include consulting outside the on-call times specified in paragraph 5, consulting and support services on site at the client's premises or by means of remote access to the client's systems.
3. The Customer must notify Jouo of any malfunctions in the functionality of the Software or the system provided to Jouo via one of the following channels in order to rectify the malfunction:
    

E-mail: support@jkaref.com

Customer portal: https://jouo.com

Hotline: +49 (0)30 555797650

 

Access to the Customer Portal shall be communicated to the Customer by Jouo. Fault reports are made in German or English.
 

1. The availability of the system is agreed as 99% p.m. as standard. The measurement of the downtime of a fault begins with the notification of the Customer via the notification channel. The downtime ends as soon as Jouo has rectified the fault and notified the customer of the rectification of the fault by e-mail, telephone or via the service portal. The following events shall not be used to determine the availability of the Services:

• Disruption reported by the Customer although there was no disruption.
• Periods in which previously announced maintenance work is carried out as scheduled.
• Errors within the software that relate to individual functional properties of the software but do not affect the availability of the contractually agreed service.
• Problems with the services, insofar as these were caused by improper changes to the service or system configuration on the part of the client or changes that affect productive operation.
• If the rectification of the fault requires the cooperation of the client and the client was not available.
• In the event of faults that are not the responsibility of the Contractor.
   

Faults due to incorrect operation by the client or faults in the client's technical infrastructure are classified accordingly and billed at the applicable hourly rate.
 

1. A response time of four hours is agreed as the service level standard. The response time is defined as the period of time between the receipt of the fault report by the client through one of the channels listed in Section 1 and the start of the work to solve the problem by the relevant support center and applies to the following service times:
    

Monday through Friday: 08:00 to 17:00.
 

Extended service hours and other response times and availabilities are available on request.
 

1. Maintenance windows shall be agreed for periodic, planned or unplanned maintenance work on Jouo's systems which is necessary for the maintenance and security of ongoing operations or the implementation of updates or upgrades. Any impairment of availability due to such necessary work shall not be defined as downtime. Jouo shall inform the Customer of planned system maintenance as early as possible.
    

§ 5 CONDITIONS OF USE BY THE CUSTOMER

The customer shall take all measures and precautions specified in the service description for its area of responsibility. If Contract Products are made available through server access, the Customer shall bear the telecommunication, provider and other costs arising from the server access.
 

§ 6 PERFORMANCE PERIOD

1. The Software shall be made available for use from the time of activation by Jouo.
2. Information on the time of performance shall not be binding unless Jouo has otherwise agreed a date/period in writing as binding. Jouo reserves the right to correct and timely self-delivery at all times. With regard to deliveries and services of third parties, Jouo shall only be responsible for the proper execution of the order. Partial deliveries shall be permissible insofar as the parts provided can be reasonably used in isolation.
3. Compliance with the deadline/period shall be subject to the customer fulfilling its obligations to cooperate and the conditions of use in good time and in full. If these requirements are not met, the deadlines/periods shall be extended appropriately, but at least by the period of the delay and an appropriate start-up period. This shall also apply if requirements subsequently change.
4. Deadlines/periods shall be extended by the period (including a reasonable start-up time) in which Jouo is delayed by circumstances for which it is not responsible (e.g. labor disputes, force majeure,

1. failure of employees or technical equipment for which Jouo is not responsible, non-delivery by suppliers).

1. If delays are due to conduct attributable to the Customer, the Customer shall be obliged to reimburse Jouo for the resulting additional costs.
    

§ 7 CUSTOMER'S RIGHTS TO USE THE SOFTWARE AND THE DOCUMENTS

1. Jouo grants the Customer the non-exclusive, non-transferable right to use the Software and the documents provided for the term of the contract. The Customer shall not receive any further rights to the Software or the documents etc. provided.
2. Jouo and the creators of the Software shall remain the owners of the copyright and any rights derived therefrom to the Software and the documents provided.
3. The Software may not be modified, reverse engineered, further developed or translated. The written material may not be reproduced, nor may works derived from the documentation be produced.
    

§ 8 SPECIAL OBLIGATIONS OF THE CUSTOMER

1. Unless otherwise agreed, the agreed prices shall be paid on time within 14 calendar days, at the latest by the payment deadline specified in the invoice. The Customer shall reimburse Jouo for the costs incurred for each late payment or returned direct debit. A return debit note shall be charged at EUR 10.00 and each payment reminder at EUR 5.00. If the payment term is exceeded, the customer shall be in default of payment without a reminder.
2. The customer may not intervene or have unauthorized third parties intervene in programs or data to an extent beyond that contractually agreed.
3. After a fault report has been submitted, the costs incurred by Jouo shall be reimbursed if it has been established by the inspection that none of Jouo's services caused the fault and the customer could have recognized this with reasonable troubleshooting.
4. The data assigned to the customer, in particular access data, must be protected against access by third parties.
5. The services may not be misused. This applies in particular to attempts at unauthorized access to information and data or unauthorized intrusion into data networks.
6. No information with illegal or immoral content may be included in external presentations of the customer in connection with Jouo and no reference may be made to offers with such content. This includes, in particular, content within the meaning of §§ 130, 130a and 131 of the German Criminal Code (StGB) which serves to incite hatred, incites criminal acts or glorifies or trivializes violence, is sexually offensive, is pornographic within the meaning of § 184 StGB, is likely to seriously endanger the morals of children and young people or impair their well-being or which could damage the reputation of Jouo. The provisions of the Interstate Treaty on the Protection of Minors and the Youth Protection Act must be observed.
7. The statutory provisions applicable to teleservices or media services, in particular the information obligations regulated therein, must be observed.
8. Jouo shall be indemnified by the customer against all claims of third parties which are based on an unlawful use of the services provided by the customer or which are made with the customer's approval or which result in particular from the unlawful use of the name, trademark, copyright or other intangible property rights associated with the services.
9. The customer shall be obliged to inform Jouo in good time of any change in use, increase in data transfer volume and increase in storage space requirements initiated by the customer so that Jouo can take the necessary measures to maintain Jouo's services. If the customer is not informed or not informed in good time and Jouo's services are impaired as a result, the customer may not derive any rights from this.
10. If the customer commits a material or persistent breach of its obligations and fails to remedy such breach of contract despite a warning, Jouo may temporarily suspend its services at the customer's expense or terminate the contract without notice. In this case, the customer shall remain obliged to pay the agreed fees.
     

§ 9 USE BY THIRD PARTIES

1. The Customer shall not be permitted to make the usage and access authorizations assigned to it available to third parties for their sole use without the prior written consent of Jouo. The establishment of co-users is possible without restriction within the scope of Jouo's services.
2. The customer shall also pay the charges incurred by the authorized use of Jouo's services by third parties.
3. The Customer shall pay any fees arising from the unauthorized use of Jouo's services if and to the extent that the Customer is responsible for the unauthorized use, in particular if the Customer has culpably breached one of the obligations set out in this Agreement and the unauthorized use was made possible as a result.
    

1. § 10 REMUNERATION AND TERMS OF PAYMENT

1. Jouo shall receive a monthly fee for the services in accordance with the service description plus statutory VAT.
2. Unless otherwise agreed, monthly prices shall be paid pro rata for the remainder of the month, starting with the provision of the service. Thereafter, the prices are to be paid monthly in advance.
3. If an existing contract is amended, the monthly fee for the full month is charged regardless of the time of the amendment.
4. The prices agreed at the time the contract was concluded shall always apply. If the contract does not contain any provision for remuneration, the remuneration shall be based on Jouo's price list valid at the time. The value added tax applicable on the date of invoicing shall be added to all prices.
5. If periodic remuneration (e.g. monthly remuneration) has been agreed, Jouo may change the remuneration for the same scope of services by giving 6 weeks' written notice to the end of the quarter. However, such a change shall be permissible at the earliest 12 months after conclusion of the contract and may not exceed the remuneration of the preceding 12-month period by more than 10 %. If the fee is increased by more than 7.5% of the fee for the previous 12-month period, the customer may object to the increase within a period of 3 weeks after receipt of the request for an increase. If no agreement on the adjustment of the remuneration is reached within a period of 3 weeks after receipt of the customer's objection by Jouo, the customer shall be entitled to terminate the contract with a notice period of 3 months to the end of a calendar quarter, whereby the remuneration shall then remain unchanged until the termination takes effect. Notice of termination must be given in writing.
6. Irrespective of the above provision, Jouo shall be entitled to adjust a periodic remuneration if cost components increase due to changes beyond Jouo's control, e.g. an increase in the cost of telecommunications services from suppliers, an increase in wage and ancillary wage costs due to binding collective bargaining agreements, etc. Jouo shall be entitled to adjust the remuneration in accordance with the above provisions. Upon request, Jouo shall state the relevant reasons to the customer. An increase shall only be permissible to the extent that the change in the respective cost components affects the total price. Jouo shall announce the increase in remuneration in writing, giving four weeks' notice to the end of the month.
7. The customer shall only have a right of set-off if its counterclaim has been legally established or is undisputed or if it concerns claims based on defects. The customer shall only be entitled to assert a right of retention due to counterclaims arising from this contractual relationship.
    

§ 11 OBJECTIONS

Objections to the amount of the usage-dependent charges on the part of the Customer must be raised in writing to the Jouo department named in the invoice immediately after receipt of the invoice. Objections must be received within four weeks of the invoice date. Failure to do so shall be deemed approval of the invoice. The Customer's statutory claims in the event of objections after expiry of the deadline shall remain unaffected.
 

§ 12 DEFAULT

In the event of default of payment by the customer, Jouo shall be entitled, after prior reminder, to block the services at the customer's expense. In this case, the customer shall remain obliged to pay the monthly fees. Jouo reserves the right to assert further claims due to default of payment.
 

§ 13 WARRANTY AND LIABILITY

1. Jouo shall be obliged to remedy defects in the software provided including the documentation.
2. Defects shall be remedied at Jouo's option by troubleshooting in accordance with the Service Level Agreement.
3. Termination by the Customer pursuant to § 543 para. 2 sentence 1 no. 1 BGB (German Civil Code) for failure to grant use in accordance with the contract shall only be permissible if Jouo has been given sufficient opportunity to remedy the defect and this has failed. Failure to remedy the defect shall only be deemed to have occurred if it is impossible, if Jouo refuses or unreasonably delays the remedy, if there are reasonable doubts as to the prospects of success or if it is unreasonable for the Customer for other reasons. An unreasonable delay shall not be deemed to exist if the fault clearance times in accordance with the service level agreement are only insignificantly exceeded.
4. The Customer's rights due to defects shall be excluded if the Customer makes or has made changes to the Software without Jouo's consent, unless the Customer proves that the changes have no unreasonable effects for Jouo on the analysis and elimination of the defects. The Customer's rights due to defects shall remain unaffected if the Customer is entitled to make changes, in particular within the scope of exercising the right of self-remedy pursuant to § 536a para. 2 BGB (German Civil Code) and these have been carried out professionally and documented in a comprehensible manner.
    

§ 14 LIMITATION OF LIABILITY

1. Jouo shall be liable without limitation within the scope of the statutory provisions for damages

• arising from injury to life, limb or health due to an intentional or negligent breach of duty or otherwise due to intentional or negligent conduct on the part of Jouo or one of its legal representatives or vicarious agents;
• due to the absence or discontinuation of a warranted characteristic or non-compliance with a guarantee;
• which are based on an intentional or grossly negligent breach of duty or otherwise on intentional or grossly negligent conduct on the part of Jouo or one of its legal representatives or vicarious agents.

1. Jouo's liability shall be limited to compensation for foreseeable damage typical of the contract for such damage which is based on a slightly negligent breach of material obligations by Jouo or one of its legal representatives or vicarious agents.
2. Material obligations are obligations whose fulfillment is essential for the proper performance of the contract and on whose fulfillment the Customer may rely.
3. Jouo shall be liable for other cases of slightly negligent conduct, limited to six times the monthly rent per claim in the case of conclusion of a rental agreement or limited to 20 % of the purchase price per claim in the case of conclusion of a purchase agreement.
4. Jouo's strict liability pursuant to Section 536a (1), 1st alternative BGB for defects already existing at the time of conclusion of the contract shall be excluded.
5. This provision shall only apply to the conclusion of a rental agreement.
6. In the event of data loss caused by simple negligence, Jouo shall only be liable for the damage that would have been incurred even if the customer had properly and regularly backed up the data; this limitation shall not apply if the data backup was impeded or impossible for reasons for which Jouo is responsible.
7. The above provisions shall also apply mutatis mutandis to Jouo's liability with regard to the reimbursement of futile expenses.
8. Liability under the Product Liability Act shall remain unaffected.
    

§ 15 OBLIGATIONS OF THE CUSTOMER

1. The customer is obliged to keep the access data and passwords secret and to protect them from access by unauthorized third parties.
2. The customer is obliged to inform Jouo immediately if there are indications that the access data is being or has been used without authorization.
3. The customer is obliged to regularly create its own backup copies of the uploaded data and content in order to enable reconstruction of the same in the event of damage.
4. The customer shall ensure that the systems on which the software is used meet the minimum technical requirements set out in the service description.
5. The customer is obliged to support Jouo in the fulfillment of the contractual services to a reasonable extent and to provide all information and documents required for the execution of the order in good time and in full.
6. The Customer shall ensure that the use of the Software and the associated services is not misused, in particular that no content is uploaded, stored or distributed which violates applicable law or the rights of third parties.
7. The Customer shall be obliged to report any defects or malfunctions of the Software to Jouo without delay and to cooperate to a reasonable extent in the analysis and rectification of errors.
8. The Customer shall indemnify Jouo against all claims of third parties which are based on an unlawful use of the Software and the associated services by the Customer or which are carried out with the Customer's approval.
9. The Customer shall be responsible for all activities carried out using its access data.
10. The customer is obliged to treat all information and knowledge obtained through the use of the software as confidential and to use it exclusively for its own purposes.
11. The customer must ensure that all users who gain access to the software through him comply with these GTC and the associated obligations.
     

§ 16 CONTRACT TERMS, CONDITIONS AND TERMINATION

1. The start and term of the contract are based on the service description.
2. The contractual relationship can be terminated by either party at the earliest at the end of the minimum contract term, subject to a notice period of three months. The contract is automatically extended for a period of one year if it is not terminated three months before the contract expires.
3. Notice of termination must be given in writing. The date of receipt of the notice of termination by the other contracting party shall be decisive for compliance with the notice period.
4. Upon termination of the contract for the main service, the contractual relationship for additional services shall also end.
5. If the contractual relationship is terminated before expiry of the minimum contract term agreed with the customer for reasons for which Jouo is not responsible, the customer shall be obliged to pay Jouo an immediately due lump-sum compensation in the amount of the remuneration still outstanding up to expiry of the agreed minimum contract term. The amount of damages shall be set higher or lower if Jouo proves higher damages or the customer proves lower damages.
6. The right to terminate for good cause shall remain unaffected. Good cause shall be deemed to exist in particular in cases where the Customer is in material breach of its obligations under these General Terms and Conditions.
    

§ 17 CONFIDENTIALITY AND DATA PROTECTION

Jouo collects personal data of the Customer which is necessary to establish or promote a contractual relationship including its content. Jouo undertakes to treat the data collected confidentially and to comply with the applicable data protection provisions.
 

§ 18 FORCE MAJEURE

Force majeure, industrial disputes, unrest, official measures, the failure of suppliers or service providers to deliver or perform and other unforeseeable, unavoidable and serious events shall release the contractual partners from their performance obligations for the duration of the disruption and to the extent of its effect. This shall also apply if these events occur at a time when the affected contractual partner is in default. The contractual partners are obliged to provide the necessary information without delay within the scope of what is reasonable and to adapt their obligations to the changed circumstances in good faith.
 

§ 19 CUSTOMER DATA CLAUSE

1. The Customer agrees that Jouo may store its contact information, including names, telephone numbers and e-mail addresses. Such information may only be processed and used within the scope of the existing business relationship and may only be passed on to Jouo partners and affiliated companies for the purpose of joint business activities, including communication with the Customer.
2. Other data generated or determined by the contractual use of the Software, which are not personal data, are not considered trade and business secrets of the Customer within the meaning of the EU Directive on the Protection of Trade and Business Secrets (EU Directive 2016/943). Jouo has an unrestricted and unlimited right to use this data.
    

§ 20 USE OF OPEN SOURCE SOFTWARE

1. Jouo uses open source software for individual software modules (libraries) for the software provided to the Customer. With regard to these software modules (libraries), the Customer shall be granted rights of use in accordance with the license conditions applicable to these software modules (libraries). The customer may request a list of these software modules (libraries) with the relevant license conditions.
2. The provisions of Jouo's General Terms and Conditions shall only apply in addition to these software modules (libraries).
3. Jouo expressly points out that Jouo shall not charge a fee for the provision of the software modules (libraries) which are to be regarded as open source software within the meaning of the above provision in para. 1. The remuneration owed by the Customer therefore relates only to the other services of Jouo.
    

§ 21 SET-OFF AND ASSIGNMENT

1. The Customer may only offset claims recognized by Jouo or legally established claims or claims due to defects. The Customer may only base a right of retention on counterclaims arising from this contractual relationship. Payments by the Customer shall always be offset in accordance with Sections 366 (2), 367 BGB.
2. The Customer may only assign claims under this contract to third parties with the prior written consent of Jouo.
    

§ 22 CONCLUSION OF THE CONTRACT AND SCOPE OF APPLICATION

1. Subject to a separate agreement, contracts shall come into effect upon receipt of the order confirmation, at the latest upon provision of the services by Jouo. Any further terms and conditions, in particular general terms and conditions of the Customer, shall not apply, even if Jouo does not expressly object to them. The contractual terms and conditions of Jouo shall apply exclusively.
2. Jouo is entitled to use external service providers for order processing.
3. These Terms and Conditions shall apply exclusively to all services provided by Jouo. Any deviating or supplementary terms and conditions shall require the express written consent of Jouo in order to be valid. This written form requirement can only be waived by written agreement. Other contractual terms and conditions shall not become part of the contract even if Jouo does not expressly object to them.
4. Verbal collateral agreements are invalid. Deviating or supplementary terms and conditions as well as additions to these Terms and Conditions including this written form clause shall only apply if they are confirmed in writing by both contracting parties.
5. If a provision of these General Terms and Conditions is legally invalid, the remainder of the contract shall remain valid. The Customer and Jouo undertake to replace ineffective provisions

1. provisions by a legally permissible provision which comes as close as possible to the economic purpose of the invalid provision. The same shall apply in the event of a gap in the contract.
    

§ 23 PRODUCT INFORMATION

By registering, the Customer agrees to be informed by e-mail about current patch notes for Jouo's software and supplementary offers. For this purpose Jouo shall exclusively use the Customer's e-mail address which Jouo has received in connection with the registration. The Customer may revoke the receipt of such emails at any time.
 

§ 24 FINAL PROVISIONS

1. Correspondence between the contracting parties may be sent electronically if the identity of the sender is identified and the authenticity of the document is proven by stating the offer, order, contract or customer number. The other contracting party reserves the right to prove that the declaration was not submitted by it or was not submitted with this content.
2. Unless otherwise agreed in the contract, declarations by the contracting parties shall be made to the address data specified in the contract. Both contracting parties undertake to inform the other contracting party immediately of any changes to the address data. A legal act shall be deemed to have taken place if it was demonstrably sent by a contractual partner to the address/fax/e-mail specified or to an updated address/fax/e-mail and could not be received there because the address/fax number/e-mail in question had changed in the meantime and no notification of this had been made.
3. If the customer is a merchant or a legal entity under public law or a special fund under public law, the place of jurisdiction for all disputes arising from or in connection with this contract shall be Jouo's registered office. The same shall apply to the place of performance unless the contracting parties have expressly agreed otherwise.
4. The law of the Federal Republic of Germany shall apply - also to contracts with foreign customers - to the exclusion of the United Nations Convention on Contracts for the International Sale of Goods (CISG).
5. Jouo may have deliveries and services performed in whole or in part by subcontractors engaged by it.

Privacy policy website

On the website and all other online presences of JOUO UG, personal data is collected and used exclusively within the framework of the applicable legal provisions. This data protection declaration informs users about the type, scope and reasons for the collection and use of personal and non-personal data by JOUO UG.

1. responsible body

The controller responsible for the collection, processing and use of your personal data is [j]karef GmbH.

If you wish to object to the collection, processing or use of your data by [j]karef GmbH in accordance with these data protection provisions as a whole or for individual measures, you can send your objection at any time by e-mail, fax or letter to the following contact details:

Controller [j]karef GmbH

represented by the managing director:

Rüdiger Henrici
Vehlgast 14
39539 Havelberg

Phone: +49 (0)30 555797650

E-mail: info@jkaref.com

Email of the data protection officer: info@jkaref.com

2. collection, processing and use of personal data

Personal data is information about the factual or personal circumstances of an identified or identifiable natural person. This includes, for example, your name, your telephone number, your address, usage data that is processed when you visit our website or use our social media offerings, as well as all inventory data that you provide to us when you register and create your customer account or subscribe to our newsletter.

When you visit our websites and social media accounts and when you use our services, including payment processing, the browser used on your device automatically sends information toour websiteserver. This information is temporarilystoredina log file. The following information is collectedwithout any action onyour part and stored until it is automatically deleted

• IP address of the requesting computer,
• Date and time of access,
• Name and URL of the accessed file,
• Website from which access is made (referrer URL), browser used and, if applicable, the operating system of your computer and the name of your access provider
• User data for the account
   

The aforementioned data is processed by us for the following purposes

• Ensuring a smooth connection to the website,
• Ensuring convenient use of our website, evaluating system security and stability and for other administrative purposes
• Provision of the software services

We have a legitimate interest in ensuring that our website is displayed as reliably as possible. The legal basis for data processing is therefore Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above.

Insofar as the personal data is processed for the provision of contractually owed services, the legal basis results from Art. 6 para. 1 sentence 1 lit. b GDPR (fulfillment of contract)

If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 3 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting). Consent can be revoked at any time.

We host the content of our website with an external provider. Hosting takes place on the basis of Art. 6 para. 1 lit. f GDPR. We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

We also use cookies and analysis services when you visit our website. You can find more detailed explanations on this in section 3 of this privacy policy.

3. cookies

Our website uses so-called “cookies”. Cookies are small data packets and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. We have a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of our services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

The data sent by us and linked to cookies is automatically deleted after two months. Data that has reached the end of its retention period is automatically deleted once a month.

You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to third parties and the processing of this data by third parties by downloading and installing suitable browser plug-ins.

4. log files (log files)

Each time the JOUO website is accessed, usage data is transmitted by the respective Internet browser and stored in log files, the so-called server log files. The stored data records contain the following data: Date and time of access, name of the page accessed, IP address, referrer URL (origin URL from which you came to the websites), the amount of data transferred and product and version information of the browser used. The IP addresses of the users are deleted or anonymized after the end of use. In the case of anonymization, the IP addresses are changed in such a way that the individual details about personal or factual circumstances can no longer be assigned to a specific or identifiable natural person, or only with a disproportionate amount of time, cost and manpower.

6 Social plugins and platforms

Our website may use social plugins (“plugins”) from the following social networks (platforms)

• Facebook
• LinkedIn
• Xing
• YouTube

When you access a page on our website that contains such a plugin, your browser establishes a direct connection to the servers of the aforementioned platforms. The content of the plugin is transmitted directly to your browser by the respective provider and integrated into the page. By integrating the plugins, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile or are not currently logged in. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider, possibly also in the USA, and stored there. If you are logged in to one of the services, the providers can directly associate your visit to our website with your profile on the platforms. If you interact with the plugins, for example by clicking the “Like” or other interaction button, the corresponding information is also transmitted directly to a server of the provider and stored there. The information may also be displayed in the social network and to your contacts there. You can also use these plugins to send invitations directly via Facebook and Twitter.

The purpose and scope of the data collection and the further processing and use of the data by social networks as well as your rights in this regard and setting options to protect your privacy can be found in the data protection notices of the respective networks or websites.

We have integrated YouTube videos into our online offers, which are stored on http://YouTube.com and can be played directly from our websites. The videos are all integrated in “extended data protection mode”, i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data shown below be transmitted. We have no influence on data transmission. The video platform “YouTube”, on which users can post videos and make them publicly accessible, is operated by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA and is a company of Google Inc. based in San Bruno/California, USA.

Further information is available at the following addresses

Facebook: http://www.facebook.com/policy.php

LinkedIn: hhttps://de.linkedin.com/legal/privacy-policy

Xing: https://privacy.xing.com/de/datenschutzerklaerung

YouTube: https://www.google.de/intl/de/policies/privacy/

If you do not want Facebook, LinkedIn, Xing or YouTube to assign the data collected via our website directly to your profile in the respective service, you must log out of the respective service before visiting our website. You can also completely prevent the plugins from loading with add-ons for your browser, e.g. with the script blocker “NoScript”(http://www.noscript.net/).

7 Sending emails, newsletters and other messages

We use your data, such as your name and e-mail address, to send newsletters. The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. Your data will be stored for the duration for which storage is otherwise lawful for purposes in accordance with this privacy policy, i.e. in particular for the purposes of contractual communication within the framework of existing contracts with you or otherwise for advertising communication.

If the processing is based on consent, you have the right to withdraw your consent at any time in the future without affecting the lawfulness of processing based on consent before its withdrawal.

8. payment service providers

We use external payment service providers through whose platforms users and we can carry out payment transactions. In the context of the fulfillment of contracts, this is done on the basis of Art. 6 para. 1 lit. b. GDPR. In addition, we use external payment service providers on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR. GDPR in order to offer our users effective and secure payment options.

The data processed by the payment service providers themselves includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the payment service providers' terms and conditions and data protection information.

Payment transactions are subject to the terms and conditions and data protection information of the respective payment service providers, which can be accessed on the respective websites or transaction applications. We also refer to these for further information and the assertion of rights of revocation, information and other rights of data subjects.

9 Secure data transmission

Your personal data is transmitted securely by us using encryption. This applies to the customer login. We use the SSL (Secure Socket Layer) coding system. We also use technical and organizational measures to protect our websites and other systems against loss, destruction, access, modification or dissemination of your data by unauthorized persons.

10. storage period

Unless specifically stated, we only store personal data for as long as is necessary to fulfill the purposes pursued.

In some cases, the legislator provides for the retention of personal data, for example in tax or commercial law. In these cases, the data will only be stored by us for these legal purposes, but will not be processed in any other way and will be deleted after the statutory retention period has expired.

11 Exercising the rights of data subjects

Right to information

You have the right to obtain information from us as to what data we have stored about you, for what purposes we process this data, to whom we transmit the data and how long we store the data.

Correction, deletion or restriction (blocking)

Furthermore, you have the right to demand that we correct incorrect data, delete or restrict the processing (blocking) of data in accordance with the legal requirements.

Revocation of consent

You have the right to withdraw any consent you have given us at any time with effect for the future. This does not affect the processing of your personal data up to the time of receipt of the revocation.

Assertion of rights

To assert your rights against us, please contact us using the contact details given in point 1.

12. supervisory authority

You also have the right to lodge a complaint with a German supervisory authority. The supervisory authority responsible for us is

The State Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin / Telephone: 030 13889-0 / Email: mailbox@datenschutz-berlin.de.