General Terms and Conditions
General Terms and Conditions
FRONTLEAD – Dietmar Stuck e.U.
Part 1: General terms and conditions
Part 2: Data Processing agreement pursuant to Art 28 of the GDPR
Part 1: General terms and conditions
1. Preamble
The company FRONTLEAD – Dietmar Stuck e.U., Industrieparkstrasse 13, 9300 St. Veit an der Glan, Austria, mail frontlead io, +43 4212 71 88 715 (hereinafter referred to as “PROVIDER”), specializes in the development of online software, online platforms and high-quality applications for websites. In this context the PROVIDER has developed the online software application “FRONTLEAD”. FRONTLEAD supports the user (hereinafter “VENDOR”) in offering free as well as paid personalized forms, funnels, analyses, self-tests, quizzes, research, applications, surveys and much more to third parties (hereinafter “END-USERS”).
These General Terms and Conditions are addressed to companies within the meaning of § 1 para. 1 no. 1 KSchG [Austrian consumer protection act] (or Art 2 no. 2 of the Directive EU 2011/83/EU) who intend to use FRONTLEAD commercially.
2. Scope of the general terms and conditions
These terms and conditions regulate the acquisition, use and exploitation of the FRONTLEAD software as well as the associated business and administrative activities.
In the event of a conflict between the German version and the English version, the German version shall prevail.
3. Conditions of use
The VENDOR is obliged to provide true and complete information in the course of the business relationship and to keep his data up to date at all times. He must treat his data confidentially. Should the VENDOR suspect misuse by third parties, he/she must inform the PROVIDER immediately.
The VENDOR has to refrain from all measures that could endanger or impair the technical provision of FRONTLEAD (including cyber attacks). Such behaviour shall be prosecuted.
The VENDOR has to take appropriate measures to protect FRONTLEAD from unauthorized access by third parties. He will point out to his employees or persons similar to employees that the use beyond the contractual scope is not permitted.
It is the VENDOR’s responsibility to create the necessary electronic infrastructure (especially e-mail account as well as hardware and software infrastructure) for the operation of FRONTLEAD. The PROVIDER has no obligation to provide information or advice in this regard.
4. Offer, conclusion of contract, commencement of payment obligation and amount of payment
The VENDOR can first create a free test account by clicking on the “Create account” button and by entering the required data.
Subsequently, the VENDOR must accept these GTC and take note of the privacy policy.
If the registration is successfully completed, the VENDOR will be provided with a free trial account.
If the VENDOR wants to use a paid version of FRONTLEAD, the following section follows:
By clicking the button “Order Now”, after accepting these GTC and taking note of the privacy policy and entering the required data in the input mask, the VENDOR makes a binding offer to conclude a contract with the PROVIDER. The PROVIDER is not obligated to accept this offer. The acceptance of the offer of the VENDOR, and thus the conclusion of the contract, is made by the PROVIDER by sending a link for the creation of the account for the application of FRONTLEAD.
The amount of the fee depends on the model chosen by the VENDOR (Light, Premium or Platinum).
5. Commission fee
If the VENDOR charges a fee to its customers (hereinafter “END USERS”) for the performance of a project via FRONTLEAD, the PROVIDER is entitled to a share of this fee in addition to the fee as defined in Section 4, which is calculated as follows:
7.90 % of the payment amount and
2.00 EUR (plus possible VAT) per payment made.
This participation claim is directly retained by the PROVIDER. The difference is paid out to the VENDOR manually (i.e. on request), every 14 days, monthly or manually (depending on the VENDOR’s choice).
6. Terms of payment
The fee for the use of FRONTLEAD is automatically debited every month on the 14th day of the day following the conclusion of the contract. The contractual relationship is automatically extended unless it is terminated. For better understanding please see the following illustration: The contract is concluded on the 15th of May 2020 (by sending the link to the account). The payment obligation starts on the 29th of May 2020. From now on until the end of the contract the fee will always be debited on the 29th of the respective month. The VENDOR must ensure that sufficient funds are available on that day at the account specified by him.
If there is not enough money available on the VENDOR’s account on that day, the use of FRONTLEAD will be automatically – and without warning – blocked. The provider is not liable for any damage thereby caused to the VENDOR or END USER.
The prices quoted on the PROVIDER’s website are calculated in EUR excluding tax.
The amounts stated at the time of ordering shall apply. It is the responsibility of the PROVIDER to set the prices.
If the claims are not paid within fourteen days, the PROVIDER will charge the legally permissible default interest pursuant to section 456 of the Austrian Commercial Code (“UGB”) from the due date onward. For reminders, a reimbursement of expenses of EUR 25.00 per reminder can be charged. Notwithstanding the foregoing, the PROVIDER is entitled to retain his obligations under this contract for the duration of the default in payment.
If the VENDOR selects the “ANNUAL DISCOUNT” option, a one-time annual fee has to be paid. This annual fee is automatically debited on the 14th day of the day following the conclusion of the contract. The contractual relationship is automatically extended by one year if it is not terminated in due time (at least 14 days prior to renewed payment obligation). For better understanding please see the following illustration: The contract is concluded on the 15th of May 2020 (by sending the link for the account). The payment obligation starts on the 29th of May 2020. The next payment obligation arises on at the 29th of May 2021, given that the contractual relationship was not terminated by the 15th of May 2021 at the latest.
The PROVIDER is entitled to adjust all prices on 1.1. or 1.7. once a year to the current consumer price index. The consumer price index at the time of the conclusion of the contract is taken as reference.
If the PROVIDER does not exercise its right to adjust prices in one year, this price increase can be made up in a subsequent year in addition to the current period. An example for better illustration: The contractual relationship is concluded on 15.5.2020. From 15.5.2021 the PROVIDER can claim a price increase (inflation in this period of e.g. 3%). If he/she does not make use of this price adjustment, he/she can claim the price increase of the current period plus the price increase of the previous period (i.e. plus 3%) as of the 15.5.2022.
7. Permission to use the work (“Werknutzungsrechte”)
The PROVIDER grants the VENDOR the non-exclusive, temporally, contentwise and locally limited permission to use (in the sense of section 24 para 1 first sentence UrhG [Austrian copyright law]) FRONTLEAD for the sole purposes of the business relationship.
A resale of FRONTLEAD requires an explicit consent of the PROVIDER. However, it is explicitly pointed out that the VENDOR can make FRONTLEAD available to its customers.
The right to decompile FRONTLEAD is excluded to the extent permitted by law. The VENDOR may not make any changes to FRONTLEAD without the consent of the PROVIDER. A use of the work in terms of section 40d UrhG remains unaffected.
Labels of FRONTLEAD, especially copyright notices, trademarks, serial numbers or similar may not be removed, changed or made unrecognizable.
8. Licence-Audit
PROVIDER is entitled at any time to demand evidence from VENDOR that the FRONTLEAD software is used in accordance with the law and the contract.
9. Obligation to provide FRONTLEAD
The PROVIDER is obliged to provide FRONTLEAD to the VENDOR for the duration of the contractual relationship and to take care of the maintenance of FRONTLEAD.
10. Change requests
The VENDOR is entitled to propose changes regarding the software FRONTLEAD to the PROVIDER. The PROVIDER is not obligated to implement the requested changes. The PROVIDER may therefore invoice the costs incurred in this connection separately.
The PROVIDER is the sole and exclusive holder of the copyright to any such changes. However, the PROVIDER shall grant the VENDOR a permission (pursuant to section 24 para.1 first sentence of the UrhG) to use these changes for the duration of the contractual.
11. Duty to collaborate
The VENDOR is obliged to cooperate to the extent necessary for the use of FRONTLEAD. This includes especially the embedding of FRONTLEAD on his homepage. A failure of the VENDOR to do so is not at the expense of the PROVIDER and does not reduce the PROVIDER’s claims for remuneration.
12. Impairment of performance
If the PROVIDER is temporarily unable to provide FRONTLEAD for reasons beyond its control (e.g. power failure, cyber attacks, force majeure, problems with 3rd party software, server maintenance), the (complete) payment obligations of the VENDOR remain unaffected.
13. Liability for damages and warranty
Liability of the PROVIDER for slight negligence is excluded. The liability is generally limited to twelve times the monthly fee to be paid by the VENDOR as defined in point 4. In case of the option “ANNUAL DISCOUNT” the liability sum is limited to the one-time annual fee.
The PROVIDER is not liable for the VENDOR’s loss of profit (“entgangenen Gewinn”).
This limitation of liability shall not apply with regard to personal injury and with regard to the Produkthaftungsgesetz [Austrian Product Liability Act] or in the event of intentional (“vorsätzlich”) damage.
Warranty claims expire within six months from the date FRONTLEAD has made available the VENDOR (by sending the link of the software). Notice of defects in the sense of section 377 UGB (“Mängelrügeobliegenheiten”) must be adhered to.
The PROVIDER is not liable for 3rd party software.
The PROVIDER takes no liability for a legally compliant (especially in terms of the GDPR and the TKG [Austrian Telecommunication Act]) utilization of the leads, meaning information about the END-USER for marketing purposes, obtained through FRONTLEAD by the VENDOR.
The PROVIDER takes no liability, if FRONTLEAD cannot be provided for a short period due to a temporary server failure and the VENDOR, his customers or END USERS suffer damages.
14. Indemnification
Should a claim be made against the PROVIDER by a third party due to the VENDOR’s illegal use of FRONTLEAD, the VENDOR agrees to indemnify and hold the PROVIDER harmless.
15. Engagement of subcontractors
The PROVIDER may use subcontractors for the fulfilment of its obligations under this contract.
16. Changes of the general terms and conditions
The PROVIDER is entitled to change these terms and conditions at any time. The PROVIDER will inform the VENDOR of such changes by sending the changed terms and conditions to the e-mail address last provided to the VENDOR. The VENDOR has the right to object to such changes. If the VENDOR does not object within 14 days of the sending of this change, an implied agreement to the change of the general terms and conditions is assumed.
17. Non-soliciation agreement
The VENDOR agrees not to solicit any employees of the PROVIDER during the duration of the contractual relationship and for a period of one year after its termination.
18. Data protection and protection of corporate secrets (“Geschäfts- und Betriebsgeheimnisse”)
The transfer of data and information to the required business partners is permitted to the extent necessary for the fulfilment of the contractual relationship. Otherwise, the PROVIDER and the VENDOR are mutually obligated to maintain secrecy regarding the circumstances and data related to the other party, which they become aware of as a result of the present business relationship, and in particular to maintain data secrecy. These obligations to data and business secrecy shall also apply beyond the contractual relationship. The PROVIDER and the VENDOR further undertake to instruct their employees and vicarious agents in this sense.
The PROVIDER (processor in the sense of Art 4 number 8 of the GDPR) and the VENDOR (controller in the sense of Art 4 Z 7 of the GDPR) will conclude a separate processing agreement pursuant to Art 28 of the GDPR (see Part 2 below). In particular, the VENDOR is responsible for fulfilling its information obligations in the sense of Art 12 following of the GDPR towards its END-USERS. However, the PROVIDER will of course support the VENDOR in this respect within the scope of his legal obligations (see Art 28 Paragraph 3 lit f of the GDPR).
19. Reference clause
The PROVIDER is entitled to inform about the circumstances of the business relationship with the VENDOR by means of a reference on its homepage. In this context only, the PROVIDER is entitled to use the VENDOR’s logo.
20. Duration of the contractual relationship
The contractual relationship with the VENDOR is concluded for an indefinite period. It can be terminated by either party by giving 14 days’ notice before the next payment date (see point 6 for the payment date).
This does not affect the right of extraordinary termination.
The PROVIDER is not obligated to store data obtained through FRONTLEAD beyond the contractual relationship, except for legal storage obligations (in terms of section 212 UGB [Austrian Commercial Act] or section 132 BAO [Austrian General Fiscal Act]).
21. Lockdown of access to FRONTLEAD
If the PROVIDER has legitimate reason to believe that the VENDOR [or one of his END-USER] is using FRONTLEAD in an illegal manner, the VENDOR is entitled to block access to the software immediately and without prior notice. This does not affect the possibility of further legal remedies.
22. Place of jurisdiction and applicable law
This contractual relationship is based on Austrian law and Austrian law shall be applicable to all matters regarding the relationship. The application of the United Nations Convention on Contracts for the International Sale of Goods (UN Sales Convention) as well as of referral norms is excluded.
Exclusive place of jurisdiction is the competent court in Klagenfurt, Austria.
23. Other subjects
If any part of these conditions should be invalid, the validity of the remaining conditions shall not be affected. The invalid provision shall be replaced by a valid provision which comes as close as possible to the economic intent of both parties to the agreement.
Amendments to these terms and conditions as well as supplements to them are only valid if they are agreed and signed in writing. This shall not affect the provision as defined in points 6 (price raise) 16 (amendment of the general terms).
The PROVIDER recommends the VENDOR to save these terms and conditions permanently.
Part 2: Data Processing Agreement
Data Processing Agreement pursuant to Art 28 GDPR
1. Introductory rules
Contractual parties
This agreement is concluded between
the VENDOR
(controller pursuant to Art 4 number 7 of the GDPR)
in the following named as “the CONTROLLER” on the one hand
and
FRONTLEAD – Dietmar Stuck e.U.
Owner Dietmar Stuck
Industrieparkstrasse 13, 9300 St. Veit an der Glan, Austria
Telephine +43 4212 71 88 715
E-Mail mail frontlead io
Website https://frontlead.io
Austrian commercial number: 345436w
in the following named as “the PROCESSOR” on the other hand.
1.2. Definition
PROCESSOR means a processor within the meaning of Article 4 (8) of the GDPR. A processor in this sense is a person who processes data on behalf of the CONTROLLER.
DATA means personal data within the meaning of Article 4 (1) of the GDPR.
GDPR refers to the General data protection regulation in its currently valid version.
MAIN CONTRACT means the contract (“General terms and conditions “FRONTLEAD” – see above Part 1″) between the CONTRACTING PARTIES on which the DPA in question is based.
Controller designates a person responsible in the sense of Art 4 Z 7 of the GDPR. A controller in this sense is someone who decides on the purposes and means of data processing.
The CONTRACTING PARTIES include the CONTROLLER and the PROCESSOR.
1.3. Preamble
According to Art 4 number 8 of the GDPR, a natural or legal person, authority, institution or other body that processes personal DATA on behalf of the CONTROLLER is to be qualified as a PROCESSOR. In this case, the CONTRACTING PARTIES are obliged to conclude a contract processing agreement within the meaning of Art 28 of the GDPR. By signing the present DPA, the CONTRACTING PARTIES fulfil this obligation. The PROCESSOR shall provide sufficient guarantees that appropriate technical and organisational measures are implemented in such a way that the processing is carried out in accordance with the requirements of the GDPR and that the protection of the rights of the data subjects is ensured (Art 28 (1) of the GDPR).
1.4. Gender neutrality
For the sake of better readability, no gender-specific differentiation is made. This is done without the intention of discrimination.
2. Main-Part
2.1. Subject-matter and duration of the processing, nature and purpose of the processing (Art 28 (3) of the GDPR).
This contract is concluded for an indefinite period. It shall terminate as soon as the MAIN CONTRACT comes to an end. The subject matter and nature of this DPA is derived from the MAIN CONTRACT and can be summarised as follows: Creation of free and paid forms, funnels, analyses, self-tests, quizzes, research, applications, surveys, etc. which are offered to third parties for implementation. For these purposes, the software FRONTLEAD is made available to the CONTROLLER by the PROCESSOR on a web-based basis.
2.2. Type of personal data and categories of data subjects (Art 28 (3) of the GDPR)
In the course of the present processing of DATA the following types of DATA are processed of the CONTROLLER or end users of the software:
• contact data: e-mail, name, salutation, address, post code, country
• questions and answers related to the software FRONTLEAD
• login data: E-Mail, Password, Name
• account details
• (if necessary) date of birth, sex
• company name, UID-number
2.3. Processing of personal DATA only on documented instructions (Art 28 (3) lit a of the GDPR)
The PROCESSOR shall process DATA only on documented instructions from the CONTROLLER, including in relation to the transfer of data to a third country or international organisation, unless required to do so by Union or national law to which the processor is subject, in such case the PROCESSOR shall notify the CONTROLLER of these legal requirements prior to processing, unless that law prohibits such information on important grounds of public interest.
2.4. Commitment to confidentiality (Art 28 (3) lit b of the GDPR)
The PROCESSOR ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
2.5. Obligation to take required measures (Art 28 (3) lit c of the GDPR)
The PROCESSOR takes all measures required pursuant to Article 32 of the GDPR.
2.6. Duties to support (Art 28 (3) lit e of the GDPR)
The PROCESSOR, taking into account the nature of the processing, assists the CONTROLLER by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the CONTROLLER`s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III.
2.7. Information obligations (Art 28 (3) lit f of the GDPR)
The PROCESSOR assists the CONTROLLER in ensuring compliance with the obligations pursuant to Art 32 to 36 of the GDPR taking into account the nature of processing and the information available to the PROCESSOR.
2.8. Returnment or deletion of DATA (Art 28 (3) lit g of the GDPR)
The PROCESSOR, at the choice of the controller, deletes or returns all the personal DATA to the CONTROLLER after the end of the provision of services relating to processing, and deletes existing copies unless Union or Member State law requires storage of the personal DATA.
2.9. Demonstration of compliance (Art 28 (3) lit h of the GDPR)
The PROCESSOR makes available to the CONTROLLER all information necessary to demonstrate compliance with the obligations laid down in Art 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the CONTROLLER.
2.10. Notification of data violation (Art 28 (3) lit h of the GDPR)
The PROCESSOR shall immediately inform the CONTROLLER if he considers that an instruction violates the GDPR or other data protection provisions of the Union or Member States.
2.11. Engagement of another processor (Art 28 (2 and 4) GDPR)
Where the PROECESSOR uses the services of another processor to carry out certain processing operations on behalf of the CONTROLLER, the same data protection obligations shall be imposed on that other processor by way of contract or other legal instrument in accordance with Union law or the law of the Member State concerned, which are laid down in the contract or other legal instruments between the CONTROLLER and the PROCESSOR in accordance with these DPA, in particular by providing sufficient guarantees that the appropriate technical and organisational measures are implemented in such a way that the processing is carried out in accordance with the requirements of the DPA. If the engaged processor fails to comply with its data protection obligations, the first PROCESSOR shall be liable to the CONTROLLER for compliance with the obligations of that other engaged processor.
The following subcontractors are currently used:
-) Stripe, Inc
is an online payment service based in San Francisco, California
for the purpose of payment processing
(Privacy Shield certified)
Conclusion of standard data protection clauses according to Article 46 Paragraph 2 lit c GDPR
-) Digital Ocean, Inc
is a cloud infrastructure provider based in New York City
for software hosting purposes
Conclusion of standard data protection clauses according to Article 46 Paragraph 2 lit c GDPR
-) DeSmart sp. z o.o.
is a web development company based in Poland
for maintenance purposes
Within the European Economic Area
-) Kamil Orzelek IT
is a backend programming company based in Poland
for maintenance purposes
Within the European Economic Area
The CONTROLLER gives a general authorisation that the PROCESSOR may call in other subcontractors. However, the PROCESSOR shall always inform the CONTROLLER of any intended change regarding the involvement or replacement of other subcontractors. The CONTROLLER has the right to object to such changes (Art 28 (2) of the GDPR). The PROCESSOR undertakes to comply with the conditions set out in Art 28 (2) and (4) of the GDPR for the use of the services of another subcontractor (Art. 28 (3) lit d of the GDPR).
3. Costs of participation
The costs incurred in connection with the exercise of the necessary cooperation rights of the CONTROLLER (in particular, but not exclusively, in connection with an inspection [see point 2.9] and the exercise of data subject rights [see point 2.6]) shall be borne by the CONTROLLER. In these cases the PROCESSOR shall be paid an hourly rate of EUR 120,00 plus VAT.
4. Limitation of liability
In case of joint liability (“gesamtschuldnerische Haftung”) due to the violation of data protection regulations (this concerns e.g. [meaning not completely (“taxativ”) but only demonstrative]) fines in the sense of Art 83 of the GDPR, obligations to pay damages in the sense of Art 82 of the GDPR as well as cease-and-desist-orders (“Unterlassungsaufforderungen”) ( in the sense of the UWG [Austrian Fair Trade Law]) the liability of the PROCESSOR is limited to twelve times the monthly fee to be paid by the CONTROLLER to the PROCESSOR. This limitation of liability shall not apply in case of intentional (“vorsätzliche”) damage caused by the PROCESSOR. In the event that claims are asserted against the PROCESSOR in the external relationship (in the first place), the CONTROLLER shall indemnify the PROCESSOR with regard to the amount exceeding the limitation in the sense of this clause.
5. Final clauses
5.1 Severability clause („Salvatorische Klausel”)
Invalid provisions of individual contractual components of these DPA shall not affect the validity of the remaining provisions. They shall be replaced by appropriate substitute provisions which, in the light of the purpose of the contract, come closest to what the CONTRACTING PARTIES would have wanted had they been aware of the invalidity. The same shall apply in the event of gaps in the contract. In case of doubt the rules of Art 28 of the GDPR shall be applicable.
5.2. Governing law
This DPA (and all related contractual components) is based on Austrian law. The application of the United Nations Convention on Contracts for the International Sale of Goods (UN Sales Convention, CISG) is excluded.
5.3. Place of jurisdiction
For the settlement of disputes concerning the validity of the DPA (and all related contractual components), from the contract and after termination of the contract, it is agreed that the court which is factually competent for the registered office of the PROCESSOR shall have jurisdiction.
6. Hierarchy of contracts
This DPA forms an integral part of the MAIN CONTRACT. In the event of an objection, the provisions of the DPA shall supersede those of the MAIN CONTRACT, provided that the provision in question primarily deals with a regulation within the meaning of the GDPR.
(January 2023)