Made in Germany & Switzerland
The flag of GermanyThe flag of Switzerland
jacando logo

General Terms and Conditions

1. Background

1.1 jacando AG ("jacando") offers a web-based HR software-as-a-service (SaaS) ("Software") focused on Recruiting and application management, HR-Administration, time tracking, talent management and associated services ("Services").

1.2 These general terms and conditions (“GTC”) govern the subscription for the Software and the provision of Services to the customer. Software and Services may additionally be subject to offer documents (or similar) issued by jacando (together “Agreement”). Services may be subject to specific supplemental terms that apply to the customer’s subscription and those supplemental terms form part of the Agreement.

1.3 Deviating terms and conditions of the customer do not apply to the Agreement, unless jacando expressly agrees to their application in writing.

2. Demo accounts and Conclusion of Contract

2.1 For trial and demonstration purposes the customer receives a demo access/account for the software during a limited period of time (however a minimum of 14 days). This demo access does not form a contract between jacando and the customer. jacando can terminate this demo access at any time.

2.2 Fee-based Agreements may be concluded by the customer by requesting a respective offer in writing or text form from jacando and the customer accepting the same.

3. Scope of software and services

3.1 jacando shall provide the Software and Services during the subscription term of the Agreement. The scope of functionalities for the Software and the description of Services shall be made available to the customer on the jacando website or otherwise (e.g. via an individual offer) ("Service Description").

3.2 Software components with unrestricted scope of use (e.g. E-signature) may be subject to fair use as reasonably determined and communicated by jacando (“Fair Use Principle”). The Fair Use Principle will be exercised by jacando to ensure availability of the relevant functionality for all users. Inappropriate use or excessive use of the relevant functionality shall entitle jacando, after prior notice, to restrict customers’ use of the relevant functionality.

3.3 The Software facilitates – depending on the signed contract between jacando and the customer – data exchange with certain systems of third parties (“third-party systems”) via interfaces (“integrations”). Systems, that access the interfaces of jacando are systems of external companies.

The usage of interfaces by the customer in order to integrate products and services of jacando into a third-party system or in order to submit data from jacando into a third-party system does under no circumstance create a contract or any legal relationship between the third party and jacando. Functions, prices, duration and other terms of use for providing integrations by third-party systems, including support, are subject to the terms defined in the contract between the customer and the third party. In order to use an integration, the customer has to possess a right of usage of the system intended to be integrated. jacando cannot be held liable for the function and/or the integrity of the interface, neither can jacando provide any form of guarantee for it. In the case of an integration of its products & services into an existing system or the submission of data from jacando into a third-party system by using interfaces, jacando does only take liability for data integrity until the point and moment of hand-over at the inferface. Under no circumstance does jacando take liability or responsibility for data integrity after the moment of providing data at the interface when integrating the data into a thirt-party system.

This also holds, when jacando specializes its products and services specifically for interfaces of specific thiry-party systems. Despite an optimization for any specific interface, the third-party defines the specification of his/her software and thus jacando cannot guarantee a compatibility of its software with softwares of any thirty-party.

3.4 For any form of changing the plan of the Software bought or the maximum number of employees that can be administered by a plan, a dedicated contract between jacando and the customer has to be made as definied unter 2.2.

3.5 Without limiting other rights or remedies, jacando may temporarily suspend (without liability) the customer's access to any portion of the Software and Services, if (a) jacando reasonably determines that (i) there is a threat or attack on the Software or other event that may create a risk to the Software, the customer or any other third party; (ii) the customer's use of the Software disrupts or poses a security risk to the Software or any other third party; or (iii) the customer has exceeded the Fair Use Principle as set out in section 3.2; or (b) jacando has notified the customer that any amount owed by the customer under the Agreement is thirty (30) or more days overdue, and the customer has failed to submit payment in full within five (5) days of receipt of such notice (collectively, “Suspensions”). jacando shall provide notice in advance (where reasonably possible) of any Suspension and provide updates regarding resumption of Software or Services following any Suspension.

4. Customer Responsibilities

4.1 The following responsibilities are major obligations of the customer and are not only to be classified as secondary obligations or duties.

4.2 During the demo period in accordance with section 2.1, the customer is obliged to review the functionalities of the Software and to notify jacando in text form about possible defects and other deviations from the Service Description before concluding a fee-based Agreement for the use of the Software. The customer cannot invoke defects and other deviations from the Service Description, which were already known or present during the Trial, but were not reported before the conclusion of a fee-based Agreement for the use of the Software.

4.3 The customer shall provide a qualified contact person together with a deputy, who is entitled to make all necessary decisions, that are required for the contractually agreed provision of Software and Services or to bring about such decisions without undue delay. The customer shall inform jacando about any changes of the contact person (including deputy) without undue delay.

4.4 The customer is solely responsible for the content and data processed within the Software. The customer shall use the Software only in accordance with the Agreement and within the framework of the applicable statutory provisions and not to infringe any rights of third parties during use. The customer will inform jacando without undue delay in text form about: (i) the misuse or suspicion of misuse of the Software and Services; (ii) a risk or suspicion of a risk for the compliance of data protection or data security which occurs within the scope of the provision of the Software and Services; (iii) a risk or suspicion of a risk for the service provided by jacando, e.g. due to loss of access data or hacker attack.

4.5 The customer shall ensure the following technical requirements:

4.5.1 The connection to the internet in adequate bandwidth and latency is the customer’s responsibility.

4.5.2 For an optimal use of the offers and functions of the Software the customer shall use the latest versions of the following browser types Google Chrome, Microsoft Edge or Mozilla Firefox or any other browser notified by jacando. Functional cookies are needed for the usability of the Software. If these are not permitted by the customer, jacando shall not be liable for any restrictions resulting from this.

4.5.3 The customer is responsible for taking state-of-the-art IT security measures to ensure that the use of the Software is subject to appropriate security standards within their own organisation.

4.5.4 The use of shared accounts (e.g. hr@customer.com) is prohibited. The customer shall ensure that their users of the Software do not share their login data.

4.5.5 The customer shall ensure the security of the internet connection used, in particular the use of company-owned instead of public Virtual Private Networks (VPN) as well as the use of VPN connections in public networks.

4.6 The customer is responsible for the professional setup and administration of the Account. This applies regardless of whether jacando supports the customer setting up the account in any form. This includes: (i) the professional setup of the Account, in particular the migration of data, configuration of processes and products; (ii) the technical setup of Integrations in the Account and in the Third- Party System, such as determining whether certain data fields should be transferred or how customer-specific values from multiple-selection fields are to be assigned; (iii) verification of the correct functioning of the Integration on the basis of test cases (e.g. concerning the text length of open text fields) before productive use; (iv) the technical integration of interfaces on the customer side in accordance with the specification of incoming and outgoing data, including API key input and the activation of interfaces in the Third-Party System; (v) the administration of the account, in particular the creation of users and roles and the assignment of access.

5. Availability

5.1 jacando provides the Software with an availability of 99% on an annual average. Times in which the server cannot be reached due to other technical problems beyond the control of jacando (e.g. force majeure) are excluded. Also excluded is planned maintenance work (e.g. updates to the Software) which takes place outside of Monday to Friday between 9:00 am and 6:00 pm BST/CEST/CET (“Normal Business Hours”).

5.2 In case of error reports received outside the support hours, the troubleshooting begins on the following working day. Delays of the troubleshooting that the customer is responsible for (e.g. due to unavailability of a contact person on the customer side or belated notification of the disruption), are not credited towards the troubleshooting time.

6. Grant of Rights

6.1 jacando grants the customer a non-exclusive, non-transferable and time-limited usage right for the subscribed for Software for the agreed term. For rights of use to Third-Party Systems and Partner Integrations, the provisions of the respective provider will apply.

6.2 The customer undertakes to use the Software only in accordance with the Agreement and not to provide it to third parties to use. Insofar as the Software plan provides for this, the customer’s usage right also extends to the customers affiliates within the meaning of § 271 German Commercial Code, §§ 15 ff. German Stock Corporation Act or to affiliated companies/holding companies/subsidiaries within relevant applicable provisions of corporate law.

6.3 jacando may process non-personal or anonymous data to develop and improve functionality and the customers’ experience with the Software. For this purpose jacando may anonymise data stored in the Software. The customer agrees that jacando owns all rights in and is free to use any such non- personal or anonymous data in any way it deems fit for development, diagnostic, corrective, security as well as marketing or any other purposes.

7. Term and Termination

7.1 The customer can choose an annual or a multi-annual subscription Agreement. For Services, the term of the Software applies unless specifically stated otherwise.

7.2 In case of Agreements with an annual subscription, an initial term of one year shall apply. After the expiry of the initial term, the Agreement shall automatically renew on a yearly basis, until either party terminates the Agreement with notice not later than three months’ prior to the renewal date.

7.3 In case of Agreements with multi-annual subscription, after the expiry of the term, the Agreement shall automatically renew on the same multi-annual basis as the previous Agreement, until either party terminates the Agreement with notice not later than three months’ prior to the renewal date.

7.4 The right of both parties to terminate the Agreement for good cause remains unaffected.

7.5 Notice of termination must be given in written form. All licences and rights granted under the Agreement shall be immediately terminated.

8. Payment Term

8.1 The customer agrees to pay the fees for the Software and any applicable Services in accordance with the applicable offer or invoice. Electronic invoices will be sent to the customer.

8.2 All amounts and fees are exclusive of taxes, duties, levies, tariffs, and other governmental charges (collectively, “Taxes”). The customer shall be responsible for payment of all Taxes and any related interest and/or penalties resulting from any payments made hereunder, other than any taxes based on jacando’s net income.

8.3 For Agreements with a yearly or multi-year subscription, the billing period begins on the commencement date of the Agreement or as otherwise agreed by the parties in text form and ends with the expiry of duration of the Agreement. Payment shall be due two weeks from the invoice date.

9. Warranty, Claims and Obligations in Case of Defects

9.1 Sections 9.2, 9.4, 9.6 and 9.7 shall apply only in case of paid Software/Services provision by jacando. To the extent jacando provides Software/Services free of charge, jacando’s liability for defects is limited to fraudulent intent.

9.2 jacando shall provide the Software free from material and legal defects (e.g., violation of third party intellectual property rights) and shall maintain the Software in a condition suitable for contractual use during the term of the Agreement.

9.3 Any defects or disruptions of the system availability shall be reported by the customer together with the details of the circumstances of their occurrence without undue delay after it has become known. In case of occurring Software disruptions the customer will support jacando to a reasonable extent in the identification and correction of errors.

9.4 jacando shall remedy the defect within a reasonable period of time. In case of reports and disruptions of the system availability which lead to a total failure of the Software and which are received within the support hours (as published by jacando), jacando will attempt to ensure a reaction time of four hours from the beginning of the disruption. In case of minor errors that do not lead to a total failure of the Software and that occur during ongoing operation, jacando will attempt to respond no later than one working day after receipt of the error message.

9.5 jacando shall be entitled to show temporary workarounds and to eliminate the actual cause later by making adjustments to the Software, provided that this is reasonable for the customer.

9.6 The strict liability for initial defects in accordance with § 536a (1), Alt. 1 German Civil Code is excluded.

9.7 Defect claims expire within 12 months. This does not apply in case of defect claims for damages for which jacando is mandatorily liable under the statutory law (see section 10.1).

10. Limitation of Liability

10.1 In the case of paid or unpaid service provision jacando is liable according to the statutory provisions for damages resulting from the injury of life, of the body or health and for other loss due to a breach of duty resulting from intent, gross negligence and fraudulent intent. In addition jacando is liable according to the statutory provisions towards customers with a fee-based Agreements for the use of the Software for damages covered by liability under mandatory statutory provisions such as in the case of assumption of guarantees, fraudulent concealment of a defect or according to German Product Liability Law in the case of paid services. Guarantees by jacando are only given in written form and in case of doubt are to be interpreted as such, only if they are referred to as “guarantee”.

10.2 In case of slight negligence for paid service provisions, jacando is only liable for damages caused by jacando and which are due to such essential breaches of duty, which endanger achieving the purpose of the Agreement or to breaches of duties, whose fulfilment enables the proper execution of the Agreement in the first place and whose compliance the customer may rely on (so-called violation of cardinal obligations). In these cases the liability of jacando is limited to typically contractual predictable damages. Liability for slight negligent violation of obligations that are not cardinal obligations (see Section 10.2 sentence 1) are excluded, except where jacando is liable by law (see Section 10.1 sentence 2).

10.3 In the case of free service provision (e.g., within the demo period) jacando is responsible only for damage, which is based on wilful intent, or gross negligence as well as fraudulent intent. This limitation of liability does not apply to damages resulting from injury to life, body or health, for this jacando is liable without limitation.

10.4 The limitations of liability in sections 10.1 to 10.3 also apply to claims against executive employees, employees, other vicarious agents or subcontractors of jacando.

11. Data Protection and Confidentiality

11.1 jacando acts as a processor for the customer data stored and processed in the Software and the customer shall be the data controller of such data. For customers who have already entered into separate data processing agreements prior to November 10, 2023, the data processing agreement stored in their Account remains valid (if applicable). For all other customers, the controller-processor agreement on the jacando website (www.jacando.com/agb/) (“Data Processing Addendum”) is hereby agreed and incorporated and forms an integral part of the Agreement. In case of a conflict, the data processing agreement / Data Processing Addendum, respectively, shall prevail over these GTC.

11.2 “Confidential Information” shall mean any information, no matter whether written or oral, which (i) by its nature is confidential or subject to secrecy or (ii) which the party, whom the information is transmitted to, must have recognised as confidential and a subject to secrecy because of exceptional circumstances. Confidential Information includes, in particular, product descriptions and specifications as well as prices. Each party agrees to the following:

11.2.1 Not to disclose Confidential Information of the respective other party to third parties without express consent (at least in text form).

11.2.2 To undertake to use Confidential Information only for contractually agreed purposes.

11.2.3 To take at least the same precautions as they do in regards to their own Confidential Information. Such precautions shall at least be reasonable to prevent disclosure to unauthorized third parties. In addition both contracting parties are obliged to prevent the unauthorized disclosure or use of Confidential Information by their customers, employees, subcontractors or legal representatives.

11.2.4 To inform each other in text form of any misuse of Confidential Information.

11.3 Confidential Information shall not include information which:

11.3.1 Was known to the other party prior to transmission and without an existing confidentiality agreement,

11.3.2 Is transmitted by a third party not subject to a similar confidentiality agreement,

11.3.3 Is otherwise publicly known,

11.3.4 Was independently developed without using confidential information,

11.3.5 Is released for publication in text form, or

11.3.6 Is required to be transmitted due to a final legally binding court order or authority provided that the party affected by the transmission is informed in time in order to take legal protection actions.

11.4 Neither party shall obtain Confidential Information by means of reverse engineering. “Reverse Engineering” in this context means all actions, including observing, testing, examining and reassembling, with the aim of obtaining Confidential Information.

11.5 The restrictions contained in sections 11.2 to 11.4 will continue to apply until the earlier of the relevant Confidential Information ceasing to be confidential and a period of five years following termination of the Agreement.

12. Amendments

12.1 jacando has the right to change these GTC at any time or to amend regulations for the use of any newly introduced additional services or features of the Software or Services. Changes and amendments to these GTC shall be announced to the customer by email to the indicated email address not later than four weeks before the scheduled changes come into force. The customer’s consent to the change of the GTC will be deemed granted if the customer does not object to the amendment in text form within a period of two weeks, beginning with the day following the day of the announcement of the amendment. Any announcement shall indicate the relevant amendment, the possibility of objection, the deadline for an objection, the text form requirement and the outcome of an objection.

12.2 jacando reserves the right to modify the Software and/or Services to offer deviating functionalities, unless changes or deviations are not reasonable for the customer. If significant change of the Software supported workflow of the customer and/or limitations in usability of so far generated data go along with the provision of a modified version of the Software or a change of functionality of the Software, jacando will announce this to the customer in text form at the latest four weeks before the effective date of such a change. If the customer does not object to the change in text form within a period of two weeks upon receipt of the notification of change, the change shall become part of the contract. Any announcement shall indicate the relevant amendment, the possibility of objection, the deadline for an objection, the text form requirement and the outcome of an objection.

12.3 jacando further reserves the right to modify the Software and/or Services to offer deviating functionalities, (i) to the extent necessary to make the services offered by jacando compliant to the (case) law applicable to such services, in particular if the legal situation changes; (ii) to the extent jacando complies with a court order or authority decision addressed to jacando; (iii) to the extent necessary to eliminate security vulnerabilities of the software; (iv) due to significant changes in the services or contractual conditions of third-party providers or subcontracting companies, or (v) to the extent that this is predominantly beneficial for the customer. jacando especially reserves the right to restrict or discontinue the provision of additional functionalities or Integrations if the technical partners for these additional functionalities or the providers of the Third-Party Integrations significantly change or limit their services or terms of service and jacando can therefore no longer reasonably be expected to continue providing the above, such as if the additional expense due to jacando‘s involvement would be economically unreasonable. For the case of annual calculation, the customer will receive an appropriate pro rata reimbursement of fees paid in advance, provided that the additional functionality or Integration was invoiced separately.

12.4 jacando is entitled to adjust its list prices to compensate personnel cost or other cost increases annually in an appropriate amount. jacando will announce these price adjustments and the effective date of the price adjustments to the customer in text form. The price adjustments shall not apply to the periods the customer has already paid for. If the price increase is more than 5% of the previous price, the customer may object to this list price increase within a period of two weeks from notification. A change in the price resulting from a change in the scope of features or the number of employees to be administered shall not be deemed a price adjustment within the meaning of this section 12.4.

12.5 If the customer objects to a change within the meaning of this section 12 in accordance with the relevant notification requirements, the proposed change will not be effective and the Agreement shall continue under the existing terms. In this case jacando reserves the right to terminate the Agreement extraordinarily on one month’s notice.

12.6 Except as set out in sections 12.1 to 12.4, any variation to the Agreement shall be agreed by the parties in text form.

13. Final Provisions

13.1 The legally-binding version of the General Terms and Conditions is the German version. Any translations into an other language may only be seen as an additional service of jacando. In case of any difference between the German version and any translation, the German version is the binding one.

13.2 Unless otherwise agreed, any notification or declaration under the Agreement shall be made in writing which includes text form (e.g., email). Amendments to the Agreement shall be made in writing or text form. This shall also apply to the waiver of this form requirement.

13.3 The parties are not allowed to transfer rights and obligations from this contract to any third party without the previous written consent of the other party.

13.4 jacando may name the customer as a reference and use its name, logo or other identifying characteristic serving this purpose. Any other usage of this information needs to be agreed upon by the customer.

13.5 If any provision of the Agreement is invalid, illegal or unenforceable, the other provisions of the Agreement will remain enforceable and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law.

13.6 If the company address of the customer defined in the contract between jacando and the customer is located in the EU, The Agreement between the parties shall be governed by and construed in accordance with the laws of the Federal Republic of Germany excluding the UN Convention on Contracts for the International Sale of Goods. Exclusive place of jurisdiction for all disputes arising from and/or in connection with the Agreement between jacando and the customer is, as far as legally permissible, Munich.

13.7 If the company address of the customer defined in the contract between jacando and the customer is located in Switzerland, The Agreement between the parties shall be governed by and construed in accordance with the laws of Switzerland. Exclusive place of jurisdiction for all disputes arising from and/or in connection with the Agreement between jacando and the customer is, as far as legally permissible, Basel.

Version November 2023

Addendum on data processing

Order processing in accordance with Art. 28 GDPR

1. Data processing in the EU and Switzerland

The provision of the contractually agreed data processing shall take place exclusively in a member state of the European Union or a contracting state of the Agreement on the European Economic Area or in Switzerland. Any relocation to a third country requires the prior consent of the client and may only take place if the special requirements of Art. 44 et seq. GDPR are fulfilled.

2. Technical and organisational measures

2.1 The Contractor shall document the implementation of the technical and organisational measures required under the GDPR before the start of processing, in particular with regard to the specific execution of the order. These measures form the basis of the order. If the inspection/audit of the client reveals a need for adjustment, this must be implemented by mutual agreement.

2.2 The precautions to be taken are data security measures and measures to ensure a level of protection appropriate to the risk with regard to the confidentiality, integrity, availability and resilience of the systems. The state of the art, the implementation costs and the nature, scope and purposes of the processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons within the meaning of Art. 32 para. 1 GDPR must be taken into account.

2.3 The technical and organisational measures are subject to technical progress and further development. In this respect, the Contractor is permitted to implement alternative adequate measures. In doing so, the security level of the specified measures must not be undercut. Significant changes must be documented.

2.4 The Contractor undertakes to implement and continue to comply with all technical and organisational measures required for this order in accordance with Art. 28 para. 3 sentence 2 lit. c, 32 GDPR [details in Annex 1]. The Client shall review the technical and organisational measures taken as part of its supervisory powers in accordance with Section 6 of this contract.

3. Rectification, restriction and erasure of data

The contractor may not rectify, erase or restrict the processing of data processed on behalf of the client without authorisation, but only in accordance with documented instructions from the client.

If a data subject contacts the Contractor directly in this regard or with regard to other data subject rights, the Contractor shall forward this request to the Client without delay.

4. Further obligations of the contractor

In addition to complying with the provisions of this contract, the Contractor shall fulfil its legal obligations under Art. 28 to 33 GDPR; in this respect, it shall in particular ensure compliance with the following requirements:

a) If required by law, a data protection officer shall be appointed in writing to carry out his/her duties in accordance with Art. 38 and 39 GDPR. The contact details of the Contractor's data protection officer can be found in Section 11 of this Agreement. The Client must be informed immediately of any change of data protection officer.

b) The Contractor undertakes to maintain confidentiality during processing in accordance with Art. 28 para. 3 sentence 2 lit. b, 29, 32 para. 4 GDPR. When carrying out the work, the Contractor shall only use employees who have been obliged to maintain confidentiality and who have been familiarised with the data protection provisions relevant to them in advance. The contractor shall process personal data exclusively within the framework of the agreements made and in accordance with the instructions of the controller, unless it is obliged to do so by the law of the Union or the Member States to which the contractor is subject (e.g. investigations by law enforcement or state security authorities); in such a case, the contractor shall notify the controller of these legal requirements prior to processing, unless the law in question prohibits such notification due to an important public interest (Art. 28 para. 3 sentence 2 lit. a GDPR).

c) The Client and the Contractor shall cooperate with the supervisory authority in the fulfilment of their tasks upon request.

d) The Contractor shall inform the Client immediately of any inspections and measures taken by the supervisory authority insofar as they relate to this order. This shall also apply if a competent authority investigates the processing of personal data in the context of administrative offence or criminal proceedings relating to the processing of personal data by the contractor.

e) Insofar as the Client is subject to an inspection by the supervisory authority, administrative offence or criminal proceedings, a liability claim by a data subject or a third party or any other claim in connection with the commissioned processing at the Contractor, the Contractor shall support the Client to the best of its ability.

f) The Contractor shall regularly monitor the internal processes and the technical and organisational measures to ensure that the processing in its area of responsibility is carried out in accordance with the requirements of the applicable data protection law and that the protection of the rights of the data subject is guaranteed.

5. Subcontracting relationships

5.1 Subcontracting relationships within the meaning of this provision are those services that relate directly to the provision of the main service. This does not include ancillary services which the Contractor utilises, e.g. as telecommunications services, postal/transport services. However, the Contractor is obliged to take appropriate and legally compliant contractual agreements and control measures to ensure the data protection and data security of the Client's data, even in the case of outsourced ancillary services.

5.2 The Client grants the Contractor - subject to the consent required in accordance with Section 1 - general authorisation to use further subcontractors if (a) a contractual agreement with the subcontractor in accordance with Art. 28 (2-4) GDPR and, in the context of data transfers in a third country, an additional guarantee in accordance with Art. 44 et seq. GDPR, (b) the Contractor informs the Client in text form if it intends to involve additional or replace subcontractors. The information about the addition or replacement of subcontractors can be provided, for example, by e-mail or a specific newsletter (i.e. a newsletter exclusively for information about subcontractors) or via a link.

The Client may object to such changes, whereby this may not be done without good cause under data protection law. The objection to the intended change must be made to the Contractor in text form within 14 days of the provision of the information about the change to the contact details of the data protection officer stated below under point 10. In the event of an objection, the Contractor may, at its own discretion, provide the service without the intended change or - if the provision of the service without the intended change is unreasonable for the Contractor - discontinue the service to the Client within 4 weeks of receipt of the objection and terminate the service agreement without notice and with immediate effect. If the objection is not justified by an important data protection reason, the Client shall bear the associated expenses and any losses incurred.

5.3 The forwarding of personal data of the client to the subcontractor and its first activity is only permitted once all requirements for subcontracting have been met.

5.4 If the subcontractor provides the agreed service outside the EU/EEA, the Contractor shall ensure that it is permissible under data protection law by taking appropriate measures. The same applies if service providers within the meaning of para. 1 sentence 2 are to be used.

5.5 Further outsourcing by the subcontractor requires the express consent of the Contractor (at least in text form) or a general authorisation by the Contractor analogous to paragraph 2. All contractual provisions in the contractual chain must also be imposed on the further subcontractor.

6. Control rights of the client

6.1 The Client shall have the right to carry out inspections in consultation with the Contractor or to have them carried out by an auditor to be named in individual cases. It shall have the right to satisfy itself of the Contractor's compliance with this Agreement in its business operations by means of spot checks, which must generally be notified in good time (generally at least four weeks in advance). Business and trade secrets of the Contractor that become known to the Client during an inspection must be treated as strictly confidential by the Client. No records of such secrets may be made unless this is absolutely necessary in order to exercise the Client's right of inspection.

6.2 The Contractor shall ensure that the Client can satisfy itself of the Contractor's compliance with its obligations under Art. 28 GDPR. The Contractor undertakes to provide the Client with the necessary information upon request and, in particular, to provide evidence of the implementation of the technical and organisational measures.

6.3 Proof of such measures, which do not only concern the specific order, can be provided by current certificates, reports or report extracts from independent bodies (e.g. data protection officers, auditors, data protection auditors, quality auditors).

6.4 Access to the Contractor's business premises shall only take place in the permanent presence of a representative of the Contractor. The Client shall also show reasonable consideration for operational processes in order to avoid disruptions and for the Contractor's legitimate confidentiality interests.

6.5 Regular on-site inspections by the customer are generally permitted once per calendar year. Additional inspections by the customer can only be carried out for an important reason to be proven by the customer. In the event of inspections that go beyond the annual inspections provided for in sentence 1 or sentence 2, the Client undertakes to reimburse the expenses incurred by the Contractor in the context of enabling these additional inspections.

7. Notification of violations by the contractor

7.1 If necessary, in particular because the relevant information is not otherwise available to the Client, and taking into account the nature of the processing, the Contractor shall assist the Client in

  • compliance with the personal data security obligations set out in Articles 32 to 36 of the GDPR,
  • Reporting obligations in the event of data breaches,
  • Data protection impact assessments and prior consultations.

These include

a) ensuring an adequate level of protection through technical and organisational measures that take into account the circumstances and purposes of the processing as well as the predicted likelihood and severity of a potential breach through security vulnerabilities and allow for the immediate detection of relevant breach events

b) the obligation to report personal data breaches to the client without delay

c) the obligation to support the client in the context of its duty to inform the data subject and to provide it with all relevant information in this context without delay

d) the support of the client for its data protection impact assessment

e) supporting the client in the context of prior consultations with the supervisory authority

7.2 The Contractor may claim remuneration for support services that are not included in the service description or are not attributable to misconduct on the part of the Contractor.

8. Authority of the client to issue instructions

8.1 For security reasons, confirmation of identity is required for a verbal instruction. Should there be any doubts in this regard, action can only be taken after confirmation. The client shall confirm verbal instructions immediately (at least in text form).

8.2 The Contractor must inform the Client immediately if it is of the opinion that an instruction violates data protection regulations. The Contractor shall be entitled to suspend the implementation of the relevant instruction until it is confirmed or amended by the Client.

9. Deletion and return of personal data

9.1 Copies or duplicates of the data shall not be created without the knowledge of the client. Excluded from this are backup copies, insofar as they are necessary to ensure proper data processing, as well as data that is required in order to comply with statutory retention obligations.

9.2 After completion of the contractually agreed work or earlier at the request of the Client - at the latest upon termination of the service agreement - the Contractor shall hand over to the Client all documents, processing and utilisation results created and data stocks in connection with the contractual relationship that have come into its possession or destroy them in accordance with data protection regulations after

prior consent, unless EU or national law requires the storage of personal data.

9.3 Documentation that serves as proof of proper data processing in accordance with the order shall be retained by the Contractor beyond the end of the contract in accordance with the respective retention periods. The Contractor may hand them over to the Client at the end of the contract in order to discharge the Client.

10. Choice of law

This contractual relationship is governed exclusively by the statutory provisions of the General Data Protection Regulation. The application of Swiss data protection law is hereby excluded insofar as this is legally permissible.

11. Concretisation of the order content, subcontractors and data protection officer

11.1 Object of the contract: The object of the data handling contract is the performance of the following tasks by the Contractor: Operation and provision of the Jacando Cloud Software as a web and/or mobile application in accordance with the service agreement.

11.2 Duration of the order: The duration of this order (term) corresponds to the term of the contract between the controller and the processor for the provision and use of the Jacando Cloud Software.

11.3 Nature and purpose of the intended processing of data: Description of the subject matter of the contract with regard to the nature and purpose of the contractor's tasks: Product details of the software and services can be found in the underlying service agreement.

11.4 Type of data: The following data types/categories are subject to the processing of personal data:

  • General personal data: Name, address, e-mail address, telephone number, date of birth and age plus any other customised fields
  • Files: Documents in various formats relating to applicants and employees, as well as customers plus any additional customer-specific fields
  • Communication: conversation histories and messages from and to applicants or recruiters as well as employees and customers or contact persons plus additional customer-specific fields if necessary
  • Identification numbers: Personnel numbers plus any other customised fields
  • Physical characteristics: Gender plus any other customised fields
  • Ownership characteristics: Equipment issues plus any other customised fields
  • Value judgements: school and job references, CVs, assessed skills and competences.
  • Skills, feedback questionnaires and other surveys, performance agreements and performance appraisals, further training with learning outcomes plus other customised fields where applicable
  • Order and quotation data as well as invoices: Contact persons plus any other customer-specific fields
  • Case data: Support case contact person and detailed descriptions, which may contain personal data plus any other customer-specific fields
  • Interface fields: Customised fields that are exchanged with and between the customer's third-party systems via Jacando
  • Contract/employment data: Salary, other address data, contract accounting and payment data incl. cost reimbursements, working time models and working time records incl. recorded absences plus other customer-specific fields if applicable
  • End user data: location data, device information and time zones

11.5 Categories of data subjects: The categories of data subjects affected by the processing include:

  • Employees (internal/external) of the client
  • Applicants (internal/external) of the client
  • Recruiter of the client
  • Interested parties & customers of the client
  • Contact person of the client

11.6 Subcontractors used: see Annex 2

11.7 The Contractor's data protection officer is Mr Asmus Eggert, lawyer, mip Consult GmbH, Wilhelm-Kabus-Str. 9, 10829 Berlin, 030-2088999-0, a.eggert@mip-consult.de

12. Plants

Annex 1: "Technical and organisational measures" in accordance with Art. 32 GDPR & Annex 2: Subcontractors used are fully included in the contract

13. Note

This contract is a tested standard contract for all customers (clients) of Jacando AG, therefore no customised adaptations are possible. This applies in particular to adjustments to the specifically licensed scope of functions of the client. The use of customised contracts is not intended, therefore the client should refrain from sending other contract templates.

Version November 2023

General Terms and Conditions for Support Services

Download

1. Scope of application / conclusion of contract

1.1 These GTC apply to the provision of support services by jacando (hereinafter "jacando") to the customer (hereinafter "customer") in connection with the web-based HR Software-as-a-Service (SaaS) jacando ("software"), whether for a fee or free of charge. Supporting services are, for example, consulting and training services, support with configuration and set-up services, splitting or merging of customer accounts in the software (account split/mergers) or data migration services ("services") as well as ongoing support via the help centre or dedicated jacando employees. These services are provided by jacando exclusively on the basis of these General Terms and Conditions ("GTC") and the individual agreements concluded between the customer and jacando (hereinafter "Orders"). The use of the software itself is subject to jacando's separate GTC.

1.2 Any terms and conditions of the customer that conflict with or deviate from these GTC shall not become part of the contract, except in the case of express written consent. These GTC shall also apply if jacando carries out the deliveries or services without reservation in the knowledge that the customer's terms and conditions conflict with or deviate from these GTC.

1.3 The contract between jacando and the customer is concluded by mutual signature or other agreement of an order (e.g. by e-mail or telephone).

2. Benefits

2.1 The services to be provided by jacando are set out in the orders, any supplementary service descriptions and, alternatively, these GTC. Services other than those expressly described in the order are not owed.

2.2 Deadline commitments and cost estimates are to be understood as non-binding deadlines and estimates, unless expressly agreed otherwise in writing.

2.3 Service descriptions are only to be regarded as quality descriptions. In case of doubt, the service descriptions do not contain the assumption of a guarantee. Guarantees by jacando are only given in writing and, in case of doubt, are only to be interpreted as such if they are labelled as a "guarantee".

2.4 Insofar as jacando refers to legal requirements (e.g. tax aspects, consent requirements, data protection requirements) or provides legally relevant texts or content (e.g. role and authorisation concepts), these are merely suggestions. jacando does not owe any legal advice and can therefore offer no guarantee for the legal conformity of the services mentioned, in particular with regard to the requirements of tax law, labour law or data protection law. The customer himself/herself or a legally qualified third party must ensure and check the legal conformity of these services.

3. Rights of use to the services of jacando

Unless otherwise provided for in these GTC or the order, jacando hereby grants the customer the simple (i.e. non-exclusive), non-transferable and non-sublicensable right to use the services of the customer (e.g. created documents) for the contractually agreed purposes, in case of doubt for the customer's own business purposes.

4. Duties and obligations of the customer

4.1 jacando is dependent on the co-operation of the customer for the successful and timely performance of the services owed by jacando. The customer therefore undertakes to provide all information, documents and content (e.g. data to be imported) required for the proper fulfilment of the service in a timely and complete manner. The customer is also obliged to inform jacando, without being asked, of circumstances that may be of significance for the provision of services by jacando and of which the customer can recognise that they are unknown to jacando.

4.2 If defects or other faults occur, the customer is obliged to report them to jacando immediately and to provide the information required to rectify the fault.

4.3 Further details on the customer's duties to co-operate and obligations can be found in the order.

5. Limitation of liability

5.1 jacando is liable for damages if these are a) caused intentionally or by gross negligence on the part of jacando, or b) caused by slight negligence on the part of jacando and are due to essential breaches of duty that jeopardise the achievement of the purpose of the contract, or to the breach of duties whose fulfilment is essential for the proper execution of the contract and on whose compliance the customer may rely (cardinal duties).

Otherwise, jacando's liability is excluded, irrespective of the legal grounds, unless jacando has mandatory liability by law, in particular for injury to life, limb or health of a person, assumption of an express guarantee (see also clause 2.3), fraudulent concealment of a defect or under the Product Liability Act.

5.2 In the case of clause 6.1, sentence 1, letter b) (slightly negligent breach of cardinal obligations), jacando's liability is limited to the damage typically foreseeable for a contract of this type.

5.3 Insofar as jacando provides its services free of charge, jacando's liability is limited to intent, malice and gross negligence, unless jacando's liability is mandatory by law.

5.4 The limitations of liability in clauses 5.1 to 5.3 also apply to claims against employees, legal representatives and agents of jacando.

6. Terms of payment

6.1 All services provided by jacando for the client shall be remunerated on a time basis, unless a fixed price has been agreed in the order. The hourly rates stated or referred to in the order shall apply.

6.2 If a fixed price has been agreed in the order, jacando shall provide the services agreed there for the fixed price at this price.

6.3 Unless otherwise agreed, an agreed fixed price shall be invoiced when the order is placed. In the case of payment by time, jacando shall invoice the working hours regularly, usually at the end of each calendar month. In the case of payment by time, the invoice must be accompanied by an activity report stating the date or period, duration and content of the activity. Invoices shall be issued in 15- minute time units. jacando may issue invoices in electronic form.

6.4 Travel must be agreed with the customer in advance. Travelling to and from the customer's premises also counts as 50% working time (from jacando's nearest office). Travelling expenses must be documented by jacando and reimbursed by the client.

6.5 All prices are quoted in euros plus the applicable statutory value added tax.

6.6 Invoices are payable within 14 days without deductions.

7. Data protection

Insofar as jacando processes personal data of the customer on behalf of the customer in the context of the provision of services, jacando acts as a processor within the meaning of Art. 4 No. 8 GDPR and the customer as a controller pursuant to Art. 4 No. 7 GDPR. This is particularly the case for data migrations, account splits/mergers and other services that require jacando to access the customer's personal data in the software. The contract concluded between the customer and jacando in connection with the provision of the software for order processing in accordance with Art. 28 GDPR applies accordingly.

8. Confidentiality

8.1 "Confidential Information" means any information, whether in written or oral form, which (i) by its nature is confidential or must be kept secret or (ii) which the party to whom the information is disclosed must recognise as confidential and must be kept secret due to the particular circumstances. Confidential information includes, in particular, product descriptions and specifications as well as prices. The parties undertake the following:

8.1.1 Not to disclose confidential information of the other party to third parties without express consent (at least in text form).

8.1.2 To use the confidential information only for contractually agreed purposes.

8.1.3 Take at least the same security measures that they take in relation to their own confidential information. These precautions must be at least adequate to prevent disclosure to unauthorised third parties. In addition, both parties are obliged to prevent the unauthorised disclosure or use of confidential information by their customers, employees, subcontractors or legal representatives.

8.1.4 To inform each other in text form of any misuse of confidential information.

8.2 Confidential information is not information that:

8.2.1 Were known to the other party prior to the transfer and without an existing confidentiality agreement,

8.2.2 Transmitted by a third party who is not subject to a similar confidentiality agreement,

8.2.3 Otherwise publicly known,

8.2.4 Developed independently and without the use of confidential information,

8.2.5 have been authorised for publication in text form, or

8.2.6 must be transmitted on the basis of a legally binding court or official order, provided that the person affected by the transmission is informed in good time in order to be able to take legal defence measures.

8.3 Neither party may obtain confidential information through reverse engineering. In this context, "reverse engineering" means all actions, including observing, testing, analysing and reassembling, with the aim of obtaining confidential information.

8.4 The restrictions contained in Clauses 8.1 to 8.3 shall apply until such time as the relevant Confidential Information ceases to be confidential or for a period of five years after termination of the Agreement, whichever is the earlier.

9. Contractual services

9.1 Unless otherwise agreed, jacando provides its services as contractual services and therefore does not owe any specific success.

9.2 The general place of deployment for the provision of services is the business premises of jacando, unless the services require a mandatory presence at the customer's premises or a corresponding place of deployment has been agreed.

9.3 Employees deployed by jacando are not subject to any instructions from the customer when carrying out the activities assigned to them. The assigned employee is free to organise his/her activities (time, duration, type and location of work). However, he/she must take into account special operational concerns and requirements in connection with the activity. The employee is also free to choose the place of work or working hours. However, project-specific time requirements of the customer must be observed after consultation (e.g. meeting dates).

9.4 If jacando is unable to provide its services due to a delay in acceptance by the customer or for any other reason arising from the customer's sphere of operations, the provisions of § 615 BGB shall apply.

10 Contractual services

10.1 Insofar as the parties have agreed on the applicability of the provisions of the contract for work and labour, the provisions of this clause 10 shall apply.

10.2 The customer is obliged to inspect all services immediately - unless otherwise agreed within two weeks - from provision and to notify jacando immediately in writing of any recognisable and/or detected defects, giving a precise description of the defect (acceptance). It is equivalent to acceptance if the customer does not accept the service within a reasonable period set by jacando, although he/she is obliged to do so. The same applies in the event that the service is paid for without reservation or is used for a period of more than two weeks.

10.3 A material defect exists if the service owed cannot be used in accordance with the contract, so that the purpose pursued with it in accordance with the contract cannot be achieved or can only be achieved with considerable difficulty. An insignificant defect does not justify refusal of acceptance.

10.4 In the event of a defect, jacando has the choice of subsequent fulfilment. Subsequent fulfilment must be carried out within a reasonable period of time, regardless of the number of attempts. The customer does not have the right to remedy the defect himself/herself.

10.5 Claims of the customer due to a defect in contractual services shall become time-barred twelve (12) months after the statutory commencement of the limitation period. In the event of intentional or grossly negligent breaches of duty, fraudulent concealment of a defect, personal injury, claims under the Product Liability Act and the assumption of a guarantee of quality, the statutory provisions on the limitation period shall apply; however, in the case of the assumption of a guarantee, this shall only apply unless otherwise stated in the respective guarantee agreement.

11. Final provisions

11.1 The authoritative version for the use of these General Terms and Conditions is the version in German. Any translations into other languages are merely a convenience offer from jacando. In the event of a disagreement between the German version and a translation, the German version shall prevail.

11.2 Section 312i (1) nos. 1, 2 and 3 BGB and Section 312i (1) sentence 2 BGB, which provide for certain obligations of the entrepreneur in the case of contracts in electronic business transactions, are waived.

11.3 If the customer's company address stated on the contract between the parties is located in the EU, the contract between the parties shall be governed by the law of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods. In this case, the exclusive place of jurisdiction for all disputes arising from and/or in connection with the contract between jacando and the customer shall be Munich, as far as legally permissible.

11.4 If the customer's company address listed on the contract between the parties is in Switzerland, the contract between the parties shall be governed by Swiss law. In this case, the exclusive place of jurisdiction for all disputes arising from and/or in connection with the contract between jacando and the customer shall be Basel, as far as legally permissible.

11.5 If the customer is a merchant, a legal entity under public law or a special fund under public law, Munich is hereby agreed as the place of jurisdiction for all disputes arising from this contract.

11.6 The customer may only offset claims of jacando with counterclaims that are undisputed, legally established or ready for judgement.

11.7 The customer shall only be authorised to exercise a right of retention to the extent that the counterclaim on which the right of retention is based is undisputed, legally established or ready for decision and is based on the same contractual relationship.

11.8 Except within the scope of application of § 354 a HGB, the customer may only assign claims arising from this contract to third parties with the prior written consent of jacando, which jacando will not unreasonably refuse.

11.9 Should individual provisions of this contract be or become invalid, this shall not affect the validity of the remainder of the contract. In this case, the parties agree to replace the invalid provision with a valid provision that corresponds as closely as possible to the original intention. The same applies to contractual loopholes.

Version November 2023