2.1 NetzBeweis functions when you provide the relevant link, and your email address, or log in via the browser extension. We take a screenshot of the page, which is saved in a report. The report is electronically signed by us, indicating the time of retrieval and that the content has not been altered. You have one week to download and save the report. After that, availability cannot be guaranteed. After 1 month at the latest, the report will be deleted, but you can also delete the report immediately under “Delete Report”.ort löschen“ wieder löschen.
2.2For further details on NetzBeweis and its functions, please see the FAQ on the website www.netzbeweis.com. The NetzBeweis web form can only be used on public websites which cannot be interacted with, for which you would need the NetzBeweis Browser Extension. You can find more detailed information on our website.
2.3 The use of NetzBeweis and the creation of a report is free of charge for the user if he or she is a affected person and creates this report for his or her own private purposes. The use of the NetzBeweis Browser Extension is subject to a fee. Any commissioning of an attorney is subject to a fee and is based on the contract concluded with the respective attorney.
2.4 For entrepreneurs (e.g. lawyers) and other persons who want to create this report for third parties, this creation is subject to a fee. A separate agreement must be concluded for this purpose.
2.5 In view of technical or economic developments of the internet, legal regulations or requirements or further developments or improvements of our own or third party products, we are entitled to change the Service at any time.
2.6 We are entitled at any time to discontinue NetzBeweis or parts thereof – even without prior notice – temporarily or permanently.
2.7 We are also entitled at any time to limit the number of reports that can be created per user unless the user has concluded a separate flat fee agreement.
3.Obligations of the user
3.1 The user is entitled to use NetzBeweis exclusively to pursue his own legal claims. Commercial use requires a separate agreement with us.
3.3 The user is responsible for ensuring that he/she has the necessary rights to secure the respective evidence.
3.4 Theusermay not do anything to falsify, edit or manipulate the report by any means whatsoever.
4.Rights of use and copyright
4.1 In relation to the user and third parties, we are the sole holders of the rights to the contents of the website, the browser extension, and the service behind it. This includes, but is not limited to, the rights to reproduce, distribute, publish, make available and edit.
4.2 NetzBeweis GmbH grants the user the non-exclusive, non-transferable right to use NetzBeweis to the extent described in these terms or any other contract for the duration of the respective contract. The possibility for the user to grant third parties the possibility to use NetzBeweis (e.g. clients who secure evidence themselves) may be agreed separately in individual cases.
4.3 The respective licence conditions apply to third-party software components. These can be found in the respective current version in the info area of the extension.
5.Availability & Warranty
5.1 A suitability of NetzBeweis for a specific purpose or compatibility with the user’s technical environment cannot be guaranteed. It cannot be guaranteed that NetzBeweis will meet the user’s expectations.
5.2 NetzBeweis does not provide legal advice or legal assessment of the content of the report. Whether the NetzBeweis report is suitable as evidence for your specific case cannot be guaranteed and should be checked by a lawyer.
5.3 The user must also check whether the report contains all the content relevant to him.
5.4 We do not guarantee a certain availability of NetzBeweis. Downtimes due to maintenance, software updates and due to circumstances (such as technical problems of third parties, force majeure) which are beyond our control and therefore beyond our responsibility and which are not accessible through the services offered by us via the internet cannot be excluded.
5.5 We are entitled to shut down NetzBeweis in whole or in part if its security or the security of users is at risk. This right also exists if the continued operation of the service or parts of the service is economically unreasonable for us.
6.Choice of Law & Miscellaneous
6.1 All legal disputes arising in connection with the use of NetzBeweis shall be governed exclusively by Austrian substantive law, with the exception of the rules of private international law (e.g. IPRG, Rome I Regulation).
6.2 If the contracting party is a consumer, the choice of law shall not have the effect of depriving the consumer of the protection afforded by the mandatory provisions of the law of the country in which he has his habitual residence.
6.3 Should individual parts of this agreement be invalid, this shall not affect the validity of the rest of the agreement.
7. Data protection &data processing agreement pursuant to Art 28 GDPR
8.1 This contract regulates the rights and obligations of the controller (the user) and the processor (NetzBeweis GmbH) (hereinafter referred to as the “parties”) in the context of a processing of personal data.
8.2 This contract shall apply to all activities in which employees of the processor or sub-processors engaged by the processor process personal data for the controller.
8.3 Terms used in this agreement shall be understood in accordance with their definition in the EU General Data Protection Regulation (Regulation [EU] 2016/679 – GDPR).
9. Subject of this Agreement
9.1 The subject of this agreement is the provision of NetzBeweis (web or extension) and the creation of NetzBeweis reports by the Processor.
9.3 The agreement concerns the processing of the following categories of personal data by the processor: name and email of the controller, link, content of the webpage (e.g. posting, username, date and time of posting), date and time the report was created, comments on the report, language, as well as third-party tools and scripts that could be used to manipulate network evidence.
9.4 The following categories of persons are affected by the data processing: Users of NetzBeweis, persons who are part of a NetzBeweis report.
Purpose of processing
9.5 Personal data is processed by the processor for the following purposes: Preservation of evidence of websites, assertion, exercise, or defence of legal claims.
Place of processing
9.6 The processor shall carry out the processing of personal data exclusively within the EU/EEA.
10.Obligations of the processor
10.1 The processor confirms that it is aware of the relevant data protection regulations. It shall observe the principles of proper data processing.
10.2 The processor undertakes to process personal data exclusively on the basis of instructions from the controller and the present contract and to comply with all data protection regulations.
10.3 If the processor deems an instruction of the controller to be unlawful, it shall immediately inform the controller thereof in writing.
10.4 The processor shall implement all appropriate technical and organisational measures provided for in Article 32 of the GDPR for the purpose of data processing security.
10.5 The processor shall assist the controller in responding to requests from data subjects for the protection of their rights. If such a request is addressed to the processor, the processor shall immediately forward it to the controller.
10.6 The processor shall support the controller in the performance of the obligations incumbent upon it pursuant to Articles 32 to 36 of the GDPR, which shall include, but not be limited to, the implementation of security measures, the notification of data protection breaches and the preparation of a data protection impact assessment.
10.7 Upon termination of the processing and at the request of the controller, the processor shall delete the personal data in its possession. If the controller so requests, the personal data shall be returned to him.
10.8 The processor undertakes to inform the controller of all details required to prove compliance with the obligations pursuant to Article 28 of the GDPR. In addition, the processor undertakes to support the controller in the audits to be carried out by the controller and to grant the controller appropriate access.
10.9 The processor shall keep a register of all categories of processing activities carried out on behalf of the controller pursuant to Article 30(2) of the GDPR.
10.10 The processor undertakes to appoint a competent and reliable person as Data Protection Officer if the conditions pursuant to Article 37 of the GDPR are met.
10.11 The processor is obliged to treat as confidential the personal data and information disclosed to him or transmitted or otherwise made available to him. The knowledge of the processing results obtained shall also be covered by this duty of confidentiality.
10.12 The processor shall impose a confidentiality obligation on all persons attributable to it who are involved in the processing of personal data unless they are already subject to a statutory duty of confidentiality. The duty of confidentiality or secrecy shall continue to apply after the termination of the activity for the processor.
10.13 The processor shall oblige all persons entrusted with the processing of personal data to transmit such data only on the basis of instructions, unless such an obligation already exists by operation of law. In addition, the processor shall inform its employees of the transfer orders applicable to them and of the consequences of a breach of data secrecy.
10.14 The processor shall process personal data only as contractually agreed or as instructed by the controller unless the processor is required by law to carry out a specific processing operation. Furthermore, the processor shall not use the personal data provided for processing for any other purposes, in particular for its own purposes.
10.15 The processor shall make available to the controller, if required, all necessary information, in particular protocols drawn up, to prove compliance with its obligations.
10.16 If the controller is subject to inspection by supervisory authorities or other bodies or if data subjects assert rights against it, the processor undertakes to assist the controller to the extent necessary insofar as the processing on behalf is concerned.
10.17 The processor shall only provide information to third parties or the data subject with the prior consent of the controller unless he is under a legal or statutory obligation to do so. Requests addressed directly to him/her shall be forwarded to the controller without delay.
10.18 The controller shall be entitled, after giving at least 7 days’ notice and in relation to the processing activities on which this agreement is based, to monitor the processor’s compliance with the provisions on data protection and the contractual agreements to a reasonable extent itself or through third parties, in particular by obtaining information and inspecting the stored data and the data processing programmes as well as other on-site checks during the processor’s business hours. The persons entrusted with the control shall be given access and insight by the processor as far as necessary. The processor shall be obliged to provide the necessary information, demonstrate processes, and provide evidence required to carry out a control.
11.Duties of the controller
11.1 The controller shall be responsible for the lawful collection and processing of the data concerned as well as the lawful transfer to the processor and shall fully indemnify and hold the processor harmless in this respect.
12.1 The data security measures described in Annex 1are set out as mandatory. They define the minimum owed by the processor.
12.2 The processor shall implement appropriate technical and organisational measures to ensure an adequate level of data protection.
12.3 The controller shall be informed of the measures taken in each case prior to the start of the processor’s processing activity.
12.4 The processor shall be obliged to check at regular intervals whether an adequate level of data protection is ensured by appropriate technical and organisational measures taken by the processor.
12.5 The processor is obliged to support the controller in establishing appropriate technical and organisational measures.
12.6 The data security measures may be adapted in accordance with the technical and organisational further development as long as the level agreed here is not undercut. The processor shall implement any changes required to maintain information security without delay. Changes shall be communicated to the responsible party without delay. Significant changes shall be agreed between the parties.
12.7 Insofar as the security measures taken do not or no longer meet the requirements notified by the controller, the processor shall notify the controller without delay.
12.8 Copies or duplicates are not made without the knowledge of the data controller. Technically necessary, temporary duplications are excepted, insofar as an impairment of the level of data protection agreed here is excluded. nicht erstellt.
12.9 Data carriers that originate from the responsible person or are used for the responsible person shall be specially marked. They shall be stored appropriately at all times and shall not be accessible to unauthorised persons. Entries and exits are documented.
13. Rules on the correction, deletion and blocking of data
13.1 The processor shall only correct, delete or block data processed within the scope of the order in accordance with the agreement reached or in accordance with the instructions of the controller.
13.2 The processor shall comply with the relevant instructions of the controller at all times and also beyond the termination of this agreement.
14.1 The sub-processor shall act exclusively on the basis of the contract to be concluded between it and the processor pursuant to Article 28 (4) of the GDPR.
14.2 The processor shall be liable to the controller in the event that the sub-processor fails to comply with its data protection obligations.
14.3 Sub-processors shall be contractually bound to at least data protection obligations equivalent to those agreed in this contract.
14.4 The processor shall carefully select the sub-processor with particular regard to the suitability of the technical and organisational measures taken by the sub-processor.
14.5 Currently, Hetzner Online GmbH, Guntzenhausen (www.hetzner.com) and Hutchison Drei Austria GmbH, Vienna (www.drei.at) are entrusted with the processing of personal data as sub-processors. The Processor may use other sub-processors at its discretion as long as they comply with the terms of this data processing agreement. The processor shall inform the controller of such sub-processors upon request.
14.6 Sub-processor relationships within the meaning of this contract are only those services that have a direct connection with the provision of the main service. Ancillary services, such as transport, maintenance, and cleaning as well as the use of telecommunications services or user services are not covered. The obligation of the Processor to ensure compliance with data protection and data security in these cases shall remain unaffected.
15. Reporting obligations
15.1 The processor shall notify the controller of personal data breaches without undue delay.
16.1 The controller has a comprehensive right of instruction with regard to processing on behalf.
16.2 The processor shall draw the attention of the controller to any instruction given by the controller which it considers to be contrary to law. The processor shall be entitled to suspend the implementation of the relevant instruction until it is amended by the controller.
16.3 The processor shall document instructions given to it and their implementation.
17.1 Upon termination of the contractual relationship or at any time at the request of the data controller, the data processor shall, at the choice of the data controller, either destroy the data processed on behalf of the data controller or hand it over to the data controller and then destroy it. All existing copies of the data shall also be destroyed. The destruction shall be carried out in such a way that a recovery of even residual information is no longer possible with reasonable effort.
17.2 The processor shall be obliged to bring about the immediate return or deletion also in the case of sub-processors.
17.3 The processor shall keep proof of proper destruction and present it to the controller upon request.
17.4 Documentation which serves as proof of proper data processing shall be kept by the processor in accordance with the respective retention periods even beyond the end of the contract. The processor may hand them over to the controller at the end of the contract to relieve the controller.
17.5 The processor is entitled to retain data if it is obliged to do so by law or by the authorities.
18.1 The processor shall have the right to charge separately for services in connection with this agreement at a reasonable hourly rate.
19.1 Both parties are obliged to treat all knowledge of business secrets and data security measures of the other party obtained within the framework of the contractual relationship as confidential, even after the termination of the contract. If there is any doubt as to whether information is subject to the obligation of confidentiality, it shall be treated as confidential until it has been released in writing by the other party.
20.1 In the event that property of the processor held by the controller is endangered by measures of third parties (such as attachment or seizure), by insolvency or composition proceedings or by other events, the processor shall notify the controller without undue delay.
20.2 The written form is required for ancillary agreements to the order processing agreement. This also applies to the waiver of the written form.
ANNEX 1 –TECHNICAL AND ORGANISATIONAL MEASURES
The processor shall in particular implement the following technical and organisational measures:
- Information and IT systems should be available in such a way that processes dependent on them can be operated without significant impairment and can be resumed at short notice if necessary;
- The freedom from interference of IT systems and the integrity of data shall be ensured at all times as far as possible;
- Confidential information must always be protected from unauthorised access;
- Control access to data processing facilities, e.g. through regulated key management, security doors or security personnel;
- Control of access to data processing systems, e.g. through passwords, automatic blocking mechanisms, two-factor authentication, encryption of data carriers, Virtual Private Network (VPN) or logging of user logins;
- Control of access to data within the system e.g. through standard authorisation profiles on a “need to know basis”, network segmentation, partial access authorisations or logging of accesses;
- Pseudonymisation of personal data;
- Classification of data as secret, confidential, internal or public;
- Protective measures to prevent the destruction or loss of personal data, e.g. through safekeeping in safes or security cabinets, storage networks, software and hardware protection;
- Protection against unauthorised reading, copying, modification or removal during data transmission, e.g. through encryption, virtual private networks (VPN), ISDN wall, content filter for incoming and outgoing data or electronic signature as well as lockable transport containers;
- Checking whether and by whom personal data have been entered, changed or deleted in data processing systems, e.g. by logging, using electronic signatures, regulating access authorisations;
- Separation of data processing for different purposes, e.g. through the use of separate databases, client separation, separation of client servers;
- Current processing overviews or procedure directories are available;
- Where required by law, procedures are identified before they are put into operation on the basis of predefined risk criteria and levels and compared with the protective measures. The data protection assessments made in this way are incorporated into the implementation of the measures and are documented;
- Employees are regularly trained and sensitised on data protection and data security issues.