Terms of service for Konzertmeister

Valid from: 28.07.2023

Provider of the applications "Konzertmeister" and "Löschmeister" ("App") for the smartphone and the browser is KM Konzertmeister GmbH ("Provider" or "we"), Gartengasse 16, 3743 Röschitz, Austria.

APPENDIX A: MODEL CANCELLATION FORM

(If you wish to cancel the contract, please fill in and return this form)
To
KM Konzertmeister GmbH
Gartengasse 16
3743 Röschitz
Austria
  • 1. I/we (*) hereby revoke the contract concluded by me/us (*) for the purchase of the following goods (*)/the provision of the following service (*):
  • 2. ordered on (*)/received on (*)
  • 3. name of the consumer(s)
  • 4. address of the consumer(s)
  • 5. signature of the consumer(s) (only in the case of paper communication)
Date
(*) Delete as applicable.

APPENDIX B: ORDER PROCESSING CONTRACT PURSUANT TO ART. 28 GDPR

PREAMBLE

This Annex B sets out in concrete terms the obligations of the Association as controller within the meaning of Article 4(7) of the GDPR ("Controller") and the Provider as processor within the meaning of Article 4(8) of the GDPR ("Processor") as parties to this Agreement pursuant to Article 28 of the General Data Protection Regulation (GDPR) arising from the processing of Users' personal data (see Section 4 of the Privacy Policy).

It shall apply to all activities which are related to the processing of personal data pursuant to point 4 of the Privacy Policy and in which employees of the Processor or sub-processors engaged by the Processor process personal data on behalf of the Controller.
  • 1. PURPOSE AND SCOPE OF COMMISSIONED PROCESSING

  • 1.1 The contract between the Provider as processor and the Association as controller applies to the operation of the App by the processor in accordance with point 4 of the Privacy Policy, which includes the processing of personal data of the Users and therefore constitute commissioned data processing under the GDPR.
  • 1.2 The subject of the contract is the provision of the following IT services by the Processor:
    • 1.2.1 Operation of the App to provide the Association's scheduling and rehearsal planning (for the scope of functions, see point 2 of the terms of service and, with regard to data processing, point 4 of the Privacy Policy);
    • 1.2.2 The maintenance of a publicly accessible website, with which, among other things, information about the association and its events can be published.
  • 1.3 The following categories of data subjects are subject to the processing:
    • 1.3.1 Users of the app.
  • 1.4 The following categories of personal data are covered by the processing:
    • 1.4.1 See point 4.2 of the privacy policy.
  • 2. DURATION

  • 2.1 The duration of the commissioned processing corresponds to that of the underlying contract for the use of the app and can be terminated in accordance with its terms (see points 9 and 13 of the terms of service).
  • 2.2 The Processor shall have the right to terminate this contract with immediate effect at any time for good cause. Good cause shall be deemed to exist, inter alia, if the Controller fails to comply with its legal obligations, in particular under the GDPR.
  • 3. AUTHORITY OF THE RESPONSIBLE

  • 3.1 The Processor may only process Personal Data on the documented instructions of the Controller, unless the Processor is obliged to process by the relevant statutory provisions.
  • 3.2 The controller is entitled, within the scope of the subject matter of the contract, to issue instructions to the processor with regard to the collection, processing and use of the personal data.
  • 3.3 All instructions shall be given by the responsible person via the functions of the app or in writing, if the respective instruction cannot exceptionally be given via the app, to the processor.
  • 4. TECHNICAL AND ORGANISATIONAL MEASURES

  • 4.1 The Processor shall take all necessary technical and organisational measures to protect personal data in accordance with Article 32 of the GDPR.
  • 4.2 The technical and organisational measures are subject to technical progress and further development. The processor is therefore permitted to implement alternative adequate measures if this is technically or organisationally necessary. The consent or notification of the controller is not required for this.
  • 5. OBLIGATIONS OF THE PROCESSOR

  • 5.1 The Processor is obliged to process data and processing results exclusively within the scope of the written orders of the Controller. If the Processor receives an official order to release data which it processes on behalf of the Controller, the Processor shall - to the extent permitted by law - immediately inform the Controller thereof and refer the authority to the Controller. Processing of the data for the processor's own purposes is only permitted with an explicit written order.
  • 5.2 The Processor shall be obliged to impose a confidentiality obligation on all persons entrusted with the Data Processing before they commence their activities, unless they are subject to an appropriate statutory confidentiality obligation. The confidentiality obligation of the persons entrusted with the data processing shall remain in force even after termination of their activity and leaving the Processor.
  • 5.3 The Processor shall take the technical and organisational measures to enable the Controller to fulfil the data subject's rights under Chapter III of the GDPR (information, access, rectification and erasure, data portability, objection, as well as automated decision-making in individual cases) within the legal time limits and shall provide the Controller with all necessary information for this purpose upon request. If a request from a data subject is mistakenly addressed to the processor, the processor shall forward the request to the controller and inform the applicant accordingly.
  • 5.4 The processor is obliged to support the controller in complying with the obligations set out in Articles 32 to 36 of the GDPR and to include the processing activity covered by the contract in its processing directory pursuant to Article 30 of the GDPR.
  • 5.5 With regard to the processing of the data provided by the Processor, the Processor shall have the right to inspect and control the data processing facilities, including through auditors commissioned by the Processor. The Processor shall be obliged to provide the Controller with the information required to monitor compliance with the obligations set out in this Agreement. However, the Processor shall be entitled to reject an auditor for objective reasons, in particular if the auditor is professionally unsuitable or if the auditor is a direct or indirect competitor of the Processor.
  • 5.6 Upon termination of this Agreement, the Processor shall be obliged to delete all Personal Data processed in the context of the commissioned processing, unless the Processor is obliged by national regulations or Union law to continue to store them.
  • 5.7 The Processor shall inform the Controller without undue delay if it considers that an instruction given by the Controller infringes European Union or Member State data protection provisions.
  • 6. SUB-PROCESSOR

  • 6.1 The Controller hereby grants the Processor general authorisation to use additional sub-processors. The Processor shall inform the Controller of any intended change in the use or replacement of a Sub-Processor by e-mail in good time for the Controller to be able to prohibit it if necessary. The notification of the intended use or replacement shall be deemed to be timely if it is made at least one month before the planned date.
  • 6.2 The controller may only refuse a sub-processor on objective grounds if there is a high risk that this would jeopardise the processing of the data in accordance with the GDPR.
  • 6.3 In the event of rejection of a sub-processor by the controller, the right of the processor to terminate the contract with due notice shall remain unaffected.
  • 6.4 The Processor shall conclude the necessary agreements within the meaning of Article 28(2) of the GDPR with the Sub-Processor. In doing so, it shall be ensured that the sub-processor enters into the same obligations as those incumbent on the processor under this agreement.
  • 7. REMUNERATION

  • 7.1 The Controller shall remunerate the Processor's support services which are not owed on the basis of the subject matter of the contract referred to in clause 1 of this contract on a time and material basis in accordance with an hourly rate of EUR 100 (excluding VAT), unless they are due to gross negligence or wilful misconduct on the part of the Processor.
  • 7.2 This applies in particular to the support of the controller for the fulfilment of the obligations incumbent on him under Articles 32 to 36 of the GDPR and on him under Section III of the GDPR.
  • 8. DUTIES OF THE RESPONSIBLE PERSON

  • 8.1 The controller must make all data available to the processor electronically via the app so that the processor can carry out the processing.
  • 8.2 The controller shall ensure that it processes the personal data of data subjects lawfully, in particular that it has obtained the necessary consents.
  • 9. FINAL PROVISIONS

  • 9.1 This Appendix B forms an integral part of the terms of service.
  • 9.2 If any provisions of this Appendix B conflict with any provisions of the terms of service, in particular clause 5 of the terms of service, the provisions of the terms of service shall take precedence over this Appendix B.
A PDF file of these terms of service with an order processing contract signed by the processor is available to the controller at the following link: Terms_of_Service.pdf