General Terms and Conditions
General Terms and Conditions
1
Scope / Application
The following General Terms and Conditions (GTC) govern the basic, legal rights and responsibilities between baseVISION AG (hereafter called baseVISION) and its Customers within the context of sales contracts for commercial goods as well as contracts for IT Services rendered (hereafter called Services) provided that no other terms and conditions have been agreed upon in writing between the respective parties. Verbal agreements are invalid.
2
Contract Conclusion and Cancellation
The contract is concluded when baseVISION, within the customary processing time of a maximum of five (5) days, confirms the acceptance of the order (commercial goods) or of the contract (Services) in writing, or, after receipt of the order, delivers the ordered commercial goods or executes the contract. If baseVISION agrees to a cancellation or a reduction, the Customer is responsible for any costs already incurred by baseVISION or any price increases that are the result of a reduction. Orders for commercial goods beyond the standard product offering cannot be cancelled.
3
Delivery and Performance
After processing, the ordered commercial goods are ready for pick-up at the registered location of baseVISION. If the commercial goods are to be delivered to the Customer, the Customer assumes all costs associated with packaging and transportation of the commercial goods. Upon prior agreement with the Customer, baseVISION reserves the right to include expert third parties in the execution of Services. baseVISION reserves the right to modify Services as necessary or for important reasons. Working hours will be documented in a work report. Time spent by employees of baseVISION working for the Customer or being available to the Customer counts as working hours irrespective of where the Services were rendered. The Customer shall provide baseVISION with all existing information, equipment, as well as other support and access to the system environment necessary for the execution of the contractually agreed-upon Services free of charge, provided that contractual rights of third parties are not violated thereby. The delivery and performance dates (hereafter called Delivery Dates) as well as delivery and performance periods (hereafter called Delivery Periods) indicated by baseVISION are non-binding. All Delivery Dates, including those negotiated as binding, are subject to correct and timely delivery to baseVISION by third parties and exclusion of any unforeseen incidents. In the event of an act of God or other unforeseen, extraordinary circumstances through no fault of baseVISION, the Delivery Period of baseVISION is extended correspondingly to the duration of such incidents plus a reasonable start-up period, if baseVISION is prevented from meeting its timely delivery obligations thereby. If delivery is impossible or unreasonable, baseVISION is released from its delivery obligation. If the delivery delay exceeds two months, the Customer has the right to withdraw from the contract. To the extent possible, baseVISION will provide notice of operational disruptions that are required for troubleshooting, maintenance, or installation of updates, etc.
4
Limitation
Services not offered must be communicated to the Customer by a baseVISION employee prior to execution and be commissioned by the Customer.
5
Prices / Conditions / Payment
All prices exclude VAT and other applicable fees. Price changes by the manufacturer are expressly reserved. baseVISION reserves the right to change prices at any time. Rebates and discounts are only warranted through special agreements. Assignments outside of regular business hours (see www.baseVISION.ch) as well as legal holidays are subject to special conditions. Work performed on Saturdays and at night generally incurs a surcharge of 50% of agreed-upon rate; work performed on Sundays or legal holidays incurs a surcharge of plus 100% of the agreed-upon rate. Should the Customer enter payment default, baseVISION has the right to cease all contractual services with the Customer. In the event of payment delay, overdue fees in the amount of CHF 20.- per overdue notice will be charged as well as a default interest of 5 % commencing at the due date.
6
Retention of Title
The delivered commercial goods remain the property of baseVISION until payment is completed. In addition, baseVISION is entitled to make a corresponding entry in the retention of title register.
7
Liability
baseVISION is liable for negligence by persons and property damage up to the price of the defective commercial goods or the deficient Services. In the case of recurring Services (maintenance, etc.) the annual fee constitutes the price of the Services. baseVISION assumes no liability for financial losses such as lost revenues, unrealized savings, costs incurred by the Customer, compensation claims by third parties, damages caused by delays, damages caused by commercial application of the commercial goods, and costs associated with the inclusion of third parties, insofar this is allowed by law. baseVISION is not liable for the recovery of data unless the data was destroyed intentionally or through gross negligence, and the Customer has affirmed that this data, maintained in machine-readable format, can be reconstructed in a reasonable manner.
8
Protective Rights
The Customer accepts the protective rights of manufacturers regarding their programs and documentation, and will leave the respective proprietary notices unchanged. Ideas, concepts, and methods regarding information processing developed as part of the Services provided under this contract by baseVISION personnel alone or in collaboration with Customer employees are the property of both parties and can be used at each party’s discretion. However, the Customer shall not provide access to this information either in part or in whole to third parties or publish it without the express written consent of baseVISION.
9
Data Protection
With respect to the processing of personal data in connection with the provision and use of services of baseVISION, both parties undertake to comply with the data protection obligations applicable to them as data controllers within their respective spheres of influence and responsibility.
While providing its services, baseVISION may process personal data on behalf of and for the purposes of the customer (Data Processing). The provisions of the Data Processing Agreement shall apply to Data Processing. The Data Processing Agreement (DP Addendum) is available at https://www.basevision.ch/legal/ and is automatically an integral part of the contract.
10
Confidentiality Obligation of the Parties
All information, documents, records and data which the Parties provide to each other in the course of providing the Services or of which they become aware in connection with the provision or use of Services and which are either marked “confidential” or “secret” or whose confidentiality must be assumed in good faith due to the nature of the information or the circumstances of the provision, shall be treated confidentially by the respective recipient and protected in an adequate manner against access by third parties, whereby at least the same care shall be taken to protect such information as is taken to protect own information of the same or similar nature. Unless otherwise agreed, confidential information may only be used in connection with the provision or utilization of the contractual services.
The obligation to maintain confidentiality shall apply for an indefinite period of time and shall continue to have effect even after termination of the contractual relationship or the service rendered, as long as there is a presumed interest in maintaining confidentiality with respect to the specific information. Statutory duties of clarification, information and, above all, disclosure shall remain reserved.
The parties shall transfer the duty of confidentiality to all employees as well as subcontractors and their employees who are reasonably dependent on access to confidential information in order to use or provide services under the respective contract or otherwise in connection with the performance of the contractual relationship between the parties. Such a contractual transfer may be omitted if statutory confidentiality obligations, such as professional secrecy, offer comparable protection.
11
Guarantee and Warranty
The manufacturers of the commercial goods affirm that baseVISION is authorized to sell commercial goods to third parties and that no existing protective rights of third parties are violated through such sales. baseVISION makes no warranties with respect to the Customer regarding the flawlessness or lack of defects of the delivered commercial goods. This is the responsibility of the manufacturer. If a warranty claim is initiated by the Customer, baseVISION will negotiate with the manufacturer upon request and in exchange for a fee. The warranty claim is voided in whole if the defect was a result of poor maintenance or incorrect use on the part of the Customer. The warranty does not include the correction of flaws that resulted from normal wear, outside influences, incorrect use, or other inappropriate handling. The warranty is immediately voided as soon as the Customer or a third party makes unauthorized changes to the commercial goods on his/her own or has a third party make said changes. In the event of obvious defects or system-dependent defects, a written list of such defects must be submitted to baseVISION within seven (7) days. Once this period has passed, the commercial goods are considered approved.
12
Labor Piracy
During the contract, the Customer shall not enter into an employment contract or similar legal relationship with an employee of baseVISION. In the event of non-compliance, the Customer shall pay a minimum of one year’s salary of the respective employee in damages per individual case in the sense of a contract penalty. The right to assert further claims for damages remains reserved.
13
Final Provisions
Contractual rights and responsibilities are not transferable either in part or in whole without the prior written consent of baseVISION. These GTC are binding in all cases. They also apply in particular if they differ from those of the business partner.
Should a provision be or become ineffective in part or in whole, the remaining provisions of the contract shall remain in effect. The ineffective part is to be interpreted so that the commercial purpose intended by it is largely achieved. The same applies for interpretations or additions that become necessary.
These GTC are subject to Swiss law. For cases not governed by these GTC, the Swiss Code of Obligations as well as the Federal Law on Data Protection shall apply. The court of jurisdiction for any legal disputes is Olten, Solothurn. baseVISION also shall have the right to prosecute the Customer in the court of jurisdiction for his/her residence or registered commercial address.
baseVISION reserves the right to change these GTC at any time. The modified GTC are valid for all contracts and orders since their date of publication. SLAs, packages, and maintenance contracts are integral parts of these GTC.
Data Processing Addendum of the GTC
A.
General provisions
1
Subject matter and scope of this agreement
1.1
This Data Processing Addendum (“Addendum”) is an integral part of the General Terms and Conditions (GTC). It supplements and specifies the rights and obligations of the Parties with regard to Contract Processing, that apply to them under the applicable data protection laws. In this respect, it supplements the contractual agreements between the Parties. These may be a single or several agreements between the Parties concerning the provision of IT services for the Customer (“Agreement”).
1.2
The Addendum shall only apply with respect to services that involve the processing of Personal Data by the Provider on behalf of and for the purposes of the Customer (“Contract Processing”), where the Customer is either the controller or the processor and the Provider is either the processor or the Sub-Processor.
1.3
The provisions of this Addendum do not limit the rights and obligations of the Parties with respect to the provision of services under the Agreement. However, the provisions of this Addendum shall prevail over the provisions of the Agreement or the GTC with respect to their subject-matter of the Addendum.
2
Term of the Addendum
2.1
The term of this Addendum corresponds to the term of the Agreement, provided that the provisions of this Addendum do not give rise to any obligations extending beyond this term. In the case of such continuing obligations, this Addendum shall continue to exist until the corresponding obligations have expired.
2.2
By this provision, the Parties do not modify the termination rights provided for in the Agreement.
3
Definitions
3.1
The terms in this Addendum that are highlighted in bold type and placed within quotation shall have the meanings given to them throughout the Addendum.
3.2
The data protection-related terms used in this Addendum, such as “personal data”, “data subject”, “controller”, ” processor”, or “data protection impact assessment”, shall have the meanings given to them in the Swiss Federal Data Protection Act or (where applicable) in the EU GDPR.
B.
Description of the Contract Procession and obligations of the Parties
4
Details and purpose of the Contract Processing
4.1
The terms of the Agreement, the service specifications of the Provider and any separate instructions from the Customer shall govern the subject matter and purpose of the Contract Processing. If a separate instruction is not mandatory under the applicable data protection law and if the instruction leads to additional costs for the Provider, the Provider may charge the additional costs to the Customer.
4.2
The type of processing, the type of personal data processed (“Customer Personal Data”) and the group (categories) of persons affected are also determined by the contract, the service descriptions or the statement of work in conjunction with any separate instructions from the Customer.
4.3
The Contract Processing shall take place in Switzerland and in countries of the EU/EEA as well as worldwide, whereby the Provider shall ensure the permissibility under data protection laws of the onward transfer to Sub-processors in states without an adequate level of data protection by concluding EU Standard Contractual Clauses (Module 2 or Module 3). The Provider shall additionally obtain the Customer’s consent in advance for any onward transfer to sub-processors in countries without an adequate level of data protection.
4.4
The duration of the Contract Processing shall be determined in accordance with Clause 2.
5
Commitment to follow instructions, purpose limitation and control
The Provider undertakes and warrants that the Provider will process all Customer Personal Data (i) exclusively for the purposes described in Clause 4 (ii) in accordance with the Customer’s instructions and (iii) in accordance with this Addendum; and (iv) not for its own purposes.
6
Data security
6.1
The Provider shall take appropriate technical and organizational security measures in the interest of the confidentiality, integrity and contractual availability of Customer Personal Data.
6.2
For this purpose, the Provider implements, in particular, physical and logical access controls as well as procedures for the regular review, assessment and evaluation of the effectiveness of the technical and organizational measures. Further information on these measures will be provided upon request. When selecting the measures, the Provider shall take into account the state of the art, the implementation costs as well as the type, scope, circumstances and purposes of the Contract Processing as well as the varying likelihood of occurrence and severity of the risk for data subjects.
6.3
The Provider shall be authorized to modify the security measures at any time (i) if the Provider deems it necessary to adapt these measures to new or changed legal provisions or regulatory requirements, or (ii) if the state of the art or the adaptation of internal processes requires such a modification, provided that such modifications do not lead to an impairment of the general security of Contract Processing for the Customer pursuant to this Agreement or (at the Provider’s discretion) do not negatively affect the rights of the data subjects. The Provider shall inform the Customer of such changes in a timely manner.
7
Notification of Personal Data Breach
7.1
If the Provider becomes aware of a breach of security consisting of the unintentional or unlawful loss, deletion, destruction or alteration of Customer Personal Data or its disclosure or access by unauthorized persons, as well as in the event of a cyber incident (“Personal Data Breach”), the Provider shall notify the Customer of the Personal Data Breach as soon as possible and without undue delay, but no later than 36 hours after becoming aware of the Personal Data Breach. The Provider will then (i) investigate the Personal Data Breach and determine its effects, (ii) inform the Customer in detail about the Personal Data Breach, and (iii) take reasonable measures to mitigate the impact and minimize the risk that the Personal Data Breach may pose to data subjects.
7.2
The Provider shall provide the Customer with reasonable assistance to support the Customer in fulfilling its obligations to notify Personal Data Breaches to competent supervisory authorities or to data subjects. This includes, in particular, the disclosure of the results of a forensic investigation (on a continuing basis) with a description of the affected systems, technologies, data and/or information.
8
Information and assistance
8.1
The Provider shall inform the Customer as soon as possible and on its own initiative (i) if the Provider is of the opinion that it will no longer be able to fulfill its obligations under this Addendum in the foreseeable future; as well as (ii) of any request for the exercise of data subject rights received by the Provider directly from data subjects in relation to Customer Personal Data (provided that the Provider can attribute such request to the data subject based on the information provided by the data subject; otherwise, the Provider will ask the data subject to contact the controller).
8.2
The Provider shall, upon the Customer’s request and against separate remuneration, assist the Customer in responding to requests from data subjects regarding the exercise of data protection rights.
8.3
In addition, the Provider shall support the Customer upon request in data protection impact assessments and prior consultations with data protection supervisory authorities.
8.4
The Provider shall provide the Customer with all information reasonably required by the Customer to demonstrate compliance with its obligations under applicable data protection laws with respect to the Contract Processing.
9
Confidentiality
9.1
The Provider shall maintain the confidentiality of Customer Personal Data and shall impose a duty of confidentiality on the persons entrusted with the Contract Processing.
9.2
These confidentiality obligations shall continue to apply for an unlimited period after termination of this Addendum.
10
Sub-processors
10.1
The Provider is entitled to engage natural personal or legal entities as sub-contractors to carry out Contract Processing (“Sub-processors”). The Processor shall be entitled to engage Sub-processors. In such cases, the Provider is obliged to enter into data processing agreements with its Sub-processors covering the scope required to enable the Provider to comply with the provisions of this Addendum between the Provider and the Customer. This also includes the transfer of the Provider’s confidentiality obligations to the Sub-processor.
10.2
The Provider shall inform the Customer upon request of the identity and country of domicile of the Sub-processor as well as the type and location (country) of data processing engaged by the Provider at the time this Addendum enters into force.
10.3
The Provider shall notify the Customer in writing ninety (90) days in advance in an appropriate manner if the Provider intends to add new Sub-processors or replace existing ones after this Addendum enters into force. If the Customer does not object in writing to the addition or replacement of the Sub-processor within thirty (30) days of the date of such notice, the new or replaced Sub-processor shall be deemed approved.
10.4
The Customer shall justify any objection to the new or replaced Sub-processor. If the objection is made for compelling legal or regulatory reasons, the Provider may choose to assign another Sub-processor or grant the Customer a right of termination for cause. If the objection is not made for compelling legal or regulatory reasons and the Provider retains the Sub-processor, the Provider shall initiate an attempt to reach an agreement with the Customer, for which the Provider may involve other parties (namely other customers of the Provider and the Sub-processor). If the attempt to reach an agreement fails, the Customer shall be free to refrain from using the services and to terminate the Agreement for cause.
11
Liability
Liability under this Addendum shall be subject to the exclusions and limitations of liability set forth in the GTC.
12
Return or deletion of Customer Personal Data upon termination of the Agreement
The Provider shall delete the Customer Personal Data after termination of the Agreement in accordance with the relevant provisions in the Agreement or, if the Customer so wishes, return the Customer Personal Data to the Customer in a suitable format.
13
Audit
13.1
The Customer may conduct or have conducted an audit of the Provider once a year to check the security measures or compliance with this Addendum. The costs for this shall be borne by the Customer. The Provider shall support the audits free of charge within the scope of reasonable costs and effort.
13.2
The inspection and audit rights under this Addendum shall apply only to the extent that the Agreement does not otherwise permit the Customer to inspect Provider’s performance under this Addendum.
13.3
If the audit is carried out by a third party, it must be bound to confidentiality.
13.4
If the Customer is active in a regulated area in which an audit right of the supervisory authority is mandatory, the Provider shall permit an audit by a supervisory authority under the same conditions.