Legal
General Terms and Conditions
§ 1 – Scope
- Valiido, Herderstraße 17, 64285 Darmstadt, represented by Christopher Eller, (hereinafter: "provider") provides web-based software for information security management at app.valiido.com (hereinafter: "portal"), on which duly registered customers (hereinafter referred to as "users") can make use of services and content of the provider relating to the topic of information security standards.
- These General Terms and Conditions (hereinafter referred to as "GTC") govern the provision of services and content by the provider and the use thereof by the users. The user may use the paid services currently available on the portal, in particular plans, within the scope of their respective availability and access the content made available in this context. This offer is directed exclusively at entrepreneurs within the meaning of Section 14 of the German Civil Code (BGB), legal entities under public law or special funds under public law (hereinafter referred to as "business clients"). Private individuals are excluded from the offer.
- Individually booked consulting services are not governed by these GTC.
- These GTC shall apply exclusively. The provider does not accept any terms and conditions of the business clients that conflict with or deviate from these GTC, unless the provider has expressly agreed to their applicability in writing.
§ 2 – Amendment of the GTC
- The provider reserves the right to amend these GTC at any time with effect also within the existing contractual relationships, insofar as
- this is necessary for valid reasons, in particular due to a changed legal situation or jurisdiction of the highest courts, technical changes or further developments, new organizational requirements of mass traffic, regulatory gaps in the GTC, changes in market conditions or other equivalent reasons and does not unreasonably disadvantage the user, and
- the amendments do not alter the essential business characteristics of the contract, in particular the paid services provided by the provider.
- The provider shall notify the user of such amendments at least two (2) months before the amendments are planned to enter into force. The user may either agree to the amendments prior to their planned entry into force or reject the amendments. The user shall be deemed to have given his consent unless he has given notice of his rejection before the planned date of entry into force of the amendments. The provider shall make special reference to this de facto consent in its offer.
- If the user rejects the amendments, both parties shall have the right to terminate the business relationship extraordinarily. The provider shall inform the user of this mutual extraordinary right of termination separately in its offer.
§ 3 – Plans, order and registration process, conclusion of contract via the portal
- The provider offers the business client a selection of different plans. The plans offered are designed as a subscription and contain different services and content. The plans are exclusively available to business clients.
- The use of the plans requires a registration. The registration follows the completion of the order process and the business client's acceptance of these GTC.
- The presentation of the plans by the provider does not constitute a binding offer to conclude a contract for the use of the services and content available on the portal.
- By sending an order via the portal by clicking the button "Place order & Pay", the business client places a legally binding order.
- The provider shall immediately confirm the receipt of the business client's order placed via the portal by e-mail and send him an e-mail with the necessary login details for the portal (name, URL). This e-mail does not constitute a binding acceptance of the order unless, in addition to the confirmation of receipt, the acceptance is declared at the same time.
- A contract for the use of the services and content available on the portal (hereinafter referred to as the "user contract") is only concluded when the provider accepts the business client's order by activating the access to the portal or by a declaration of acceptance.
- The registration of the business client as a user must be made by a natural person with unlimited legal capacity and power of representation. The contact data and other information requested by the provider during the order process must be provided completely and correctly by the business client.
§ 4 – Access to the portal
- After the business client has provided all the requested data, the provider automatically checks it for completeness and plausibility. If the information is correct from the provider's point of view and there are no other concerns, the provider will activate the access requested by the business client and notify it of this by e-mail. The e-mail shall be deemed to be acceptance of the business client's user request. Upon receipt of the e-mail, the business client shall be entitled to use the portal within the scope of these GTC. For this purpose, the business client must confirm its activation in advance by clicking on the link contained in the e-mail.
- After the order is placed, an e-mail containing the necessary login details for the portal (hereinafter "login details") will also be sent automatically (cf. § 3 paragraph 5 of these GTC). With these details, the business client can log in to the portal after the activation of his access and its confirmation pursuant to paragraph1 of this provision.
- The access is not transferable.
§ 5 – Responsibility for the login details
- The login details must be kept secret by the user and may not be made accessible to unauthorized third parties.
- It is also the responsibility of the user to ensure that only the user or persons authorized by the user have access to the portal and use of the services and content available on the portal. If there are concerns that unauthorized third parties have obtained or will obtain knowledge of the login details, the provider must be informed immediately.
- The user shall be liable for any use and/or other activity carried out with its login details in accordance with the statutory provisions.
§ 6 – Updating the user data
- The user is obliged to keep its data (including his contact data) up to date. If during the use of the portal there is a change in the data provided, the user must immediately update the information in his personal settings. If the user is not able to do so, it shall immediately notify the provider of the changes in its data by e-mail.
§ 7 – Use of fee-based services, prices, payment methods
- The provider only offers fee-based plans only. The use of the services included in the respective plan is covered by the usage fee paid as an annual advance payment. The usage fee currently payable for the respective plan can be viewed on the "Prices" page and is also indicated to the business client during the order process. By submitting the order, the business client bindingly declares that he wishes to use the respective service. This contractual relationship shall be governed by these GTC and, if applicable, by additional terms and conditions of which the provider shall inform the business client prior to the use of the service.
- The prices are net prices. The statutory value-added tax is shown separately both during the ordering process and on the invoice.
- For the payment of the usage fee, the provider offers various payment methods, also with the help of payment service providers (e.g. Stripe for credit card, SEPA direct debit or PayPal). However, there is no claim to use a particular payment method. If payment by the methods offered is not possible at the time of the order or the automatic renewal of the subscription (e.g. due to a change of provider, technical problems or rejection of the payment method selected by the user by the payment service provider), payment must be made immediately to the account specified on the invoice (e.g. by bank transfer).
- In the event of default, the provider is entitled to charge default interest in the amount of 9 percentage points above the base interest rate, unless the user proves a lower damage, or the provider proves a higher damage.
§ 8 – Term of the plans and extension, termination of the user contract by the user
- The plans, which are designed as subscriptions, have a minimum contract term of one year, beginning with the user's receipt of the e-mail pursuant to § 4 paragraph 1 of these GTC.
- Upon expiry of the minimum contract period, the user contract shall be automatically extended by a renewal period of one year, unless the user terminates the contract prior to the expiry of the minimum contract term or the respective extension period.
- The user can terminate the contract at any time by cancelling the subscription in his personal settings or by declaring the cancellation to the provider (e.g. by e-mail to [email protected]). The provider's entitlement to payment for the current contract term remains unaffected by the termination.
- When the termination becomes effective, the user contract ends, and the user may no longer use his access. The provider reserves the right to block the login details when the termination becomes effective.
- Statutory rights of termination shall remain unaffected. Reference is made to the supplementary provisions on the provider's termination rights in § 16 of these GTC.
§ 9 – Services offered and availability of services
- Depending on the selected plan (Prices), the user can access different paid information and consulting services on information security standards (e.g. ISO® 27001) on the portal. Such services may include, for example, making available resources, in particular data, image and sound documents, video recordings, documents, information, templates, examples and other content (hereinafter collectively referred to as "content"). The content and scope of the services are determined by the respective contractual agreements, and otherwise by the functionalities currently available on the portal.
- The services available on the portal may also include third-party services to which the provider merely provides access. For the use of such services - which are marked as third-party services - deviating or additional regulations may apply, to which the provider will refer the user in each case.
- The provider endeavors to achieve a high availability of the portal but does not warrant any specific availability percentage, unless expressly agreed otherwise in writing in a separate service level agreement. Availability is measured per calendar month at the interface between the provider's systems and the public internet.
- The following periods do not count as non-availability:
- scheduled maintenance windows, which are generally between 2:00 and 4:00 a.m. (CET) every Friday, as well as urgent or emergency maintenance, which the provider will announce in advance where reasonably possible;
- events of force majeure, attacks (e.g. DDoS) and other events outside the provider's control;
- outages of third-party providers (e.g. hosting, cloud, payment or internet service providers);
- circumstances within the user's area of responsibility (e.g. the user's internet connection, configuration or misuse);
- beta or preview features, which are provided as is without any availability commitment.
- If the portal is unavailable for more than 10% of the days within a billing cycle (excluding the periods set out above), the affected period shall be added to the subscription term at no charge. This service-time credit is the user's sole and exclusive remedy for non-availability. Any further claims for non-availability, in particular for damages, reimbursement or lost profits, are excluded; the mandatory liability under § 17 of these GTC remains unaffected.
- In all other respects an entitlement to use the services available on the portal exists only within the framework of the provider's technical and operational possibilities. Temporary restrictions or interruptions may occur due to technical problems (e.g. power supply interruptions, hardware and software errors, technical problems in the data lines).
§ 10 – Updating the content
- The content provided in the portal is regularly updated, renewed, and replaced. The content is amended based on new standards, findings or changed best practices. The provision of older and replaced content by the provider is not guaranteed.
§ 11 – Protection of content, responsibility for third-party content
- The content available on the portal (in particular templates, examples, guides, policies, documents and other resources) is protected by copyright or other property rights and is the property of Christopher Eller or the provider, or of third parties who have licensed the respective content to the provider. The compilation of the content as such may be protected as a database or database work in the sense of Section 4 paragraph 2, Section 87a paragraph 1 German Copyright Act (UrhG). The user may only use this content pursuant to these GTC and within the scope specified by the portal.
- Insofar as the portal contains links to external websites or content of third parties, the provider does not check such third-party content for completeness, accuracy and legality and assumes no responsibility or warranty in this respect. The legal liability as a telemedia provider remains unaffected.
§ 12 – Scope of permitted use
- The user's right to use the portal is limited to accessing the portal and using the services and content available on the portal at any given time within the scope of the provisions of these GTC.
- The content is available in the usual file formats (ZIP, PDF, XLSX, DOCX, HTML). The user is responsible for creating the necessary technical prerequisites for the contractual use of the services and content in the user's area of responsibility. The provider does not owe the user any advice in this regard.
§ 13 – Right of use of content available on the portal, additional usage fee when the granted rights of use are exceeded
- Unless further use is expressly permitted in these GTC or in the portal or is enabled in the portal by a corresponding functionality (e.g. download button),
- the user may retrieve and display online the content available on the portal exclusively for personal purposes. This right of use is limited to the duration of the contractual use;
- the user is prohibited from editing, modifying, translating, presenting, or demonstrating, publishing, exhibiting, reproducing, distributing or using for his own commercial purposes, in whole or in part, the content available on the portal. It is also prohibited to remove or alter copyright notices, logos and other marks or protective notices.
- The user is only entitled to download and print content if the portal offers a corresponding option (e.g. by means of a download button). The user is granted a non-exclusive right of use for an unlimited period of time to use the legitimately downloaded or printed content for its own internal business purposes, in particular for the user's own information security management system. If the content is provided to the user in return for a fee, a further prerequisite for the granting of rights is the complete payment of the respective fee. All other rights to the content remain with the provider or the respective rights holder.
- This applies in particular to the templates and examples made available on the portal. The user may not, in whole or in part, pass on, publish, distribute, resell or sublicense the content to third parties, nor use it to provide a competing product or service.
- The mandatory statutory rights (including the reproduction for private and other own use pursuant to Section 53 UrhG) remain unaffected.
- If the user exceeds the rights of use granted to it pursuant to these GTC or in the portal by means of a corresponding functionality, the provider reserves the right to charge the user a respective additional usage fee.
§ 14 – Prohibited activities
- The user is prohibited from using the services and content of the provider available on the portal contrary to the provisions of these GTC, in particular to offer and distribute them as its own services in the course of trade for commercial purposes towards third parties.
- The user is also prohibited from any activities in or in connection with the portal that violate applicable law or infringe the rights of third parties. In particular, the following activities are prohibited:
- using, providing or distributing content, services or products that are protected by law or encumbered with third-party rights (e.g. copyrights) without being expressly authorized to do so;
- spreading viruses, Trojans or other malicious files;
- any activity that is likely to interfere with the smooth operation of the portal, in particular to excessively overload the provider's systems.
- Should the user become aware of any unlawful, improper, in breach of contract or otherwise unauthorized use of the portal, the user is requested to notify the provider by e-mail ([email protected]). The provider will then examine the matter and, if necessary, take appropriate action.
- In the event of suspicion of unlawful or criminal acts, the provider is entitled and, where applicable, also obliged to review the activities of the user concerned and, if necessary, to take appropriate legal action. This may also include forwarding a case to the public prosecutor's office.
§ 15 – Sanctions
- If there is specific reason to believe that the user is violating or has violated these GTC, the rights of third parties, and/or applicable law, the provider may at its own discretion - considering the legitimate interests of the respective user - impose the following sanctions:
- restrict or limit the use of the portal,
- issue a warning to the user,
- temporarily or permanently block the user's access.
- In the event of temporary or permanent blocking, the provider will block the user's access authorization and notify the user of this by e-mail. In the event of a temporary block, the provider shall reactivate the access authorization after the blocking period has expired and notify the user of this by e-mail. A permanently blocked access authorization cannot be restored. Permanently blocked persons are permanently excluded from participation in the portal and may not register on the portal again.
§ 16 – Provider's termination rights
- The provider may terminate the entire business relationship with the user at any time, subject to a reasonable period of notice, provided that neither a term of contract, in particular pursuant to § 8 of these GTC, nor a deviating termination provision has been agreed. When determining the period of notice, the provider will consider the legitimate interests of the user, and in particular shall not fall below a period of notice of two weeks.
- Termination of the entire business relationship without notice is permissible if there is good cause which makes it unacceptable for the provider to continue the relationship, even considering the legitimate interests of the user. A good cause exists in particular,
- if the user has provided false information during the ordering and registration process,
- if there is an identifiable misuse of the portal by the user,
- if the functionality of the portal is impaired by the user,
- if the user uses the content available on the portal contrary to the provisions of these GTC, in particular offering and distributing them as his own services in the course of trade for commercial purposes towards third parties.
- in case of violation of legal regulations or the rights of third parties.
- If the good cause consists in the breach of a contractual obligation, termination is only permissible after the unsuccessful expiry of a reasonable period set for a remedy or after an unsuccessful warning, unless this is dispensable due to the special circumstances of the individual case (Section 323 paragraphs 2 and 3 BGB).
§ 17 – Limitation of liability
- The provider is liable without limitation for any damages caused intentionally (vorsätzlich) or through gross negligence (grob fahrlässig) by the provider or its legal representatives, executives, or simple vicarious agents.
- In other cases, the provider is liable – unless otherwise regulated in paragraph 4 of this provision – only in the event of a breach of a contractual obligation, the fulfillment of which is a prerequisite for the proper performance of the contract and on the observance of which the user may regularly rely on (so-called cardinal obligation). This is limited to compensation for the foreseeable and typical damage. In all other cases, the liability of the provider – subject to the provision in paragraph 4 – is excluded.
- The limitations regulated in paragraphs 1 and 2 of this provision shall also apply in favor of the legal representatives, executive and simple vicarious agents of the provider if claims are asserted directly against them.
- The limitations regulated in paragraphs 1 and 2 of this provision shall not apply in the case of fraudulent intent (Arglist), in the case of damage resulting from injury to life, limb or health, in the event of the assumption of guarantees (Übernahme von Garantien) or other strict liability, or for claims under the Product Liability Act.
§ 18 – Indemnification
- The user shall indemnify the provider in the event of a claim due to an alleged or actual infringement and/or violation of third-party rights against all third-party claims arising from actions of the user in connection with the use of the portal for which the user is responsible.
- In addition, the user undertakes to reimburse the provider for all costs incurred by the provider as a result of claims asserted by third parties pursuant to paragraph 1 of this provision. Reimbursable costs include, in particular, the costs of a necessary legal representation, including all court and attorney fees in the statutory amount.
- In the event of a claim by a third party pursuant to paragraph 1 of this provision, the user is obliged to immediately provide the provider with all complete and accurate information required for the examination of the claims and a defense.
§ 19 – Form of declarations
- All declarations submitted in the context of the use of the portal must be made electronically (e.g. via the contact form in the portal), unless expressly stated otherwise in these GTC or mandatory applicable statutory provisions require a different form of communication.
§ 20 – Severability clause
- Should any provision of these GTC be or become invalid, this shall not affect the legal validity of the remaining provisions.
§ 21 – Applicable law
- These GTC shall be governed by the laws of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods (CISG).
§ 22 – Jurisdiction
- The place of jurisdiction for all disputes arising from and in connection with these GTC is the registered office of the provider, Darmstadt.
Your ISMS for ISO® 27001 and TISAX®
Valiido bundles everything you need - policies, 1-Click examples, 10+ modules, and a guided path - into a single platform with unlimited support.
Implement your ISMS yourself for a fraction of what a consulting project costs.
Pick a plan and start today.
- Expert Pre-Audit Review included in Pro
- Pay by credit card or SEPA - instant access
- Unlimited support by email and chat