Terms and Conditions
Last updated: 12 July 2023
This Customer Agreement (referred to as the "Agreement") sets forth the terms and conditions that govern your access to and use of our website and services. The terms "you" or "your" refer to the individual customer, while the terms "we", "our" or "us" refer to Timatis UG (haftungsbeschränkt), Mühlenstraße 8a, 14167 Berlin, Germany. The Agreement shall become effective upon your use of our website (timatis.com) and successful authentication on our sign-in page, or alternatively, upon your use of any of our services, whichever occurs earlier. By entering into this Agreement, you affirm and warrant to us that you have the legal capacity to enter into contractual obligations. If you are entering into this Agreement on behalf of an entity, such as the company you are employed by, you represent and warrant to us that you have the legal authority to bind that entity.
Authorized use
In accordance with this Agreement, you are hereby granted permission to access and use our website and services. We retain the right to modify or discontinue the provision of any of our services. In the event of discontinuation of a significant functionality of a service that you are currently using, we will provide you with a minimum notice period of three months, unless providing such notice would compromise security or intellectual property interests, impose excessive economic or technical burdens, or result in a violation of legal obligations.
By accepting this Agreement, you explicitly agree to refrain from engaging in any unlawful or prohibited activities through the use of our website or services. Unauthorized activities include, but are not limited to, the following:
- Engaging in any activities that intentionally disrupt or impair the functionality of our networks and servers while using our services, including but not limited to denial of service attacks.
- Infringing upon or violating our intellectual property rights or those belonging to a third party.
- Engaging in the trading, selling, or unauthorized transfer of account ownership to a third party.
- Engaging in repetitive creation of new accounts with the intent to evade payment for our services or exploit free trial periods associated with our subscriptions.
- Making payments for your subscription using fraudulent payment methods, such as stolen credit cards.
- Attempting to gain unauthorized access, probe, or establish connections with computing devices without proper authorization, including any form of unauthorized hacking.
- Accesssing our services with API keys not associated with your own account.
If you are found to be engaging in any of the aforementioned unauthorized activities, your accounts will be promptly suspended. Additionally, we reserve the right to suspend or terminate any account used for illegal activities not explicitly mentioned herein. Furthermore, accounts that have not obtained a subscription to our services or are not otherwise compensating for the use of our services may be subject to suspension, deletion, or denial of access to our services.
Subscriptions, payments, and cancellations
Our services are provided through subscriptions that operate on a 30-day billing cycle. After the initial term is completed, the subscription will automatically renew for the same duration, unless you choose to cancel or modify it. It is your responsibility to ensure that the payment information associated with your account remains accurate and up to date. Any changes made to subscriptions will not affect the ongoing billing cycle but will be implemented in the subsequent term. Additionally, we may offer separate one-time payment options that apply to the current billing cycle.
If you fail to fulfill your payment obligations as a user of a paid subscription, we reserve the right to suspend your account or, in cases of prolonged non-payment, delete it.
When you cancel a subscription, you will continue to have access to the service until the end of the billing cycle for which you have already made payment. However, please be aware that refunds are not possible once a payment has been made.
Taxes
Each party is responsible for identifying and paying all taxes, fees, and charges required by law regarding payments under this Agreement. Any subscription fees or one-time payments you make do not include applicable taxes and duties, such as sales tax, unless required by law. We may collect and you must pay any applicable taxes and duties we are legally required or authorized to collect. You must provide us with necessary information to determine whether we need to collect taxes and duties from you. If you provide a valid exemption certificate or direct payment permit, we will not collect or require payment of any applicable taxes and duties for which the exemption applies.
Price changes
We reserve the right, at our sole discretion, to modify the subscription fees for our services. We will communicate any such modifications to you through an e-mail notification or by posting a notice of the changes prominently on our website. It is your responsibility to review the website for any such notifications. By continuing to use our services, you agree to accept the new fees as modified.
Any change in subscription fees will become effective beginning on your next billing cycle. However, if your next billing cycle commences earlier than fifteen (15) days following the notification of the price change, the modified subscription fees will become effective on the subsequent billing cycle.
The modified subscription fees will apply to all existing subscriptions from the effective date of such changes. Your continued use of our services after the effective date constitutes your acceptance of the adjusted subscription fees.
If you do not agree with the modified subscription fees, you must cancel your subscription before the effective date of the fee change. Failure to cancel your subscription before the effective date will result in you being billed at the modified subscription fees.
Disclaimer
We are unable to provide any warranty regarding the reliability of our website, services, or the security of your data, despite our diligent efforts. Our website and services are provided on an "as is" and "as available" basis, without any warranty, whether express or implied, statutory, or otherwise. We explicitly disclaim all warranties, including but not limited to implied warranties of merchantability, fitness for a particular purpose, title, accuracy, non-infringement, or warranties arising from the course of dealing, course of performance, or usage of trade.
Limitations of liability
To the fullest extent permitted by applicable law, you explicitly acknowledge and agree that under no circumstances shall we be held responsible or liable to you or any third party for any indirect, special, exemplary, incidental, consequential, or punitive damages, or for any multiplication or increase of damages, or for any costs or fees, whether arising from this Agreement or otherwise, arising in any manner in connection with your account, our website, our services, or these terms. This includes, but is not limited to, damages arising in contract, strict liability, tort (including negligence or otherwise), common law, statute, equity, or any other legal theory. Even if we have been advised of the possibility of such damages, you expressly release us from liability for any claim, demand, or damages arising out of or related to your use or inability to use your account, our website, or services.
Modifications of these terms and conditions
We reserve the right to modify this Agreement at any time by publishing a revised version on our website or by sending you an e-mail to the e-mail address associated with your account. The revised terms of this Agreement will become effective upon their publication on our website or when a notification e-mail has been sent by us, unless a different future date is explicitly specified in our communication. By continuing to use our website and services after the effective date of any modifications to this Agreement, you expressly agree to be bound by the updated terms. It is your responsibility to regularly review timatis.com for any changes or revisions to these terms and conditions.
Termination
You have the option to terminate this Agreement by notifying us or by closing your account. We reserve the right to terminate this Agreement by providing you with at least 30 days' advance notice, regardless of the reason.
Upon the effective date of termination, all your rights under this Agreement will cease immediately. However, you will still be held accountable for any fees and charges you have accumulated up until that point in time.
Indemnification
You agree to defend, indemnify, and hold us harmless from any losses that may arise from or be related to any third-party claims regarding the following:
- Your use or your users' use of our services.
- Any disputes between you and your users.
- Your breach of this Agreement or violation of applicable law, including by users of yours.
You are also required to reimburse us for reasonable attorneys' fees, in responding to any third-party subpoenas or other compulsory legal orders or processes associated with the aforementioned claims regarding 1, 2, or 3.
Privacy
Our privacy policy outlines how we handle and safeguard your personal data and privacy concerning your Account, your usage of our Services, and your browsing activities on our website. By accepting this Agreement and accessing our services or website, you also consent to our privacy policy.
Governing Law
You agree that this Agreement will be governed by the laws of Germany to the fullest extent permitted by law. Any disputes, actions, claims, or other controversies arising from or related to this Agreement, your account, our services or website, or your usage or access to your account or our services or website, shall be subject to the exclusive jurisdiction of the courts located in Berlin, Germany.
Severability
If any part of this Agreement is deemed invalid or unenforceable by a court or any other legally authorized body with the appropriate jurisdiction, the remaining sections of the Agreement will still be valid and enforceable. The invalid or unenforceable part will be interpreted to reflect the original intention and purpose. If such interpretation is not feasible, the invalid or unenforceable part will be removed from the Agreement, but the rest of the Agreement will remain fully enforceable.
Miscellaneous
Entire agreement. This Agreement incorporates our privacy policy by reference and the Data Processing Agreement (DPA) below and constitutes the entire agreement between you and us regarding the subject matter herein. It supersedes all prior or contemporaneous understandings, agreements, or communications between you and us.
No Waivers. Our failure to enforce any provision of this Agreement, either in the past or in the future, does not waive our right to enforce that provision at a later time.
Force Majeure. We are not responsible for any delays or failures to fulfill our obligations under this Agreement if the delay or failure is caused by circumstances beyond our reasonable control. These circumstances may include acts of nature, power outages, government actions, acts of terrorism, or war, or other events that are not within our control.
Language. All communications and notices made or provided in relation to this Agreement must be in the English language.
Data processing agreement (DPA)
This Data Processing Agreement (DPA) serves as a legally binding contract that establishes the rights and obligations of both parties, Timatis UG (haftungsbeschränkt), Mühlenstraße 8a, 14167 Berlin, Germany and you, our customer, regarding the processing of personal data on your behalf. Under this agreement, you assume the role of the controller concerning the personal data of your data subjects, while we undertake the role of the processor as defined in Article 4(7, 8) of the EU General Data Protection Regulation (GDPR).
Customer instructions
You acknowledge and agree that this Data Processing Agreement (DPA), in conjunction with the general terms and conditions stated in this document, constitute your documented instructions that govern our processing of Customer Data. Any additional instructions regarding such processing will only be valid if agreed upon in writing between you and us in advance.
Customer Data
Customer Data refers to personal information that we, as a data processor, access or use on behalf of individuals for whom you, as the data controller, are responsible, as defined in Article 4(7) of the GDPR.
Processing of Customer Data
Under this Data Processing Agreement (DPA), the primary focus of data processing involves Customer Data. This includes specific elements such as internet protocol (IP) addresses, protocol headers (e.g. referrer information and user agent information), API keys, and any other data transmitted to us by your data subjects through web browsers or other network clients. The data processing occurs on an ongoing basis and is primarily aimed at facilitating the provision of our services, particularly the delivery of map data to your data subjects.
Customer Data is typically stored in log files and retained for a maximum period of 90 days. These logs serve as documentation of the usage of the service by your data subjects, which may affect your subscription quota. They are retained to assist with dispute resolution if required.
Confidentiality of Customer Data
We will refrain from accessing, using, or disclosing any Customer Data to any third party, except when necessary for the purpose of providing or maintaining our services, or when required to comply with applicable laws and regulations. In the event that a governmental body requests access to Customer Data, we will make reasonable efforts to redirect such request to you, thereby disclosing your contact information to the governmental body. If we are legally obligated to directly disclose Customer Data, we will strive to provide you with reasonable notice.
Every individual at Timatis who comes into contact with Customer Data is required to have appropriate authorization and is contractually obligated to maintain the confidentiality of such Customer Data.
Security of Customer Data
We have implemented appropriate organizational and technical measures to ensure the security of Customer Data. Access to Customer Data is strictly limited to authorized personnel only. When transmitting data over public networks, we consistently utilize transport layer security or other cryptographic protocols to maintain the confidentiality and integrity of Customer Data. Our internal networks are protected against unauthorized access.
We conduct regular audits of our software to identify and address any vulnerabilities, and we frequently update our systems to incorporate necessary security patches and updates. To ensure continuous availability, our systems are designed with fail-over mechanisms, and redundant configurations are implemented where applicable.
Sub-processing of Customer Data
By granting us general authorization, you provide consent for the use of sub-processors to perform processing activities on Customer Data on your behalf. The current list of sub-processors engaged by us can be found below. We commit to updating this list at least 30 days before engaging a new sub-processor and providing you with a mechanism for receiving notifications about such updates. If you have any objections to a specific sub-processor, you have the following options:
- Terminate this Agreement in accordance with its terms, or
- Discontinue the use of the services for which the sub-processor has been engaged.
It is important to note that sub-processors engaged by us have limited access to Customer Data, restricted to what is necessary for providing the services in accordance with the documented instructions.
Sub-processors are bound by the same data protection obligations as we are under this Data Processing Agreement (DPA). We retain full responsibility for ensuring their compliance with these obligations, and we are accountable for any acts or omissions by the sub-processor that may result in a breach of our obligations under this DPA.
Customer Data transfer
The transfer of Customer Data to a country outside the European Economic Area (EEA) that does not have an adequacy decision from the European Commission, indicating an adequate level of protection for personal data under the GDPR, will only occur under specific conditions. These transfers will be subject to the implementation of standard contractual clauses (SCC), unless we have established binding corporate rules for data processors or have adopted an alternative compliance standard for lawful transfer as defined in the GDPR. These measures ensure that appropriate safeguards are in place to protect the transferred Customer Data in accordance with the requirements of the GDPR.
Current list of sub-processors.
The current list of sub-processors can be found below:
- Entity country: United States
- Used by: Timatis Maps
- Customer Data: IP addresses, HTTP headers, API keys
- Processing activity: Serving of map data, log processing, accounting
- Data transfer guarantees: Standard contractual clauses, data processing agreement
- Entity country: Slovenia
- Used by: Timatis Maps
- Customer Data: IP addresses, HTTP headers, API keys
- Processing activity: Serving of map data, log processing
- Data transfer guarantees: Data processing agreement
Assistance with data subject requests
Considering the nature of the processing involved, we will assist you, to the extent feasible, in fulfilling your obligation to respond to requests concerning the exercise of data subjects' rights, through appropriate technical and organizational measures. If a data subject directly contacts us with a request and we have identified you as the data controller for that particular subject, we will promptly forward the request to you. By granting authorization, you authorize us to respond directly to the data subject's request, acknowledging that we have duly forwarded the request to you.
Security incident notification
In the event of a security incident, such as a breach of our security leading to the unintended or unlawful disclosure of Customer Data, we will notify you promptly upon becoming aware of the incident. We will take necessary steps to address the underlying cause(s) of the incident and make reasonable efforts to mitigate any adverse consequences resulting from the security incident.
To assist you in fulfilling your reporting obligations to the supervisory authorities regarding a security incident, we will cooperate with you and disclose as much information about the incident as reasonably possible. Our goal is to provide you with the necessary details to facilitate your reporting to the relevant authorities.
Privacy impact assessment
Considering the nature of the processing and the information at our disposal, we will assist you in fulfilling your obligations regarding data protection impact assessments and prior consultation, as specified in Articles 35 and 36 of the General Data Protection Regulation (GDPR). We will provide you with the necessary support and information to carry out these assessments and consultations effectively.
Audits
We are dedicated to providing you with all the essential information to demonstrate our compliance with the obligations stated in this Data Processing Agreement (DPA). Moreover, we will facilitate and actively participate in audits and inspections conducted by you or any auditor appointed by you, regarding the processing of Customer Data. In the event that we refuse to comply with any instruction related to audits or inspections as requested by you, you have the right to terminate the Agreement in accordance with its terms.
Standard contractual clauses (SCC)
This Data Processing Agreement (DPA) references and incorporates the standard contractual clauses by reference, as provided at https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en . It is important to note that nothing within this document alters or modifies the provisions of the standard contractual clauses. The standard contractual clauses remain applicable and govern the transfer of personal data in accordance with their terms.