for agreed IT services via the application aiaibot of swiss moonshot AG
Status: April 2020
These General Terms and Conditions (GTC) apply to the contractually agreed provision of IT services via the aiaibot application of swiss moonshot AG (the «Company») to the Customer.
By selecting the relevant service and confirming the selection by means of the order button within the aiaibot application, the customer makes an offer to the company to conclude a contract concerning the relevant service.
The Company accepts the offer by sending an electronic confirmation and, if applicable, contractual documents. These GTC shall apply to the concluded contract without further ado. If the customer subsequently requires additional services, a separate agreement is required for this with separate invoicing of the expenses.
Services are generally rendered by the company within the scope of an order. They do not constitute services under a contract for work and services unless a specific work is expressly agreed.
The company may provide the agreed services itself or engage third parties for this purpose.
The backup of data within the scope of the use of IT services and/or applications of the company is the sole responsibility of the customer.
The Customer shall pay the contractually agreed remuneration for the services provided by the company in Swiss francs. Instead of the Customer, who is the contractual partner, the payment of the remuneration can also be made by another user, who has been invited by the contractual partner to his workspace at aiaibot.com. However, this does not result in a change in the position of the contracting party. The customer owes all further and still open remuneration claims in favor of aiaibot.com himself and in full. All amounts are exclusive value added tax and possible other charges and additional costs. Additional costs are especially insurances as well as costs for software and operating systems. With the delivery of an invoice, the customer may be granted a payment period of 30 days. Payment shall be deemed to have been made when the entire amount due has been credited to the company's specified account and is freely available to the company. Offsetting against counterclaims is not permitted. The customer shall be in default without reminder if payment is delayed. In the event of default, he shall pay interest on arrears of 5% p.a. on the invoice amount. In addition, the customer will be charged reminder and collection costs.
Subject to legal or contractual secrecy obligations, the parties shall inform each other if developments, incidents and findings occur which are or may be of significance for the other party in connection with the performance of the contract or for the contractual relationship as a whole.
The subject matter of the warranty shall be the respective contractually agreed IT services and the use of the respective contractually agreed applications.
Warranted characteristics in connection with the warranty shall only be those which have been designated as such («warranties» or «warranted characteristics») by the company in writing in the respective contract.
The IT services and applications of the company are prepared with great care. Nevertheless, absolute freedom from errors cannot be guaranteed. Minor malfunctions or impairments are not covered by the warranty. Malfunctions or impairments of function that are wholly or partially due to hardware defects, environmental conditions, incorrect operation or similar are also not covered by the warranty.
The Customer is obligated to immediately test provided IT services or applications for errors after receipt of the access data for the agreed IT service or application and to notify the company of any recognizable errors as soon as possible, at the latest within two weeks of receipt. The notification must be made in writing or electronically and must contain a comprehensible description of the error. If no error is reported, the customer confirms that the IT service or application is free of errors.
The company remains the owner of all proprietary rights, such as property rights, copyright, intellectual property rights, patent rights, trademark rights with respect to the services, software or applications provided.
The company shall be liable to the contracting party only for direct damages arising from breach of contract, provided that such damages are due to gross negligence or intent.
Liability for auxiliary persons is excluded to the extent permitted by law.
The company shall not be liable if the provision of the contractually agreed service is temporarily interrupted, wholly or partially restricted or impossible due to force majeure. Force majeure shall be deemed to include, in particular, natural events of particular intensity (avalanches, floods, landslides, etc.), warlike events, riots, unforeseeable official restrictions, etc. If the company cannot fulfill its contractual obligations due to these events, the fulfillment of the contract shall be postponed in accordance with the event that has occurred.
The customer guarantees the correctness of the information provided by him/her in connection with the completion of the online form prior to the conclusion of the contract. He is liable to the company for any damage resulting directly or indirectly from incorrect information.
oth parties undertake to treat as strictly confidential their employees, other auxiliary persons and consulted third parties, all documents and information which are not generally known and which they receive or learn in connection with the performance of contracts. The obligation to maintain confidentiality shall continue to exist for an unlimited period of time even after termination of the contractual relationship between the parties.
Both parties undertake to comply with the applicable statutory provisions on data protection and also to impose the corresponding obligations on their employees, auxiliary persons and third parties called in.
A contract for IT services or applications of the company is concluded for an indefinite period of time, unless otherwise expressly agreed. Unless otherwise agreed, it may be terminated by either party with 30 days' notice to the end of the month within the application or in writing. If the customer chooses an annual payment method for the IT service or application, the minimum contract period shall be 1 year. In the event of premature termination of the above contract, the customer shall in any case pay the agreed annual amount. The termination must be made either within the application or in writing.
The right to extraordinary termination for good cause is reserved at all times. Any delay in payment shall be deemed to be an extraordinary reason for termination on the part of the company. In this case, the company may terminate the contract at any time without notice and deactivate or shut down the affected applications and/or systems.
The contract shall be governed exclusively by Swiss law. The Vienna Sales Convention is expressly excluded. The place of jurisdiction is Zurich at the registered office of the company. Mandatory places of jurisdiction remain reserved.
Status: 14 November 2019
Particularly worthy of protection are such personal data revealing racial and ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership of data subjects, as well as personal data on administrative or criminal prosecutions and sanctions, and data on criminal convictions and offenses or related security measures, as well as genetic data, biometric data, health data, and data on a natural person's sex life or sexual orientation, or data on social assistance measures.
between the customer as the responsible party (herein referred to as the «client»)
aiaibot.com - swiss moonshot AG as order processor (herein referred to as «contractor»).
The client wishes to commission the contractor with the services specified in § 2. Part of the execution of the contract is the processing of personal data. Due to EU data protection law (Basic Data Protection Regulation, DSGVO) and the Swiss Data Protection Act, certain requirements are placed on such commissioned processing. In order to comply with the applicable requirements, the parties conclude the following agreement.
(1) The responsible party is the body which alone or jointly with other responsible parties determines the purposes and means of the processing of personal data.
(2) Order processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the responsible party.
(3) Personal data is any information relating to an identified or identifiable natural person (hereinafter «data subject»). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
(4) Personal data requiring special protection are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership of data subjects, personal data concerning criminal convictions and offenses or related security measures, as well as genetic data, biometric data, health data, and data concerning a natural person's sex life or sexual orientation.
(5) Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
(6)The supervisory authority is an independent state body established by the canton of the company's registered office, by the Swiss Confederation and by an EU member state. The competence of the respective supervisory authority is determined by the specific contractual relationship and the data processing that takes place.
(1) The contractor provides services for the client in the area of provision via the software platform «aiaibot.com». aiaibot.com is a chatbot software that can be used by the client. According to the purchased functional scope of the software, the contractual service includes the creation and operation of chatbots, the use of so-called artificial intelligence (use of algorithms for the purpose of exercising machine behavior and learning) for the analysis of texts as well as the automation of business processes (e.g. end2end automation of use cases; realization of dynamic interfaces between systems such as emails and tickets in case management systems; etc.). based on the main contract («Main Contract»). The Main Contract as well as this Order Processing Agreement will be sent to the client by email after the conclusion of the contract via the website as a confirmation on the day of the conclusion of the contract. In doing so, the contractor shall obtain access to personal data and shall process such data exclusively on behalf of and in accordance with the instructions of the client. The scope and purpose of the data processing by the contractor also result from the Main Contract (and the associated service description). The client shall be responsible for assessing the permissibility of the data processing.
(2) In case of doubt, the provisions of this agreement shall take precedence over the provisions of the main contract.
(3) In order to specify the mutual rights and obligations under data protection law, the parties conclude the present agreement. The provisions of this Agreement shall apply to all activities related to the Main Agreement in the course of which the contractor and its employees or persons commissioned by the contractor come into contact with personal data originating from the client or collected for the client.
(4) The term of this Agreement shall be based on the term of the Main Agreement, provided that the following provisions do not give rise to any obligations or rights of termination going beyond this.
(1) The contractor may only collect, process or use data within the scope of the Main Contract and in accordance with the client's instructions. This applies in particular with regard to the cross-border transfer of personal data.
(2) The persons authorized to give instructions are shown in Annex 3. In the event of a change or long-term prevention of the appointed persons, the successor or representative shall be named to the contracting party in text form without delay.
(3) All instructions issued shall be documented by both the client and the contractor. Instructions that go beyond the performance agreed in the Main Contract shall be treated as a request for a change in performance.
(4) If the contractor is of the opinion that an instruction of the client violates provisions of data protection law, it shall notify the client thereof without undue delay. The contractor shall be entitled to suspend the implementation of the relevant instruction until it is confirmed or amended by the client. The contractor may refuse to carry out an obviously illegal instruction.
(1)In the course of the performance of the Main Contract, the contractor shall obtain access to personal data (such as names, contact data, email addresses), information on the specific use of products and services, etc.). This data expressly does not include any personal data requiring special protection.
(2) If, contrary to Paragraph 1, the client does wish to process personal data requiring special protection (cf. § 1 Paragraph 4, Definitions) in connection with the use of the contractor's services and/or software, it must inform the contractor of this in advance and in good time before the data is collected and processed. The parties shall then enter into a separate agreement for this case of processing of data requiring special protection. Without the conclusion of such an agreement, the processing of data requiring special protection by means of the contractor's services and/or software is expressly not permitted.
(3) If, contrary to Paragraph 1, the client wishes to process sensitive personal data (cf. § 1 Paragraph 4, Definitions) in connection with the use of tools, software, applications or other third-party services (e.g. Slack, Facebook, etc.), it must inform the contractor of this in advance and in good time before the data is collected and processed. The parties shall then enter into a separate agreement for this case of processing of data requiring special protection. Without the conclusion of such an agreement, the processing of data requiring special protection by means of the contractor's services and/or software is expressly not permitted.
(4) If data requiring special protection is processed contrary to the provisions of Paragraph 1, Paragraph 2 and Paragraph 3, the client shall indemnify the contractor against all liability claims arising therefrom and shall assume all liability consequences resulting therefrom.
(1) The contractor is obliged to observe the statutory provisions on data protection and not to pass on information obtained from the client's domain to third parties or expose it to their access. Documents and data shall be secured against disclosure to unauthorized persons, taking into account the state of the art.
(2) The contractor shall design the internal organization in its area of responsibility in such a way that it meets the special requirements of data protection. It shall take all necessary technical and organizational measures to adequately protect the client's data.
(3) The persons employed in data processing by the contractor are prohibited from collecting, processing or using personal data without authorization. The contractor shall oblige all persons entrusted by it with the processing and fulfillment of this contract (hereinafter referred to as employees) accordingly (obligation to confidentiality) and shall ensure compliance with this obligation with due care. These obligations are formulated in such a way that they remain in force even after termination of this contract or of the employment relationship between the employee and the contractor.
(1) In the event of disruptions, suspected data protection violations, suspected security-related incidents or other irregularities in the processing of personal data by the contractor, by persons employed by the contractor within the scope of the order or by third parties, the contractor shall inform the client. The same shall apply to audits of the contractor by the data protection supervisory authority.
(2) The contractor shall take the necessary measures to secure the data and to mitigate possible adverse consequences of the concerned persons and shall inform the client thereof.
(3) If the client's data at the contractor is endangered by seizure or attachment, by insolvency or composition proceedings or by other events or measures of third parties, the contractor shall inform the client thereof without undue delay, unless it is prohibited from doing so by court or administrative order. In this context, the contractor shall immediately inform all competent bodies that the decision-making authority over the data lies exclusively with the client as the «responsible party».
The contractor shall provide the client with the necessary information to prove compliance with the legally required obligations regarding commissioned data processing. At the same time, it shall enable any necessary checks within the legally permissible scope.
(1) The contractually agreed services may be performed for the contractor by a subcontractor. The contractor is obliged to carefully select subcontractors according to their suitability and reliability. If subcontractors are to be involved at a location outside Switzerland or the EU/EEA, the contractor shall ensure that an appropriate level of data protection is guaranteed at the respective subcontractor (e.g. by concluding an agreement based on the EU standard data protection clauses).
(2) A subcontractor relationship within the meaning of these provisions shall not exist if the contractor commissions third parties to provide services which are to be regarded as purely ancillary services. These include, for example, postal, transport and shipping services, cleaning services, telecommunications services without any specific reference to services provided by the contractor for the client and security services. Maintenance and testing services constitute subcontractor relationships subject to approval insofar as they are provided for IT systems that are also used in connection with the provision of services for the client.
(3) If so-called messenger services, such as Whatsapp, are used within the chatbot at the request of the client, the client shall inform its customers of this circumstance within the scope of the information obligations, e.g. within its data protection declaration. In connection with the use of messenger services, the use of so-called interface service providers is required, which enable communication between the messenger and the chatbot. The client shall also point this out to its customers as part of the information obligations, e.g. within its data protection declaration. In addition, the client is recommended to obtain the consent (approval) of the respective end user for the use of the messenger service and the interface service providers before using the corresponding messenger function in the chatbot.
(4) Furthermore, the client acknowledges that the use of WhatsApp may result in the transfer of personal data to the USA and the transfer of personal data to other companies of the Facebook group. The contractor has neither exact knowledge nor influence on the data processing by WhatsApp. The client is informed that in particular the purpose of the data processing by WhatsApp is hardly limited. The use of so-called messenger services such as WhatsApp and other messenger services is therefore the responsibility of the client.
(5) The client is also informed that WhatsApp is certified under the Swiss-US Privacy Shield and has thereby committed to compliance with the Privacy Shield principles. However, the EU-US Privacy Shield agreement has been declared invalid by the European Court of Justice (ECJ) in a judgment dated July 16, 2020 (Case C-311/18). Corresponding effects of this judgment on Switzerland are to be observed and, if necessary, required measures are to be taken by the client. Should a data transfer take place within the scope of European law and in particular the General Data Protection Regulation (GDPR), the client shall have the role of the controller in the use of WhatsApp. It is pointed out to the client that in the event of a data transfer to the USA, the use of standard contractual clauses as well as additional measures, supplementary to standard contractual clauses, may be required by the client in order to ensure an equivalent level of data protection.
(1) Robotics applications (AI and Robot modules) can be used at the request of the client. The client is hereby informed of its associated information obligations, e.g. within the scope of its data protection declaration.
(2) In the course of the robotics applications (modules AI and Robot), the information entered and stored by users is mapped in the context of models. These models are used for dialog control and workflow control. The models are created by an algorithm. The algorithm does not make any independent selection decision regarding the information used. A selection of the information concerned is only possible manually by the user. The algorithm classifies the received information in the context of a so-called training, e.g. as order or complaint. The result of the training is then the respective model. By using information from the models, there is no recourse to personal information entered by the user. Therefore, it is not possible to draw any conclusions about a person from the model, nor is it possible to draw any conclusions about the data/information used. In addition, the users of the chatbot and the AI and Robot modules also do not have access to the models or the information on which they are based at any time.
(3) The chatbot and the AI and Robot modules can access the finished models. This recourse serves to constantly improve the functionality of the applications. The robotics function therefore uses the models to make predictions about desired information or to generate more specific response texts.
(4) The processing operations carried out in this context are periodically (annually) subjected to a risk assessment, whereby the nature, scope, circumstances and purposes of the processing are examined with regard to data protection risks.
(5) On the part of the user of the applications Chatbot and the modules AI and Robot, the transfer of data from the user account is possible in each case. However, this is the responsibility of the respective user. We expressly encourage our users to strictly observe and comply with the applicable data protection and other legal regulations.
(1) The contractor shall support the client as far as possible with suitable technical and organizational measures in fulfilling the client's obligations with regard to the rights of the parties affected by the processing as well as the security of the processing and the risk assessment and evaluation of the consequences in advance of a data processing (data protection impact assessment).
(2) If a party affected asserts rights, such as the right to information, correction or deletion with regard to his data, directly against the contractor, the contractor shall not react independently, but shall immediately refer the party affected to the client and await the client's instructions.
(1) In the internal relationship with the contractor, the client alone shall be responsible to the affected party for compensation of damages suffered by an affected party due to inadmissible or incorrect data processing or use within the scope of commissioned processing in accordance with the data protection laws.
(2) The contractor shall only be liable to the client for damages arising from the contractual relationship if these are due to gross negligence or intent.
(3) The liability of the contractor for auxiliary persons is excluded.
(4) In addition, the parties shall each release themselves from liability if a party proves that it is in no way responsible for the circumstance that caused the damage to an affected party.
(1) After termination of the Main Contract, the contractor shall return to the client all documents, data and data carriers provided to it or - at the client's request, unless there is a legal obligation to store the personal data - delete them. This shall also apply to any data backups at the contractor.
(2) The contractor shall be obligated to treat as confidential any data of which it becomes aware in connection with the Main Contract, even after the end of the Main Contract. The present agreement shall remain valid beyond the end of the main contract as long as the contractor has personal data at its disposal which have been forwarded to it by the client or which it has collected for the client.
(1) Amendments and supplements to this agreement must be made in writing. This shall also apply to any waiver of this formal requirement. The precedence of individual contractual agreements remains unaffected.
(2) Should individual provisions of this agreement be or become wholly or partially invalid or unenforceable, this shall not affect the validity of the remaining provisions in each case.
(3) This agreement is governed exclusively by Swiss law. The place of jurisdiction is Zurich. The consent of the client named by means of the online form to the above agreement by pressing the corresponding opt-in button on the website aiaibot.com is recorded electronically with date and stored in a change-proof manner. The consent of swiss moonshot AG to the above contract with the client named by means of the online form is hereby declared as of today's date (cf. date of the mail dispatch with this contract) for this individual case.