GENERAL TERMS AND CONDITIONS OF BUSINESS (GT&Cs)
A: General Terms and Conditions of Business (GT&Cs)
B: Additional agreement of the order processing in respect of data protection for Landolt & Mächler Consultants AG, Hünenberg (hereinafter L&M)
A: General Terms and Conditions of Business (GT&Cs)
1. Scope of application
These GT&Cs apply for assessments and further services provided during participation in the L&M salary comparison. The registration for participation must be signed by the client and may be transmitted electronically to L&M.
2. Responsibilities of L&M
The assessments for the salary comparison shall be carried out by L&M with the necessary care and expertise. They are based on the information contained in the order form submitted by the client.
3. Responsibilities of the client
The client shall designate a responsible internal contact person for the collection, reporting and modification of the data as well as for any corrections. This shall also apply in the event of the outsourcing of the aforementioned activities to a third party company.
The client must also train and instruct the person tasked with allocating function numbers according to L&M’s instructions so that the allocations are carried out technically correctly in every respect and all available salaries are reported.
4. Prices, invoicing and payment
The assessments shall be submitted according to the prices listed in the order. If a fixed fee is agreed, all assessments and further expenses on the part of L&M for the scope of the order received shall be covered.
L&M shall submit its invoice after delivery of the assessments. VAT shall be invoiced additionally.
All invoices shall be due for payment, net, within 30 days of the invoice date. For reminders after the 61st day following submission of the invoice, default interest of 4% of the invoice amount shall apply.
5. Intellectual property rights
The client shall hold all rights of the assessments. However, the assessments are subject to the confidentiality according to paragraph 6. Upon payment for the assessments, the client shall receive ownership of a copy, which it may use within the company.
L&M may use ideas, concepts and methods, which it has acquired in the context of its activities, with other clients as it wishes.
As a provider of salary comparisons L&M is obliged to keep the concerning data strictly confidential.
The client - when submitting salary data according to the specifications of L&M - is obliged to pay highest attention, that only anonymized salary data (without the names of the employees) are submitted to L&M.
However, should the client submit not anonymized personal data for the salary comparison, L&M will immediately delete this data prior to the storage and shall inform the client thereof. In addition, the client is obliged to treat all data and assessments in respect of the salary comparison, with the necessary confidentiality and is not allowed to pass on this information to external third parties or utilize them for other internal purposes.
L&M may cease its services if these obligations are breached. If one party culpably fails to fulfil its obligations, it shall be obliged to pay a contractual penalty of CHF 10’000.00 per event to the other party. The claim of damages, exceeding the amount of the penalty, remains reserved.
L&M shall not infringe any third party intellectual property rights when creating the assessments.
L&M guarantees to the client that the assessments are correct and correspond to the data provided by the client and the overall f dataset available to L&M. In the event of errors, L&M shall replace the erroneous assessments. Any further claims on the part of the client are expressly excluded.
L&M shall be liable for damages resulting from the services, caused by negligence, up to the total amount of fees paid for the services, in the performance of which the damages were caused by L&M. L&M, however, excludes any liability for damages stemming from a failure on the part of the client to fulfil its obligations and for indirect or consequential damages such as lost profits and third party claims.
9. Protection of data files
With each contact to the internet and in particular the signing-in to our web site and the usage of our web-services certain technical data tracks are being recorded on the web-server. In doing so, data from your PC, Laptop or mobile end-applications resp. internet browsers, are being submitted to our web-server in so called log-files.
L&M is recording the content of the log files for statistical usage and to verify the compliance with the General Terms & Conditions (GT&Cs ).
The compiled personalized (salary) data are being recorded by L&M and their contract data processor (webhoster) on special protected servers within Switzerland, for a limited period of one month only. In order to avoid the loss and misuse of data, L&M is implementing extensive technical and organisational security measures, according to the current state of technical knowledge. However, L&M refers to the possibility that, according to the structure of the internet, the rules and regulations of data protection and the above-mentioned security measures could be disregarded by unknown persons / institutions, which are beyond L&M’s responsibility.
10. Data protection
The Additional agreement for the order prices sing in respect of data protection of L&M is applied and completes the ”General Terms and Conditions of Business (GT&Cs)” of Landolt & Mächler Consultants AG, if and insofar as the underlying European General Data Protection Regulation (EU2016/679: GDPR) or the Swiss federal data protection act are applicable with respect to the processing of personalized data as applied by L&M and ordered by the client.
11. Final provisions
The contract resulting from the order or individual rights derived from it may only be transferred to third parties with the prior written approval of the other party to the contract.
The parties are prohibited for the entire duration of the contract from headhunting any individuals involved in the assessments.
Modifications and/or amendments to the contract must be in writing in order to be valid.
For the contractual relationship between the client and Landolt & Mächler Consultants AG the version in German language of these General Terms and Conditions of Business (GT&Cs, part A) and the Additional agreement of the order processing in respect of data protection (part B) is exclusively contractually binding. The version of these documents in other languages provided by L&M have no binding character; they should only facilitate the reading.
The contract is subject to Swiss law.
In the event of a dispute, the parties shall seek to reach a mutual agreement before bringing proceedings before a judge. Should such an agreement be impossible, the jurisdiction of Zug is hereby selected.
Hünenberg, January 1th 2019
Addendum to the General Terms and Conditions of Business (GT&Cs) of Landolt & Mächler Consultants AG, Hünenberg:
B: Additional agreement of the order processing in respect of data protection (according to EU-GDPR)
1. Order processing
(a) L&M is processing personal data as processor of agreed services (sevices) by order of the client (processed data).
(b) If there are no deviances to this agreement the stipulated rules apply to the service agreement.
2. Object and duration of agreement
(a) Subject matter, type and purpose: The subject matter of the data processing, type and purpose are based on the service agreement.
(b) Categories of personal data: Data of client’s employees; the relevant data follow from the respective service agreed upon.
(c) Involved persons: Employees of the client.
(d) Duration: The order commences with the effective date of the service agreement and is terminating with the end date of the agreement.
(e) Termination: The client may terminate the agreement any time without observing a notice period, if there is a severe breach of the processor of the terms of the agreement or if the processor is unable-or unwilling to fulfil the instructions of the client, which are in line with the agreement or if the processor refuses, contrary to the contract, the control rights of the client.
3. Position of client
(a) The client is – based on the applicable legal provisions - responsible for the accurate permissible ascertainment, processing and use of the data, inclusive of establishing the necessary transparency and the fulfilment of the legal rights of the data subject, (such as the right of access, rectification and erasure )based on the applicable requirements of the laws. The ordering party ensures that the prerequisite (collect, edit and use) of the data privacy laws between the ordering party and the involved persons are verifiable and available.
4. Duties of the processor
(a) Adherence to instructions:
(b) The processor is obliged to use the data exclusively for rendering the services and to follow the instructions of the client, However, deviant obligations of the applicable law (e.g. binding instructions of the competent legal authorities)are reserved, for which the client must be informed as early as possible, if this is legally possible.
(c) The instruction right is concretized by the service agreement and by this agreement. Instructions beyond the mentioned agreements are only binding for the processor, if they are necessary for the compliance with mandatory data protection requirements In case the client, in the context of the services, is able to directly interact with the data, instructions have to be given in this mode. Other instructions must be submitted in text form (e.g. in writing, per fax or E-Mail), with the reservation, of oral instructions to be confirmed in writing in case of urgency.
(d) The processor informs the client, if in his opinion an instruction is in conflict with data protection regulations. However, the processor is not obliged to verify the client’s instructions. Confidentiality: The processor is obliged to treat the data on a confidential basis and to allow access of data only to persons who need access to the data for the fulfilment of their duties.. He ensures that all employees with access to the data are subject to the legal or contractual confidentiality.
(e) Place of data processing: The data processing and the utilization of data are exclusively carried out in Switzerland.
(f) Processing records: As far as the processor is legally obliged to keep processing records or similar records, the processor must hand out them to the client upon request, if they are related to data.
(g) Restitution and erasure obligation: Once the service agreement has been terminated the processor must upon request from the client return all the operating data, all delivered data carriers and, in return of reimbursement, the data carrier media. Otherwise, the processor has to definitively delete all the data, however under the reservation of an opposing statutory duty.
5. Data security
(a) Security measures: The processor initiates, the technical and organisational measures described in Addendum 1, to protect the data (security measures). The client has verified these security measures and he considers them as adequate and sufficient. The processor has the right to modify the security measures, provided that the security level is not being lowered.
(b) Notice of breaches: If concrete assumed or noticed breaches of protected data (including by a breach in the sense of. Art. 4 No. 12 GDPR, as far as the GDPR is applicable to the data) are immediately reported by the processor to the client, and in each case with the designated information as stated under Art. 33 Abs. 3 GDPR (whereby such information can also be submitted in step like arrangement insofar as they are not immediately known.)
(a) Pre-requisite: The processor may sub-contract data processing to sub-contractors, provided however the processor agrees with the sub-contractor an enforceable agreement, which corresponds with the underlying agreement. The processor is liable to the client with regard to the compliance of the sub-contractor with the obligations.
(b) Approval: Addendum 2 lists all existing sub-contractors with access to client’s data. Prior to a change of a sub-contractor relationship, the client must be informed in writing or per E-Mail. If the client is not responding with sound negative reasons in writing or via E-Mail within three weeks, the proposed change of sub-contractor is valid.
7. Inspection rights
(a) Based on a reasonable judgement and on request by the client the processor shall initiate controls of the security measures. On request of the client, the processor responds in supplying a summarized test report accordingly. Should the inspection report not fulfil the legal control obligation, the client may, after the notification and during the usual business hours, request from the processor a data check on the compliance with the security measures and the correct data processing, on-site at the location of the processor and request the documents needed for the control. The control may be performed by representatives of the client, who are subject to confidentiality.
(a) Data security etc.: The processor is supporting the client in an adequate manner to comply with legal responsibilities with regard to data security and the reporting of data protection violations and for the performance of data protection impact assessment.
(b) Rights of data subject: If a data subject is contacting the processor in respect of a data privacy protection claim (e.g. right of access- or erasure request), the processor is forwarding such a request immediately to the client. The processor gives adequate support in handling such a request; if needed, assistance is provided for the compilation of the required data and information.
(c) Information responsibility: Control activities and other procedures from the data protection supervisory authorities must be reported to the client immediately, if the data of the client or the systems for processing the client’s data are involved.
(d) Cost compensation: The processor may charge disbursements of designated support activities as outlined in this paragraph 8, without surcharge, if the respective obligation is not already contained in the service agreement. However, the processor is not entitled to refuse support.
The liability of the parties is based on the General Terms & Conditions of Business (GT & Cs)
Addendum 1: Security arrangements
Schedule of arrangements or reference to a document with relevant specifications:
Addendum 2: Sub-contractor
Schedule of existing sub-contractors e.g. Microsoft etc. with name, location and reference to the activity:
Hünenberg, January 1th, 2019