1. Introduction
The Controller within the meaning of the GDPR (hereinafter "we","us/our") shall take appropriate measures to protect your privacy and the security of your personal data. This privacy notice describes how we collect, use, store, and disclose your personal data when you visit our websites, use our products and services, or interact with us.
In the context of providing our products and services, we also act as a Processor. The clauses that regulate the data processing we made as a Processor in the provision of our products and services are available in the Data Processing Agreement.
2. Information and Contact details of the Controller
The Controller is:
InterNetX GmbH
Johanna-Dachs-Str. 55
93055 Regensburg
Germany
Email: datenschutz@internetx.com
You can reach our Data Protection Officer at:
InterNetX GmbH
Data Protection Officer
Johanna-Dachs-Str. 55
93055 Regensburg
Germany
E-Mail: datenschutz@internetx.com
3. What Data We Process
We may process various types of personal data about you, including but not limited to:
- Identity Data: Name, username, title.
- Contact Data/Inventory Data: Contract data such as billing address, delivery address, email address, phone numbers.
- Financial Data: Payment details, bank account details.
- Transaction Data: Details of payments to and from you, and details of products and services you have purchased from us.
- Technical Data: IP address, browser type and version, operating system, device information.
- Profile Data: Username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
- Usage Data: Information about how you use our website, products, and services.
- Marketing and Communication Data: Your preferences for receiving marketing communications from us and your communication preferences.
4. How We Process Your Data
We process your data in various ways, including but not limited to:
- Direct Interactions: You give us your data when you create an account, order products or services, fill out forms, visit our website, contact us, or provide feedback.
- Automated Technologies or Interactions: We collect data about your devices, browsing actions, and patterns when you use our website, through cookies and similar technologies.
- Third parties or publicly available sources: We may receive personal data about you from various third parties and publicly available sources (e.g., through business partners or web crawling).
5. How We Use Your Data
We use your personal data for the following purposes:
We process your personal data to fulfill our contractual obligations and to ensure smooth use of our offers. This includes, among other things, the collection of inventory data, payment information, and usage data. This data is used to manage your orders, provide technical support, and continuously improve our services, as well as to implement any changes you make in the customer area.
If you intend to become our business partner, we generally process your contact information, company data, and contract-specific information. We use this information to manage participation in our programs, to fulfill contracts, to facilitate communication, and to optimize collaboration.
For this purpose, we process your personal data such as your name, contact details, and payment information. This data is necessary to process your orders, secure the payment process, and ensure a smooth purchase transaction. In addition, we also use this data to provide you with invoices.
We process your personal data such as name, contact details, communication history, and the content of your inquiry to customer support. This information is necessary to efficiently process your request and to ensure the desired support.
To manage and authenticate your account, we process personal data such as your name, email address, and login information. This data is necessary to secure access to your account, verify your identity, and enable you to use our services in a personalized way.
To improve and personalise our website, we process data such as usage behavior, IP addresses, and cookies. This information helps us to optimize the functionality of our website, adapt content to your interests, and offer you a personal user experience. You can find more information in our Cookie Policy under point 14.
To send you marketing communications or for telephone advertising, we process your inventory data and your usage data. We use this information to inform you about our products, services, and offers that might be of interest to you. You can find more information about our marketing activities in particular under point 6.
We process your contact data, such as your email address or postal address. This data is used to ensure that you receive important information about your contracts and our services. For example, we send you information about the function and use of your products, contract extensions, or price adjustments.
We process your personal data to comply with legal obligations, in particular to fulfill tax, accounting, and record-keeping obligations, as well as to comply with regulations for combating money laundering and terrorist financing, and if necessary, also due to official orders in connection with the relevant telecommunications laws. In addition, in certain cases, we are also obliged to address complaints about customer pages due to the Digital Services Act (DSA).
In this context, we process your personal data, such as contact details and contract information. This data is necessary to fulfill our contractual obligations, ensure contract execution, and enforce our claims in the event of payment defaults.
For fraud prevention and prevention of payment defaults, we process certain personal data, including transaction and payment information. This data processing helps us to detect suspicious activities, minimize risks, and ensure financial security for both you and us. We check whether there are indications of misuse of our web service or attempted fraud by means of the terminal device you are using during your online order. In addition, your device data is compared with data from devices from which fraudulent acts have been carried out in the past or where there was a corresponding suspicion. As a rule, employees of IONOS or a service provider also manually check the results at relevant points.
For Business Intelligence analyses, we process data to gain insights that help us optimize our business processes and make strategic decisions. We use aggregated and anonymized data whenever possible to identify trends and improve the efficiency of our services.
To improve our products and services, we process information such as feedback, usage data, and market analyses. This data helps us to optimize our offers, develop new functions, and continuously improve your customer experience.
We process your personal data for the purpose of conducting free product tests. We use your registration data, such as your name, contact details, and other login information, to enable you to access the product test and to send you advertisements for the same or similar products via email.
We process your personal data for registration and participation in raffles. Further information on data processing within the scope of the raffle can generally be found in the respective terms and conditions of participation for the raffle.
6. Data Processing for Marketing Purposes
We also use your personal data for marketing purposes to provide you with individualised offers and information about our products and services. In doing so, we are guided by our legitimate interests in strengthening our customer relationships and continuously improving our services and products. We also use machine learning to calculate individual product recommendations. Machine learning serves the purpose of efficiently and specifically directing advertising to our customers. The basis for the calculations is the respective usage behavior of customers within our websites and, if applicable, also the websites of the affiliated companies of IONOS Group SE. We have an overriding legitimate interest in optimising business processes or making products more appealing through the use of machine learning. However, to protect your data, we have anonymised all personal data as far as possible or implemented corresponding deletion routines.
To deliver targeted advertising in the form of ads on portals of our marketing partners, we also use services such as Meta Custom Audiences, LinkedIn Matched Audiences, TikTok Custom Audiences, Reddit Custom Audiences, and Google Customer Match. We transmit inventory data (email address, phone number, postal code, country) to our marketing partners. However, the data is not sent in plain text but is hashed in advance using the SHA-256 algorithm and then transmitted. The marketing partner then compares this with its own, identical data to then display targeted, personalised advertising in the form of ads on the respective marketing partner's portals or our affiliated companies.
Type of data:
- Inventory data (e.g., contract data such as email address, phone number)
- Information about your interactions with our services (e.g., pages visited, products purchased)
- Demographic data (e.g., age, gender) Your preferences and interests
- Usage data (data that arises when using our websites, services, and products, including analysis of click behavior)
Purposes of use:
- Sending newsletters and promotional emails
- Displaying personalised advertisements on our websites and on other platforms
- Conducting customer surveys and market research
- Analysing customer behavior data to improve our products and services
- Telephonic contact for advertising purposes
- Use and training of AI
- Data transfer between affiliated companies
Legal basis:
The legal basis for processing your personal data for marketing purposes is our legitimate interest and the consent you have given for selected data processing.
Right to Object:
You have the right to object at any time to the processing of your personal data for marketing purposes. As a Customer you can change your settings for receiving newsletters, telephone contact, and advertising emails at any time through your customer account (Control Panel) or exercise your objection by emailing: datenschutz@internetx.com
7. Legal Bases for Processing
We process your personal data on the following legal bases:
- Contract Fulfillment: The processing is necessary for the performance of a contract with you or for the implementation of pre-contractual measures. Consent: You have given your consent to the processing of your personal data for specific purposes.
- Legitimate Interests: The processing is necessary for our legitimate interests, as long as your interests or fundamental rights and freedoms do not prevail. The legitimate interests we pursue include, in particular: financial interests, direct marketing, fraud prevention, use and training of AI, data transmission to affiliated companies, improvement of our technical infrastructure, improvement of our products/services and web presence, cost savings and process optimisation.
- Legal Obligation: The processing is necessary for the fulfillment of a legal obligation to which we are subject.
8. Disclosure of Your Data
We may disclose your personal data to the following categories of recipients if necessary:
Your data may also be shared with technology providers that offer various technical services to support and optimize the online offerings. This category includes providers of cookies and other tracking technologies, anti-fraud software such as reCAPTCHA, Friendly CAPTCHA, and fraud detection tools like Crif and ThreatMetrix, as well as companies that operate social media platforms, including Facebook Ireland Ltd., Twitter Inc., Google LLC, LinkedIn Ireland Unlimited Company, and Xing New Work SE.
This includes partners that assist in implementing digital marketing strategies, user data analytics, and audience analysis. Examples include Google Analytics for web analytics, HubSpot for CRM and marketing automation services, and other specialized marketing partners such as Meta, LinkedIn, and Reddit.
To offer a comprehensive service range, data is also shared as part of partnerships for product development and marketing purposes. Partners like Salesforce for CRM solutions, OpenAI for AI-powered services, or Atlassian for status information services fall into this category. Additionally, we utilize payment processors such as PayPal, domain- registrars, debt collection agencies, and service providers in customer service.
In compliance with legal obligations, data may be shared with government authorities, judicial bodies, or other official entities, both for meeting legal requirements and protecting the company's rights.
Within the corporate group, data exchange may occur with affiliated companies of IONOS Group SE or United Internet AG to optimize administrative processes and services.
9. International Data Transfer
We may transfer your personal data to countries outside the European Union (EU) and the European Economic Area (EEA). In such cases, we will ensure that appropriate safeguards are in place to protect your data in accordance with legal requirements, unless you have given us your consent for the data transfer in individual cases.
10. Data Security
We have taken appropriate security measures to protect your personal data from loss, misuse, unauthorised access, disclosure, alteration, or destruction
11. Data Storage
We generally store your personal data only for as long as is necessary for the purposes stated in these privacy notices or as we are obligated or entitled to do so due to legal retention periods. For example, we store your personal data for the duration of a contract concluded with you. If, on the other hand, data processing is based on the legal basis of consent or a legitimate interest, we generally store your data until you issue your withdrawal or objection.
Further information on case-specific retention periods is listed below as examples.
Contract data: Stored for the duration of the contractual relationship and beyond, provided that legal retention obligations (e.g., 10 years due to tax and commercial law provisions) exist.
Invoice data: Until the termination of the contract and beyond, to comply with legal obligations (up to 10 years). Chat and Communication data/Telephone recordings: Chat - or Conversation histories are stored for 90 days. If a chat or a phone call leads to a contract, the relevant part is stored for the duration of the contract + legal period if necessary (up to 10 years).
Raffles: Data processed within the framework of raffles is generally deleted after the raffle ends, unless further retention periods exist or the participant has consented to the further use of the data.
Information requests: If data subjects assert their right to information against us, we store the data for the duration until the complete information is provided and beyond for up to 3 years.
Contact forms/contact points: Data processed within the framework of inquiries via contact forms or contact points is generally stored until the inquiry is fully processed, unless there are further legal retention periods.
Analysis and tracking data: Data used to improve services is generally stored for a short time, e.g., for the duration of the cookie lifespan.
Security and fraud prevention data: Generally stored for up to 6 months. However, longer storage periods are possible for specific purposes.
Friendly Captcha and reCAPTCHA data: Stored until the purpose is achieved (security check).
Marketing data: Is generally stored until an objection is raised.
AI-based data: Generally, this is aggregated data. If personal reference cannot be excluded, the data is stored until the purpose is achieved and then deleted.
Marketing and newsletter data: Stored until the withdrawal of consent or fulfillment of the purpose.
Evaluation and survey data: Until the termination of the contract or fulfillment of the purpose, such as at the latest 24 months after a survey for its improvement.
Google Analytics and similar tracking services: Limited in time by cookie settings or until the withdrawal occurs.
Comments in blogs: Comments remain until the blog is deleted or the comment is deemed legally questionable.
Webinars and demos/product tests: Data is stored until the webinar/demo or product test is conducted and may be used for follow-up communication.
Cloud data and IT services: Storage until deleted by the user or at the end of the contract CDN and web services: Data is stored until the termination of the service or by the user's deletion request.
Logfiles and temporary storage data: Often between a few days and a maximum of 60-90 days, depending on the specific security or operational needs.
12. Automated Decision-Making/Profiling
No automated decision-making including profiling, takes place that has legal effect on you or significantly impairs you, unless this is permitted by law.
13. Your Rights
You have the following rights regarding your personal data:
- Right to Access: You have the right to request information about your stored data.
- Right to Rectification: You have the right to correct inaccurate data.
- Right to Erasure: You have the right to request the deletion of your data.
- Right to Restriction of Processing: You have the right to restrict the processing of your data.
- Right to Data Portability: You have the right to receive your data in a portable format.
- Right to Object: You have the right to object to the processing of your data.
- Right to Withdraw Consent: You have the right to withdraw a previously given consent at any time.
- Right to Lodge a Complaint with a Supervisory Authority: You also have the right to lodge a complaint with a competent data protection supervisory authority at any time.
To exercise your rights, please use the contact information provided under point 2.If you are a client, you can also check and modify your personal data at any time in the Control Panel/Customer Area tool.
14. Cookies and Similar Technologies
We use cookies and similar technologies to improve and personalise your experience on our website, as well as to display targeted advertising. For more information, please refer to our Cookie-Policy.
15. Changes to these Privacy Notices
We may update this privacy notice from time to time. The current version will be published on our website and will take effect as soon as it has been updated.
This English language translation of the General Terms and Conditions serves for informational purposes only and has no legal authority. The decisive text is the version written in German. Therefore, in case of differing interpretations between the German and English versions, the German version shall take priority.
1. General
(1) These Special Terms and Conditions shall apply for all contracts regarding domains concluded between InterNetX GmbH (hereinafter, "InterNetX") and their customers. InterNetX may make amendments to these Special Terms and Conditions to the extent that these amendments are required, due to subsequent disturbances in the equivalency and/or subsequent gaps in the contract because of changed circumstances (i.e. ineffectiveness due to changes in statutory provisions and case law, respectively), and the amendments are not unreasonable for the customer. InterNetX shall inform the customer of such amendments either in writing or electronically (usually in the form of a revised version of these Special Terms and Conditions). Also, the customer should be aware that any amended terms and conditions will be part of the Agreement between the parties if the customer does not object to the amendment within a period of one month from receiving notice. If the customer objects to the amendment, each party shall have the right to terminate the Agreement on the date the amendments are valid. If the customer does not object, all amendments shall be deemed accepted. In addition to this, reference is made to §2(1).
(2) As different top-level domains are subject to a variety of different worldwide regulations, further contractual bases are the registration conditions of the individual Network Information Centers (hereinafter, "Registries"); therefore, the conditions of the responsible Registry for the respective top-level domains are expressly part of each individual contract regarding Registrations of relevant sub-level domains. In the event the customer breaches these Conditions, InterNetX reserves the right, in its sole discretion, to not register the domain, to not transfer the domain, to transfer the domain against the will of the owner to a third party, or to delete the domain. For example, according to some individual conditions, there cannot be an unlimited number of sub-level domains registered/used, and country specific regulations must be observed (i.e. concerning the owner of the domain), or a change of provider (hereinafter, "Transfer") is not allowed or is allowed only under certain strict requirements; therefore, InterNetX advises the customer that the transmission or implementation of the Registration of a sub-level domain name can only be ensured within the framework of the applicable conditions. In addition, an order for the Registration may be refused if the Registration creates the impression that it violates legal regulations, violates the registration requirements of the responsible Registry or is against the legitimate interests of InterNetX.
(3) Since the relevant Registries may periodically amend their registration conditions and InterNetX is unable to influence this, InterNetX will make these amendments available at https://www.internetx.com/en/tld-registration-conditions/ as soon as it becomes aware of the relevant amendments; here, one can find a non-binding (informational) review of the individual registration conditions of individual top-level domain Registries, which are made available by InterNetX, as well as links to the original binding versions of registration conditions. InterNetX is contractually obligated by the individual Registries to disclose their registration conditions to the customer; if the customer acts as a sub-provider/reseller, the customer is accordingly obliged to disclose this information to their customers. The following shall apply:
To the extent that .de domains are the subject of the contract: In addition to these Special Terms and Conditions, the registration conditions, registration policies and direct price lists of DENIC eG (Inc.) shall also apply. If the customer is a sub-provider/reseller, the customer assures to provide to its customers the registration conditions, registration policies and direct price lists of DENIC eG. He should make it clear that the domain Registration is a separate contract between the customer and DENIC eG, and, for reasons of ensuring permanent domain ownership, the DENIC-direct price list is only valid in case the relevant Internet Service Provider has not met its payment obligations to DENIC eG. The customer shall reimburse InterNetX for all damages and shall indemnify InterNetX from all claims and other damages which may arise from non-compliance with the aforesaid provisions or when its customers have not satisfied their obligations to cooperate. This also applies for any possible claims raised by the end customer against InterNetX. If the contract concerns the Registration of domains under the top-level domains of .com, .net, .org or other generic top-level domains (i.e. .info, .biz, .name, etc.), the customer accepts the policies of ICANN, and, where appropriate, the guidelines and registration and assignment conditions of the relevant domain organization, particularly in disputes over the domain due to trademark violations, naming rights and other proprietary rights. The customer can find further relevant ICANN terms and/or conditions within the Uniform Domain Name Dispute Resolution Policy (UDRP). The same applies with regard to the Registration of other top-level domains (i.e. .at-, .ch-, .it-, .dk- or .co.uk domains). If the customer acts as a sub-provider/reseller, the customer assures that it will disclose the relevant registration conditions to its customers. When the customer acts as a sub-provider, all direct communications and inquiries from InterNetX or the relevant Registry (i.e. by DENIC) shall be forwarded to its customers immediately, and other communications shall be forwarded within a reasonable period of time. The customer shall keep and maintain the Registration documents in a verifiable manner for the duration of the contract between the Registry and the customer and shall observe the legal retention periods in accordance with data protection regulations. Upon request of the sub-provider, he shall deliver the Registration documents to InterNetX or to the individual Registry (i.e. DENIC).
2. Duties of InterNetX/ Service Changes
(1) Insofar as DENIC eG (Central Registry for German Internet addresses), or other Registries, amend their pricing models and their pricing for domain names, InterNetX is entitled to adjust the charges to the customer accordingly and the change shall take effect without separate notice. If the customer finds such an adjustment to be unreasonable, the customer shall be given a special termination right relative to the effective date of the amendment.
(2) As far as the Registration of a domain is the subject of the contract, InterNetX only has the duty to apply for the domain at the respective Registry. The customer bears the risk of the domain not being registered by the respective Registry. Furthermore, InterNetX is not obliged to check the availability of a domain or compliance with the registration conditions of the relevant Registry. Therefore, it is within the customer’s own interest to check whether (and possibly how) the domain is still available before each application. In addition, particularly with domains other than .de domains, any delay for the Registration of the domain name is the responsibility of the customer or of the contracting authority (Registry), and no responsibility will be assumed.
3. Price and Payment, Default
Unless otherwise stated in the individual contract to the contrary, the fees will be invoiced according to the scheduled price list. The price is first due at Registration, in the case of a Transfer at the start; upon renewal of the contract the agreed administrative fees for the further year (including extension of the expiration) will be collected annually in advance, payable no later than the first business day of each additional year. An agreed upon monthly regular fee will also be collected in advance; one-time fees and other variable fees shall be collected after the completion of the service. InterNetX is authorized to carry out the Registration of domain names only after receiving payment of the fees due for this purpose. In addition, InterNetX is entitled, pursuant to §320 of the German Civil Code (BGB), to assert a right of retention on the domains so long as all payment claims are not fulfilled. InterNetX reserves the right to assert further claims due to a default in payment.
4. Customer’s Duties and Obligations
(1) The customer ensures that all data provided by him are current, accurate and complete. In particular, it is important that the information required in the application for the purpose of registering a domain name be accurate and truthful and complies with the applicable policies of the Registries. In the case of a Transfer, the customer is required to submit a written consent from the domain owner before the start of the Transfer. The customer shall immediately notify InterNetX of any changes in the customer’s data. Upon request from InterNetX, the customer will be required to confirm the current accuracy of the communicated data. (2) The customer will examine within its means the proper provision of service by InterNetX; for domain Registration orders, the customer is responsible for ensuring the technical requirements for the connection of the domain, checking to the proper Registration of the domain as well as the functional capability of the internet access immediately after Registration, and for .de domains, ensures that the information published under https://www.denic.de/webwhois/ is correct and immediately informs InterNetX about any errors and faults with regard to the information. The same applies to other domains (i.e. with respect to information published by other Registries). (3) When registering domains, the customer is obliged to comply with the registration conditions or other guidelines/policies of DENIC and/or other Registries. If the customer is acting as a reseller of a domain, the customer shall be responsible to InterNetX for ensuring that these obligations (i.e. DENIC Registration Conditions) are passed on to its own customers; in the case of .de domains, the customer shall advise its customers that it can carry out the Registration of domain names as a representative on behalf of its customers and such domain name Registration shall lead to the immediate domain name ownership by the end customer. Moreover, the customer accepts the policies of ICANN, especially with regard to disputes over the domain due to infringements of trademarks, naming rights and other proprietary rights (i.e. Uniform Domain Name Dispute Resolution Policy).
5. Limitation of Liability and Claims
Because the application/Registration of domain names is an automated procedure initiated by the customer, InterNetX is not liable for circumstances outside its area of responsibility; therefore, the customer can only assume an actual allocation when the customer successfully carries out the obligations set forth in §4(2). InterNetX is excluded from any liability for the allocation of domain names ordered because of the intermediate allocation of the domain name by another party. InterNetX, against the background of any liability consequences, reserves the right to delete insulting, discriminatory or legally questionable content, or to permanently block the relevant web page at the customer’s expense or to return the domain to the respective Registry (the relevant N.I.C.).
6. Data Protection
InterNetX advises that while performing the contract, especially for the registration of domains, personal data (i.e. name, address) will be stored. For the purposes of performing the contract, this data may also be transmitted to third parties and will be published in the usual scope of identifying the owner of the domain (including any public query options in the Whois database). If the customer acts as a reseller, it should not transfer its customers’ data to third parties without the consent of its customers or unless this is mandatory for domain name Registration (i.e. such as publication of the data in the Whois database).
7. Termination
Provider service contracts run for an initial minimum contract period (usually for one year; see the individual contract). If the contract termination is not received in time at the end of the contract period, the contract will be extended by another year. The ordinary termination notice deadline is one month before the end of the contract period. The receipt of the termination notice shall be on or before this deadline. Early extraordinary termination procedures remain untouched for cases of good cause, especially those listed in §2(3) and §3(6) in the General Terms and Conditions. For InterNetX, a further good cause is when the customer has domain Registrations that are shown to be in substantial violation of the Uniform Domain Name Dispute Resolution Policy (UDRP).
8. Final Provisions
(1) There shall be no additional oral agreements to these Special Terms and Conditions. In accordance with §1(1) of these Special Terms and Conditions, any changes or amendments must be made in writing.
(2) If any provision of a contract concluded on the basis of these Special Terms and Conditions or if any provision within these Special Terms and Conditions is deemed invalid, the remaining provisions within these Special Terms and Conditions shall remain untouched and are still enforceable. In such a case, the parties will be obliged to replace the ineffective term and condition with a valid one that reflects the economic purpose of the ineffective provision.
This English language translation of the General Terms and Conditions serves for informational purposes only and has no legal authority. The decisive text is the version written in German. Therefore, in case of differing interpretations between the German and English versions, the German version shall take priority.
1. General
These Special Terms and Conditions shall apply for all contracts regarding servers concluded between InterNetX GmbH (hereinafter, "InterNetX") and their customers. InterNetX may make amendments to these Special Terms and Conditions to the extent that these amendments are required, due to subsequent disturbances in the equivalency and/or subsequent gaps in the contract because of changed circumstances (i.e. ineffectiveness due to changes in statutory provisions and case law, respectively), and the changes are not unreasonable for the customer. InterNetX shall inform the customer of such amendments either in writing or electronically (usually in the form of a revised version of these Special Terms and Conditions). Also, the customer should be aware that any amended terms and conditions will be part of the Agreement between the parties if the customer does not object to the amendment within a period of one month from receiving notice. If the customer objects to the amendment, each party shall have the right to terminate the Agreement on the date the amendments are valid. If the customer does not object, all amendments shall be deemed accepted.
2. Duties of InterNetX
(1) InterNetX provides its services on the basis of the current general state of the Internet and, in particular, the technical, legal and commercial framework for use of the Internet, and InterNetX is not responsible to keep up to date with the cutting edge state of the art. Accordingly, it is not possible to extend a customer’s use of the Internet according to any cutting edge state of the art technical developments, especially when already committed to an unchanged level of charges.
(2) The subject matter, scope and specifications as well as any special system requirements arise primarily from the individual contract and its annexes, followed by these Special Terms and Conditions and any other special arrangements. The individual contract is only valid if the customer has given a legally valid direct debit mandate, unless the parties have agreed to a different provision regarding payment. Up to this point, the customer has no right to demand fulfillment, but InterNetX may provide that service as an advance performance. InterNetX is authorized to make the connection only after the payment of the fees is made. It is expressly agreed the activation will be on the earliest possible date.
3. Price and Payment, Default
If the customer exceeds the fixed scope of use contractually agreed upon (i.e. traffic), the customer is obliged to pay the relevant and reasonable additional fees. If the customer only partially uses the services, the customer is not entitled to a reduction in the fees unless the customer is entitled to a right of reduction under §4(3).
4. Customer’s Duties and Obligations/ Accountability
The customer is obliged to provide the necessary technical infrastructure (i.e. hardware, software, TCP/IP, browser, modem, telecommunications link, etc.) required for using the services of InterNetX. The customer is also obliged, as far as not contractually regulated, to provide for the general administration required in handling the services made available by InterNetX. The customer ensures that all data provided by him is correct and complete. The customer is solely obliged to transmit correct (complete and accurate) data records. The customer must also ensure that its scripts and programs located on InterNetX servers are free of errors that could interfere with the performance of services by InterNetX; incidentally, the administration of the server is also the customer’s responsibility, unless governed differently by the contract (i.e. fully managed server). Moreover, the customer is responsible to ensure that all data introduced by the customer into the network in relation to the contract does not violate any third party rights. In particular, the customer is responsible for any content/information on its dedicated servers. The customer is obliged not to offer or disseminate copyright infringing materials. The providing of P2P file-sharing services, download services or streaming services which could be used for any dissemination of copyright infringing materials is not permitted. In addition, it is prohibited to provide links that direct to P2P file-sharing services, downloading services, streaming services or their contents. In case of breaches, InterNetX reserves the right to disconnect the server from the network without notice and to terminate the contract immediately without prior notice. Also with a material breach of other obligations (i.e. violation of prohibition of spamming; internet websites with abusive, discriminatory, racist content; etc.), InterNetX is entitled to, at its sole discretion, immediately, in full or in part, temporarily lock access to the internet or to immediately disconnect the server from the network temporarily. This also applies if InterNetX is made aware of legal violations by third parties.
5. Termination
(1) Provider service contracts run for an initial minimum contract period (usually for one year; see the individual contract). If the contract termination is not received in time at the end of the contract period, the contract will be extended by another year. The ordinary termination notice deadline is three months before the end of the contract period. The receipt of the termination notice is decisive.
(2) Early extraordinary termination procedures remain untouched for cases of good cause, especially those listed in §2(3) and §3(6) in the General Terms and Conditions. For InterNetX, a further good cause is when the customer is in arrears for two consecutive months, or owes a substantial portion of the compensation due, or for more than a two-month period owes an amount equal to at least a bi-monthly payment.
6. Final Provisions
(1) There shall be no additional oral agreements to these Special Terms and Conditions. In accordance with §1 of these Special Terms and Conditions, any changes or amendments must be made in writing.
(2) If any provision of a contract concluded on the basis of these Special Terms and Conditions or if any provision within these Special Terms and Conditions is deemed invalid, the remaining provisions within these Special Terms and Conditions shall remain untouched and are still enforceable. In such a case, the parties will be obliged to replace the ineffective term and condition with a valid one that reflects the economic purpose of the ineffective provision.
Additional Terms and Conditions For Data Processing Services under the Directive (EU) 2020/1828 (Data Act)
applicable from 12.09.2025
A. General
Agreement
1. Customer and Provider agree that Provider will make available to Customer certain Services on and in accordance with the terms of this Agreement – consists of the following documents including any amendment thereof or supplement thereto, as well as all acts related to performance of the agreement(s), including without limitation its Annexes (hereinafter collectively referred to as the ‘Agreement’):
A. General, with Annex Definitions [link];
B. Switching & Exit [link], with Annex Switching & Exit Plan;
C. Termination [link];
2. The aforementioned documents separately and collectively form an integral part of the Agreement. Any reference to the Agreement shall be deemed to include a reference to said documents.
3. The agreement between Parties on the above supersedes and replaces any previous arrangement, understanding or agreement, whether written or oral, between the Parties with respect to the subject matter in the aforementioned documents. Any matters not covered by these Agreement will be governed by the general terms and any other applicable terms for the Client's services.
Definitions
4. The definitions used and applicable in the Agreement are set forth in the Annex Definitions, hereunder.
(2) Vertragsgegenstand, Leistungsumfang bzw. Leistungsbeschreibung sowie ggf. besondere Systemvoraussetzungen ergeben sich detailliert vorrangig aus dem jeweiligen Einzelvertrag bzw. dessen Anlagen, Besonderen Vertragsbedingungen oder sonstigen Sondervereinbarungen. Der Einzelvertrag kommt wirksam erst zustande, wenn der Kunde eine rechtswirksame Einzugsermächtigung erteilt hat, es sei denn die Parteien haben verbindlich etwas Abweichendes vereinbart. Bis zu diesem Zeitpunkt hat der Kunde keinen Erfüllungsanspruch; InterNetX ist jedoch berechtigt, die Leistung als Vorleistung zu erbringen. InterNetX ist berechtigt, die Anschaltung erst nach Zahlung der als Anschlusskosten geschuldeten Entgelte vorzunehmen. Es wird ausdrücklich der "früheste Termin für die Anschaltung" vereinbart.
Miscellaneous
5. In case of any conflict or other dispute between Parties under or related to this Agreement, Parties will discuss and aim to amicably settle the matter at hand in good faith in line with Article 27 Data Act but without prejudice to any rights and remedies each Party may have.
Annex Definitions
The following definitions in this Agreement, will have the following meaning:
1. Annex means an annex, schedule or exhibit explicitly referenced in the Agreement;
2. Customer as defined in Article 2(30) Data Act: a natural or legal person that has entered into a contractual relationship with a Provider of Data Processing Services with the objective of using one or more Data Processing Services. For purposes of this Agreement, said Customer is the legal entity, person or organisation with whom Provider wishes to enter into, enters into or has entered into a legal relationship regarding providing Services by Provider, as well as related matters. There is no sectorial limitation under the Data Act, whether a Customer is part of the private, public, public-private or any other sector;
3. Data as defined in Article 2(1) Data Act. For easy reference: any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audio-visual recording;
4. Data Act means Regulation (EU) 2023/2854 (‘DA’);
5. Data egress charges as defined in Article 2(35) Data Act. For easy reference: data transfer fees charged to Customers for extracting their data through the network from the ICT infrastructure of the Provider of Data Processing Services to the system of a different provider or to on-premises ICT infrastructure;
6. Data Processing Service as defined in Article 2(8) Data Act. For easy reference: a digital service that is provided to a Customer and that enables ubiquitous and on-demand network access to a shared pool of configurable, scalable and elastic computing resources of a centralised, distributed or highly distributed nature that can be rapidly provisioned and released with minimal management effort or service provider interaction. For purposes of this Agreement, the said data processing services regard those provided or to be provided by Provider to Customer as agreed under the Agreement, not being Other Services;
7. Destination Provider as mentioned in Article 2(34) Data Act, means the destination provider of data processing services, whereby the Customer changes from using the Data Processing Services from Provider to using another data processing service of the same service type, or other service, offered by such different provider of data processing services, or to an on-premises ICT infrastructure, including through extracting, transforming and uploading the data;
8. Digital assets defined in Article 2(32) Data Act. For easy reference: elements in digital form, including applications, for which the Customer has the right of use, independently from the contractual relationship with the Data Processing Service it intends to switch from;
9. Exportable data as defined in Article 2(38) Data Act. For easy reference: the input and output data, including metadata, directly or indirectly generated, or cogenerated, by the Customer’s use of the Data Processing Service, excluding any assets or data protected by intellectual property rights, or constituting a trade secret, of the Provider or third parties;
10. Functional Equivalence as defined in Article 2(37) Data Act. For easy reference: re-establishing on the basis of the customer’s exportable data and digital assets, a minimum level of functionality in the environment of a new data processing service of the same service type after the switching process, where the destination data processing service delivers a materially comparable outcome in response to the same input for shared features supplied to the Customer under the Agreement;
11. Interoperability as defined in Article 2(40) Data Act. For easy reference: the ability of two or more data spaces or communication networks, systems, connected products, applications, Data Processing Services or components to exchange and use data in order to perform their functions;
12. Maximum Notice Period as defined in Article 25(2)(d) Data Act, and within that meaning further defined in the part Switching and Exit, as agreed between Parties under the Agreement;
13. Mandatory Maximum Transitional Period md as defined in Article 25(2)(a) Data Act, and within that meaning further defined in the part Switching and Exit, as agreed between Parties under the Agreement;
14. Metadata as defined in Article 2(2) Data Act. For easy reference: a structured description of the contents or the use of data facilitating the discovery or use of that data;
15. Minimum Period of Data Retrieval as defined in Article 25(2)(g) Data Act, and within that meaning further defined in the part Switching and Exit, as agreed between Parties under the Agreement;
16. Non-personal Data as defined in Article 2(4) Data Act. For easy reference: data other than Personal Data;
17. On-premises ICT infrastructure as defined in Article 2(33) Data Act. For easy reference): ICT infrastructure and computing resources owned, rented or leased by the customer, located in the data centre of the customer itself and operated by the customer or by a third-party;
18. Other Services means all professional services of whatever nature to be provided by Provider to Customer under the Agreement as defined therein, that are not Data Processing Services;
19. Party or Parties means Customer or Provider, respectively Customer and Provider;
20. Personal Data as defined in Article 4, point (1), of Regulation (EU) 2016/679 (General Data Protection Regulation (‘GDPR’));
21. Plan means the switching and exit plan referred to in the part Switching and Exit, as agreed between Parties under the Agreement;
22. Processing as defined in Article 2(7) Data Act. For easy reference) being: any operation or set of operations which is performed on data or on sets of data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or other means of making them available, alignment or combination, restriction, erasure or destruction;
23. Provider (or as also mentioned in Article 2(34) Data Act, Source Provider) means the source provider of data processing services being the legal entity with whom Customer wishes to enter into, enters into or has entered into a legal relationship regarding providing data processing services and other Services by Provider under the Agreement;
24. Same Service Type as defined in Article 2(9) Data Act. For easy reference) being: a set of Data Processing Services that share the same primary objective, data processing service model and main functionalities;
25. Services means both the Data Processing Services as well as all Other Services as agreed by Parties under the Agreement;
26. Service Fee means the fees due and owed by Customer to Provider as consideration for the provision of Services as agreed by Parties under the Agreement;
27. Switching as defined in Article 2(34) Data Act. For easy reference : the process involving the (source) Provider, a Customer of a data processing services and, where relevant, a destination provider of data processing services, whereby the customer of a data processing service changes from using one data processing service to using another data processing service of the same service type, or other service, offered by a different provider of data processing services, or to an on-premises ICT infrastructure, including through extracting, transforming and uploading the data;
28. Switching charges as defined in Article 2(36) Data Act. For easy reference: charges, other than standard service fees or early termination penalties, imposed by a provider of data processing services on a customer for the actions mandated by the Data Act for switching to the system of a different provider or to on-premises ICT infrastructure, including data egress charges.
B. Switching and Exit
1. Information
1.1. Before placing the order for the Data Processing Services, the Provider has provided the Customer with clear information about:
1.1.1 available self-service automated switching tools for such Services (“Switching Tools”) and the conditions of their use;
1.1.2 their standard service fees and, where applicable, early termination penalties;
1.1.3 the Switching Charges, including the fees for use the Switching Tools;
1.2. Annex 1 to this Part B of the Agreement includes:
1.2.1. an exhaustive specification of categories of Data and Digital Assets that can be transferred with the use of Switching Tools, including at a minimum all Exportable Data;
1.2.2. an exhaustive specification of categories of Data specific to the internal functioning of the Provider’s Data Processing Service that will be exempted from the obligation to export data where there is a risk of breach of the Provider’s trade secrets.
1.2.3.information on procedures for switching and porting with the use of Switching Tools, including methods and formats, restrictions and technical limitations, procedures, instructions, documentation, as well when applicable, best practices, capabilities, technical support which the Provider will make available to the Customer (especially during testing, preparation for switching and switching), including any hotlines available for the Customers during the switching or alternative communication channels, tests scenarios. This information must explain how to switch all Exportable Data and Digital Assets in a coherent and consistent way fast enough for an effective switching.
1.2.4. clear information concerning known risks to continuity in the provision of the functions or services on the part of the source Provider;
1.3. The Provider’s on-line register with data structures and formats, relevant standards and open interoperability specifications for Data is specified in Annex 1.
2. Initiation of the swichting process
2.1. The Customer must give the Provider a switching notice that it initiates the switching, observing the Notice Period. If the Customer wishes to switch only with regard to certain Services, Data or Digital Assets, it must specify that in the switching notice.
2.2. In the switching notice the Customer must inform whether it intends:
2.2.1. to switch to a different Provider of Data Processing Services;
2.2.2. to switch to an on-premises ICT infrastructure of the Customer; or
2.2.3. not to switch but only erase their exportable Data and Digital Assets.
2.3 The Customer's switching notice must be unambiguous for the Provider to initiate action and for any associated deadlines to commence.
3. Transition Period
3.1. When the Provider cannot respect the agreed Transitional Period of 30 days because this is not technically feasible, the Provider undertakes to:
3.1.1. notify in writing the Customer within 14 working days after receiving the notice for switching;
3.1.2. indicate an alternative Transitional Period, which must not exceed seven (7) months from the date of the Customer’s switching notice; and
3.1.3. give proper justification for the technical unfeasibility
3.2 The Customer may extend the Transitional Period once, for a period they consider more appropriate for their own purpose. In that case, the Customer must notify the Provider in writing of their intention until the end of the original Transitional Period and indicate the alternative Transitional Period.
4. Obligations of the Provider during the switching process
4.1. Within the scope of its obligations under the Data Act, Provider undertakes to provide reasonable assistance to the Customer and third parties authorised by the Customer once the switching process starts and throughout its duration so that the Customer can switch within the Mandatory Transitional Period. To this effect, the Provider must, in particular:
4.1.1 Act with due care to maintain business continuity and continue to provide the functions or services under the Agreement.
4.1.2. Maintain a high level of security throughout the switching process, in particular for the security of the data during their transfer
5. Customer’s obligations
5.1. The Customer undertakes to take all reasonable measures to achieve effective switching. The Customer undertakes to be responsible for the import and implementation of Data and Digital Assets in their own systems or in the systems of the Destination Provider.
5.2. The Customer or third parties authorised by them, including the Destination Provider, undertake to respect the intellectual property rights of any materials provided in the switching process by the Provider as well as Provider’s trade secrets.
5.3. In the context of data transfer, the Provider's primary obligation is to extract and make the data available to the Customer. This process may necessitate specific activities and cooperation from the Customer. To enable the Provider to fulfill its obligations, the Customer's active collaboration is required in certain instances. This may include, but is not limited to, the Customer's responsibility to provide adequate storage, access credentials, and cryptographic keys necessary for downloading the data via self-service mechanisms. Further detailed procedures and requirements for customer cooperation are available on the website specified in Annex 1.
6. Data retrieval and erasure of data
6.1. The Customer could retrieve or erase their data during the Agreed Period of Data Retrieval,which is 30 days.
6.2. At the end of the Agreed Retrieval Period, and if the switching process has been completed successfully, the Provider undertakes to erase all Exportable Data and Digital Assets generated by the Customer or related to the Customer directly, except for the Exportable Data which the Provider is obligated to store under mandatory EU or EU Member States laws.
7. Charges for the switching process and egress charges
The Provider reserves the right to charge the Customer switching fees within the scope permitted by the Data Act.
8. Termination of the switching process
8.1. As soon as the Customer notifies the Provider that the switching process is successfully completed, the Provider undertakes to notify the Customer immediately of the contract’s termination. This corresponds to Clause 5.1 in the Part on Termination. If the Customer will not confirm successful switching within 30 working days from such request, it is deemed that the switching was not successful and the Agreement will not be terminated and will continue on its existing terms.
8.2. If the Customer does not want to switch but rather to erase their Exportable Data and Digital Assets as per point 3.2.3 Initiation of the switching process above, at the end of the agreed Notice Period the Provider undertakes to notify the Customer of the termination of the contract.
Annex 1
(referred to in Clause 1.2)
1. Categories of Data and Digital assets that can be transferred including at a minimum all Exportable Data: Customer’s content data (ex. document, images, videos, databases), Customer’s data processed by applications (ex. CRM data, ERP data), Customer’s logdata, Customer’s configuration files, Customer’s virtual machine images, Customer’s metadata (incl. Customer’s file metadata, Customer’s system metadata, Customer’s database metadata), Customer’s communication data, Customer’s applications, Customer’s software licences, custom scripts and automation, Customer’s data schemas and models.
2. Categories of Data and Digital Assets specific to the internal functioning of the Provider’s data processing service, with risk of a breach of the provider’s trade secrets, which are exempted from switching : system architecture and design data, core software and platform code, security infrastructure and protocols, performance optimization and resource management data, operational and monitoring data.
3. Data and Digital Assets protected by the intellectual property rights of Provider or third parties, which are exempted from switching: software and algorithms, infrastructure and system configurations, internal operational data, brand and branding assets, derived and interferred data, operational know-how.
4. Information on procedures for switching and porting with the use of switching tools: Link
5. Known risks to continuity in the provision of the functions or services of the Source Provider: the services can generally continue to be used during the transfer. However, the following exemplary risks in particular in connection with dependence on third-party systems and customer input cannot be ruled out: post-transfer application compatibility issues, unexpected data volume or complexity, dependency on third-party integrations, lack of clear communication or coordination.
C. Termination
Definitions
To understand the key terms used in these part of the Agreement, we recommend that you first consult the section on “Definitions”, which are applicable for the whole Agreement. The terms in this part of the Agreement starting with capital letter are defined in the section “Definitions”.
Termination
1.1 The Agreement will be considered terminated between the parties when one of the following events has occurred in full:
1.1.1 Where applicable, on the successful completion of the switching process (‘Event A’). or;
1.1.2 At the end of the Maximum Notice Period where the Customer does not wish to switch but to erase its exportable Data and Digital Assets on termination of the service (‘Event B’).
Should Event A or B occur before the agreed minimum contract term expires, the Provider is entitled to retain fees already paid by customer or claim the remainder of the fees agreed for the minimum contract term in full as an early termination fee.
Termination of the Agreement if the switching process is successfully completed will be further detailed and otherwise arranged for in the Clauses 3.1 and 4.1.
In any case, the Customer should inform the Provider of its successful switching as set forth in Clause 4.1.
2.1. At its discretion, Customer will involve the Destination Provider on Customer’s behalf.
Termination Process
3.1 Successful completion of the switching process set forth in Clause 1.1.1 can only occur and will be (deemed) completed, after:
3.1.1. the [Maximum] Agreed Notice period (equal to the minimum contract term, but no longer than 2 months) has expired, and
3.1.2. the Transitional Period (max. 30 days) has commenced after the Notice Period has elapsed, Clause 1.1.1 applies, and the Switching and Exit Assistance set out in that clause must be initiated and completed;
3.1.3. the Data Retrieval Period has commenced after the termination of the Transitional Period, and;
3.1.4. the data erasure has been completed successfully after the expiry of the Data Retrieval Period or after the expiry of an alternative agreed period following the successful completion of the switching process.
4.1 As soon as the Customer notifies the Provider that the switching process is successfully completed, the Provider undertakes to notify the Customer immediately of the termination of the Agreement. If the Customer does not notify the Provider about successful switching or the lack thereof, it is deemed that the switching was not successful and the Agreement will not be terminated and will continue on its existing terms.
4.2. If the Customer does not wish to switch but rather to erase its exportable data and digital assets set forth in Clause 1.1.2 termination can only occur and will be deemed completed, if:
4.2.1. the [Maximum] Agreed Notice Period has expired, and;
4.2.2. the Customer has unconditionally and clearly asked the Provider to execute the Data Erasure, and in response the Data has been successfully erased.
4.2.3. At the end of the Agreed Notice Period the Provider undertakes to notify the Customer of the termination of the contract.
This English language translation of the General Terms and Conditions serves for informational purposes only and has no legal authority. The decisive text is the version written in German. Therefore, in case of differing interpretations between the German and English versions, the German version shall take priority.
1. General
These Special Terms and Conditions shall apply for all contracts regarding SSL Certificates concluded between InterNetX GmbH (hereinafter, “InterNetX”) and their customers. InterNetX may make amendments to these Special Terms and Conditions to the extent that these amendments are required due to subsequent disturbances in the equivalency and/or subsequent gaps in the contract because of changed circumstances (i.e. ineffectiveness due to changes in statutory provisions and case law, respectively), and the changes are not unreasonable to the customer. InterNetX shall inform the customer of such amendments either in writing or electronically (usually in the form of a revised version of these Special Terms and Conditions). Also, the customer should be aware that any amended terms and conditions will be part of the contract between the parties if the customer does not object to the amendment within a period of one month from receiving notice. If the customer objects to the amendment, each party shall have the right to terminate the Agreement by the date the amendments are valid. If the customer does not object, all amendments shall be deemed accepted. All goods and services of InterNetX for SSL Certificates shall be performed exclusively on the basis of these Special Terms and Conditions for SSL Certificates (BVB). Deviations, in particular oral agreements, shall require a written approval from InterNetX in order to be deemed valid. The use or partial use of services or products of InterNetX shall, in any event, constitute acceptance of these Special Terms and Conditions, even if the purchasing conditions of the contracting party exclude it.
2. Conclusion of Contract
Every contract regarding the issuance of a Certificate is concluded as part of a partnership agreement (Contract for SSL Certificates) or an individual order. With the submission of the Contract for SSL Certificates the customer tenders the conclusion of the contract, which InterNetX can accept by the creation of an account and the transmission of the access data for the SSL Manager. With each order to issue a Certificate, the customer concludes an additional contract with the relevant Certification Authority.
3. Duties of Customers/Partners
The customer/partner is particularly obliged to: a) assure to the accuracy of the data required for the issuance of a Certificate; b) use the Certificate as intended and to not misuse it; c) safely store, and to keep confidential, any access codes, passwords, etc. provided by InterNetX, and to protect said data against unauthorized access by third parties; and d) immediately give notice to InterNetX in case of loss or misuse of the provided access data.
4. Acknowledgment of the Subscriber Agreement
The customer hereby confirms that he has read and understood the "Certificate Subscriber Agreement" of the relevant Certification Authority. These are available as follows:
- DigiCert Subscriber Agreement – also applies for the sub-brands Thawte | GeoTrust | RapidSSL
- Global Sign Subscriber Agreement
- Sectigo Certificate Subscriber Agreement – also applies for the sub-brands PositiveSSL | Instant SSL
5. Offers, Prices, Terms of Payment
All offers are subject to change and are without obligation. The stated prices are for business-customers only and are without VAT. In principle, all invoices will be paid by direct debit, for which the customer has issued a legally valid direct debit mandate. However, InterNetX reserves the right, in its sole discretion, to accept an alternative method of payment (per invoice). If the customer is in default of payments, InterNetX shall have the right to revoke Certificates, in cooperation with the relevant Certification Authority, to terminate the contract, to charge the customer for the costs incurred, and, if applicable, to make a claim for damages.
6. Duration and Termination
The duration of the term of the contract regarding the issuance of a Certificate is determined by the validity of the Certificate. In general, the duration of a Certificate is for one year.
In particular, InterNetX shall have the right to revoke a Certificate, in cooperation with the relevant Certification Authority, without consent of the customer in the following cases:
- there is reasonable suspicion of misuse of the Certificate;
- the customer is in default with a not insignificant amount of payment; or
- the customer, when applying for the issuance of a Certificate, has given incorrect information to InterNetX.
In the event of a serious abuse of the issued Certificate, InterNetX shall be entitled to completely lock the customer’s access to its ordering system ("SSL Manager").
7. Limitation of Liability, Damages for Claims
In addition to §8 of the General Terms and Conditions, the following applies: the liability and claims for damages shall be limited in each case to the amount of the relevant contract value.
8. Data Protection
InterNetX will only use data provided by their customers for internal purposes and will not disclose any customer’s data to third parties, unless this is expressly requested by the customer or is necessary to perform the contract.
9. Final Provisions
(1) There shall be no additional oral agreements to these Special Terms and Conditions. In accordance with §1 of these Special Terms and Conditions, any changes or amendments must be made in writing.
(2) If any provision of a contract concluded on the basis of these Special Terms and Conditions or if any provision within these Special Terms and Conditions is deemed invalid, the remaining provisions within these Special Terms and Conditions shall remain untouched and are still enforceable. In such a case, the parties will be obliged to replace the ineffective term and condition with a valid one that reflects the economic purpose of the ineffective provision.
