Terms of Use
kameon GRC Reporting Portal

Version 1: Valid from July 2023

1. Preliminary remark
Thank you for using kameon’s cloud products! These Terms of Use for the kameon GRC Reporting Portal (HinSchG) (these “Terms”) set out your rights and obligations as a customer of our company, bbg bitbase group GmbH.
If you have any questions regarding these Terms of Use, please contact:

bbg bitbase group GmbH
Am Heilbrunnen 47
72766 Reutlingen
Telephone:    +49 (0) 7121 680849-0
Fax:           +49 (0) 7121 680849-99
Email:       mail@bitbasegroup.com
Internet:    www.bitbasegroup.com

2. Conclusion of the Contract
(1) If you are accepting on behalf of your employer or another legal entity, you represent and warrant that:

1. you have full legal authority to bind your employer or such a legal entity to these terms and conditions;
2. you have read and understood these terms and conditions; and
3. you agree to these terms and conditions on behalf of the party you represent. If you are not authorised to bind your employer or the relevant body, please do not click on ‘I agree’ (or any similar button or tick box) that is displayed to you.

(2) PLEASE NOTE THAT IF YOU REGISTER FOR A CLOUD PRODUCT USING AN EMAIL ADDRESS FROM YOUR EMPLOYER OR ANOTHER COMPANY,

1. IF YOU ARE CONSIDERED A REPRESENTATIVE OF SUCH A PARTY,
2. BY CLICKING TO ACCEPT, YOU BIND YOUR EMPLOYER OR THIS COMPANY TO THESE TERMS AND CONDITIONS, AND
3. THE WORD ‘YOU’ IN THESE TERMS AND CONDITIONS REFERS TO YOUR EMPLOYER OR THIS COMPANY.

(3) These Terms take effect from the date on which you first click ‘I agree’ (or a similar button or tick box), or use or access a Cloud Product, whichever occurs first (the ‘Effective Date’). These Terms do not need to be signed to be binding. You indicate your acceptance of these Terms by clicking ‘I agree’ (or a similar button or tick box) when you register for a Cloud Product, create a Cloud Product account or place an order. For free products, you also agree to these Terms by accessing or using the relevant free product.

3. HinSchG Reporting Portal
(1) This agreement takes precedence over the General Terms and Conditionsts and the kameon Cloud Software Terms of Use, and is otherwise supplemented by them, with the Cloud Terms taking precedence.

(2) In return for the annual fee, the bbg bitbase group will provide you with the kameon GRC HinSchG reporting portal for an internal reporting office in accordance with Section 12 et seq. of the HinSchGff on a website that you can integrate into your own website, and you grant us the necessary authorisations for this. The portal enables confidential reports to be submitted around the clock. In addition, reports made by telephone (including video calls) or by post are accepted during our normal business hours. The content of reports made by telephone (including video calls) is transcribed, whilst those sent by post are scanned; both are generally processed digitally only. You will receive a PDF template for a notice informing your employees, customers and other relevant parties of this reporting option. This service also includes the provision of communication channels, the operation, maintenance and security of data, long-term digital documentation and the timely deletion of all records. Within the portal, we provide information on other reporting options in accordance with  Section 13 of the HinSchG.

(3) The kameon GRC HinSchG reporting portal is confidential in accordance with Section 8 of the HinSchG, This means that we are obliged to keep the identity of the whistleblowers confidential from you, as the client, until we conclude that you wish to disclose their identity in accordance with  Section 9 of the HinSchG is permitted. If a report was made anonymously, we would not be able to reveal the identity of the person who made it.

(4) In addition, we provide a team with legal training to handle all enquiries and process them in accordance with the HinSchG. Each enquiry is charged according to the time required. Please refer to your quotation for the rates for a professionally trained case handler and for a qualified lawyer. Services are calculated in fifteen-minute increments, and invoicing takes place retrospectively on the basis of the recorded services. In the exceptional event that files need to be kept in paper form, their storage will be charged according to the reasonable costs incurred.

(5) The bbg bitbase group will endeavour to process all enquiries digitally wherever possible. However, if a whistleblower requests a face-to-face meeting in accordance with Section 16(3), second sentence, of the HinSchG and does not agree to a video conference, travel costs and expense claims will be settled in accordance with the bbg bitbase group’s current terms and conditions, regardless of whether a member of the reporting team travels to the whistleblower or vice versa. The bbg bitbase group has office premises available in Berlin and Reutlingen for this purpose and will select the most cost-effective option in each case. The outcome of such a meeting and all documents handed over will be digitised and processed digitally as far as possible and appropriate.

4. Billing
Provided that any claims are received at all, we generally issue a monthly statement. Payment requests shall be deemed to be in arrears within 10 days of the due date, unless you raise an objection in writing beforehand. Where necessary, you may, within a further 30 days of raising the objection, inspect the relevant digital records and provide grounds for your objection accordingly. As we are bound by a duty of confidentiality in individual cases regarding enquiries under the HinSchG – including, and particularly, in relation to you due to potential conflicts of interest – you have the right, at your own expense, to have our statements reviewed on our premises by persons contractually bound to independence, such as your external data protection officer, an auditor or a lawyer subject to a corresponding duty of confidentiality. Proof of this obligation must be presented in the original at the start of the audit. The person must sign a confidentiality agreement with us in advance.

5. Datenschutz
(1)  Our general data protection policy applies; you can view it here.

(2) Naturally, you should enter into the data processing agreement with us, as required under the GDPR. We use the EU Standard Contractual Clauses in accordance with Implementing Decision (EU) 2021/915. You can view and sign the data processing agreement digitally via kameon GRC Contract. If you do not yet have login details, please contact our legal department.

6. Cloud Software
(1) The kameon GRC HinSchG reporting portal is based on the kameon Cloud software. The kameon Cloud software is designed for use via the internet. For optimal use, access to the system requires a data connection of sufficient capacity and the use of the latest version of a web browser. You can request a list of supported browser versions from us at any time.

(2) The kameon GRC HinSchG reporting portal may be temporarily unavailable via the internet for maintenance and the installation of new software versions, as well as during periods when the systems are temporarily unavailable due to technical or other issues beyond the control of the bbg bitbase group or its third-party service providers (force majeure, third-party negligence, etc.).

(3) The data centres used to operate kameon Cloud Software are certified to the international ISO 9001 standard in terms of their process landscape and quality management practices. Furthermore, they are continuously audited and maintained in accordance with the international ISO 27001 standard for Information Security Management Systems (ISMS). The bbg bitbase group prioritises the protection of its customers’ data. All data is processed in accordance with current legislation and is not disclosed to third parties without the consent of the data subject. Subcontractors listed in the contractual agreements are not considered third parties.

(4)  The bbg bitbase group is available to assist you during normal business hours. Normal business hours are set out in the general terms and conditions. All response times quoted refer to these normal business hours.

(5) These service level agreements and all applicable service levels do not apply to performance or availability issues:

1. due to factors beyond our control (e.g. natural disasters, wars, terrorist attacks, uprisings or government measures,
2. caused by services, devices or programmes provided by you or by third parties,
3. caused by the use of a service after we have instructed you to alter your use of that service and you have failed to do so as instructed,
4. during pre-release, beta and trial services (as defined by us), caused by any unauthorised act or omission on your part or on the part of your employees, agents, contractors or suppliers, or by other persons who have gained access to our network using your passwords or those of your devices, or
5. caused by your failure to comply with required configurations, to use supported platforms and to adhere to acceptable use policies,
6. for licences that were reserved but not paid for at the time of the incident

7. Final Provisions
(1) All rights to this document, in particular the right to reproduce, distribute and translate it, are reserved.

(2) No part or extract may be reproduced in any form (whether by photocopy, photograph or any other means) beyond what is necessary for the initiation and execution of the contract, or processed, duplicated or distributed using electronic systems, without the prior written consent of bbg bitbase group.

(3) Should individual provisions of this contract be or become invalid, or should a material point not be regulated, the validity of the remaining provisions shall remain unaffected. The parties are obliged to agree on a provision in place of the invalid or missing provision which comes as close as possible to the intended result and which the parties would have agreed upon had they been aware of the invalidity or absence of the provision.