Terms and Conditions of
Perceptify GmbH
1. Scope
a. These General Terms and Conditions (GTC) apply to all contracts concluded between Perceptify GmbH and its clients. Any written individual agreements shall take precedence. If such agreements do not conflict with these GTC, the GTC shall apply additionally.
b. Any deviating or supplementary terms and conditions provided by the client are expressly rejected and shall only be valid if explicitly accepted by Perceptify GmbH in written form (text form).
c. These General Terms and Conditions, together with our contract for order processing in accordance with Art. 28 GDPR, form a binding agreement (the ‘Agreement’) between Perceptify GmbH and you or the legal entity you represent (‘Customer’ or ‘you’). Nach Ziffer 14 dann den Inhalt des Word-Dokuments einfügen.
2. Subject Matter of the Contract
a. Perceptify GmbH provides services in the field of systemic organizational consulting.
b. The exact scope of services is defined in the respective contract with the client or in a proposal from Perceptify GmbH.
c. Perceptify GmbH may engage subcontractors or freelancers to fulfill contractual obligations.
d. An initial meeting is held to establish mutual understanding and define the client’s goals and expectations. Unless otherwise agreed, this meeting is free of charge and does not incur travel expenses.
e. Should the initial meeting exceed its typical scope or include consulting, coaching, or analysis, a fee will be charged. Perceptify GmbH will notify the client in advance and submit a fee agreement for approval. Otherwise, such services will not be rendered during the meeting.
f. Based on the client’s input, Perceptify GmbH will submit a proposal or contract outlining the services and fees (see Section 5). The agreement becomes binding once confirmed by the client, at least in text form.
g. Any amendments or additions to the contract require confirmation by both parties, at least in text form.
3. Obligations of Perceptify GmbH
a. Perceptify GmbH commits to delivering the agreed services with appropriate expertise and due care.
b. However, the company does not guarantee specific outcomes, but rather the professional execution of the agreed services. The client remains responsible for the success of any implemented measures.
4. Obligations of the Client
a. The client agrees to provide all required information, documents, and resources in a timely and agreed-upon manner.
b. The client also ensures that all relevant internal contacts are available during service delivery.
5. Fees
a. The agreed fees, as outlined in Section 2(f), exclude reimbursable expenses, which are billed separately.
b. Reimbursable expenses may include:
- Accommodation (especially hotel costs)
- Travel (economy flights, first-class train travel, taxis at cost, rental cars, and personal vehicles at EUR 0.70/km)
c. Alternatively, the parties may agree on a flat-rate expense fee.
6. Invoicing / Payment
a. Invoices are typically issued after the service is delivered. For ongoing projects, monthly billing is standard. In certain cases, Perceptify GmbH may issue interim or advance invoices.
b. Unless otherwise specified, all invoices are payable within 14 days of receipt.
7. Appointments / Cancellations
a. Appointments (e.g., consultations, coaching, seminars) are arranged jointly and confirmed by the client in text form.
b. If no confirmation is received within 14 days, the appointment is deemed not agreed upon.
c. Cancellation conditions:
- 8+ weeks before event: No charge
- 4–8 weeks before event: 50% of the agreed fee
- 3 days–4 weeks before event: 75% of the agreed fee
- < 3 days before event: 90% of the agreed fee
d. Additionally, any expenses already incurred must be reimbursed by the client.
e. Cancellations must be in at least text form. Verbal cancellations or those made to project staff are invalid.
8. Liability and Warranty
a. Perceptify GmbH provides services based on current knowledge but assumes no liability for the accuracy or effectiveness of advice or materials.
b. Liability is limited to cases of willful misconduct or gross negligence. Consequential or indirect damages and loss of profit are excluded.
c. Perceptify GmbH is not liable for damages or third-party claims arising from unauthorized use of services.
d. If held liable for simple negligence, liability is limited to the fee paid by the client.
9. Confidentiality
Perceptify GmbH agrees to keep all non-public information confidential. This obligation continues after the termination of the contract.
10. Competition
a. Perceptify GmbH may offer its services to the client’s (direct) competitors.
b. The client grants Perceptify GmbH the right to display its company logo on Perceptify’s website as a reference. This permission may be withdrawn at any time.
11. Copyright
a. All materials provided (e.g., documents, recordings, brochures) are protected by copyright and may only be used for the client’s internal purposes.
b. Sharing or reproduction for third parties is not permitted.
c. All content created by Perceptify GmbH is subject to German copyright law. Third-party content is marked as such. Any use beyond private, non-commercial purposes requires prior written consent.
12. Data Protection
a. Both parties agree to comply with all applicable data protection laws.
b. Additional details are available in the Perceptify GmbH privacy policy.
13. Applicable Law and Jurisdiction
a. German law applies.
b. Where legally permissible, Munich shall be the place of jurisdiction for all disputes arising from or related to this contract.
c. Before initiating legal action, the parties agree to attempt mediation. If no mediator is agreed upon within 8 days, the Chamber of Commerce (IHK) will appoint one. Mediation costs are shared equally unless otherwise agreed. Legal action may only be taken after mediation fails.
14. Miscellaneous
a. Changes or additions to these GTC must be made in writing.
b. If any provision is or becomes invalid, the rest remain unaffected. The parties agree to replace the invalid provision with one that closely reflects its original intent.
Appendix to the General Terms and Conditions: Data Processing Agreement in accordance with Art. 28 GDPR
Art. 28 GDPR places specific requirements on processing. To comply with these special requirements, the contracting parties conclude this Data Processing Agreement in addition to the General Terms and Conditions. It applies to all activities that are related to the main contract concluded and in which employees of the contractor or persons authorised by the contractor process personal data (hereinafter referred to as "data") of the client. The definitions of the GDPR apply.
1. Subject matter of the contract and the client's right to issue instructions
(1) The object of this contract is the provision of services by the Contractor for the Client in the field of systemic organisational consulting. In addition, reference is made to Annex 1 of this contract. In the event of changes to the commissioned service, this contract for processing must be adapted and supplemented accordingly in Annex 1.
(2) As the controller, the client is solely responsible for assessing the permissibility of data processing in accordance with the GDPR.
(3) When providing the service, the Contractor shall have access to personal data and shall process it exclusively on behalf of and in accordance with the instructions of the Client, unless the Contractor is obliged to process it differently under the law of the Union or the Member States to which it is subject.
(4) The Client's instructions are set out in this Agreement and may be amended, supplemented or replaced by the Client in at least documented electronic format by means of individual instructions (individual instructions). If the Contractor is obliged by the law of the European Union or the Member States to which it is subject to carry out further processing, it shall inform the Client of these legal requirements prior to processing. (Art. 28 para. 3 lit. a) GDPR).
(5) If the Contractor is of the opinion that an instruction from the Client violates data protection regulations, it must inform the Client of this immediately. The Contractor shall be entitled to suspend the implementation of the instruction in question until it is confirmed or amended by the Client. The Contractor may refuse to carry out an obviously unlawful instruction without incurring any negative consequences. The client is responsible for issuing legally valid instructions. (Art. 28 para. 3 sentence 3 GDPR).
(6) The term of this contract is based on the term of the main contract, unless the following provisions contain obligations or rights of cancellation that go beyond this.
2. Technical and organisational measures
(1) The Contractor shall comply with the statutory provisions on data protection. The Client's information shall not be passed on or disclosed to third parties without the Client's express instructions. Documents and data shall be secured against unauthorised access, taking into account the state of the art.
(2) The Contractor shall design the internal organisation in its area of responsibility in such a way that it meets the special requirements of data protection and ensures that it has taken all necessary technical and organisational measures to protect the Client's data in accordance with Art. 32 GDPR. Reference is made to Annex 2.
(3) The Client shall review the Contractor's technical and organisational measures before commencing data processing and then regularly thereafter. Changes may be made to the agreed security measures, provided that these do not fall below the contractually agreed level of protection.
3. Confidentiality
The Contractor and its employees are prohibited from processing personal data without authorisation. The Contractor shall oblige all persons entrusted by it with the processing and fulfilment of this contract to maintain confidentiality. The confidentiality obligations shall also apply after termination of this contract or the employment relationship between the employee and the contractor.
4. Information obligations of the contractor
(1) In the event of disruptions, suspected data protection violations or breaches of contractual obligations of the Contractor, suspected security-related incidents or other irregularities in the processing of personal data by the Contractor, by persons employed by the Contractor within the scope of the order or by third parties, the Contractor shall inform the Client immediately in writing or documented electronic format, insofar as they relate to this contract. The same applies to audits of the Contractor by the data protection supervisory authority, insofar as they relate to this contract.
(2) The notification of a personal data breach to the client shall contain the following information, where possible:
a) a description of the nature of the personal data breach, including, where possible, the categories and number of data subjects concerned, the categories concerned and the number of personal data records concerned;
b) a description of the likely consequences of the injury and
c) a description of the measures taken or proposed to be taken by the Contractor to remedy the breach and, where appropriate, measures to mitigate its possible adverse effects.
(3) The Contractor shall immediately take the necessary measures to secure the data and minimise possible adverse consequences for the data subjects, inform the Client and request further instructions from the Client.
(4) Should the Client's data be jeopardised by seizure or confiscation, by insolvency or composition proceedings or by other events or measures of third parties, the Contractor shall inform the Client of this immediately, unless it is prohibited from doing so by court or official order. In this context, the Contractor shall immediately inform all competent authorities that the decision-making authority over the data lies exclusively with the Client as the "controller" within the meaning of the GDPR.
(5) Where possible, the Contractor shall support the Client with suitable technical and organisational measures in fulfilling its obligations under Art. 12 to 22 (Art. 28 para. 3 lit. e) GDPR) and Art. 32 to 36 GDPR (Art. 28 para. 3 lit. f) GDPR).
5. Control rights of the client
(1) The Contractor undertakes to provide the Client with all information and evidence required to carry out a check of the Contractor's technical and organisational measures within a reasonable period of time at the Client's verbal, written or electronic request.
(2) Inspections by the Client or its authorised inspectors, who may not be in a competitive relationship with the Contractor, may be carried out during normal business hours and with a lead time of 14 days' notice. The Client shall only carry out inspections to the extent necessary and shall only disrupt the Contractor's operational processes in a proportionate manner. The Contractor may demand remuneration for assistance in carrying out an inspection. The remuneration shall be agreed in individual contracts.
6. Use of subcontractors
(1) The contractually agreed services or the partial services described below shall be carried out with the involvement of the subcontractors (sub-processors) listed in Annex 3. All other processors already involved and authorised by the client at the time of conclusion of the contract are listed in Annex 3. The client grants general authorisation to involve other processors with regard to the processing of client data (subcontractors). We are obliged to inform our clients of the involvement of or changes to other processors, whereby written information in text form is sufficient. We shall inform our clients in writing at least 14 days in advance of any intended changes to this list by adding or replacing sub-processors and thus give the controller sufficient time to object to these changes before commissioning the sub-processor(s) concerned (right of objection pursuant to Art. 28 para. 2 sentence 2 GDPR). The right to object expires if you have not objected in writing within 14 days of receipt of the notification of the change or involvement. In the event of an objection, both parties have the right to terminate the main contract and this contract for commissioned processing with a notice period of 3 months
(2) A subcontractor relationship within the meaning of these provisions does not exist if the Contractor commissions third parties with services that are to be regarded as purely ancillary services. These include, for example, postal, transport and dispatch services, cleaning services, telecommunications services with no specific connection to services provided by the contractor for the client and security services. Maintenance and testing services constitute subcontractor relationships requiring approval if they are provided for IT systems that are also used in connection with the provision of services for the client.
7. Liability
The client and contractor are liable to data subjects in accordance with the provisions of Art. 82 GDPR.
8. Termination of the main contract
(1) The Contractor shall return to the Client all documents, data and data carriers provided to it after termination of the main contract or at any time at the Client's request or - at the Client's request, unless there is a legal obligation to store the personal data - delete them. This also applies to any data backups at the Contractor. The Contractor shall provide documented proof of the proper deletion of any data still in existence.
(2) The Contractor shall be obliged to treat the data of which it becomes aware in connection with the main contract confidentially even after the end of the main contract. This agreement shall remain valid beyond the end of the main contract for as long as the Contractor has personal data that was forwarded to it by the Client or that it has collected for the Client.
9. Final provisions
(1) The parties agree that the defence of the right of retention by the Contractor with regard to the data to be processed and the associated data carriers is excluded.
(2) Amendments and supplements to this agreement must be made in writing or in a documented electronic format.
(3) Should individual provisions of this agreement be or become invalid or unenforceable in whole or in part, this shall not affect the validity of the remaining provisions and the statutory provisions of Art. 28 GDPR shall apply.
(4) This agreement is subject to German law.
Attachments:
Annex 1 - Description of data subjects/groups of data subjects and particularly sensitive data/categories of data
Annex 2 - Technical and organisational measures of the contractor
Annex 3 -Subcontractor
Annex 1 - Description of data subjects/groups of data subjects and particularly sensitive data/categories of data
Object of the processing Type and Purpose of the processing
The subject of this processing is the execution and technical implementation of a standardised survey by means of an online questionnaire. The processing includes the provision of the questionnaire via Microsoft Forms (unless the client's internal survey tool is used), the receipt and storage of the responses and the evaluation and processing of the results in accordance with the instructions of the controller. The processing of personal data, for example in free text fields, cannot be completely ruled out.
The processing is carried out for the purpose of conducting a non-diagnostic, low-threshold survey with the aim of obtaining a general picture of the mood of the responsible party's employees. The results are used exclusively for internal reflection and strategic development by the person responsible and are prepared in the form of a visualised "map", among other things
The processing includes:
- Technical provision of the online questionnaire, unless internal company survey tools are used,
- Survey of responses,
- Storage and processing of data to determine results,
- Creation of an evaluation document (e.g. PDF or presentation) based on aggregated and, if necessary, anonymised data.
Type of personal data
If the survey is not completely anonymous, the following personal data may be processed:
- indirectly personal data (e.g. IP address, time stamp),
- Content from free text fields (e.g. opinions from which it may be possible to draw conclusions about individuals),
- Possibly contextual information that enables indirect identification (e.g. small groups, specific terms).
Special categories of personal data within the meaning of Art. 9 GDPR (e.g. health data) are not collected.
Categories of affected persons
- Employees of the client
- Freelance employees of the client
Annex 2 - Technical and organisational measures of the contractor
Information on the technical and organisational measures taken
Version 1.0
date 30.04.2025
Subsequent measures for confidentiality, integrity, availability and resilience as well as procedures for regular review, assessment and evaluation have been implemented.
1. Confidentiality
Confidentiality = personal data must not be made available or disclosed to unauthorised persons or organisations
a. Access control to data processing systems that are used to process personal data
= Measures to prevent unauthorised persons from gaining access to data processing systems Alarm system; protection of properties, windows, shafts; appointments by appointment only
b. Access control to data processing systems
= Measures to ensure that data processing systems cannot be used by unauthorised persons Login with user name and password; login with biometric data; password rules: at least 8 characters, upper and lower case letters, numbers, special characters; use of a password safe; automatic locking of the screen & password entry for renewed access; multi-factor authentication; use of anti-virus software; active firewall; create user authorisations (allocation according to the need-to-know principle); careful selection of service providers
c. Access control
Measures that only allow authorised persons to access the data; this applies to processing, use and storage (no unauthorised reading, copying, modification or removal) Authorisation concept (regulations for requesting, releasing, implementing and withdrawing authorisations);
d. Separation control
=Data from different clients is stored separately Logical separation (folder structure, structured file storage); authorisation concept; definition of database rights
2. Integrity
Ensuring the accuracy, integrity and completeness of personal data
a. Transfer control
= No unauthorised reading, copying or modification of data during electronic transmissions (e.g. e-mails) or transport
Establishment of e-mail encryption; use of encryption measures when forwarding; forwarding exclusively according to the need-to-know principle; forwarding of paper documents in sealed, opaque envelopes; https encryption on the
3. Order control
Order data processing in accordance with the order and instructions must be guaranteed. The client's data is processed exclusively in accordance with the client's instructions. For this purpose, a contract for order processing has been concluded. Subcontractors are only engaged by the client in accordance with the contractual provisions.
4. Availability & resilience
Protection against destruction and loss and guaranteeing the use of data Backups are created regularly; data is stored by a selected provider that is ISO 27001 certified
5. Regular review, assessment & evaluation of the technical and organisational measures taken
Continuous review of TOMs; maintenance of a processing register; appointment of a data protection officer - contact details: Mag.a iur. Elisa Drescher,office@scaleline-ltd.com ; employee training; documented processes established for compliance with the GDPR (respond to requests for information in a timely manner, report breaches to the supervisory authority); careful selection of service providers; implementation of the purpose limitation principle
Appendix 3 - Authorised subcontractors
Authorised subcontractors according to 6. of this contract:
Commissioned company: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Carmanhall And Leopardstown, Dublin, D18 P521, Ireland
Processing activity: Providing the forms for carrying out the surveys
Processing location: Ireland
Contract for order processing with Microsoft see here
+49 89 2000 64300
welcome@perceptify.de
Perceptify GmbH
Thierschstraße 20
80538 München