Terms of Service

General Terms and Conditions for Flonk

§ 1 Scope of Application and Contracting Parties

These General Terms and Conditions apply to all contracts between MedConnect GmbH, Bayernstraße 10, D-30855 Langenhagen, Germany, registered in the commercial register of the Hannover District Court under HRB 226358, represented by managing director oec. Michael MANSHOLD (hereinafter "Provider"), and companies (hereinafter "Customer") regarding the use of the Software-as-a-Service application "Flonk" for digital identity verification. The business relationship is exclusively directed at entrepreneurs within the meaning of § 14 BGB who act in the exercise of their commercial or independent professional activity. Consumers within the meaning of § 13 BGB are excluded from use.

These General Terms and Conditions apply exclusively. Conflicting or deviating General Terms and Conditions of the Customer do not become part of the contract unless the Provider has expressly agreed to their validity in writing. This also applies if the Provider provides the service without reservation with knowledge of conflicting or deviating General Terms and Conditions of the Customer. Individual agreements with the Customer take precedence over these General Terms and Conditions in any case. For the content of such agreements, a written contract or written confirmation by the Provider is decisive.

§ 2 Subject Matter and Service Description

The Provider makes available to the Customer via the website https://flonk.id a cloud-based Software-as-a-Service application for digital identity verification. The application enables the Customer to verify the identity of persons through automated comparison of identity documents with biometric facial features as well as through conducting liveness checks. The service includes provision of the software, the necessary technical infrastructure, regular updates and maintenance, as well as the agreed support.

The software processes the following data types: data from official identity documents (name, date of birth, document number, validity period), biometric facial data for identification, liveness check data for fraud prevention, as well as technical metadata (timestamps, device information, verification results). The Provider acts as a data processor within the meaning of Art. 28 GDPR for the personal data to be processed by the Customer. The specific service description results from the current product documentation available on the website https://flonk.id.

The Provider reserves the right to technically develop and improve the software, provided that the contractually agreed functionality is not materially impaired. Material changes to functionality will be communicated to the Customer in writing at least four weeks before taking effect. The Customer has the right to terminate the contract with two weeks' notice to the time the change takes effect in case of material deterioration of service.

§ 3 Contract Formation and Registration

Contract formation occurs through Customer registration on the website https://flonk.id and subsequent confirmation by the Provider. The presentation of the software on the website does not constitute a legally binding offer but an invitation to make an offer (invitatio ad offerendum). Through registration and provision of required company data, the Customer makes a binding offer to conclude the usage contract. The Provider may accept this offer within 14 days by sending a confirmation email or by activating the customer account.

During registration, the Customer must provide complete and truthful information. In particular, the following must be provided: complete company name, legal form, commercial register entry, business address, authorized representatives, email address, and telephone number. The Customer is obligated to communicate changes to this data immediately. The Provider reserves the right to verify the Customer's information and request corresponding evidence.

The Provider is entitled to reject contract offers without giving reasons, particularly if there are doubts about the Customer's creditworthiness, the Customer's information is incomplete or incorrect, or if the intended purpose of use violates legal provisions. There is no entitlement to contract formation.

§ 4 Contract Duration and Termination

Contracts are concluded with a minimum term of one month, six months, or twelve months, depending on the chosen plan. After expiration of the minimum term, the contract automatically extends for one additional month each time, unless one of the contracting parties terminates with four weeks' notice to the end of the term. Termination must be in written form or can be made electronically via the customer account.

The right to extraordinary termination for good cause remains unaffected. Good cause exists particularly when a contracting party fails to fulfill material contractual obligations despite warning and reasonable grace period, when insolvency proceedings are opened regarding a contracting party's assets or opening is rejected for lack of assets, or when continuation of the contractual relationship is unreasonable for one party.

Upon termination or contract end, the Provider ceases service provision at the expiration of the notice period. The Customer has the opportunity to download their data via an export function up to 30 days after contract end. After expiration of this period, all customer data will be irrevocably deleted unless legal retention obligations prevent this. Refund of already paid fees does not occur unless the Provider terminated the contract for good cause and the Customer is not responsible for this.

§ 5 Prices and Payment Terms

Compensation is based on the price list valid at contract formation, which can be viewed on the website https://flonk.id. All prices are net plus applicable statutory value-added tax. Billing occurs monthly, semi-annually, or annually in advance depending on the chosen plan. In addition to the basic fee, usage-based fees for conducted identity verifications are charged according to the price list valid at the time of use.

Invoices are provided electronically via the customer account and are due for payment within 14 days of invoice date without deduction. Accepted payment methods are bank transfer, SEPA direct debit, and common credit cards. In case of payment default, the Provider is entitled to demand default interest of 9 percentage points above the applicable base interest rate of the German Federal Bank and to suspend service provision.

The Provider is entitled to change prices with two months' advance notice to the end of a calendar month. Price increases exceeding five percent annually entitle the Customer to extraordinary termination of the contract with one month's notice to the time the price increase takes effect. If no termination occurs, the new prices are deemed approved.

§ 6 Availability and Service Level Agreement

The Provider guarantees an average software availability of 99.5 percent annually, measured as uptime of the server infrastructure. Excluded from availability calculation are planned maintenance work performed outside business hours (Monday to Friday from 8:00 to 18:00 CET), as well as outages due to force majeure, cyber attacks, disruptions at third-party providers or Internet providers, or outages caused by improper use by the Customer.

Planned maintenance work is announced to the Customer at least 48 hours in advance via the customer account or email. Unplanned maintenance work due to critical security updates or severe system disruptions may be performed without advance notice. The Provider will endeavor to perform such work outside business hours and minimize downtime.

If the guaranteed availability of 99.5 percent is not met in a calendar month, the Customer receives upon request a proportional credit of the monthly basic fee corresponding to the downtime. For availability between 99.0 and 99.5 percent, the credit is 5 percent of the monthly fee, for availability between 98.0 and 99.0 percent 10 percent, and for availability below 98.0 percent 20 percent. Further claims are excluded. The credit must be requested in writing within 30 days after the end of the affected month.

§ 7 Support and Customer Service

The Provider provides the Customer with technical support available Monday to Friday from 9:00 to 17:00 CET via email (support@medconnect.gmbh) and an online ticket system. Support includes processing technical inquiries, assistance with integration and use of the software, as well as reporting and processing of disruptions. For critical disruptions that significantly impair software use, response time is four hours during business hours.

Inquiries are processed according to priorities: Critical disruptions (complete software failure) have Priority 1 with a target processing time of four hours, important disruptions (significant functional limitations) have Priority 2 with a processing time of one business day, and general inquiries have Priority 3 with a processing time of three business days. Communication is generally in German, also available in English when possible.

For individual consulting support, training, or implementation assistance, separate service contracts can be concluded at the Provider's usual daily rates. The Provider also provides the Customer with online documentation including user manuals, API documentation, and frequently asked questions.

§ 8 Rights and Obligations of the Customer

The Customer receives a non-exclusive, non-transferable right to use the software in accordance with these General Terms and Conditions for the duration of the contractual relationship. Use is limited to the contractually agreed scope. The Customer is not entitled to copy, modify, decompile, or make the software accessible to third parties, unless this is necessary for intended use or legally permitted.

The Customer undertakes to use the software exclusively for lawful purposes and to comply with all applicable laws and regulations. In particular, the Customer is obligated to observe the provisions of the GDPR and other data protection regulations insofar as they process personal data via the software. The Customer ensures that they have all necessary consents and legal bases for processing data transmitted via the software.

The Customer is obligated to keep their access data secret and protect it from third-party access. In case of suspected unauthorized access, the Provider must be informed immediately. The Customer is liable for all activities performed via their account unless they can prove they are not at fault. The Customer is further obligated to perform regular data backups of data managed via the software and implement appropriate security measures to protect their IT systems.

§ 9 Data Processing Agreement and Data Protection

The Provider processes personal data exclusively as a data processor within the meaning of Art. 28 GDPR on behalf and according to instructions of the Customer. Details of data processing are regulated in a separate data processing agreement that is part of the usage contract. The Customer remains the controller within the meaning of the GDPR at all times for personal data processed via the software and is responsible for the lawfulness of processing and fulfillment of all data protection obligations.

Technical and organizational implementation of data protection follows the state of the art. Personal data is transmitted encrypted (TLS 1.3 or higher) and stored encrypted. Data processing takes place exclusively in data centers within the European Union, with primary infrastructure operated in Amsterdam, Netherlands. Subcontractors are only used after prior information to the Customer and conclusion of corresponding data processing agreements.

The Provider supports the Customer in fulfilling their obligations regarding data subject rights according to Art. 15-22 GDPR by providing technical and organizational measures insofar as possible. In case of data breaches, the Provider informs the Customer immediately and no later than within 72 hours. After termination of the contractual relationship, all personal data will be deleted or returned according to Customer instructions, unless legal retention obligations exist.

§ 10 Warranty and Liability

The Provider warrants that the software functions substantially according to the service description and is free from legal defects. However, the software is developed and provided according to the current state of technology. One hundred percent error-free operation cannot technically be guaranteed. Minor impairments of functionality do not constitute a defect if software use is not significantly restricted.

In case of a defect, the Provider is first entitled to subsequent performance through defect remedy or delivery of defect-free software. Subsequent performance occurs at the Provider's choice through software updates, patches, workarounds, or re-provision of affected functions. If subsequent performance fails after reasonable time and reasonable attempts, the Customer may at their choice demand reduction of compensation or withdraw from the contract.

The Provider's liability is limited as follows: For damages from injury to life, body, or health as well as for damages from intentional or grossly negligent breach of duty, the Provider is liable without limitation. For other damages, the Provider is only liable for breach of essential contractual obligations (cardinal obligations), whereby liability is limited to damage foreseeable at contract formation and typically occurring. Liability for indirect damages, lost profits, production losses, or data loss is excluded unless these result from intentional or grossly negligent breach of duty. The Provider's total liability is limited to the amount of compensation paid in the relevant calendar year.

§ 11 Force Majeure and Extraordinary Circumstances

The contracting parties are released from fulfilling their contractual obligations insofar and as long as they are prevented by force majeure or other extraordinary circumstances. Force majeure includes particularly natural disasters, war, terrorist attacks, strikes, official orders, cyber attacks on critical infrastructure, as well as disruptions at telecommunications providers or Internet providers that lie outside the sphere of influence of the affected party.

The affected party is obligated to immediately inform the other party about the occurrence and expected end of force majeure and to undertake all reasonable efforts to minimize effects and resume fulfillment of contractual obligations as quickly as possible. If force majeure lasts longer than three months, each party is entitled to terminate the contract with four weeks' notice.

Extraordinary circumstances also include material changes in the legal situation that make contract fulfillment impossible or unreasonable, as well as severe IT infrastructure disruptions due to cyber attacks, provided damage has occurred despite appropriate security measures. In such cases, the parties will enter into negotiations about appropriate contract adjustment.

§ 12 Confidentiality and Non-Disclosure

The contracting parties undertake to treat all confidential information of the other party obtained within the business relationship strictly confidentially and use it only for contract fulfillment purposes. Confidential information includes particularly technical data, business secrets, customer lists, price calculations, contract conditions, and all information designated as confidential or whose confidentiality results from the nature of the information or circumstances of transmission.

The confidentiality obligation does not apply to information that is demonstrably generally known or becomes known without this being based on a breach of duty by the receiving party, that was known to the receiving party before transmission, or that was received from an authorized third party without confidentiality obligation. Also excepted is information that must be disclosed due to legal obligations or official orders, whereby the other party must be immediately informed thereof.

The confidentiality obligation continues beyond termination of the contractual relationship for five years. Employees and third parties who gain access to confidential information must be correspondingly obligated. In case of breach of confidentiality obligation, the injured party is entitled to demand damages and sue for injunction.

§ 13 Changes to General Terms and Conditions

The Provider is entitled to change these General Terms and Conditions with six weeks' advance notice insofar as changes are necessary to account for changed legal framework conditions, consider new technical developments, or adjust the business relationship between the parties. Changes are communicated to the Customer via email or customer account and are deemed approved if the Customer does not object in writing within four weeks of receipt of the change notification.

If the Customer objects to the changes, the Provider is entitled to terminate the contractual relationship with four weeks' notice. In this case, the Customer may use the software under the previous conditions until expiration of the notice period. The Customer is expressly informed in the change notification of their right to object, the legal consequences of objection, and the significance of the silence period.

Material deterioration of service or significant increase in compensation requires express consent of the Customer. Material deteriorations include particularly restriction of essential functions, reduction of guaranteed availability by more than one percent, or introduction of additional usage restrictions.

§ 14 Severability Clause and Final Provisions

Should individual provisions of these General Terms and Conditions be or become invalid or unenforceable, this does not affect the validity of the remaining provisions. The invalid or unenforceable provision is deemed replaced by a valid and enforceable provision that comes closest to the economic purpose of the invalid or unenforceable provision. The same applies to any regulatory gaps.

German law applies to the contractual relationship excluding the UN Sales Convention (CISG). Exclusive jurisdiction for all disputes arising from or in connection with this contractual relationship is Hannover, provided the Customer is a merchant, legal entity under public law, or special fund under public law. However, the Provider is also entitled to sue the Customer at their general place of jurisdiction.

Changes and additions to these General Terms and Conditions require written form. This also applies to waiver of the written form requirement. No oral side agreements exist. The contract remains binding in its other parts even if individual points are legally invalid. Instead of invalid points, legal provisions apply where available. The German and English versions of these Terms and Conditions are legally equivalent; in case of contradictions, the German version takes precedence.