Terms and Conditions

§ 1 Subject Matter

(1) Dr. Daniel H. Gerl, operating as 123sanctions.eu (hereinafter “Provider”), provides the Customer with access to a web-based compliance screening platform (hereinafter “Software”) during the contract term on the basis of the following provisions. The Software enables the screening of persons, organisations, and entities (POEs) against official sanctions sources, PEP databases, and further regulatory sources.

(2) The Software is currently provided during a free early access phase. The Provider reserves the right to modify the scope of services, functionality, and terms of use at any time, or to terminate the early access phase without prior notice.

(3) Any deviating terms of the Customer shall not apply.

§ 2 Services

(1) At the start of the contract, the Provider shall provide the Customer with the access credentials required to use the Software.

(2) During the contract term, the Provider shall render the following services:

(a) Hosting (§ 4)
(b) Updates (§ 7)

(3) The provision of technical support, troubleshooting, data backup, and system maintenance is not owed during the early access phase. The Provider is reachable by email and will endeavour to respond to enquiries within a reasonable time. There is no entitlement to a response or resolution.

(4) The Provider is entitled to have individual services performed by third parties. Insofar as this is necessary for the proper fulfilment of contractual obligations, documents, information, and data of the Customer may be made accessible to such third parties in compliance with data protection requirements.

(5) Both parties shall be released from their respective performance obligations for as long as and to the extent that they are unable to fulfil them due to force majeure. Force majeure refers to circumstances beyond the control of the affected party, such as strikes, epidemics, natural disasters, failures of energy supply or technical infrastructure, as well as non-attributable failure of delivery by a supplier.

§ 3 Right of Use

(1) The Software is subject to the copyright of the Provider.

(2) The Provider grants the Customer a non-exclusive, non-transferable right to use the Software for its intended purpose during the contract term.

(3) The Customer is not entitled to make the Software available to third parties, whether for a fee or free of charge, and shall take appropriate measures to prevent unauthorised access. The Customer shall notify the Provider immediately upon becoming aware of any such access attempts.

(4) The Customer shall be liable for all damages incurred by the Provider as a result of a copyright infringement.

§ 4 Hosting

(1) The Provider shall make the Software available to the Customer for use via the Internet in accordance with the service description.

(2) The Software and all Customer data are hosted on servers operated by Hetzner Online GmbH in a data centre within Germany. Computationally intensive processing steps (sanctions list import, index building, entity resolution) are performed on a separate server in Germany that has no access to Customer data. Technical isolation is ensured through column-level access controls at the database level and container separation.

(3) The Provider shall establish and maintain the connection between the server and the Internet so that the Software and the Customer’s data stored on the server are accessible via the Internet.

(4) Establishing the connection between the interface and the Customer’s IT system, as well as successful access to individual content stored on the server, are not part of the Provider’s obligations. The Customer is responsible for ensuring the necessary technical and legal requirements.

§ 5 Availability

(1) No specific server availability is guaranteed during the early access phase. Outages, maintenance, or restrictions may occur at any time without giving rise to any claims by the Customer.

(2) The Provider will endeavour to announce maintenance work in advance by email where possible. In the event of an acute disruption, the Provider reserves the right to carry out necessary maintenance without prior notice.

(3) No entitlement to credits or other compensation for outages exists during the early access phase.

§ 6 Data Backup

(1) During the early access phase, the Provider will endeavour to perform reasonable data backups but does not guarantee this. Data loss cannot be ruled out.

(2) The Customer is solely responsible for the input and backup of their data. The Provider recommends that the Customer maintain their own backup copies.

§ 7 Updates

(1) The Provider will make updates available to the Customer where possible.

(2) Updates continuously improve the Software and adapt it to general technical developments and regulatory requirements. After an update, new functions may be available and existing functions may differ in their workflow or user interface. Functions may also be discontinued without replacement during the early access phase.

§ 8 Customer Obligations

(1) The Customer is solely responsible for the input and backup of their data.

(2) The Customer shall treat access credentials confidentially and secure them against unauthorised access. If the Customer suspects that access credentials have become known to a third party, or that a third party is accessing the server without authorisation, the Customer shall inform the Provider immediately by email.

(3) If the Customer fails to fulfil their obligations, any agreed service deadlines shall be extended accordingly. Other claims and rights of the Provider remain unaffected.

§ 9 Fees

(1) Use of the Software is free of charge. The free plan is subject to usage limits (e.g. number of screening operations, projects, or users). The applicable limits are displayed within the Software.

(2) The Provider also offers paid plans with extended features and higher usage limits. A switch to a paid plan requires the Customer’s explicit consent. No automatic upgrade will take place. There are no hidden costs.

§ 10 Term and Termination

(1) The contract is concluded upon the Customer’s registration and runs for an indefinite period during the early access phase.

(2) Either party may terminate the contract at any time without notice. Termination by email is sufficient.

(3) The Provider is entitled to end the early access phase in its entirety or for individual Customers at any time and without stating reasons. The Customer will be notified by email.

(4) After termination of the contract, the Provider shall make the Customer’s data stored on the server available for download in a machine-readable format (CSV or JSON) for 30 calendar days. The data will subsequently be deleted.

§ 11 Liability

(1) Given the free provision of the Software during the early access phase, the Provider’s liability is limited to intent and gross negligence.

(2) In particular, the Provider shall not be liable for damages arising from the Software’s failure to detect persons, organisations, or entities (POEs), or from the reporting of an incorrect match. The screening results of the Software do not constitute legal advice and do not replace the Customer’s own independent review. Responsibility for the purpose, assessment, and further processing of the screening results remains with the Customer.

(3) Liability is further excluded to the extent that the Customer is themselves responsible for the damage (§ 254 BGB), in particular because they have failed to fulfil their obligations (§ 8), have not used the services as intended, or have disregarded statutory or contractual provisions for the mitigation of damage.

(4) Liability for lost profits is excluded to the extent permitted by law.

(5) Liability for data loss or damage due to network security breaches (e.g. hacking, malware, denial-of-service attacks), data protection violations, and cyber extortion by third parties is excluded to the extent permitted by law.

(6) Non-contractual liability and liability for damages arising from injury to life, body, or health remain unaffected.

§ 12 Prohibited Content and Suspension

(1) The Customer shall ensure that the content stored on the server does not pose a threat to the security and integrity of the Provider’s infrastructure or the data stored thereon.

(2) The Customer shall not use the Software in an abusive manner and shall in particular not upload content that is unlawful, immoral, or infringes the rights of third parties.

(3) If there is a reasonable suspicion of a violation, the Provider reserves the right to temporarily or permanently suspend the Customer’s access.

(4) The Customer shall indemnify the Provider against any claims raised by third parties in this connection.

§ 13 Data Protection

(1) The Provider complies with the applicable data protection laws when processing the Customer’s personal data. This includes technical security measures adapted to the current state of the art (Art. 32 GDPR), in particular AES-256-GCM field-level encryption for all customer-related screening data, and the commitment of employees to data confidentiality (Art. 28(3)(b) GDPR).

(2) Hosting is provided on servers of Hetzner Online GmbH in Germany. Where subcontractors of the Provider come into contact with personal data, a data processing agreement (DPA) in accordance with Art. 28 GDPR is concluded with them in advance.

(3) Insofar as the Customer transmits personal data of third parties to the Software in the course of sanctions screening, the Provider acts as a data processor within the meaning of Art. 28 GDPR. The Customer remains the data controller. The parties shall conclude a separate data processing agreement (DPA) for this purpose.

(4) The full Data Protection Declaration is available at 123sanctions.eu/privacy.html and supplements these provisions.

§ 14 Confidentiality

(1) The parties shall maintain confidentiality with respect to all confidential information that comes to their knowledge in the course of their business relationship, in particular trade and business secrets, and shall neither disclose nor otherwise exploit such information.

(2) The obligation of confidentiality shall not apply where the information in question must be disclosed by court order, by order of an authority, or by law. The party so obliged shall inform the other party of the disclosure without delay and shall disclose the information in such a way that confidentiality is preserved to the greatest extent possible.

§ 15 Final Provisions

(1) Unless otherwise agreed, declarations between the parties must be made in text form.

(2) German law shall apply.

(3) The place of jurisdiction for all disputes arising from or in connection with this contract shall be Bonn, Germany, provided the Customer is a merchant, a legal entity under public law, or a special fund under public law.

(4) Should any of the foregoing provisions be or become invalid, or should a necessary provision be missing, this shall not affect the validity of the remaining provisions. The parties shall endeavour to reach an amicable arrangement in such a case.