General Terms & Conditions

1. Scope, The Conclusion of The Contract

    • 1. The following provisions apply in their respective version to all contracts concluded between the Provider and a Customer¹ for the services agreed upon with the Customer. Deviating, contradictory or supplementary terms and conditions of a Customer shall only become a part of the contract if agreed in writing.
    • 2. The following terms and conditions shall also apply to future contractual relationships between the Provider and a Customer, even if this has not been specifically stated again. This also applies if a service is performed while being aware of the conflicting terms and conditions of a Customer.
    • 3. Contracts are concluded upon application by the Customer and acceptance by the Provider, which shall also be constituted by the performance of the services requested.

2. Services of The Provider

  • 1. The scope of the individual services is based on the current service description in force at the time of placing the order. Deviating provisions in the service description take precedence over these conditions.
  • 2. When ordering, the Customer has the option to choose between the server locations USA or EU or to leave the decision to the Provider. Unless the server location EU is chosen, the additional provisions in Annex 3 apply.
  • 3. If no other agreement has been expressly reached, the Provider shall also be entitled to instruct expert staff or third parties to provide the services incumbent upon him. If active co-operation is required on the Customer’s part on another server, e.g. during the transfer of a webspace package or other data stored on the Provider’s server, the Customer shall provide such co-operation in accordance with the Provider’s instructions and within the stipulated time.
  • 4. The Provider can adapt its services to technical progress or to changes in the legal framework at any time. This includes the relocation of the services to another data center within the server location chosen by the Customer, or between the server locations if the Provider has been given the choice.
  • 5. If the services to be performed by the Provider also include the provision of a specific server, the Customer is only entitled to a device with the performance features from the category ordered. The hardware as well as features that do not influence the performance features are determined by the Provider at his own discretion. If fixed IP addresses are provided to the Customer in this context, the Provider reserves the right to change the IP address(es) assigned to the Customer if this should become necessary for technical or legal reasons. The Provider will inform the Customer of any changes, including changes to IP addresses in accordance with subsection 5.

3. Obligations of The Customer

  • 1. The Customer informs the Provider at least of the following data upon conclusion of the contract:
  • a. Name and postal address, email address, and telephone number of the Customer, consumer or entrepreneur status,
  • b. Name, postal address, email address, telephone number, and fax number of the technical contact for the domain,
  • c. Name, postal address, email address and telephone and fax number of the administrative contact for the domain,
  • d. and, if the Customer provides his own name server: additionally, the IP addresses of the primary and secondary name server, including the names of these servers.
  • 2. The Customer ensures that the data provided by him to the Provider is correct and complete. This applies in particular to the indication whether the Customer is a consumer or a business customer. The Provider expressly points out that this information is subject to legal consequences and that cases of incorrectness may result in claims for damages.
  • 3. The Customer undertakes to inform the Provider immediately about changes of the provided data and to confirm the current correctness within seven (7) days upon receipt of a corresponding request from the Provider.
  • 4. The Customer is obliged to make proper data back-ups on a regular basis. This also applies if special security measures have been agreed upon by the parties.

4. Payment Conditions

  • 1. If no other agreement has been reached, the Provider shall be entitled to demand payment in advance for all services ordered by the Customer for the respective period. The Provider can make his service dependent on the first receipt of payment.
  • 2. Should the Provider be commissioned by the Customer to provide services that exceed the duties and responsibilities detailed in these Terms and Conditions and in the service description (e.g. software-configuration, correction of errors or problems, etc., that were not caused by the Provider) the Provider shall be entitled to demand adequate remuneration. In this case, a standard payment according to the price list of the Provider shall apply.
  • 3. The Provider can adjust the prices at any time according to market developments. A price increase requires the consent of the Customer. Consent is deemed to have been given unless the Customer objects to the price increase within 4 weeks of receipt of the notification of change. The Provider undertakes to inform the Customer of the consequences of a failure to object with the notification of change.
  • 4. Payments made by the Customer shall not be refunded except in the case of an effective revocation, in which case, however, the conditions of 5 paras. 5 shall apply. Should the Customer have paid an amount to the Provider, the amount of which exceeds the payment amounts due up to the end of the contract term and owed by him for the services ordered by him up to that point, it is agreed that the remaining amount does not expire, but that it is used – instead of a refund – as a credit for the provision of further / new services, which the Customer can order from the Provider at any time.
  • 5. If the Customer chooses the payment method “direct debit” or a payment option of a payment service provider (e.g. PayPal or Skrill), he hereby agrees that any amounts resulting from the services of the Provider will be debited from his account. These monetary amounts can be:
  • a. set-up fee
  • b. package/server/housing/bandwidth charge
  • c. domain costs
  • d. costs due to additional traffic used
  • e. other costs incurred by the services provided by the Provider, such as technical support
  • 6. In the case of return debit notes for which the Customer is responsible, the Provider charges a return debit note fee according to the current price list unless the Customer proves that no damage at all or a lower amount has been incurred.
  • 7. In the case of a failed direct debit, the Customer is generally in default on the day of the failure. If the Customer is in default of payment, the Provider reserves the right to charge the Customer for default costs if these costs were culpably caused by the Customer. This includes interest on arrears at the statutory rate as well as the costs of appropriate legal action, in particular reminder and collection charges, court fees, and lawyers’ fees. Furthermore, the Provider has the right to interrupt the service contract until full payment has been received. This interruption can also be accompanied by a new allocation of services that are cost-intensive for the Provider and that have been used by the defaulting Customer up to now. In this case, a loss of data cannot be ruled out, for example in the context of a server reallocation to new Customers. For the reactivation of a server or a webspace package, one-time fees according to the current price list shall become due.
  • 8. The provisions set out in paragraphs (6) and (7) shall also apply in the event of default of payment if the Customer has chosen a payment method via a payment service provider.
  • 9. Insofar as a contract has been concluded with the Customer without any obligation to pay in advance or if other services subject to payment are provided by the Provider which are not covered by the above provisions, all fees are due for payment fourteen (14) days after the invoice is issued without deduction, plus statutory VAT where applicable.

5. Contract Period, Withdrawal, Termination

  • 1. Unless otherwise agreed between the parties, all web hosting packages (“webspace”) and colocation services and domains offered by the Provider (BestHosting) assume a minimum service period of twelve months with an automatic extension of the agreement for twelve months. All dedicated server packages and VPS packages offered by the Provider (BestHosting) assume a minimum service period selected by the Customer when placing the order with an automatic extension of the contract and the corresponding services for the minimum service period chosen by the Customer. Once the payment which had been made by the Customer in advance for the agreed term has expired the contract is automatically terminated.
  • 2. Terminations have to be made by the Customer by using the BestHosting – customer login (, alternatively, they have to be communicated to the Provider in text form (e.g. telefax or email).
  • 3. The right to terminate for good cause remains unaffected to either party. An important reason for termination shall in any case exist if the Customer is in default with a payment obligation despite a reminder or culpably violates the regulations in §§ 2, 3, 6, and 7.
  • 4. The termination of the agreements between the Provider and the Customer has no influence on the registration of an internet domain and the corresponding contract concluded with the registration authority. As far as the Customer wants to cancel the registration contract, this has to be declared explicitly to the Provider.
  • 5. In the event that the Customer is a consumer within the meaning of 13 BGB and exercises his right of revocation, the following shall apply:
  • Revocation Policy
  • Right of Withdrawal
  • You have the right to revoke this contract within fourteen days without giving reasons. The revocation period is fourteen days from the date of conclusion of the contract. To exercise your right of revocation, you must send us a clear declaration (e.g. an email or call) to BestHosting about your decision to revoke the contract. You can use the following sample revocation form, which is not mandatory. In order to comply with the revocation period, it is sufficient to send the declaration about your decision to revoke before the end of the revocation period.
  • Consequences of Revocation
  • If you revoke this contract, we shall refund to you all payments we have received from you without delay and at the latest within fourteen days of the day on which we receive notification of your revocation of the contract. We will use the same means of payment for the repayment as you used for the original transaction unless expressly agreed otherwise with you. If you have requested that the services should commence during the cancellation period, you shall pay us a reasonable amount corresponding to the proportion of the services already provided by the time you inform us of the exercise of the right of cancellation in respect of the contract compared with the total amount of services provided for in the contract. This is true in particular for the yearly costs of ordering Internet domains. The reason for this is that these Internet domains are ordered individually according to the customer’s wish from the responsible registry and such orders have to be paid by the provider for one year in advance. This is why advances rendered by the customer will be withheld, in general. Due to the installation and start of operation of the hosting services ordered by the customer (setup and configuration of the webspace or server, the domain or the colocation space as well as the Internet uplink required, setup of upgrades, etc.), which the provider is contractually obligated to perform, the provider explicitly reserves the right to demand appropriate compensation for lost value if the costs for the services rendered by the provider in relation to the total services intended for the contract are not covered by advances made by the customer.

6. Third-party Rights

    • 1. The Customer expressly assures that the provision or publication of web page content created either by himself and/or web pages created for him by the Provider based on information provided by the Customer neither infringes German law nor any other law applicable in the Customer’s country of residence, in particular copyright, data protection, and competition law. Furthermore, the Customer assures that the contents provided or published by him/her are not contrary to common decency, do not contain pornographic or obscene material, incite racial hatred, violate human dignity, endanger children or adolescents, or are insulting or discriminatory. This also applies to websites of third parties to which the Customer creates a link or has a link created.
    • 2. If the Provider is requested by third parties to change or delete contents of web pages because they allegedly violate third party rights, the Provider will immediately inform the Customer and request a statement. If the Customer does not respond within a reasonable period of time or if the statement does not sufficiently refute the accusation, the Provider reserves the right to block server access until the matter has been clarified. In this case, the Provider is also entitled to block webspace packages or servers or to exclude them in another suitable way from access by third parties. The Customer’s payment obligations remain unaffected in this case
    • 3. The subsections above are also applicable for all other products offered by the Provider which are suitable for publishing data, such as VPS or colocated server.

7. Industrial Property Rights, Copyrights

    • 1. All rights to the services of the Provider made available during the term of the contract, specifically software, know-how, trademarks, or other industrial property rights remain expressly and unrestrictedly with the Provider. During the term of the contract, the Customer is entitled to a non-transferable, non-licensable right of use within the scope of the agreed services. This also applies in the event that Customer-specific adaptations have been made.
    • 2. Insofar as the agreed services require the use of industrial property rights or copyrights of third parties, their provisions shall apply additionally in any case. This also applies to open source software; the Provider shall make the conditions of such software available to the Customer upon request.
    • 3. In any case, the provisions pursuant to 17 and 18 of these terms and conditions apply.

8. Internet Domains

      • 1. Should domain registration or domain hosting form part of the services offered to the Customer, the Provider shall act only in the capacity of mediator between the Customer, DENIC, InterNIC, or other domain registration authority. Agreements with such organizations only create rights and obligations for the Customer. In this case, all terms and conditions of the respective registrar shall also become part of the contract without this requiring a separate agreement.
      • 2. The Provider has no influence on the allocation of domain names. He therefore cannot warrant that the registered domain names are not subject to claims by third parties or that they are unique or permanent. This also applies to sub-domains allocated within the Provider’s domain.
      • 3. If the Customer should be requested by a third party to surrender a domain because it may infringe third party rights, he shall inform the Provider immediately. In such cases, the Provider shall be entitled to surrender the Internet domain on behalf of the Customer.
      • 4. If the Customer wishes to terminate a domain registration, he must notify the Provider in writing at least three months before the end of the registration period. If this notification is omitted, the registration will continue according to the regulations of the registry.
      • 5. In the event of termination of the contract with the Provider, for any reason, the Customer is obliged to ensure that the domain is moved in good time. If this does not take place, the Provider can transfer the administration of the domain to the registry or, after requesting a statement from the Customer, cancel it if no Customer reply is received.

9. E-Mail & Newsgroups

  • 1. If the provision of e-mail addresses or e-mail services forms part of the services offered by the Provider, the limitations set out in § 8 (2) shall apply analogously to e-mail addresses provided for the Customer. The Provider reserves the right to delete the Customer’s e-mail messages if they are not retrieved from the mail server within four (4) weeks of receipt.
  • 2. If a provision of access to public discussion forums (newsgroups) forms part of the services offered by the Provider the time period over which public news is stored shall depend upon operational considerations of the Provider.
  • 3. The Provider shall not be responsible for the e-mail addresses he provides; their use and management are outside the control of the Provider. In the case of misuse, the Provider shall be entitled to suspend all or individual e-mail addresses. The Customer shall be informed immediately about such measures.

10. Limitation Regarding Content

  • 1. For webspace-packages, the following applies: The Customer must ensure that his web site is designed such that the server is not excessively loaded, e.g. caused by CGI/PHP scripts requiring considerable computing power or above-average memory usage. Excessive loading shall be defined as such usage of the aforementioned resources such that the operation of a BestHosting server is noticeably impaired or even crashes. The Provider reserves the right to prohibit Customers or third parties from accessing pages that do not comply with the aforementioned requirements.
  • 2. If no other agreement has been reached, the following content is forbidden:
  • a. Unsolicited bulk messages (spam e-mails) or web pages that are connected in some way with spamming,
  • b. All scripts and applications that may impair and/or disrupt the function of the server
  • 3. For dedicated, colocated, and virtual server, the following applies: If no other agreement has been reached, the following content is forbidden:
  • a. Unsolicited bulk messages (spam e-mails) or web pages that are connected in some way with spamming,
  • b. IRCd, the service for Internet Relay Chat,
  • c. All other scripts and applications that may impair and/or disrupt the function of the server or other server
  • 4. Should clause 1 or 2 be applicable, the Provider reserves the right to immediately suspend the webspace package or server? This course of action will also be implemented should other sites stored on the server or other servers within the network of the Provider be affected by the Customer’s site or server. The Customer shall be informed about any such suspension.
  • 5. The Provider reserves the right to immediately suspend any server or webspace package on which any kind of proxy service, such as VPN or TOR, is operated, for which the Provider has knowledge of abuse or fraudulent or unlawful use.
  • 6. In case of such a suspension, solely the Customer, not the Provider shall be accountable for infringements of contracts. In any case, the Provider’s claim of payment of remuneration remains, for the entire contract period.

11. Server-Administration

  • The following applies for server offers (like dedicated, colocated and virtual server):
  • 1. The Provider concedes complete and sole administration-rights on rented/colocated server to the Customer. Only the Customer knows the individual administration-password of the server, not the Provider. The Provider is therefore unable to administrate the rented/colocated server. Hence the Customer is solely and entirely responsible for the administration and security of his server, at his own expenses and risks. It is his duty to install necessary security-software and to inform himself constantly regarding security issues as well as to fix such by himself. Installation of maintenance software or other software does not absolve the Customer from this duty. It is the Customer’s duty to configure his programs in such a way that they are restarted automatically when the hardware or the operating system is restarted. 2 (5) applies.
  • 2. If necessary and reasonable, the Customer will assist at simple configuration changes, such as entering the login-data anew, or simple changes of his systems.

12. Performance & Service Level Commitments

  • 1. The Provider guarantees an annual mean 95%-availability of the physical connection of his webspace packages, dedicated, colocated, and virtual server. Exempted hereof are periods of time in which the server are not reachable over the internet due to technical or other problems which do not lie within the Provider’s sphere of influence (force majeure, faults of third parties or of the Customer) and for previously announced maintenance work of the Provider.
  • 2. The server located in the datacenters of the Provider is connected to the internet over a complex network infrastructure. Data traffic is routed over different active and passive network components (routers, switches, and other devices), which have a certain maximum data throughput. Therefore, data throughput capacities can be limited for a particular server at particular points and not be equal to the maximum allowed data throughput of the respective switch-port. Unless otherwise agreed, the Provider cannot give a guarantee for the amount of actually available bandwidth for an individual server, but makes available bandwidth depending on the technical capability of the data center, taking into account obligations towards other customers.
  • 3. Customers can use the server of the Provider or own colocated server for an incalculable number of different applications and use various software programs for this purpose at their own discretion. Therefore, millions of different configurations are possible. The wide range of possible applications makes it impossible for the Provider to guarantee the usability and compatibility of the server regarding specific applications.
  • 4. Except for the specifications made in the service description, the Provider cannot guarantee specific server resources being available for individual webspace packages and VPS. Rather, the Provider makes available resources depending on the technical possibilities, taking into account obligations towards other customers.

13. Data Protection

  • 1. The Provider renders its services in conformity with the EU regulation 2016/679 (General Data Protection Regulation; GDPR), with the German Federal Data Protection Act (BDSG) and the data protection laws of the states (Lander) as well as with the German Telemedia Act (TMG).
  • 2. The Provider collects, processes and uses personal data of a Customer without prior permission insofar they are required for the contractual substantiation and processing as well as for accounting purposes. Other provisions for the processing and the protection of personal data on the part of the Provider are stated in the Privacy Policy for the contractual relationship.
  • 3. To the extent that further personal data is processed via the services of the Provider on behalf of the Customer and this qualifies as data processing, the Provider is a processor as defined in Art. 28 GDPR. For this purpose, the parties conclude the agreement for the processing of data attached as Annex 1; if the processing is performed in a data center outside the EU, the provisions in accordance with Annex 3 additionally apply.
  • 4. The Provider expressly points out that the protection of data privacy for data transmission across open networks such as the Internet cannot be fully guaranteed with current technology. The Customer is aware that the Provider technically might be able to see the data stored by the Customer on his server at any time. This depends on the ordered hosting product. Other unauthorized Internet users may also be technically able to interfere with network security and control the flow of messages.

14. Liability, Limitation of Liability, Force Majeure

  • 1. The Provider is liable for damages grossly negligently or intentionally caused by him or his vicarious agents (third parties pursuant to § 278 of the German Civil Code – BGB) as provided by law.
  • 2. In cases of violation of essential contractual obligations (essential are those contractual obligations which are essential for the performance of the agreed services so that the Customer can regularly rely on their provision) caused by slight negligence which lead to financial losses liability shall be limited to a liability insurance procured by the Provider (with regard to the amount of damages) and to predictable, imminent losses (with regard to the nature of damages). In all other respects liability is excluded.
  • 3. The limitations of liability stated above do not concern claims of the Customer regarding product liability and especially do not apply for damage caused to the Customer’s health, or loss of life, fraudulent misrepresentation, or the violation of a guarantee or warranted quality attributable to the Provider.
  • 4. The liability regulations of § 44a TKG (Telecommunications Act) remain unaffected, to the extent that it is applicable.

15. Indemnity

  • The Customer indemnifies the Provider against all possible third-party claims arising from any illegal action by the Customer or from errors in the information provided by the latter. This applies in particular to copyright, data protection, and competition law violations as well as violations of the obligations under 6, 7, 8, and 9 of the Terms and Conditions. BestHosting shall not be obliged to check the Customer’s websites for possible legal violations.

16. Applicable Law, Place of Jurisdiction

  • 1. The law of the Federal Republic of Germany exclusively applies, excluding the provisions of private international law and the Convention on International Sale of Goods (CISG).
  • 2. Any dispute resulting from this agreement shall be referred solely to a court of competent jurisdiction at the place of business of the Provider, unless the Customer is a consumer.

17. Final Provisions

  • 1. All communications by the Provider may be sent to the Customer by electronic means. This also applies to invoices sent for services provided under the agreement.
  • 2. The Customer may only set off claims against the Provider if the entitlement is recognized by the Provider or confirmed by a final judgment.
  • 3. The Provider is authorized to list the Customer as a reference-Customer without being obliged to pay a refund.
  • 4. The Provider has the right to change the subject terms of this contract as long as the changes are reasonable, taking into account the interests of the Provider. The consent of the Customer with such amendments shall be deemed to be given if he does not dissent within 4 weeks after receipt of the message informing him about the change. The Provider is obliged to inform the Customer about the repercussions of not dissenting within 4 weeks.
  • 5. Should one or more provisions of these General Terms and Conditions be or become invalid or unenforceable, the validity of the remaining provisions shall not be affected. In this case, the parties will agree on a change that corresponds to what was actually and economically intended. The same applies in case of a contractual gap.
  • 6. We are not obliged to participate in dispute settlement proceedings before a consumer arbitration board and we have chosen not to do so. The link to the platform for online dispute resolution of the European Commission can be found on our website under the imprint (”company details”).

18. Licensing Terms for Microsoft Products

    • 1. Provided that the Customer has selected a Microsoft software product (e.g. Windows Server, SQL Server, etc.) for installation on his server, the current provisions of the “Microsoft Service Provider Use Rights” (SPUR) and the “End User License Terms” (EULT) which apply within the context of the Microsoft “Service Provider License Agreement” to the Provider shall additionally apply if the Customer is able to influence the use of the software or could infringe the provisions through use of the software. The Customer thus agrees to comply with the corresponding provisions and is responsible for observing them correctly. These provisions may result in the Customer’s possibility to use licenses acquired elsewhere with the server of the Provider being restricted or entirely removed.
    • 2. The Provider will supply a license for all Customer orders of Microsoft software products considering the Microsoft Service Provider License Agreement. This license allows the monthly use of the Microsoft software product on the server and limits its utilization permission with regard to some aspects. The Customer particularly must not use Microsoft products that require additional or other licenses according to SPUR or EULT. The Customer is obligated to comply with all these provisions on his own and is liable for violations against this usage policy to the Provider and Microsoft.

19. Special Terms for Colocation/Housing/Bandwidth Offers

The following applies additionally if colocation-/housing-/bandwidth-offers are subject of the contract:

  • 1. The Provider is obliged to enable a connection to the internet and a storing position for the server according to the respective product description.
  • 2. The Provider does not provide any guarantee for hardware damage which can result, for example, from transport to the datacenter, back to the Customer or during going concern.
  • 3. The Provider grants the Customer access to his server-system during the office-times published on the homepage of the Provider in order to allow the Customer to work on the server-system. This requires, however, a written request which has to be addressed to the support-department of the Provider, at least 48 hours in advance. To access the server-system, the ID Card of the Customer or a statement of authority signed by the Customer is necessary. During the Customer’s presence in the datacenter, the Provider has to fulfill various duties of supervision and control. Since this requires the attendance of the Provider’s personnel, a fee will be charged according to the price list valid at that time per started hour according to the price list valid at that time. With prior agreement, the Provider can abstain from this at his sole discretion. If the appointment is not kept, the Customer has to cancel it at least 2 hours in advance (if during office hours) or at least 12 hours in advance (if outside of office hours). If there is no cancellation within the stated time periods and the appointment is not kept, the Customer will be billed according to the price list valid at that time.
  • 4. Reboots are provided for free by the Provider at the Customer’s request unless stated otherwise in the product description and unless the number of reboots per month does not create disproportional effort.
  • 5. Other technical support services are not included with the offer. If the help of a technician is required, costs according to the price list per started 15 minutes incur.
  • 6. The Provider guarantees the following specifications regarding the availability of peripherals (air conditioning, electricity):
  • a. The data floor, on which the server are located, is equipped with sufficient air conditioning and electricity,
  • b. The Provider is responsible for correct and adequate maintenance of technical devices of the datafloor in order to guarantee going concern,
  • c. In case of an outage / non-availability of electricity, UPS or air conditioning, the Provider will immediately, at the latest during the next working day, undertake all measures necessary to restore going concern
  • 7. Claims resulting from operational outage of peripherals (air conditioning, electricity) can only be asserted in case of violation of the guarantees mentioned in clause 6 up to the monthly amount for the colocated server and only if the outage has been lasting for over 72 hours (continuously, without breaks). If financial losses are claimed, these have to be substantiated and will be redeemed after verification up to an amount of € 500.00.
    In case of an bandwidth-outage such claims are only valid if the guarantees regarding bandwidth made in § 12 (1) are undercut.
  • 8. The Provider does not assume liability for damage or loss of data.
  • 9. The Customer is responsible that the colocated equipment is flawless so that no negative impact for other devices can emanate from it.
  • 10. The Customer is liable for possible damages emanating from the server and is responsible for an adequate insurance.
  • 11. If the Provider intends to move to a different server location, the Provider informs the Customer immediately, at least one month in advance. Each party has a special termination right and can cancel the performances specified in this contract that are provided in the location which will change using written form. The termination will come into effect on the day the location is about to change. Given that the Provider has informed the Customer accordingly and neither party has made use of their special termination right, the contract continues unchanged at the new location. This subsection does not apply if the reason for the change of the location is a termination without notice of the rental agreement between the Provider and his lessor. In this case, only the following subsection (12) applies.
  • 12. The Customer is aware of the fact that the Provider himself has to rent the datafloor. If this contract concerns the housing and bandwidth provided in the datacenter, the contract concerning this performance ends automatically at the point of time when the rental agreement between the Provider and his lessor ends by means of an instant dismissal and the Provider has been unable to find a suitable new location. The Provider will inform the Customer immediately. Other agreements remain unaffected.
  • 13. If the server of the Customer needs more electricity or space than specified in the chosen offer, additional housing-modules are needed – when only noticed later, this change will be retroactive. The number and price of the required additional modules are specified in the price list of the Provider.
  • 14. The Provider reserves the right to adjust the price for housing accordingly to an increase of rental- additional and electricity-expenses, under the following conditions:
  • a. The Customer is informed immediately about such a change,
  • b. The increase takes place solely in order to pass the costs mentioned above and without any surcharge,
  • c. The change takes place at the same point of time the increase takes place,
  • d. The Customer has a special cancellation right for bandwidth and housing in the affected datacenter: He can cancel affected subscriptions within three months upon receipt of the message informing him about the change. This special cancellation right is valid during the mentioned three months-period. If it is not used, the contract continues under the adjusted conditions
  • 15. The Customer agrees to the fact that the Provider opens the case of the colocated server and adds a ‘Web Resetter’ to the reset-pin of the mainboard. Using this device, the Provider is able to restart the server of the Customer at any time if the Customer requests it. Furthermore, the Customer is able to reboot the server himself using the aforementioned device if he orders the necessary upgrade. In case the server is returned to the Customer, the Provider will remove the ‘Web Resetter’ again.
  • 16. The Customer is aware of and agrees to the fact that the Provider publishes (Live-)video material and static pictures of his datacenter and that these videos/images might picture equipment or server of the Customer.
  • 17. If the Customer is in delay of payment for any performance between him and the Provider, the Provider has the right to keep the server and/or equipment of the Customer in his possession until payment is made in full.
  • 18. The Customer grants the Provider a lien on colocated server and other equipment to back claims resulting from the contract between the Provider and the Customer. The lien only expires once all debt resulting from the contract between the Provider and the Customer has been paid and the contract has ended. Starting with the inception of treaty, the Customer has to inform the Provider immediately should the server not be or cease to be his property, be pledged or assigned. If the Customer is entitled to other rights to the colocated server, especially expectant right, he assigns these to the Provider in order to back debts resulting from the contract between the Provider and the Customer.
  • 19. The lien and the contractual lien can also be asserted for claims resulting from former services or other claims.
  • 20. If the Provider exercises his lien, it shall suffice to send a written notice to the last known address of the Customer. No further notice is required.
  • 21. Legal liens are unaffected by these terms.
  • 22. If the Customer does not retrieve his server / other equipment within four weeks after the contract has ended, the Provider will stock the items for a fee according to the price list.

Annex 1: Data Processing Agreement

1. Preamble

  • This agreement is concluded between the Provider (BestHosting; below also named „supplier“) and the Customer (below also named „client“; together named „contracting parties“) in addition to the existing main contract which is based upon the Customer’s order and the Provider’s general terms and conditions. In case the Provider has to process personal data for which the Customer is responsible according to regulation 2016/679 (General Data Protection Regulation; GDPR) while fulfilling his duties arising from the main contract, the contracting parties precautionary conclude the following agreement for the processing of data corresponding to Article 28 Paragraph 9 GDPR in order to substantiate the mutual rights and duties in case of a possible data processing by the Provider.

2. Subject Matter & Duration of The Contract

  • The subject matter and the duration of the contract result from the current service description and the general terms and conditions in force at the time of placing the order.

3. Specification of The Contract Details

  • 1. Nature and purpose of the processing of personal data by the supplier for the Customer are precisely defined in the current service description and the general terms and conditions in force at the time of placing the order.
  • 2. The undertaking of the contractually agreed processing of data shall be carried out exclusively within a member state of the European Union (EU) or within a member state of the European Economic Area (EEA). Each and every transfer of data to a state which is not a member state of either the EU or the EEA requires the prior agreement of the Customer and shall only occur if the specific conditions of Article 44 et seq. GDPR has been fulfilled. When ordering, the Customer has the option to choose between the server locations USA or EU or to leave the decision to the Provider. Consent to processing in a third country is granted unless the Customer chooses the EU server location when ordering.
  • 3. The subject matter of the processing of personal data comprises the following data categories:
  • a. Personal master data (key personal data), e.g. name, address
  • b. Company data, e.g. employees, addresses, bank details, tax data
  • c. Contact data, e.g. telephone, e-mail
  • d. Key contract data, e.g. server data, login data
  • e. Customer logs, e.g. login history, used IP-addresses
  • f. Process data, e.g. e-mail tickets, network disturbances
  • g. Customer history
  • h. Contract billing and payments data
  • i. Disclosed information, e.g. credit reference agencies or from public directories
  • 4. The categories of data subjects comprise employees and freelancers of the client as well as his customers, potential customers, website visitors, suppliers, and other persons whose personal data have been stored on his servers.

4. Technical & Organizational Measures

    • 1. The contracting parties agree upon the technical and organizational measures constituted in Annex 2.
    • 2. The supplier shall establish the security in accordance with Article 28 Paragraph 3 Point c, and Article 32 GDPR in particular in conjunction with Article 5 Paragraph 1, and Paragraph 2 GDPR. The measures to be taken are measures of data security and measures that guarantee a protection level appropriate to the risk concerning confidentiality, integrity, availability, and resilience of the systems. The state of the art, implementation costs, the nature, scope, and purposes of the processing, as well as the probability of occurrence and the severity of the risk to the rights and freedoms of natural persons within the meaning of Article 32 Paragraph 1 GDPR, must be taken into account. [details in Annex 2]
    • 3. The technical and organizational measures are subject to technical progress and further development. In this respect, it is permissible for the supplier to implement alternative adequate measures. In so doing, the security level of the defined measures must not be reduced. Substantial changes must be documented.

5. Rectification, Restriction & Erasure of Data

    • The supplier may not on its own authority rectify, erase or restrict the processing of data that is being processed on behalf of the Customer but only on documented instructions from the Customer. Insofar as a data subject contacts the supplier directly concerning a rectification, erasure, or restriction of processing, the supplier will immediately forward the data subject’s request to the Customer.

6. Quality Assurance & Other Duties of The Supplier

    • In addition to complying with the rules set out in this contract, the supplier shall comply with the statutory requirements referred to in Articles 28 to 33 GDPR; accordingly, the supplier ensures, in particular, compliance with the following requirements:
    • 1. Appointed Data Protection Officer, who performs his/her duties in compliance with Articles 38 and 39 GDPR. His / her current contact details are always available and easily accessible on the website of the supplier.
    • 2. Confidentiality in accordance with Article 28 Paragraph 3 Sentence 2 Point b, Articles 29 and 32 Paragraph 4 GDPR. The supplier entrusts only such employees with the data processing outlined in this contract who have been bound to confidentiality and have previously been familiarized with the data protection provisions relevant to their work. The supplier and any person acting under its authority who has access to personal data, shall not process that data unless on instructions from the Customer, which includes the powers granted in this contract, unless required to do so by law.
    • 3. Implementation of and compliance with all technical and organizational measures necessary for this order or contract in accordance with Article 28 Paragraph 3 Sentence 2 Point c, Article 32 GDPR [details in Annex 2].
    • 4. The Customer and the supplier shall cooperate, on request, with the supervisory authority in performance of its tasks.
    • 5. The Customer shall be informed immediately of any inspections and measures conducted by the supervisory authority, insofar as they relate to this contract. This also applies insofar as the supplier is under investigation or is party to an investigation by a competent authority in connection with infringements to any civil or criminal law, or administrative rule or regulation regarding the processing of personal data in connection with the processing of this contract.
    • 6. Insofar as the Customer is subject to an inspection by the supervisory authority, an administrative or summary offence or criminal procedure, a liability claim by a data subject or by a third party or any other claim in connection with the contract data processing by the supplier, the supplier shall make every effort to support the Customer.
    • 7. The supplier shall periodically review the internal processes and the technical and organizational measures to ensure that processing within his area of responsibility is in accordance with the requirements of applicable data protection law and the protection of the rights of the data subject.
    • 8. Verifiability of the technical and organisational measures conducted by the Customer as part of the Customer’s supervisory powers referred to in item VIII of this contract.

7. Subcontracting

  • 1. Subcontracting for the purpose of this agreement is to be understood as meaning services that relate directly to the provision of the principal service. This does not include ancillary services, such as telecommunication services, postal / transport services, maintenance, and user support services or the disposal of data carriers, as well as other measures to ensure the confidentiality, availability, integrity, and resilience of the hardware and software of data processing equipment. The supplier shall, however, be obliged to make appropriate and legally binding contractual arrangements and take appropriate inspection measures to ensure the data protection and the data security of the Customer’s data, even in the case of outsourced ancillary services.
  • 2. In principle the Customer agrees that the supplier may contract with carefully selected subcontractors in accordance with a contractual agreement pursuant to Art. 28 Para. 2-4 GDPR. The supplier shall notify the Customer of such outsourcing to subcontractors in writing or in text form within a reasonable period of time in advance. Until the transferal of data, the Customer may object in writing or in text form to a subcontractor not listed under VII.3 for good cause. Good cause shall be deemed to exist in particular if there are serious doubts that the subcontractor can guarantee adequate protection of the data to be processed. In the event of such an objection, the contracting parties undertake to work towards an amicable settlement. In particular, the supplier shall disclose how the processing of data of the Customer or access to the infrastructure of the subcontractor can be excluded, while the supplier continues operations and provides the services. If no solution acceptable to the Customer is found within 4 weeks, the Customer shall have a special right of termination.
  • 3. The transfer of personal data from the Customer to the subcontractor and the subcontractor’s commencement of the data processing shall only be undertaken after compliance with all requirements has been achieved.
  • 4. If the subcontractor provides the agreed service outside the EU/EEA, the supplier shall ensure compliance with EU Data Protection Regulations by appropriate measures. These are listed in Annex 3.
  • 5. All contractual provisions in the contract chain shall be communicated to and agreed with each and every additional subcontractor.

8. Supervisory Powers of The Customer

    • 1. The Customer has the right, after consultation with the supplier and only during normal working hours without disturbing operations, to carry out inspections or to have them carried out by an auditor to be designated in each individual case. It has the right to convince itself of the compliance with this agreement by the supplier by means of random checks. The audits have to be announced to the supplier with a lead time of no less than 10 working days (Mon-Fri – not 24 and 31 December), in the case of a data security event of not less than 5 business days. The Customer must take proper due care in the course of the business process, as well as to keep the supplier’s business and business secrets. Any audits by a third party on behalf of Customers are subject to supplier’s prior written consent. If the Customer, with the supplier’s consent, contracts a third party to carry out the inspection, the Customer must obligate the third party to secrecy in writing, unless the third party is subject to a professional secrecy obligation. At the request of the supplier, the Customer shall immediately submit the obligation agreements with the third party to the supplier. The Customer may not contract any of the supplier’s competitors with the inspection.
    • 2. The supplier shall ensure that the Customer is able to verify compliance with the obligations of the supplier in accordance with Article 28 GDPR. The supplier undertakes to give the Customer the necessary information on request and, in particular, to demonstrate the execution of the technical and organizational measures.
    • 3. The supplier will claim remuneration for enabling Customer inspections.

9. Communication in The Case of Infringements by The Supplier

  • 1. The supplier shall assist the Customer in complying with the obligations concerning the security of personal data, reporting requirements for data breaches, data protection impact assessments and prior consultations, referred to in Articles 32 to 36 of the GDPR. These include:
  • a. Ensuring an appropriate level of protection through technical and organizational measures that take into account the circumstances and purposes of the processing as well as the projected probability and severity of a possible infringement of the law as a result of security vulnerabilities and that enable an immediate detection of relevant infringement events.
  • b. The obligation to report a personal data breach immediately to the Customer.
  • c. The duty to assist the Customer with regard to the client’s obligation to provide information to the data subject concerned and to immediately provide the Customer with all relevant information in this regard.
  • d. Supporting the Customer with its data protection impact assessment.
  • e. Supporting the Customer with regard to prior consultation of the supervisory authority.
  • 2. The supplier will claim compensation for support services which are not included in the description of the services and which are not attributable to failures on the part of the supplier.

10. Authority of The Customer to Issue Instructions

  • 1. The Customer shall immediately confirm oral instructions (at the minimum in text form).
  • 2. The supplier shall inform the Customer immediately if he considers that an instruction violates Data Protection Regulations. The supplier shall then be entitled to suspend the execution of the relevant instructions until the Customer confirms or changes them.

11. Deletion & Return of Personal Data

  • 1. Copies or duplicates of the data shall never be created without the knowledge of the Customer, with the exception of back-up copies as far as they are necessary to ensure orderly data processing, as well as data required to meet regulatory requirements to retain data.
  • 2. After the conclusion of the contracted work, or earlier upon request by the Customer, at the latest upon the termination of the main contract, the supplier shall destroy all documents, processing and utilization results, and data sets related to the contract that has come into its possession, in a data-protection compliant manner. The same applies to any and all connected test, waste, redundant, and discarded material. The log of the destruction or deletion shall be provided on request.
  • 3. Documentation which is used to demonstrate orderly data processing in accordance with the contract shall be stored beyond the contract duration by the supplier in accordance with the respective retention periods. It may hand such documentation over to the Customer at the end of the contract duration to relieve the supplier of this contractual obligation.

12. Term of This Agreement/Termination

    • 1. The term and termination of this agreement shall be governed by the terms of the term and termination of the main contract. A termination of the main contract automatically results in a termination of this agreement. An isolated termination of this agreement is excluded. A termination for important reasons remains unaffected.
    • 2. Termination requires the written form to be effective.

13. Final Clauses

  • 1. The court of jurisdiction for all disputes arising from this agreement shall be Munich.
  • 2. German law shall apply to this agreement, with the exclusion of international private law.
  • 3. Changes and additions to this agreement and all of its components – including any warranties of supplier – require a written agreement and the explicit reference to the fact that they constitute amendments or supplements to these terms. This also applies to waive the requirement for making such changes in writing.
  • 4. The Customer as well as each user agrees that the supplier may send system or product relevant information by e-mail. This consent can be revoked at any time.
  • 5. Should individual provisions of this agreement be or become invalid in whole or in part, the validity of the remaining provisions shall remain unaffected thereby. The contracting parties undertake, in this case, to replace the invalid provision with an effective provision which comes as close as possible to the economic purpose of the invalid provision. The same applies to any gaps in this agreement.