General Terms and Conditions

cadooz GmbH General Terms and Conditions for the sale of gift card products and non-cash rewards (as of September 2024) 

cadooz GmbH (“CADOOZ”) General Terms and Conditions (“GT&Cs”) for the sale of gift card products and non-cash rewards to business customers are composed of five parts. 

  • The General Terms and Conditions relating to the sale of gift card products and non-cash rewards (part 1) apply generally for the sale of gift card products and non-cash rewards to the COMPANY. 
  • If CADOOZ distributes to the COMPANY THIRD-PARTY GIFT CARDS (part 2).
  • If CADOOZ sells EmployeeChoice vouchers to the COMPANY, the Special Conditions for the Sale of EmployeeChoice vouchers (part 3) shall also apply.
  • If CADOOZ sells Amazon gift cards to the COMPANY, the special conditions for the sale of Amazon gift cards (part 4) also apply. 
  • If CADOOZ sells Spotify gift cards to the COMPANY, the special conditions for the sale of Spotify gift cards (part 5) also apply. 
  • If the COMPANY transfers personal data to CADOOZ because gift card products or non-cash rewards are to be sent to third parties at the instruction of the COMPANY, the agreement relating to commissioned data processing (part 6) applies in this regard.   
 

Part 1: General Terms and Conditions for the Distribution of Gift Card Products and Non-Cash Rewards 

1. Scope 

1.1       These General Terms and Conditions apply for the distribution of gift card products and non-cash rewards (“REWARDS”) to the COMPANY by CADOOZ. 

1.2    The GT&Cs apply exclusively with respect to natural or legal persons, or partnerships with legal capacity, acting in the course of their commercial or independent professional activity (“COMPANY”). 

1.3       Contracts are concluded exclusively subject to the application of the GT&Cs. Deviating or supplementary terms and conditions shall only apply where these have been accepted by CADOOZ in written form. 

2. Conclusion of Contract

2.1       The contract with the COMPANY comes into effect when CADOOZ accepts the quote given in the COMPANY’s order.

2.2       In the case of orders relating to the Incentive Mall, the following applies: The presentation of REWARDS in the Incentive Mall does not constitute a legally binding offer on the part of CADOOZ. The COMPANY’s entries are displayed in an order overview before the order is made binding and can be corrected by the COMPANY at that stage by pressing the “Back” button. A binding order for the REWARDS contained in the shopping cart will only be submitted by the COMPANY when it clicks the “Commit to placing order” button. Receipt of the order will be confirmed to the COMPANY immediately by email and will include contract acceptance. CADOOZ stores the contract text and sends you the order data and GT&Cs by email. The contract language English.

2.3       In case of orders via the CADOOZ business order API (“API”) v1.6.0., the following applies: The presentation of REWARDS via the “getAvailableProducts” request in the API does not constitute a binding offer by CADOOZ. By executing the “createOrder request” the COMPANY makes an offer to conclude a purchase contract for the ordered REWARDS. CADOOZ either accepts the offer of the COMPANY via sending of an order confirmation or through the dispatch of the ordered REWARDS. For the COMPANY, the acceptance by CADOOZ is evident from the order status on the basis of “PROCESSING” status in the API.


3.
Sale of Gift Card Products

3.1    If a purchase contract comes into effect between CADOOZ and the COMPANY or the COMPANY and a THIRD-PARTY PROVIDER, CADOOZ is obliged to deliver the ordered gift card products to the COMPANY. Gift card products are delivered in electronic or physical form in accordance with the order.

3.2    CADOOZ reserves the right to amend the ordered gift card values for one and the same gift card product while retaining the overall nominal amount, provided that the amendment does not result in a reduction of the total number of gift card products and the affected gift card products are redeemable on an accumulated basis. Otherwise, an amendment will only be made following advance coordination with the COMPANY. 

3.3       Gift card products issued by CADOOZ such as BestChoice, DriversChoice, DirectChoice or MovieChoice (“UNIVERSAL GIFT CARDS”) embody a right granted by CADOOZ to receive services. The respective CADOOZ conditions of redemption apply. The entitlement to receive services embodied by a UNIVERSAL GIFT CARD is valid for a period of three years starting from the end of the year in which CADOOZ grants the respective entitlement to receive services to the COMPANY or a third party named by the COMPANY. Once this period expires, the UNIVERSAL GIFT CARD can no longer be redeemed. 

3.4       Gift card products that are issued by providers other than CADOOZ (“THIRD-PARTY PROVIDER”) and which CADOOZ procures in the buy-sell model (“ORIGINAL GIFT CARDS”) and gift card products that are issued by THIRD-PARTY PROVIDER and which CADOOZ procures in the agency model (“THIRD-PARTY GIFT CARDS”) embody an entitlement to receive services, which is granted by the respective THIRD-PARTY PROVIDER. The entitlement embodied by the ORIGINAL GIFT CARD and the THIRD-PARTY GIFT CARD is subject to the redemption terms of the THIRD-PARTY PROVIDER (including any preclusive periods for the redemption of the ORIGINAL GIFT CARD or the THIRD-PARTY GIFT CARD). When ORIGINAL GIFT CARDS or THIRD-PARTY GIFTS CARDS are redeemed, CADOOZ is neither obligated to perform the services for the COMPANY nor is CADOOZ liable for proper performance of the services by the THIRD-PARTY PROVIDER. 

3.5    Payments in the context of the acquisition of the CharityChoice are not donations as defined by tax law. A donation receipt is not issued. 

3.6    The reimbursement of payments made for unredeemed gift card products is ruled out.

4. Sale of Non-Cash Rewards 

4.1    If a purchase contract comes into effect between CADOOZ and the COMPANY, CADOOZ is obliged to deliver the ordered non-cash rewards to the COMPANY. 

4.2    The COMPANY shall only have warranty rights if the COMPANY has properly fulfilled its duty to inspection and objection. Identifiable defects must be communicated to CADOOZ in written form within two weeks of receipt of the non-cash rewards. If defects arise that could not have been identified despite careful checking, these must be reported immediately upon their discovery. 

4.3   Subsequent performance in the scope of the warranty is restricted to the delivery of flawless non-cash rewards. If subsequent performance fails, the COMPANY – regardless of any claims to compensation – shall be entitled to decide to declare rescission or demand a corresponding reduction in the purchase price. 

4.4    Defect-related claims to which the COMPANY is entitled shall become time-bound after the expiry of one year following delivery of the non-cash rewards.

5. Delivery, Transfer of Risk, Retention of Ownership, Right of Retention 

5.1    CADOOZ shall dispatch the ordered physical gift card products and the non-cash rewards. The risk of accidental destruction or accidental deterioration passes to the COMPANY upon delivery of the physical gift card products or non-cash rewards to the person assigned to undertake dispatch. CADOOZ shall only conclude an insurance policy for the event that the physical gift card products or non-cash rewards are lost or damaged during transit at the express request and at the expense of the COMPANY.

5.2       CADOOZ shall make the ordered electronic gift card products available to the COMPANY in electronic form, or – if agreed – send these to the COMPANY electronically. The risk of accidental destruction or accidental deterioration passes to the COMPANY upon provision of the electronic products and – in the case of the gift card products being sent – at the point that they are sent.

5.3       If a bulk order (dispatch is made collectively to your company address or several company addresses) of gift cards is not made via the cadooz Incentive Mall (business customer order portal) or the cadooz API, the gift card recipient will be provided with the electronic gift cards on a digital platform for retrieval. The gift card recipient receives an email with a link to the platform. The gift cards are protected by a password on this platform. The gift card recipient will be sent the password by SMS to the mobile phone number provided in the order within the delivery address. The Contracting Party is aware that in the event that no mobile phone number of the gift card recipient can be provided, the password for retrieving the gift cards will also be sent to the gift card recipient by e-mail. The Contracting Party shall bear the possible security risk due to the resulting lack of 2-factor authentication (e-mail address and mobile phone number).     

5.4   If agreed, CADOOZ shall undertake dispatch and/or provision of the REWARDS to third parties at the instruction of the COMPANY. For this event, the COMPANY provides assurance that all the legal requirements for proper dispatch of the REWARDS are fulfilled with respect to the third parties. 

5.5       CADOOZ retains ownership of the delivered non-cash rewards until full payment of all claims against the COMPANY arising from the contract and proceeding orders (“OUTSTANDING CLAIM”). 

5.6    Until full payment of the OUTSTANDING CLAIM, CADOOZ is entitled to refuse the redemption of the delivered UNIVERSAL GIFT CARDS. 

5.7       After delivery the validity of the gift card products cannot be extended, suspended or cancelled.

6. Changes of the Software

6.1.     CADOOZ reserves the right to disable versions of the software of the Incentive Mall or the API provided by CADOOZ, which are not up-to-date, three months after the announcement of a new version.

6.2.     The COMPANY agrees that CADOOZ can adjust the provided platforms for optimization of use, design and functional adjustments without the approval of the COMPANY. This applies in particular to adjustments that must be made due to legal requirements.


7. Obligations of the COMPANY

7.1    If the COMPANY uses the Incentive Mall for its orders, the COMPANY must ensure that no unauthorized persons gain knowledge of its log-in details.  

7.2    Without advance written approval from CADOOZ, the COMPANY shall not be entitled to resell acquired REWARDS, or to pass them on to third parties for the purposes of selling. The COMPANY shall not be entitled to use gift card products acquired from CADOOZ to procure goods and services for their own operational needs. In the event of a breach of this section 7.2. by the COMPANY, the COMPANY shall be obliged to indemnify CADOOZ against any claims for damages by a third party and to refund any costs of legal action. 

7.3    If gift card products are produced in accordance with drawings, patterns, or other templates (“TEMPLATES”) specified by the COMPANY, it is solely the COMPANY’s obligation to review whether this breaches intellectual property rights of third parties. If the use of the COMPANY’S TEMPLATES results in a breach of intellectual property rights, the COMPANY shall be obliged to release CADOOZ from all third-party claims to compensation, and to reimburse any costs of prosecution, insofar as CADOOZ considers this necessary based on the relevant circumstances. 

7.4    The clarification of the fiscal handling of gift card products is the responsibility of the COMPANY. Reimbursement of any additional tax charges by CADOOZ is ruled out. 

7.5    The COMPANY shall be obliged to only use the latest version of its web browser for ordering via the Incentive Mall or via the API.

7.6    Unilateral declarations by the COMPANY (e.g., arrears letters, setting of deadlines, and declarations of rescission), must be in written form in order to be effective.

8. Prices and Payment Conditions

8.1    Fees such as purchase prices, dispatch and handling costs, and service fees are subject to the statutory VAT. 

8.2    The fee to be paid becomes due for payment upon receipt of the invoice. 

8.3    Unless otherwise agreed, the COMPANY is obliged to make payment in advance. The ordered REWARDS are delivered following full payment of the fee due. 

8.4    The COMPANY is only entitled to offsetting in respect of counterclaims that have been determined without further legal recourse, or those that are undisputed.

9.  Liability 

9.1    CADOOZ is fully liable to the COMPANY in cases of willful misconduct or gross negligence. Where other types of negligent conduct have taken place, CADOOZ can only be held liable for

  • personal injury,
  • damage for which CADOOZ is liable according to binding provisions of law (in particular, the German Product Liability Act [Produkthaftungsgesetz]) and
  • damage arising from a breach of material contractual duties, breach of which jeopardizes achievement of the purpose of this contract, or performance of which makes proper performance of this contract possible in the first place and which the contracting party ordinarily has reason to trust will be performed (“CARDINAL DUTIES”). 

9.2       If CARDINAL DUTIES are breached, then CADOOZ’s liability in cases of simple negligence is limited to types of damage that are typical of this kind of contract and that were foreseeable at the time the contract was concluded. 

9.3       CADOOZ regularly inspects its IT systems as well as its incoming and outgoing emails for viruses. Should viruses infect systems despite such inspections, CADOOZ accepts no liability for this. 

10. Confidentiality and Data Protection 

10.1    The COMPANY and CADOOZ commit to maintain confidentiality in relation to any business and trade secrets and other facts that are subject to confidentiality, which become known to them in the context of executing and concluding the contract. CADOOZ is entitled to inform the content providers how many gift cards and at what face value CADOOZ is selling to the contractual partner.

10.2    The COMPANY and CADOOZ commit to complying with the legal provisions relating to data protection. CADOOZ processes or uses personal data exclusively for commissioned processing. Use for purposes beyond this takes place only in as far as the data subject has provided their consent, or where there are legal circumstances requiring an exception. Details on data protection at CADOOZ can be found in the data protection statement.

10.3    If the COMPANY transfers personal data to CADOOZ so that CADOOZ can send these directly to third parties at the instruction of the COMPANY, CADOOZ shall process these personal data, bound by instruction, as the data processor commissioned by the COMPANY in accordance with the commissioned data processing agreement governed in part 3 of these GT&Cs. 

11. Applicable Law and Jurisdiction 

11.1.    German law applies exclusively and to the exclusion of the United Nations Convention on Contracts for the International Sale of Goods. 

11.2    The place of jurisdiction for all legal disputes in the relationship between CADOOZ and the COMPANY is Hamburg. 

 

 

Part 2: Special Terms and Conditions for the Distribution of THIRD-PARTY GIFT CARDS

1. Scope of the Special Terms and Conditions

1.1.     These special terms and conditions for the distribution of THIRD-PARTY GIFT CARDS (“THIRD-PARTY TERMS”) contain additional conditions that apply exclusively to the distribution of THIRD-PARTY GIFT CARDS to the COMPANY.

1.2.     In the event of any conflict, the THIRD-PARTY TERMS shall take precedence within their scope of application over the other agreements of these GT&C.

2. Conclusion of Contract

CADOOZ is entitled to negotiate contracts between the THIRD-PARTY PROVIDER and the COMPANY for the purchase of THIRD-PARTY GIFT CARDS on behalf and for the account of the THIRD-PARTY PROVIDER. If the COMPANY orders a THIRD-PARTY GIFT CARD, a purchase contract is concluded between the COMPANY and the THIRD-PARTY PROVIDER.

3. Product Structure of THIRD-PARTY GIFT CARDS

The COMPANY shall be obliged to comply with the terms and conditions stipulated by a THIRD-PARTY PROVIDER, insofar as these are provided to the COMPANY in text form.

Part 3: Special Terms and Conditions for the Sale of EmployeeChoice Vouchers


1. Scope of Appliation

1.1       These special terms and conditions for the sale of EmployeeChoice vouchers (“EMPLOYEECHOICE TERMS”) contain additional terms and conditions that apply exclusively to the sale by CADOOZ to the COMPANY of EmployeeChoice vouchers (“EMPLOYEECHOICE”) and voucher credits to top up the EMPLOYEECHOICE.

1.2        In the event of any conflict, the EMPLOYEECHOICE TERMS take precedence within their scope of application over the other provisions of these General Terms and Conditions.

2. Product Structure of EMPLOYEECHOICE

2.1       EMPLOYEECHOICE is issued by CADOOZ and represents a right to receive goods from the CADOOZ product range up to the value of the credit balance on the voucher. EMPLOYEECHOICE may not be exchanged for money. The EMPLOYEECHOICE contains a voucher code to which a credit balance is assigned in the CADOOZ IT system.

2.2       The right represented by the EMPLOYEECHOICE is valid for three years from the end of the year in which CADOOZ grants the right to the COMPANY or to a third party designated by it. No right exists to redeem the EMPLOYEECHOICE after this date.

2.3       The EMPLOYEECHOICE may only be redeemed with CADOOZ. The EMPLOYEECHOICE may not be redeemed with third parties to receive goods or services.

2.4       The CADOOZ product range available for the redemption of EMPLOYEECHOICE consists of a limited number of goods. The goods may be physical prizes or vouchers from selected voucher partners (hereafter known as “PRODUCTRANGE VOUCHERS”).

2.5       Surrogates for money, such as foreign currencies and financial instruments, do not form part of the product range available for the redemption of EMPLOYEECHOICE.

2.6       The EMPLOYEECHOICE may not be used to withdraw cash from third parties, for example at a bank ATM. CADOOZ will also not redeem voucher credits for cash. This also applies to any residual amounts. The EMPLOYEECHOICE may not be used to transfer money to third parties. The EMPLOYEECHOICE may not be pledged or used as a general payment instrument. In particular, the EMPLOYEECHOICE has no IBAN.

3. Product Variants

3.1       The EMPLOYEECHOICE is available as a top-up voucher and a non-top-up voucher. Both the top-up and the non-top-up EMPLOYEECHOICE are available in both a physical form, i.e. as a voucher card, and in a DIN long/A4 format, and in electronic form.

3.2       EMPLOYEECHOICE is available in various product variants, such as EMPLOYEECHOICE Classic, EMPLOYEECHOICE Premium, EMPLOYEECHOICE Plus and 7 category vouchers (e.g., EMPLOYEECHOICE Style & Beauty). The product variants differ in the range of their available products. On request, CADOOZ will provide the COMPANY with the exact composition of the product range for the different product variants.

4. Recharge of the top-up EMPLOYEECHOICE 

4.1       When the COMPANY buys voucher credits for the top-up EMPLOYEECHOICE, CADOOZ applies the voucher credits to the top-up EMPLOYEECHOICE determined by the COMPANY.

4.2       Top-up EMPLOYEECHOICE may not be recharged by anyone other than the COMPANY, particularly not by an employee.

5. No Tax Advice

5.1       CADOOZ does not provide the COMPANY with legal or tax advice. If the COMPANY uses the EMPLOYEECHOICE to grant benefits in kind, the COMPANY should consult its tax advisors beforehand to determine whether the conditions under tax law have been met.

Part 4: Special Conditions for the Sale of Amazon Gift Cards

1.Scope of the Amazon special conditions

1.1       These Amazon special conditions (“AMAZON SPECIAL CONDITIONS”) contain additional provisions that apply solely to sales of AMAZON GIFT CARDS to the COMPANY by CADOOZ. 

1.2       In the event of any contradiction in the provisions, the AMAZON SPECIAL CONDITIONS – insofar as they apply – shall take precedence over all other agreements in these GT&Cs. 

2. Definitions

With regard to the AMAZON SPECIAL CONDITIONS, the terms specified below have the following meanings:

Amazon” refers to Amazon EU S.à r.l. which has its registered office in Luxembourg.

Amazon Trademarks” refers to the Amazon.de trademark, logo and associated tagline described in the TERMS OF TRADEMARK USE together with all other trademarks and logos used by AMAZON and its AFFILIATES that are placed at the COMPANY’s disposal by AMAZON, either in writing or through the BRAND USE PORTAL.

Amazon Materials” refers to the TERMS OF REDEMPTION, the TERMS OF FULFILLMENT, the Amazon trademarks, all other user manuals, training materials, product descriptions, specifications, brochures, technical manuals, guidelines, requirements, documents, supporting materials and all other information irrespective of its format that is delivered to the COMPANY or placed at the COMPANY’s disposal by AMAZON or its AFFILIATES.

Amazon Website(s)” refers to the website at www.amazon.de and certain other websites that are operated by or the property of AMAZON or its AFFILIATES and are mentioned from time to time on Amazon.de; they also include any legal successors or substitute websites.

Conditions of Use” refers to all requirements specified in section 3 (Distribution) and section 5 (Redemption of GIFT CADS).

Terms of Redemption” refers to the terms that apply when redeeming GIFT CARDS, and these can be accessed at www.amazon.de/gc-legal.

Redemption Value” refers to the value at which a GIFT CARD CODE can be redeemed.

Recipient” refers to a person (not the COMPANY) designated by CADOOZ or the COMPANY as the recipient of a GIFT CARD.

Intellectual Property” refers to all patents, copyrights, trademarks, trade presentations, rights to trade names or business secrets, and all other intellectual property rights and other protective rights.

Applicable Law” refers to all applicable laws, statutes, decrees, regulations, ordinances and resolutions passed by a state, federal, municipal or local government authority.

Territory” refers collectively to Germany, Austria, Luxembourg, Poland and the Netherlands.

Business Day” refers to any day other than Saturday, Sunday or any other day on which the banks in the respective TERRITORY are customarily closed.

GIFT CARD CODE” refers to the unique code issued by AMAZON for use in a GIFT CARD that can be redeemed on the AMAZON WEBSITES at the corresponding REDEMPTION VALUE as specified in the TERMS OF REDEMPTION.

GIFT CARD” refers to any electronic or physical medium on which the GIFT CARD CODE is specified.

Terms of Trademark Use” refers to the current versions of all regulations and guidelines for promoting the sale of GIFT CARDS and for using the AMAZON TRADEMARKS, including the terms specified in the BRAND USE PORTAL, each of which may be amended by AMAZON at its discretion.

Brand use portal” refers to the website at www.amazon.de/corpgcbrand.

Security Incident” refers to the acquisition or generation of a GIFT CARD or GIFT CARD CODE by means of fraud, subterfuge, violating data security, abuse of an account, or any other illegal means.

Affiliate”, in respect of any natural or legal person (including each of the two Parties), refers to any other natural or legal person that is directly or indirectly controlled by the first natural or legal person, is under its control, or is consequently under joint control.

3. Distribution 

3.1       The COMPANY may use GIFT CARDS for the purpose of incentive, loyalty, allegiance, bonus or gift programs for employees or customers. GIFT CARDS and/or GIFT CARD CODES may only be sold with the prior consent of AMAZON, which must be obtained through CADOOZ. 

3.2       The BRAND USE PORTAL contains an approved logo and binding requirements with regard to delivery texts (“TERMS OF FULFILLMENT”). The COMPANY must comply with the TERMS OF FULFILLMENT when sending GIFT CARDS to RECIPIENTS. Whenever a corresponding written request is received from AMAZON, the COMPANY must ensure that any electronic usage or reproduction of the TERMS OF FULFILLMENT is updated within 3 BUSINESS DAYS of receipt and that all preprinted or physical materials containing the TERMS OF FULFILLMENT are updated within 30 days of receipt.

3.3       The COMPANY must obtain AMAZON’s prior written approval of all advertising and other materials created in connection with the advertising or distribution of GIFT CARDS by the COMPANY (including the design of the GIFT CARDS and any use of AMAZON TRADEMARKS) (“PLACEMENTS”). This approval must be obtained through CADOOZ. AMAZON is not responsible for the creation of PLACEMENTS; however, AMAZON shall put at the COMPANY’s disposal the AMAZON TRADEMARKS to be used in connection with the PLACEMENTS. All PLACEMENTS and uses of the AMAZON TRADEMARKS must comply with the TERMS OF TRADEMARK USE.

3.4       In accordance with the TERMS OF TRADEMARK USE, the COMPANY may not indicate that AMAZON is sponsoring any use of the GIFT CARD CODES as incentives or for advertising or other purposes.

3.5       The COMPANY may not use the GIFT CARDS for speculative electronic messages or for other unsolicited messages sent electronically, by phone, or physically.

3.6       The COMPANY may not use the AMAZON TRADEMARK to disparage AMAZON, its products, services or partners in any way which, solely in the opinion of AMAZON, could compromise or otherwise damage AMAZON’s business reputation.

3.7       The COMPANY may not charge fees or permit fees to be charged in connection with the use or distribution of the GIFT CARDS. The COMPANY may not misrepresent the REDEMPTION VALUE of any GIFT CARD CODE or sell a GIFT CARD CODE at a price higher than its REDEMPTION VALUE.

3.8       The COMPANY is forbidden from crediting GIFT CARD CODES to its own account in order to purchase goods or services from the AMAZON WEBSITES.

3.9       If the COMPANY is participating in the AMAZON Sites Associates Program, the COMPANY is not authorized to sell or redeem GIFT CARDS through this program, to suggest this to RECIPIENTS, or to invite RECIPIENTS to use or redeem GIFT CARDS through this program.

4. Other Obligations Associated with Distribution 

4.1       The COMPANY herewith acknowledges that AMAZON provides no advice on legal matters or compliance and that the COMPANY itself is responsible for analyzing its own legal and regulatory obligations and determining whether its planned use of the GIFT CARD CODES fulfills these obligations. Any support AMAZON provides to the COMPANY shall in no way limit the COMPANY’s responsibilities and obligations as set forth in this agreement.

4.2       The COMPANY must post or provide clear, recognizable contact information for all customer service queries relating to the sale and delivery of GIFT CARDS. The COMPANY may make no assurances in the name or with reference to AMAZON or its AFFILIATES. The COMPANY may only refer customers to the customer service provided by the AMAZON WEBSITE(S) in the case of matters relating to the redemption of GIFT CARDS.

4.3       Insofar as the COMPANY offers GIFT CARDS or similar instruments as part of incentive, loyalty, allegiance, bonus or gift programs for employees or customers, it shall also undertake to offer the GIFT CARDS in the context of these programs. The COMPANY shall undertake to offer the GIFT CARDS in such a way that they are given top ranking in every resale channel or customer program. 

5. Redemption of Gift Cards 

5.1       All GIFT CARDS are subject to the TERMS OF REDEMPTION applicable at the time the GIFT CARDS were purchased by the COMPANY. 

5.2       AMAZON reserves the right to reject or to declare invalid any as-yet-unredeemed GIFT CARD or GIFT CARD CODE if a SECURITY INCIDENT has taken place. AMAZON is not obliged to fulfill obligations or compensate claims relating to these GIFT CARDS. 

5.3       AMAZON is not obliged to monitor GIFT CARDS or carry out investigations relating to these. 

5.4       AMAZON is not obliged to furnish the COMPANY with information regarding the use or redemption of a GIFT CARD or with any other customer information relating to a SECURITY INCIDENT or any other matter.

6. Prohibition on Addressing Target Groups

6.1       The COMPANY may not sell, lease or rent the information that a person is a RECIPIENT or that a RECIPIENT is an intentional user of the AMAZON WEBSITE(S) for any purpose, nor may it use this information for any kind of sales, sales promotion or advertising. 

6.2       The provisions in the previous paragraph shall not prevent the COMPANY from carrying out marketing activities based solely on information obtained or derived from activities that have no connection with the present Agreement.

7. Security of Information

7.1       The COMPANY must implement appropriate administrative, technical and other security measures that correspond with current “best practice” in the industry in order to protect the security and confidentiality of the GIFT CARDS and GIFT CARD CODES, the associated serial numbers, the COMPANY’s account data for the AMAZON WEBSITE, all Incentives API access data and all other information received or used by the COMPANY against risks or threats to their security and integrity and from unintentional loss, modification or disclosure.

7.2       Furthermore, following the distribution of the GIFT CARD CODES, the COMPANY must safely erase or remove these GIFT CARD CODES from all electronic and physical systems insofar as no legal provisions stipulate otherwise.

7.3       The COMPANY shall undertake to notify CADOOZ without delay if it suspects or discovers a SECURITY INCIDENT, so that CADOOZ can notify AMAZON accordingly.

8. Provision of Information

Upon receiving a corresponding request from AMAZON, the COMPANY shall undertake to provide all details relating to the distribution of the GIFT CARDS (e.g., payments, orders, PLACEMENTS, RECIPIENTS) that are required to monitor compliance with the AMAZON SPECIAL CONDITIONS within 10 BUSINESS DAYS; this undertaking shall apply for a period of 2 years following each order. The COMPANY is not obliged to disclose personal information relating to the RECIPIENTS. Conditions in customer agreements may also be removed as appropriate.

9. Sub-license Relating to the Use of AMAZON TRADEMARKS 

9.1       For the term of this Agreement, CADOOZ shall grant the COMPANY a fully paid, non-exclusive, non-transferable, non-sub-licensable, revocable, non-assignable right and restricted sub-license to reproduce and depict the AMAZON TRADEMARKS in PLACEMENTS or in the form of GIFT CARDS in compliance with the CONDITIONS OF USE in the respective TERRITORY. The COMPANY may not use the AMAZON TRADEMARKS except for the purposes expressly stipulated in this Agreement.

9.2       Neither CADOOZ nor AMAZON shall grant the COMPANY a license to use, reproduce, make available, represent or distribute the INTELLECTUAL PROPERTY of AMAZON and/or its AFFILIATES. AMAZON shall retain all rights to the AMAZON MATERIALS, its other INTELLECTUAL PROPERTY and the INTELLECTUAL PROPERTY of its AFFILIATES. Any goodwill that comes into being through the use of the AMAZON TRADEMARKS by the COMPANY shall benefit AMAZON, its AFFILIATES and its licensees only. 

9.3       If requested to do so by AMAZON, CADOOZ may revoke the above-mentioned sub-license or amend any prior authorization to use the AMAZON MATERIALS from time to time at its own discretion. The COMPANY must (a) harmonize its electronic or online use, representation and distribution of the AMAZON MATERIALS within 3 BUSINESS DAYS of being requested to do so by CADOOZ or AMAZON, and (b) update all preprinted or physical media that contain the AMAZON MATERIALS within 30 days of receiving due notification from CADOOZ or AMAZON. The COMPANY may be required to meet these obligations at an earlier time if required by any applicable legislation.

10. Liability, Reimbursement of Discounts

10.1    The COMPANY’s liability with regard to these AMAZON SPECIAL CONDITIONS is governed by law, whereby the COMPANY is liable for any fault on the part of its vicarious agents as for its own fault.

10.2    Should the COMPANY culpably violate its obligations as set forth in these AMAZON SPECIAL CONDITIONS, CADOOZ shall be entitled to demand the reimbursement of any discounts granted to the COMPANY on the face value of the GIFT CARDS distributed by the COMPANY in violation of the SPECIAL CONDITIONS. The provision specified above shall not affect any entitlements to compensation. The COMPANY may in particular be liable for compensation if CADOOZ has to pay substantial fines to AMAZON as the result of the COMPANY’s violation of the AMAZON SPECIAL CONDITIONS. 

11. Suspension of Deliveries

CADOOZ has the right to suspend GIFT CARD deliveries to the COMPANY if requested by AMAZON.

12. Miscellaneous

12.1    Insofar as this Supplementary Agreement forms the basis of rights in favor of AMAZON or its AFFILIATES, this constitutes a contract for the benefit of third parties within the meaning of Section 328 BGB (German Civil Code).

12.2    The COMPANY is not entitled to assign or transfer claims and obligations associated with these AMAZON SPECIAL CONDITIONS without the prior written consent of CADOOZ.

 

Part 5: Special Conditions for the Sale of Spotify Gift Cards

1. General

By purchasing the gift cards the Retailer or Corporate Client (“You”) accepts the following terms and conditions. Spotify may cancel or modify any order, including rendering already delivered gift cards null and void, in the event that You breach any of the terms and conditions hereunder.

The gift cards will only be redeemable during the time period as set out in Spotify’s online Gift Card Terms and Conditions applicable in the relevant territory where the end users reside.

The gift cards must be distributed to the end user within reasonable time from the delivery date, and in any event no later than 6 months before the expiry date of the gift card.

 

2. Information Obligations

You shall inform the end users that:

  • Their respective redemption of the gift cards and use of the Spotify Service is subject to Spotify’s online Gift Card Terms and Conditions and Spotify’s Terms and Conditions of Use, applicable in the relevant territory where the end users reside.
  • The gift cards are redeemable for full price standalone Premium subscription months only and cannot be redeemed for discounted or group subscriptions (such as student discounts, trial offers, Premium for families, or offers combining Premium with other companies’ products or services).
  • The gift cards cannot be redeemed for cash or credit and cannot be returned or resold (except where required by law). Provisions regarding the return of gift cards can be found at Spotify’s Terms and Conditions of Use.
  • In order to redeem the gift cards, the end users must have or register for a Spotify account in a country where the gift cards were bought and the end users need to be 18 years or older or meet the applicable age requirements for minors in the relevant territory where the end users reside (which can be found in Spotify’s Terms and Conditions of Use).
  • The gift cards are single-use cards: the full face-value for an individual account is deducted at redemption and no incremental redemption or credit is permitted.

You shall inform CADOOZ in writing about the intended use of the gift cards. If the use of the gift cards deviates from the use as informed to CADOOZ, Spotify has the right to render any gift cards null and void without any liability towards You. The supply of gift cards to You is non-refundable. You agree that You shall abide by any changes reasonably requested by Spotify and shall otherwise adhere to any policies provided by Spotify with respect to the use of its “Brand Features” (meaning any trademarks, service marks or logos of Spotify containing the word SPOTIFY or any other trademarks, or brand features registered or used by Spotify from time to time), the “Promotional Features” (meaning any marketing, advertising, and promotional materials used in connection with Your use of the gift cards), or the gift cards, including but not limited to the Spotify Brand Guidelines set out at https://developer.spotify.com/design/.

3. Obligations in Connection with Distribution

You are not allowed to, without the prior written approval from Spotify_

  • in any way offer or distribute the gift cards alongside or as part of another product or service offering, or any other type of product or service bundling,
  • resell any gift card,
  • make any gift card part of a public offering of any kind,
  • make gift cards available for any other use than personal use,
  • associate Spotify, its Brand Features or any gift cards with any activities or third party companies that violate any applicable laws or is otherwise reasonably objectionable (including but not limited to tobacco, illegal or recreational drugs or paraphernalia, online prescription pharmacies, pornography or other sexually explicit content, firearms, explosives, unauthorized ticket sales, counterfeit, fake or bootleg products, deceptive or fraudulent offers, products or services that directly or indirectly infringe intellectual property laws, payday loans or work from home schemes, alcohol, online dating services, gambling and games of skill, lotteries, contraceptives, political advertising, weight loss, dietary and herbal supplements, products or services that compete with any Spotify product or service, financial services, insurance and religion or religious causes).

4. EXCLUSION OF WARRANTIES/LIMITATION OF LIABILITY

THE SPOTIFY SERVICE IS PROVIDED “AS IS” AND SPOTIFY MAKES NO WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS OF THE SERVICE FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL SPOTIFY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATED TO THESE TERMS AND CONDITIONS, INCLUDING, WITHOUT LIMITATION, ANY FAILURE TO REDEEM A GIFT CARD, EVEN IF SUCH DAMAGES ARE FORESEEABLE AND/OR PREVENTABLE AND WHETHER OR NOT SPOTIFY HAS BEEN ADVISED OF THE POSSIBILITY THEREOF.

Part 6: Commissioned Data Processing Agreement between the COMPANY (the Controller) and CADOOZ (the Processor)

1. General

1.1       The object of this data processing agreement (“CDPA”) is the processing of personal data in connection with the direct delivery of REWARDS to a third party at the instruction the COMPANY; CADOOZ performs such processing for the COMPANY on the basis of the GT&Cs.

1.2       The CDPA contains a written request to carry out commissioned data processing within the meaning of Article 28(3) General Data Protection Regulation (“GDPR”) and specifies the rights and obligations incumbent on the Parties pursuant to the GDPR and the national data protection legislation insofar as CADOOZ processes personal data on behalf of the COMPANY. This Agreement shall apply to all activities associated with the GT&Cs during the course of which the employees of CADOOZ or third parties engaged by CADOOZ (“ADDITIONAL COMMISSIONED DATA PROCESSORS”) come into contact with the COMPANY’s personal data.

1.3       Each party shall fulfill the obligations incumbent on it pursuant to the data protection legislation to which it is subject.

2. Scope and Purpose of Processing

2.1       The data shall be processed solely for the purpose of rendering the contractual services specified in these GT&Cs.

2.2       The data subjects, categories of personal data, and purpose and scope of the commissioned data processing are described in Appendix 1.

2.3. The scope of those data categories specified in Appendix 1 that constitute the object of this CDPA may be supplemented or modified by the parties at any time; special provisions may likewise be expressly agreed in individual cases.

3. Obligations of the COMPANY

3.1       Within the framework of the CDPA, the COMPANY is the “Controller” within the meaning of Article 4(7) GDPR

3.2       The COMPANY alone is responsible for evaluating the lawfulness of the data processing activities pursuant to Article 6(1) GDPR and for upholding the rights of data subjects pursuant to Articles 12 to 22 GDPR. In particular, the COMPANY is responsible for fulfilling its statutory information and transparency obligations towards its end clients and, furthermore, for ensuring that there is a valid, effective legal basis (e.g., consent) for the processing of the COMPANY’s personal data. Should third parties assert claims against CADOOZ on the basis of its data processing activities, the COMPANY shall release CADOOZ from all such claims upon first request to do so. This shall not apply if CADOOZ has violated the CDPA and/or the applicable legislation by committing acts of willful intent or gross negligence.

3.3       The COMPANY is obliged to furnish CADOOZ with data of the necessary quality so that CADOOZ can render its services punctually; only the necessary amount of data may be provided.

3.4       The COMPANY has the right to issue additional instructions at any time. Should these additional instructions go beyond the contractual obligations arising from the GT&Cs, all necessary, reasonable additional costs shall be borne by the COMPANY; CADOOZ is entitled to request payment in advance. CADOOZ may refuse to carry out additional or modified data processing activities if these would significantly increase its workload or if the COMPANY refuses to pay in advance or reimburse additional costs.

3.5       The COMPANY shall notify CADOOZ without delay if it notices any errors or irregularities arising in connection with CADOOZ’s processing of the data. 

3.6       The COMPANY is bound to meet the obligations arising from Articles 33 and 34 GDPR with regard to the notification of the supervisory authorities and any persons affected in the event of a personal data breach.

4. Duties of CADOOZ

4.1       CADOOZ shall process the data solely within the framework of the agreements concluded and in accordance with the COMPANY’s documented instructions. The same applies to the transfer of personal data to a third country or an international organization unless CADOOZ is obliged to process these personal data. In such a case, CADOOZ shall inform the COMPANY of this legal obligation before processing the data unless the applicable law forbids this in the public interest.

4.2       CADOOZ shall notify the COMPANY without delay if it believes that an instruction given by the COMPANY violates applicable law. In such cases, CADOOZ shall be entitled to suspend the execution of the relevant instruction(s) until the instruction(s) is/are confirmed or modified by the COMPANY. 

4.3       CADOOZ shall guarantee that the persons authorized to process the personal data have been bound to secrecy or are subject to an appropriate statutory confidentiality obligation. Furthermore, all persons who are able to access the COMPANY’s personal data must be bound to secrecy and instructed on their data protection obligations. 

4.4       Pursuant to point (e) of Article 28(3) GDPR, CADOOZ shall, insofar as this is possible, assist the COMPANY with the implementation of suitable technical and organizational measures so that the COMPANY can fulfill its obligations with respect to the data subject pursuant to Chapter III GDPR, e.g. information regarding for the data subject and access for the data subject, the rectification or erasure of data, restrictions on processing, the right to data portability, and the right to object.

4.5       As specified in Article 28(1) GDPR, CADOOZ shall provide sufficient guarantees regarding the technical and organizational measures implemented in order to guarantee that the data is processed in compliance with the GDPR while upholding the data subject’s rights. CADOOZ shall implement suitable technical and organizational measures that meet the specifications in Article 32 GDPR in order to guarantee an appropriate level of protection against risk. 

4.6       CADOOZ shall refrain from transferring the data outside the European Economic Area without the COMPANY’s prior written consent unless it has taken the steps necessary to ensure that the transfer is affected in compliance with Articles 44 et seqq. GDPR.

4.7       The measures currently implemented by CADOOZ are described in Appendix 2 to this CDPA.  These technical and organizational measures are subject to technical advances and developments. CADOOZ is permitted to implement adequate alternative measures provided it is certain that the contractually agreed level of protection is maintained. Significant changes must be agreed with the COMPANY.

4.8       Pursuant to point (f) of Article 28(3) GDPR, CADOOZ shall cooperate with the performance of the data protection impact assessment specified in Article 35 GDPR and the prior consultation with the supervisory authorities specified in Article 36 GDPR.

4.9       CADOOZ is aware that the COMPANY is obliged to maintain extensive documentation of all breaches of the protection of personal data and, if applicable, to report these to the supervisory authorities and the data subject within 72 hours. If such breaches have occurred, CADOOZ shall assist the COMPANY with the fulfillment of its reporting obligations pursuant to point (f) of Article 28(3) GDPR.

5. Subcontracting Relationships with Subcontractors (ADDITIONAL COMMISSIONED DATA PROCESSORS)

5.1       The COMPANY gives its general consent to the engagement of subcontractors as ADDITIONAL COMMISSIONED DATA PROCESSORS within the meaning of the GDPR, provided that 

  • CADOOZ notifies the COMPANY in advance of any intended change with respect to the engagement of any ADDITIONAL COMMISSIONED DATA PROCESSOR or the replacement of an existing subcontractor;
  • CADOOZ enters into a written agreement with the subcontractor that ensures that the level of data protection is at least as high as the level specified in this CDPA;
  • the statutory provisions of Articles 44 et seqq. GDPR are complied with when subcontracting relationships are established with subcontractors that are not domiciled in Germany, a member state of the European Union, or another state that is a party to the Agreement on the European Economic Area (“third countries”).
  • CADOOZ remains responsible for any violations of this CDPA that are caused by actions (acts, tolerance or omissions) on the part of any commissioned subcontractor.

5.2       CADOOZ shall provide a list of the currently involved subcontractors on request. 

5.3       The COMPANY is entitled to object to the appointment or replacement of a future ADDITIONAL COMMISSIONED DATA PROCESSOR by CADOOZ before such a subcontractor is appointed or replaced if this objection is based on legitimate reasons related to data protection. In this case, CADOOZ shall either not appoint or replace its ADDITIONAL COMMISSIONED DATA PROCESSOR, or, if this is not possible, the COMPANY may suspend this CDPA or the main Agreement.

6. Supervisory Powers

6.1       The COMPANY has the right to monitor, at any time and to the extent necessary, CADOOZ’s and the ADDITIONAL COMMISSIONED DATA PROCESSORS’ compliance with the statutory data protection regulations and/or the contractual provisions agreed by the parties and/or the instructions given by the COMPANY. To this end, the COMPANY may (1) obtain voluntary information from CADOOZ and (2) request CADOOZ to submit an expert assessment testifying to CADOOZ’s compliance with the applicable data protection standards. Following a written request by CADOOZ, evidence that the applicable data protection standards (including but not limited to the technical and organizational measures specified in Appendix 2) are being complied with may be furnished by submitting the current audit report. Any disclosure of confidential information relating to internal security procedures is excluded. 

6.2       CADOOZ guarantees that upon receiving a written request, it shall (i) hold a meeting with the COMPANY’s security team to discuss any questions relating to data protection or data security that the COMPANY may have, or (ii) fill out a questionnaire provided by the COMPANY or a third party acting on the COMPANY’s behalf concerning CADOOZ’s compliance with the applicable data protection legislation, whereby CADOOZ is not obliged to disclose information that can be accurately classified as confidential information relating to CADOOZ’s business operations. This shall not affect the COMPANY’s rights pursuant to section 6.1.

6.3       Controlled attempts to penetrate the computer systems and networks of CADOOZ and/or its subcontractors with the aim of identifying any weak points (penetration test) shall constitute part of the annual audit of CADOOZ and its subcontractors. Any disclosure of confidential information relating to internal security procedures is ruled out.

7. Liability

7.1       If a data subject suffers damages as a result of the contractual data processing activities and the COMPANY is subsequently subject to claims for compensation, CADOOZ shall be liable to the COMPANY according to its share in the responsibility for the damage caused within the context of the internal relationship if 

  • CADOOZ culpably failed to meet the obligations incumbent on it as the commissioned data processor pursuant to this CDPA, the GDPR or other data protection legislation applicable to the contractual data processing activities, or
  • CADOOZ culpably failed to follow the instructions legally issued by the COMPANY or culpably acted in contravention of these instructions. 

7.2       If a data subject suffers damages as a result of the contractual data processing activities and CADOOZ is subsequently subject to claims for compensation although CADOOZ is not responsible for the damages, the COMPANY shall release CADOOZ from liability within the internal relationship. 

7.3       In other respects, the provisions in Article 82 GDPR shall apply.

8. Duration and Termination

8.1       This contract shall apply for as long as CADOOZ processes personal data on behalf of the COMPANY in accordance with this CDPA. 

8.2       When the CDPA is terminated, or on being requested to do so by the COMPANY, at the COMPANY’s discretion CADOOZ shall destroy all the data in its possession and under its control or return them to the controller. This provision shall not apply insofar as the applicable law requires CADOOZ to retain part or all of the personal data or relates to personal data that were archived on back-up systems and must be safely isolated and protected from any further processing unless this is required by law.

 

Appendix 1: OBJECT OF COMMISSIONED DATA PROCESSING

  1. Object of Commissioned Data Processing 

CADOOZ renders the following services that are the object of this commissioned data processing:

  • Direct delivery of gift card products and non-cash rewards to third parties in accordance with the COMPANY’s instructions 
  1. Types of Personal Data 

The following types/categories of data are the object of the contract processing activities:

  • Master personal data (name and address)
  • Communications data (e.g., phone number and email address)
  • Master contract data (contractual relationship, interest in products and/or a contract) 
  1. Categories of Data Subject 
  • Persons benefited by the COMPANY (such as end customers, employees of the COMPANY, suppliers and other contractual partners of the COMPANY)
 
 
 
 
 

Appendix 2: TECHNICAL AND ORGANIZATIONAL MEASURES (TOM)

The minimum technical and organizational measures designed to guarantee data protection and data security that must be implemented and continually maintained by CADOOZ are specified below. The objective is to guarantee in particular the confidentiality, integrity and availability of the information processed by CADOOZ.


1.
Pseudonymization and Encryption of Personal Data (point (a) of Article 32(1) GDPR)

             a) Pseudonymization 

The processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures.

Description of the measures taken:

The provision of the contractually agreed services (e.g., handling and processing of orders; support and other services) requires the processing of personal data. The purposes of the processing activity cannot be achieved by pseudonymization, i.e., without a direct reference to the person. 

             b) Encryption 

Use of procedures and algorithms that convert the content of personal data into a non-readable form using digital and/or electronic codes or keys. Symmetric or asymmetric encryption technology may be considered:

Description of the measures taken:

X Encryption of 

   Mobile data media

X Data media in laptops

   Data on data media

X Protection of data during electronic transfer

X Establishment of dedicated lines and/or VPN tunnels

X Disclosure of data in anonymized form (e.g., reports)

X Encrypted transfer (e.g., HTTPS, SSL, SSH, [algorithm], [number]-bit keys)

X Email encryption

X Encryption of data

2. Measures to Ensure the Confidentiality, Integrity, Availability and Reliability of the Systems (point (b) of Article 32(1) GDPR)

              a) Access control with respect to premises

Unauthorized persons must not be allowed access to data processing systems that are used to process or use data.

 

Description of the measures taken:

X Alarm system

X Securing of building shafts

X Automatic access control system

X Locking system with code locks

X Lockable cabinets

X for offices

X for the server room/rooms

X Video surveillance of access points

X Light barriers / motion sensors

X Security locks

X Access card rules

X Rules for visitors

X Identity check at the reception

X Logging of visitors / visitor log

X Obligation for visitors to carry a visitor badge

X Careful selection of cleaning staff

X Obligation for employees to carry a badge

Measures to protect the server room: 

X Security locks

X Automatic access control system

X Logging of visitors / service providers (e.g., providers of maintenance services)

              b) Access control with respect to systems 

Unauthorized persons must be prevented from using data processing systems. 

 

Description of the measures taken:

X Allocation of user access rights

X Creation of user profiles

X Password policy

X Automatic expiration of passwords after a certain period of time

X Password quality (special characters, length)

X Authentication with username / password

X Automatic locking of computers after a specified period of inactivity

X Automatic logout from programs after a specified period of inactivity

X Allocation of user profiles to IT systems

X Housing locks

X Use of VPN technology

X Blocking of external interfaces (USB, etc.), possibly approval management

X Use of intrusion detection systems

X Use of central smartphone administration software (e.g., for the remote erasure of data)

X Use of antivirus software

X Use of a hardware firewall

X Use of a software firewall

X Use of personal storage media is prohibited

            c) Access control with respect to specific data 

It must be ensured that the persons authorized to use a data processing system can only access data that they are authorized to access. There must be no way to read, copy, alter or remove personal data without authorization during their processing or use or after they have been recorded. 

 

Description of the measures taken:

X Authorization concept

X Management of rights by the system administrator

X Number of administrators reduced to the lowest possible number

X Logging of access to applications, in particular with respect to the input, alteration and erasure of data

X Logging of failed login attempts

X Secure storage of data media

X Physical erasure of data media before they are used again

X Proper destruction of data media by external service providers

X Use of document shredders and/or service providers (where possible with privacy seal accreditation)

X Logging of the destruction of data 

X Employees have been placed under the obligation to treat data as confidential and to comply with data protection regulations

            d) Separation control 

It must be possible to separately process data that were collected for different purposes.

 

Description of the measures taken:

X Physically separate storage on separate systems or data media

X Logical client separation (through software)

X Creation of an authorization concept

X Addition of purpose attributes / data fields to data sets          ? Definition of database rights

X Separation of operational and testing systems

            e) Disclosure control 

It must be ensured that personal data cannot be read, copied, altered or removed without authorization during their electronic transfer or during transport or while they are being recorded on data media. It must be possible to verify (including subsequently) to which bodies personal data is supposed to be transferred using data communication equipment.

 

Description of the measures taken:

X Documentation of the recipients of data 

X Rules for the safe and confidential decommissioning of devices containing data media (hardware) before they are passed on

X Logging (e.g., in the directory of processing activities)

                        X Email encryption

X Storage on SFTP server

             f) Input control 

It must be ensured that it is possible to subsequently verify and establish whether and by whom personal data was entered into, altered in, or removed from data processing systems.

 

Description of the measures taken:

X Transparent input, alteration and erasure of data

X by individual usernames (not user groups)

X Assignment of rights for the input, alteration and erasure of data based on an authorization concept

3. Availability Control and the Ability to Restore Access in a Timely Manner (point (c) of Article 32 GDPR)

Personal data must be protected against accidental destruction or loss.

 

Description of the measures taken:

X Uninterruptible power supply (UPS)

X Air conditioning in server rooms

X Devices to monitor the temperature and humidity in server rooms

X Surge protector power strips in server rooms

X Fire and smoke detection systems

X Fire extinguishers in server rooms

X Alarm signal in the event of unauthorized access to server rooms        ? Emergency plan (backup and recovery concept)

X Virus protection / firewall

X Storage of data backups at a secure, external location

4. Procedures for the Regular Review, Assessment and Evaluation of the Technical and Organizational Measures (point (d) of Article 32(1) GDPR; Article 25(1) GDPR)

            a) Assignment control

It must be ensured that personal data being processed on behalf of the COMPANY can only be processed in accordance with the COMPANY’s instructions.

Description of the measures taken:

X Selection of the ADDITIONAL COMMISSIONED DATA PROCESSORS based on due diligence criteria (in particular with respect to data security)

X Prior review and documentation of the security measures implemented within CADOOZ

X Written instructions to ADDITIONAL COMMISSIONED DATA PROCESSORS (e.g., by means of a data processing contract) within the meaning of Article 28 GDPR      

X CADOOZ has appointed a data protection officer

X Effective rights to inspect the ADDITIONAL COMMISSIONED PROCESSORS’ work have been agreed

            b) IT emergency management

X Emergency manual is available

X Responsibilities for responses and response times have been defined

            c) Data protection through technological design and “privacy by default” settings

X Selection of “privacy-friendly” technology in the procurement process

            d) Data protection management

X Appointment in writing of a data protection officer

X Monthly review of access rights by the IT security officer (Euronet Group)

X The data protection officer will be included in any data protection impact assessment

X Employees and data protection: GDPR training (on location) and the obligation to take regular WOMBAT security tests

X Employees have been placed under the obligation to treat data as confidential and to comply with data protection regulations

X Maintenance of directories of processing activities as specified in Article 30(1) GDPR 

Contact details for the data protection officer at CADOOZ GmbH:                                                      

Yago Amat Martinez

datenschutz@cadooz.de

GENERAL TERMS AND CONDITIONS FOR CONSUMERS (“YOU”)

1. Scope of Application / The Parties

1.1       These General Terms and Conditions of Business (“GTC”) apply to the redemption of your BestChoice ShoppingGiftCard or DriversChoice GasGiftCard against gift cards of cadooz’ merchants or rewards from the range of offers in the cadooz shop (“Rewards”).

1.2       Your purchase contract is concluded with cadooz GmbH, Osterbekstrasse 90b, 22083 Hamburg (“cadooz”), tel.: +49 40 271 482 – 0, fax: +49 40 271 482 – 11, email: service@cadooz.de, website: www.cadooz.com.

 

2. Conclusion of Contract

2.1       The contract is concluded if cadooz accepts the offer made in your order. The presentation of the rewards in the cadooz shop does not constitute a legally binding offer from cadooz. Only by clicking the “Buy” button do you submit a binding order for the Rewards contained in the shopping cart. The receipt of your order will be confirmed immediately by email, but this does not yet constitute acceptance of the contract. cadooz may accept your order by delivering the Rewards within 14 business days. However, in the event of payment by advance bank transfer, PayPal or express bank transfer, acceptance of the contract is provided by the confirmation of receipt of your order.

2.2       cadooz stores the text of the contract and sends you the order details and cadooz’ GTCs by email. You can also view, print out and save these GTCs at www.einloesen.de/agb.

 

3. Delivery Terms

3.1       Rewards are delivered ex warehouse to the delivery address provided by you. Depending on whether you have ordered physical gift cards or online gift cards, these will be sent to you by post or via email. The delivery period is up to 14 business days from the order date. The delivered Rewards remain the property of cadooz until payment has been made in full.

3.2       The respective merchants that provide their services on the basis of their own contract and subject to their own contractual terms and conditions are considered the issuer and debtor for the gift cards ordered by you. cadooz reserves the right to change the ordered gift card denominations in order to process the order promptly to your satisfaction. If the change leads to a reduction in the total number of gift cards, it will only be carried out after consultation with you.

3.3       If you have any complaints or general questions about ordering, please contact the cadooz Service Center. You can reach us by email at service@cadooz.de or at the following telephone number: +49 40 27 14 82-0 (Monday-Friday from 09:00 a.m. to 6:00 p.m.).

 

4. Payment Terms

4.1       All prices include the currently applicable VAT.

4.2       Payment is made for the ordered rewards by redeeming your BestChoice ShoppingGiftCard or DriversGiftCard. Any necessary additional payments are made at your discretion by credit card (MasterCard, Visa, American Express), by prepayment via bank transfer, by PayPal or by express bank transfer. In order to ensure that payment will be made due to a risk in the creditworthiness of the purchaser, cadooz reserves the right to exclude certain payment methods in individual cases.

4.3       Payment is due upon conclusion of the contract.

 

5. Information about the Existence or Non-Existence of a Right of Cancellation

If you are a consumer, you are entitled to a right of cancellation in accordance with the following provisions. If the contract relates to the delivery of goods, section 5.1 applies; if the contract relates to the delivery of digital content that is not on a physical data carrier, section 5.2 applies. Section 5.3 in conjunction with the appendix contains a standard cancellation form for you.

 

5.1       Cancellation notice (goods)

 

Right to cancellation

You have the right to cancel this contract within fourteen (14) days without giving reasons.

The time limit for cancellation amounts to fourteen (14) days from the date

  • on which you or a third party nominated by you who is not the carrier took possession of the goods, if you ordered one or more products as part of a single order and the product/products are delivered as a unit;
  • on which you or a third party nominated by you who is not the carrier took possession of the last product, if you ordered multiple products as part of a single order and the products are delivered separately.

In order to exercise your right of cancellation, you must notify us (cadooz GmbH, Osterbekstraße 90b, 22083 Hamburg, tel.: +49 40 271 482 – 0, fax: +49 40 271 482 – 11, email: rewarding@cadooz.de) by means of a clear declaration (e.g. a letter sent by post, fax or email) of your decision to cancel this contract. You can use the attached standard cancellation form for this purpose, although this is not a requirement.

In order to meet the deadline for cancellation, it is sufficient to send the notification that you are exercising the right of cancellation before the cancellation period expires.

 

Consequences of cancellation

If you cancel this contract, we shall repay all payments that we have received from you, including the delivery costs (with the exception of the additional costs resulting from your choice of a type of delivery other than the low-cost standard delivery offered by us) promptly and no later than within fourteen (14) days of the date on which we received the notification of your cancellation of this contract. For this repayment, we shall use the same payment method that you used for the original transaction, unless otherwise explicitly agreed with you. On no account will you be charged any fees for repayment. We can refuse the repayment until we have received the returned goods or until you have provided proof that you have sent the goods back, whichever occurs earlier.

You shall send or hand over the goods to us without delay, and in any event no later than fourteen (14) days from the date on which you notified us of the cancellation of this contract. The deadline is deemed to have been complied with if you dispatch the goods before expiry of the fourteen (14) day period. We shall bear the costs of the return shipment of the goods. You will only be liable for any loss of value of the goods if it is attributable to the handling of them in a way that was not necessary to examine their quality/characteristics, properties or functioning.

 

End of the cancellation notice

In the following cases you will no longer be able to cancel your contractual declaration:

The right of cancellation may prematurely expire in the case of contracts for the delivery of sealed goods that, for reasons related to health protection or hygiene, are not suitable to be returned if their seal has been removed after delivery.

The right of cancellation may prematurely expire in the case of contracts for the delivery of audio or video recordings or computer software in a sealed package if the seal has been removed after delivery.

 

5.2       Cancellation notice (digital content that is not delivered on a physical data carrier)

 

Right to cancellation

You have the right to cancel this contract within fourteen (14) days without giving reasons.

The notice period for cancellation is fourteen (14) days from the date of conclusion of the contract.

In order to exercise your right of cancellation, you must notify us (cadooz GmbH, Osterbekstraße 90b, 22083 Hamburg, tel.: +49 40 271 482 – 0, fax: +49 40 271 482 – 11, email: service@cadooz.de) by means of a clear declaration (e.g. a letter sent by post, fax or email) of your decision to cancel this contract. You can use the attached standard cancellation form for this purpose, although this is not a requirement.

In order to meet the deadline for cancellation, it is sufficient to send the notification that you are exercising the right of cancellation before the cancellation period expires.

 

Consequences of cancellation

If you cancel this contract, we shall repay all payments that we have received from you, including the delivery costs (with the exception of the additional costs resulting from your choice of a type of delivery other than the low-cost standard delivery offered by us) promptly and no later than within fourteen (14) days of the date on which we received the notification of your cancellation of this contract. For this repayment, we shall use the same payment method that you used for the original transaction, unless otherwise explicitly agreed with you. On no account will you be charged any fees for repayment.

 

End of the cancellation notice

In the following cases you will not be able to cancel your contractual declaration:

The right of cancellation will also expire for a contract on the delivery of digital content that is not on a physical data carrier if cadooz has begun to execute the contract after you have explicitly agreed to cadooz commencing performance of the contract before the end of the cancellation period and confirmed your awareness of the fact that, in giving your consent, you will lose your right of cancellation when the performance of the contract begins.

 

5.3       Standard cancellation form

If you would like to cancel the contract, you can use the standard cancellation form attached as an appendix to these GTCs.

 

6. Warranty/Liability

6.1       Statutory rights related to liability for defects apply to all rewards from the cadooz shop.

6.2       Furthermore, cadooz is liable with respect to you to the full extent for willful misconduct and gross negligence. For other negligent actions, cadooz is liable exclusively for:

  • personal injury,
  • losses for which cadooz must accept liability on the basis of mandatory statutory provisions (particularly the German Product Liability Act (Produkthaftungsgesetz)), and
  • losses due to a breach of key obligations that jeopardize the achievement of the objective of this contract and/or the fulfillment of which make the correct performance of this contract possible and upon which the party can generally rely (“Cardinal Obligations”).

In the event of a breach of any Cardinal Obligations, the liability of cadooz for simple negligence is limited to the typical losses under such a contract that are foreseeable on conclusion of the contract.

 

7. Trustpilot

Customers’ opinion is very important to cadooz. cadooz has therefore integrated a feedback system provided by Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark (“Trustpilot“) in the cadooz eCard (digital medium for delivering the gift cards – hereinafter referred to as “eCard“) and is offering you the opportunity to submit a positive review of cadooz’ offers or to tell cadooz how it can improve it. If you voluntarily decide to submit a review of cadooz’ offer and services using the review service provided by Trustpilot integrated in the eCard, cadooz will provide your first and last name, your customer number and email address to Trustpilot. Please note that if you decide to participate in the Trustpilot customer review system, your review will be published both on the cadooz website (www.cadooz.com) and on the Trustpilot review platform (https://de.trustpilot.com/). The publication of your review on the Trustpilot review platform is subject to the Terms and Conditions of Trustpilot:

Trustpilot’s Privacy Policy

General Terms and Conditions for the Use of Trustpilot Services

Your personal data is processed for the purpose of giving you the opportunity to review cadooz’ offers and to make information about your experience with the products and services available to other (new) customers online.

The legal basis for processing your data is your consent in accordance with Art. 6 (1) (a) GDPR which cadooz will ask you to provide before you submit your review. You have the right to revoke your consent to this data processing at any time with future effect by sending an email to datenschutz@cadooz.com. Information on how to edit or delete reviews you have submitted on the Trustpilot review platform is available in the Trustpilot-Support-Center.

 

8. Dispute Settlement Before a Consumer Arbitration Board

Please note that cadooz is neither willing nor obliged to participate in dispute settlement proceedings before a consumer arbitration board.

 

9. Place of Jurisdiction, Applicable Law

9.1       The place of jurisdiction for all legal disputes between cadooz and you is Hamburg, if you are a merchant.

9.2       German law applies exclusively with the exclusion of the UN Convention on Contracts for the International Sale of Goods.

CONSUMER REDEMPTION PROCESS / ORDERING

Here’s how to redeem your BestChoice shopping gift card at www.einloesen.de:

  1. Enter the BestChoice code number and click on ‘Verify code’. cadooz then checks your number. You can then enter other gift card codes or start shopping by clicking on ‘Continue to shop’.
  2. Look for gift cards and/or rewards of your choice and put them in your shopping cart by clicking on “Add to cart”.
  3. You will then be taken to your shopping cart. There you can view the gift cards and/or rewards that you have selected. You can remove items from your shopping cart by clicking on “Delete”. Clicking on “Continue to checkout” takes you to the “Checkout Area”.
  4. Enter the delivery address in the “Checkout Area”, together with your contact details if required. If you click on “Continue”, you can specify a different billing address.
  5. Click on “Continue” and you will see a summary of the information that you have entered up to that point. If your order total exceeds the value of your BestChoice credit, you can pay the difference by credit card or transfer in advance.
  6. By checking the confirmation box, you are confirming that you have read and accepted the General Terms & Conditions, and by clicking on “Complete order,” you can submit your offer to redeem your BestChoice gift card.
  7. Your order number appears on the next page.
  8. Acceptance of your offer is complete when your gift card and/or reward is dispatched. Depending on the type of gift cards you have ordered, they will be sent to you by post or email, and you can then redeem them with the retailers.

Further help/information is available at www.einloesen.de/hilfe