Terms & Conditions

Download Terms & Conditions
Terms & Conditions
  1. Terms and Conditions 

These Terms and Conditions ("T&C") govern the provision of cloud services via the nuco.cloud web application ("Nuco") by Iron Eagle Capital GmbH, Flurstr. 1, 86368 Gersthofen, Germany ("Iron Eagle" or "we" or "us") to the customer (“Customer”).

Nuco is a decentralised computing platform allowing Customers to book customised cloud computing, computing power, hosting and storage capacity solutions ("Service" or "Services") in a single application and from a single provider. 

  1. Other Applicable Provisions and Order of Priority
    1. These T&Cs govern the contractual relationship between Iron Eagle and the Customer (together the "Parties") for the provision of the Services by Iron Eagle to the Customer as specified on https://app.nuco.cloud/store.php and as selected by the Customer when booking the respective Services against payment (“Service Specification”) of the agreed remuneration.
    2. Depending on the Services selected by the Customer, the service specific terms for each respective service ("Service Specific Terms") apply. 
    3. If Iron Eagle obtains the Services booked by the Customer from one of the third-party providers listed in the additional terms for third party provider Services ("Third-Party Provider Terms"), the Third-Party Provider Terms apply.
    4. If and to the extent Customer processes personal data when using the Services, the data processing agreement (“DPA”) provided on https://www.nuco.cloud/customers/data-processing-agreement applies.
    5. In case of conflicts between the T&C, the Service Specification, Service Specific Terms, the Third-Party Provider Terms and/or the DPA (together “Agreement”) the relevant provisions shall apply in the order of priority prescribed below:
      1. DPA
      2. Third-Party Provider Terms
      3. Service Specific Terms
      4. Service Specification
      5. T&C
    6. Customer’s terms and conditions shall not apply.
  1. Conclusion of the Agreement
    1. The Agreement on the provision of the Services selected by the Customer is concluded by the Customer's order and Iron Eagle’s acceptance in accordance with Section 2.4.
    2. Customer needs a user account to be able to order Services.
    3. Customer warrants that any provided contact or payment information is correct and complete. In the event of any changes to the information provided to Iron Eagle, Customer will update the respective information without undue delay.
    4. Customer represents and warrants to use the Services only as an enterprise (Unternehmer) within the meaning of § 14 of the German Civil Code (BGB).
    5. By submitting an order for Services on the Nuco platform, the Customer declares a binding offer to obtain the Services under the terms and conditions set out in the order form and in this Agreement. Iron Eagle is entitled to accept or reject the contract offer within 24 hours upon receipt by providing the Services or by notifying the Customer by email. A confirmation of receipt does not constitute a binding acceptance of the contract offer.
    6. After conclusion of the Agreement, the Customer receives a copy of the Agreement as an electronic copy.
  2. Iron Eagle Services
    1. The scope of the Service to be provided by Iron Eagle is determined by the Service Specification.
    2. Customer is not authorised to rent or otherwise make the Services available to third parties.
    3. Iron Eagle is entitled in its own discretion to engage subcontractors as vicarious agents for the performance of Services.
  3. Provision of Services and Service Level
    1. During the term of the Agreement, Iron Eagle will provide the Customer with the Services selected by the Customer in accordance with this Agreement.
    2. Iron Eagle provides the Services with a minimum availability specified in the respective Service Specific Terms in "% annual average" ("Availability"). The first relevant period for the Availability begins at the time of conclusion of the Agreement and ends at the end of the calendar year in which the Agreement is concluded. Subsequent periods relevant for the Availability Rate shall each begin on the 1 January and end at the end of the 31 December in which the respective subsequent relevant period has begun. Unless otherwise specified in the Service Specific Terms, Availability excludes (1) any interruptions or performance issues caused by reasons beyond Iron Eagle’s control and responsibility, including in cases of force majeure; and (2) scheduled maintenance required for the operation and security of the Services, provided that Iron Eagle notifies Customer about such scheduled maintenance at least 24 hours ahead and that scheduled maintenance does not exceed 8 hours per calendar year.
  4. Changes to the Services
    1. Iron Eagle may change the Services for material reasons, including without limitation, if:
      1. the change is required to maintain the security of the Services, 
      2. the change is required due to changes in statutory or case law, 
      3. the change is required due to changes of third-party providers,
      4. similar material reasons emerge requiring a change of the Services considering the legitimate interests of the Customer.
    2. Iron Eagle shall notify Customer by email of any changes at least 2 weeks before they take effect if reasonably possible, unless a change is limited to time-critical security updates, improvements of a Service or insignificant updates of a Service.
  1. Customer Obligations and Use Restrictions
    1. Customer shall notify Iron Eagle immediately of any disruptions to the Services.
    2. Customer shall keep any access credentials to Nuco and the Services safe and undertakes not to disclose any access credentials to third parties unless necessary for the contractually intended and permitted use of the Services. Customer is not entitled to sell, resell, sublicense, transfer, or distribute the Services to third parties, unless expressly agreed otherwise.
    3. Customer is obliged to comply with all legal obligations arising from the use of the Services.
    4. Customer will not use the Services
      1. in any way or for any purpose that violate applicable law, including without limitation, intellectual laws, data protection laws or youth protection laws;
      2. in connection with or for the purpose of operating critical infrastructure such as electrical power stations, military or defence equipment, medical appliances or other equipment whose failure or impairment would result in unforeseeable economical or physical damages, including but not limited to critical infrastructure in terms of the European Directive 2008/114/EC; 
      3. for sending emails concealing the real identity of its sender, spam or any other unsolicited advertising;
      4. for developing, using or distributing malware;
      5. for mining, farming or plotting crypto currencies or
      6. to perform benchmark or other capacity testing of the Services or their technical infrastructure.
    5. Customer shall ensure that any software installed or used by Customer on the Services does not jeopardise or interfere with the operation of the Services or the security and integrity of other data stored by third parties.
  1. Temporary Suspension
    1. Iron Eagle may temporarily suspend Customer's access to the Services ("Suspension") if
      1. Iron Eagle has reasonable suspicion of a breach of Sections 7.2 to 7.5 by Customer, 
      2. if the Suspension is required for security reasons;
      3. if Iron Eagle is obligated to suspend Customer’s access by statutory law, case law or binding official order;
      4. if Customer is more than 2 months in default with any payment to be made to Iron Eagle.
    2. Iron Eagle will notify the Customer about the Suspension via email no later than 2 business day before the Suspension takes effect providing the reasons for the Suspension and will request that Customer to resolve the reason for the Suspension, provided that the notification is reasonable considering interests of both Parties and is compatible with the purpose of the Suspension. Iron Eagle will restore Customer’s access without undue delay if the reason for the Suspension is resolved.
  1. Intellectual Property

All rights to any content uploaded to the Services or generated using the Services by Customer remain with Customer, including any data, software, scripts or assets (“Content”). Customer grants Iron Eagle a non-exclusive, worldwide, non-transferable right, limited to the term of this Agreement, to use all Content to the extent necessary and for the sole purpose of performing its obligations or enforce its rights under this Agreement. Iron Eagle may grant sub-licences to third parties to the extent necessary and for the sole purpose of the fulfilment of the Agreement.

  1. Term and termination
    1. Unless otherwise specified in the Service Specification, the Services Specific Terms or Third-Party Provider Terms or selected by Customer when submitting an order, the Agreement is concluded for an indefinite period and may be terminated by either party with a notice period of 2 weeks to the end of the month.
    2. Iron Eagle may terminate the contract without notice if
      1. Customer is more than 3 months in default with any payments to be made to Iron Eagle;
      2. Customer culpably breaches his obligations under Section 7.2 to 7.5 and does not remedy the breach within a reasonable period of time after being notified of the breach by Iron Eagle.
    3. The right of both Parties to terminate for good cause remains unaffected.
  1. Pricing and Payment
    1. Customer shall pay to Iron Eagle the remuneration for the Services displayed when Customer places their order.
    2. Unless expressly agreed otherwise, the remuneration shall be net plus applicable value added tax.
    3. Unless expressly agreed otherwise, Iron Eagle will issue a monthly electronic invoice for all Services used by Customer in the preceding month. Invoices shall be payable within 14 days from receipt.
  2. Warranties
    1. Iron Eagle warrants (gewährleistet) that the Services substantially conform to this Agreement. The remedies in case of a breach of this warranty are stated exhaustively in the Service Specific Terms, the Third-Party Provider Terms and this Section 11.
    2. If Iron Eagle is in breach of Section 11.1, Iron Eagle shall remedy the defects within a reasonable period of time upon written notice by Customer. The provision of instructions to reasonably circumvent defects is also deemed a sufficient remedy. 
    3. If Iron Eagle is in breach of Section 11.2, Customer may reduce the agreed remuneration by a reasonable amount limited to the part of the Services that is defective in relation to the monthly remuneration, provided that Iron Eagle is responsible for the defect. If the reduction continues for 2 consecutive months or for 2 months of a quarter, Customer may terminate the contract without notice.
    4. Customer shall notify Iron Eagle without undue delay if Customer identifies any defect in the Services and shall reasonably support Iron Eagle with identifying and rectifying any defects, including by providing Iron Eagle with all information reasonably required.
    5. Further warranty claims, in particular claims due to initial defects according to Section 536a para. 1 BGB (German Civil Code) are excluded. 
    6. The limitation period for warranty claims is one (1) year, unless they are based on intent or gross negligence or relate to damage from injury to life, limb or health. The limitation period begins with the provision of the Services by Iron Eagle.
  3. Liability
    1. Iron Eagle shall be liable without limitation for intent and gross negligence as well as for damages caused by injury to life, body or health.
    2. In the event of simple negligence, Iron Eagle shall be liable only for breaches of a material contractual obligation. A material contractual obligation is an obligation essential to the performance of the Agreement and on which the other party may reasonably rely.
    3. In a case according to Section 12.2, Iron Eagle shall not be liable for any lack of commercial success, lost profits and indirect damages.
    4. Liability according to Section 12.2 is limited to the typical, foreseeable damages at the time the Agreement was concluded.
    5. Customer is obligated to regularly back up any data stored using the Services, to the extent reasonably possible. In the event of data loss, Iron Eagles's liability pursuant to Section 12.2 is limited to the expenses that would have been incurred even if Customer had performed proper data backup.
    6. Any potential liability on the part of Iron Eagle for any guarantees (which must be expressly designated as such)  and for claims based on the German Product Liability Act shall not be affected.
    7. Any further liability of Iron Eagle is excluded.
    8. Any exclusion and/or limitation of liability set out in this Section 12 shall apply mutatis mutandis to the benefit of the employees, agents and vicarious agents of Iron Eagle.
  4. Changes of these T&C
    1. Iron Eagle may change and modify these T&C with effect for the future if there is a valid reason for the amendment and insofar as the changes are reasonable taking into account the interests of both Parties.
    2. A valid reason exists in particular if the changes are necessary due to a disruption of the equivalence relationship of the Agreement, or if they are necessary for continuing the performance of the Agreement due to changes in case law or legislation.
    3. Iron Eagle will send the amended T&C to Customer in text form before the planned entry into force and will separately refer to the new provisions and the date of entry into force. At the same time, Iron Eagle will grant Customer a reasonable period of at least 8 weeks to declare whether Customer accepts the amended T&C for further use of Nuco and the Services.
    4. If Customer does not make any statement within this period, which begins to run from Customer’s receipt of the notification in text form, the amended T&C shall be deemed to have been agreed.
    5. Iron Eagle will inform Customer separately about this legal consequence, i.e. the right of objection, the objection period and the significance of silence, at the beginning of the period.
  5. Miscellaneous
    1. Amendments and ancillary agreements to these T&C must be made in writing, unless otherwise expressly stipulated in these T&C. This also applies to any waiver of this written form clause.
    2. Customer may only offset against claims of Iron Eagle or assert a right to withhold counterperformance if the counterclaim is undisputed or or has been reduced to final res judicata judgment or is part of a synallagmatic relationship to the respective claim concerned.
    3. This Agreement is exclusively governed by the laws of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods.
    4. Exclusive place of jurisdiction for disputes arising from or in connection with this Agreement is Augsburg, Germany.
  1. Service Specific Terms for “Cloud Servers STANDARD” and “Cloud Servers DEDICATED vCPU”.

Availability: [●99.8%●]Service Specific Terms for “Cloud Compute” and “Optimised Cloud Compute”Availability: [●99.8%●]

  1. Service Specific Terms for “Bare Metal”

Availability: [●99.8%●]

  1. Service Specific Terms for “Cloud GPU”

Availability: [●99.8%●]

  1. Service Specific Terms for “Domain Configuration”

Availability: [●99.8%●]Additional terms:Customer is responsible for configuring any DNS configuration using the Services. Iron Eagle is not responsible for any interruption of services due to misconfiguration of DNS by Customer.Customer is responsible for obtaining and maintaining any rights necessary for Customer's use of any domain names used for or with the Services (“Customer Domain”). Iron Eagle may request reasonably verification that Customer owns, controls or has sufficient rights in the Customer Domains. If Customer does not own or control or has sufficient rights in Customer Domains, Iron Eagle may suspend or terminate the Agreement with respect to the Domain Configuration Service.

Third-Party Provider Terms

Additional terms for Services supplied by Hetzner Online GmbH:

Restrictions of the use of the Services:

Customer may not: (i) operate applications for mining cryptocurrencies; (ii) scan foreign networks or foreign IP addresses (iii) manually change the hardware address (MAC) (if applicable) (iv) use fake source IPs.

Additional terms for Services supplied by Vultr (The Constant Company, LLC):

Termination:

Iron Eagle, in its sole discretion, may terminate the Agreement without cause upon 10 days’ notice.

Restrictions of the use of the Services:

Customer may not: (i) remove any copyright, trademark or other proprietary notices from any portion of the Services; (ii) reproduce, modify, prepare derivative works based upon, distribute, license, lease, sell, resell, transfer, publicly display, publicly perform, transmit, stream, broadcast or otherwise exploit the Services (iii) decompile, reverse engineer or disassemble the Services except as may be permitted by applicable law; (iv) link to, mirror or frame any portion of the Services; (v) cause or launch any programs or scripts for the purpose of scraping, indexing, surveying, or otherwise data mining any portion of the Services or unduly burdening or hindering the operation and/or functionality of any aspect of the Services; or (vi) attempt to gain unauthorized access to or impair any aspect of the Services or its related systems or networks.

Acceptable Use Policy:

This Acceptable Use Policy (the “AUP”) describes prohibited uses and acceptable practices relating to the use of the Services originally supplied by Vultr (The Constand Company, LLC) by Customers.

The examples described in this AUP are not exhaustive. If Customer violates the AUP or authorizes or helps others to do so, Iron Eagle may suspend or terminate Customer’s use of the Services and de-lete Customer’s Account.

  1. No Illegal, Harmful, or Offensive user content, or use.

Customer may not use, or encourage, promote, facilitate or instruct others to use, the Services for any illegal, criminal, unlawful, harmful, fraudulent, infringing or offensive use or enterprise, or to transmit, store, display, distribute or otherwise make available information or content (including user content) that is illegal, unlawful, harmful, fraudulent, infringing or offensive. Prohibited activities or content include:

  • Illegal, Harmful or FraudulentActivities. Any activities that are illegal, tortious, that violate the rightsof others, or that may be harmful to others, our operations or reputation,including disseminating, promoting or facilitating child pornography, offeringor disseminating fraudulent goods, services, schemes, or promotions,make-money-fast schemes, ponzi and pyramid schemes, phishing, or pharming.
  • InfringingContent and/or Use. Content that infringes or misappropriates the intellectualproperty or proprietary rights of others, including unauthorized disclosures ofprivate information, or taking information directly from Iron Eagle or Vultrand/or Vultr’s users, and using it for Customer’s own personal or businesspurposes without permission or proper attribution. Customer agrees NOT toattempt to resell access to the Services without our written permission.
  • OffensiveContent. Content that is harmful to minors in any way, defamatory, libelous,obscene, abusive, threatening, discriminatory, harassing, invasive of privacy,false, intentionally misleading, patently offensive, or otherwiseobjectionable, including content that constitutes child pornography, relates tobestiality, depicts non-consensual sex acts or that promotes racism, bigotry,hatred, religious intolerance, misogyny, or physical harm of any kind againstany group, individual or animal.
  • HarmfulContent. Content or other computer technology that may damage, interfere with,surreptitiously intercept, or expropriate any system, program, or data,including viruses, Trojan horses, worms, time bombs, or cancelbots.
  • FalseContent. Submitting any content or information that falsely states,impersonates or otherwise misrepresents Customer’s identity, including but notlimited to misrepresenting Customer’s current or previous qualifications, or Customer’saffiliations with a person or entity, past or present, or assuming another’sidentity.
  1. NoSPAM, E-Mail or Other Message Abuse.

Customer will not distribute, publish, send, orfacilitate the sending of unsolicited mass e-mail or other messages,promotions, advertising, or solicitations (like “SPAM”), including commercialadvertising and informational announcements. Customer will not alter or obscuremail headers or assume a sender’s identity without the sender’s explicitpermission. Customer will not collect replies to messages sent from anotherinternet service provider if those messages violate this AUP or the acceptableuse policy of that provider. Customer will not use ANY of our communicationtools (forums, messaging, feeds) to market other businesses or opportunitiesnot related to (or approved by) the Service.

  1. NoSecurity Violations.

Customer may not use the Services to violate thesecurity or integrity of any network, computer or communications system,software application, or network or computing device (each, a “System”).Prohibited activities include:

  1. Unauthorized Access. Accessing orusing any System without permission, including attempting to probe, scan, ortest the vulnerability of a System or to breach any security or authenticationmeasures used by a System.
  2. Interception. Monitoring of data ortraffic on a System without permission.
  3. Falsificationof Origin. Forging TCP-IP packet headers, e-mail headers, or any part of amessage describing its origin or route.
  4. NoNetwork Abuse
  1. NoNetwork Abuse.

Customer may not make network connections to any Customers,hosts, or networks unless Customer has permission to communicate with them.Prohibited activities include:

  • Monitoringor Crawling. Monitoring or crawling of a System that impairs or disrupts theSystem being monitored or crawled.
  • Denialof Services (DoS). Inundating a target with communications requests so thetarget either cannot respond to legitimate traffic or responds so slowly thatit becomes ineffective.
  • IntentionalInterference. Interfering with the proper functioning of any System, includingany deliberate attempt to overload a system by mail bombing, news bombing,broadcast attacks, or flooding techniques.
  • Operationof Certain Network Services. Operating network services like open proxies, openmail relays, or open recursive domain name servers.
  • AvoidingSystem Restrictions. Using manual or electronic means to avoid any uselimitations placed on a System, such as access and storage restrictions.
  • ExcessiveUse. In the event any instance uses excessive CPU from Customer’s activitiesthat are not otherwise prohibited, Iron Eagle reserves the right to limit theCPU available to Customer’s instances in order to maintain a consistent levelof performance on all our nodes.
  1. AuthorizedUse

Customeragrees to (i) comply with this AUP, (ii) comply with all applicable laws andregulations, including, without limitation, criminal laws, privacy laws,intellectual property laws, export control laws, tax laws, and regulatoryrequirements within Customer’s field; and (iii) use the Services in aprofessional manner.

  1. OurMonitoring and Enforcement

Iron Eagle reserves the right, but does not assume theobligation, to investigate any violation of this AUP or misuse of the Services.Iron Eagle may:

  • investigateviolations of this AUP or misuse of the Services;
  • reviewany user content, and remove, disable access to, or modify any content orresource (including user content) that violates this AUP or any other agreementIron Eagle has with Customer for use of the Services;
  • monitorall prohibited actions, investigate, and/or take appropriate action at IronEagle’s sole discretion against Customer;

If Customer violates this AUP Iron Eagle may terminateor suspend Customer’s Account, Customer’s access to any or all Services and therelated services or any portion thereof at any time, with or without notice,for violating this AUP.

  1. Samplelist of Prohibited Activities

The Services are designed to enable Customer tocommunicate with others via the Internet. Customer agrees to use the Servicesonly to post, send and receive messages and material that is proper and, whenapplicable, related to the particular Service. By way of example, and not as alimitation, Customer agrees that when Customer is using a Service, Customerwill not:

  • Usethe Service in connection with unlawful contests, lotteries, or gambling;pyramid schemes, chain letters, junk email, spamming or any duplicative orunsolicited messages (commercial or otherwise).
  • Defame,abuse, harass, stalk, threaten or otherwise violate the legal rights (such asrights of privacy and publicity) of others.
  • Publish,post, upload, distribute, traffic or disseminate any defamatory, obscene, orotherwise unlawful content, such as child pornography or virtual childpornography.
  • Publish,post, upload, distribute or disseminate any topic, name, material orinformation that incites discrimination, hate or violence towards one person ora group because of their belonging to a race, a religion or a nation.
  • Upload,or otherwise make available files that contain images, photographs, software orother material protected by intellectual property laws, including, by way ofexample, and not as limitation, copyright or trademark laws (or by rights ofprivacy or publicity) unless Customer owns or controls the rights thereto or hasreceived all necessary consents to do the same.
  • Useany material or information, including images or photographs, which are madeavailable through the Services in any manner that infringes any copyright,trademark, patent, trade secret, or other proprietary right of any party.
  • Uploadfiles that contain viruses, Trojan horses, worms, time bombs, cancelbots,corrupted files, or any other similar software or programs that may damage theoperation of another's property.
  • Downloadany file posted by another user of a Service that Customer knows, or reasonablyshould know, cannot be legally distributed in such manner.
  • Falsifyor delete any author attributions, legal or other proper notices or proprietarydesignations or labels of the origin or source of software or other materialcontained in a file that is uploaded.
  • Restrictor inhibit any other Customer from using and enjoying the Services.
  • Violateany code of conduct or other guidelines which may be applicable for anyparticular Service.
  • Harvestor otherwise collect information about others, including e-mail addresses,except as needed to operate Customer’s site and as permitted in Customer’s site'sprivacy policy (if any).
  • Violateany applicable laws or regulations.
  • Createa false identity for the purpose of misleading others.
  • HostTOR exit nodes.
  • Use,download or otherwise copy, or provide (whether or not for a fee) to a personor entity any directory of users of the Services or other user or usageinformation or any portion thereof.
  • Networkprobing or port scanning tools are only permitted if explicitly authorized bythe destination host and/or network. Unauthorized port scanning, for anyreason, is strictly prohibited.
  • Utilizebots for the purpose of repeatedly and/or automatically acquiring merchandiseand anything similar that violates 3rd party ToS that could result in theblocking of Iron Eagle or Vultr IP space or ASN.
  • Utilizeautodialers or other VOIP based robocalling software.
  • Utilizeand deploy the Servicec to conduct and deliver DOS/DDOS mitigation as aservice.
  • Usethe Service for CPU (Central Processing Unit) or GPU (Graphics Processing Unit)cryptocurrency mining.
  • (Ifapplicable) Inappropriately use the Bring your own IP feature (BYOIP / BGP) forthe purpose of hijacking, parking, or any other use not directly related alegitimate service or proportionate to the deployed Services.
  1. Reportingof Violations of this AUP

If Customerbecomes aware of any violation of this AUP, Customer will immediately notify IronEagle and provide Iron Eagle with assistance, as requested, to stop or remedythe violation.

Additional terms for Services supplied by Cudo Ventures Limited:

Availability:

For the purpose of calculating Iron Eagle’s servicelevel Uptime, the following scenarios are not considered:

  1. External Entity Interference: Downtimes arising due to actions of thirdparties, including security breaches, denial of service attacks, and viruses. IronEagle commits to reasonable efforts for software and system securitymaintenance.
  2. Maintenance Activities: Both scheduled maintenanceand unscheduled emergency maintenance, the latter being interventions toaddress issues that could lead to prolonged downtime.
  3. Force Majeure and Uncontrollable Events: Downtimesresulting from events beyond Iron Eagle's or Cudo’s control, such as forcemajeure events, failures of third-party providers, or internet-widedisruptions.
  4. Law Enforcement and Legal Compliance: Anyunavailability due to law enforcement activities, irrespective of the partyresponsible for such activities.
  5. Other Party’s Responsibility: Downtime caused byacts or omissions for which the Customer or a third party, except for Cudo, isaccountable.
  6. Violations of Acceptable Use Policy: Downtimesconnected to breaches of the Acceptable Use Guidelines below.
  7. Software Issues External to Iron Eagle : Unavailability caused by software notprovided by Iron Eagle, specifically running on Customer’s computing resourcesas per the Terms of Service.
  8. Third-Party Failures and Malfunctions: Downtimes attributable to failures,acts, or omissions of third parties, including internet service providers andequipment vendors, not directly controlled by Iron Eagle or Cudo.

Restrictions of the use of the Services:

Customer may not: (i) conduct, display or forward surveys, pyramid schemes, chain letters or any other promotion not directly associated with Customer or Customer’s company; (ii) attempt to access, decompile, decode or install software in the virtual environments running computational workloads for 3rd parties.

Acceptable Use Guidelines (“AUG”)

Iron Eagle does not monitor, verify, warrant, or vouch for the accuracy and quality of the information that Customer may acquire from the Internet, to this respect Iron Eagle acts as a mere conduit. For this reason, Customer must exercise their best judgement in relying on information obtained from the Internet, and also should be aware that some material posted to the Internet is sexually explicit or otherwise offensive. As Iron Eagle does not monitor or censor the Internet, and will not attempt to do so, Iron Eagle cannot accept any responsibility for injury to Customer that results from inaccurate, unsuitable, offensive, or illegal Internet communications.

Iron Eagle does not review, edit, censor, or take responsibility for any information Customer may create. When Customer places information on the Internet, Customer has the same liability as other authors for copyright infringement, defamation, and other harmful speech.

Customer breaches these AUG, when Customer engages in the following prohibited activities:

  1. Spamming

Sending unsolicited bulk and/or commercial messages over the Internet (known as "spamming"). It is not only harmful because of its negative impact on attitudes toward Iron Eagle or Cudo but also be-cause it can overload the suppliers network and disrupt Service to other Customers. Also, maintaining an open SMTP relay is prohibited.

  1. Intellectual Property Violations

Engaging in any activity that infringes or misappropriates the intellectual property rights of others, including copyrights, trademarks, Service marks, trade secrets, software piracy, and patents held by individuals, corporations, or other entities. Also, engaging in activity that violates privacy, publicity, or other personal rights of others.

  1. Obscene Materials

Using the Services to advertise, transmit, store, post, display, or otherwise make available child por-nography or depictions nudity obtained or disseminated without the consent of those depicted (e.g., “revenge pornography”).or obscene speech or material.

  1. Defamatory or Abusive Language

Using the Services as a means to transmit or post defamatory, harassing, abusive, or threatening language.

  1. Forging of Headers

Forging or misrepresenting message headers, whether in whole or in part, to mask the originator of the message.

  1. Illegal or Unauthorized Access to Other Computers or Networks

Accessing illegally or without authorisation computers, accounts, or networks belonging to another party, or attempting to penetrate security measures of another individual's system (often known as "hacking"). Also, any activity that might be used as a precursor to an attempted system penetration (i.e. port scan, stealth scan, or other information gathering activity).

  1. Distribution of Internet Viruses, Worms, Trojan Horses, or Other Destructive Activities

Distributing information regarding the creation of and sending Internet viruses, worms, Trojan horses, pinging, flooding, mail bombing, injection techniques, phishing, DNS hijacking, unauthorised brute force, sybil attacks, spoofing, smurfing, malware attacks, consensus-based attacks or denial of Ser-vice attacks. Also, activities that disrupt the use of or interfere with the ability of others to effectively use the Services or any connected network, system, Service, or equipment.

  1. Facilitating a Violation of this AUG

Advertising, transmitting, or otherwise making available any software, program, product, or Service that is designed to violate this AUG, which includes the facilitation of the means to spam, initiation of pinging, flooding, mail bombing, denial of Service attacks, and piracy of software.

  1. Export Control Violations

Exporting encryption software over the Internet or otherwise, to points outside the Customer’s country which is contrary to that respective country’s rules and regulations.

  1. Illegal Substances

Unlawfully selling or distributing controlled substances, including but not limited to any illegal or pre-scription drugs.

  1. Other Illegal Activities

Engaging in activities that are determined to be illegal, including advertising, transmitting, or otherwise making available ponzi schemes, pyramid schemes, fraudulently charging credit cards, and pirating software.

Terms and Conditions
These Terms and Conditions ("T&C") govern the provision of cloud services via the nuco.cloud web application ("Nuco") by Iron Eagle Capital GmbH, Flurstr. 1, 86368 Gersthofen, Germany ("Iron Eagle" or "we" or "us") to the customer (“Customer”).
Nuco is a decentralised computing platform allowing Customers to book customised cloud compu-ting, computing power, hosting and storage capacity solutions ("Service" or "Services") in a single application and from a single provider.
1
Other Applicable Provisions and Order of Priority
1.1
These T&Cs govern the contractual relationship between Iron Eagle and the Customer (to-gether the "Parties") for the provision of the Services by Iron Eagle to the Customer as specified on https://app.nuco.cloud/store.php and as selected by the Customer when book-ing the respective Services against payment (“Service Specification”) of the agreed remu-neration.
1.2
Depending on the Services selected by the Customer, the service specific terms for each respective service ("Service Specific Terms") apply.
1.3
If Iron Eagle obtains the Services booked by the Customer from one of the third-party pro-viders listed in the additional terms for third party provider Services ("Third-Party Provider Terms"), the Third-Party Provider Terms apply.
1.4
If and to the extent Customer processes personal data when using the Services, the data processing agreement (“DPA”) provided on https://www.nuco.cloud/legal/Data-Processing-Agreement applies.
1.5
In case of conflicts between the T&C, the Service Specification, Service Specific Terms, the Third-Party Provider Terms and/or the DPA (together “Agreement”) the relevant provisions shall apply in the order of priority prescribed below:
1.
DPA
2.
Third-Party Provider Terms
3.
Service Specific Terms
4.
Service Specification
5.
T&C
1.6
Customer’s terms and conditions shall not apply.
2
Conclusion of the Agreement
2.1
The Agreement on the provision of the Services selected by the Customer is concluded by the Customer's order and Iron Eagle’s acceptance in accordance with Section 2.4.
2.2
2.2 Customer needs a user account to be able to order Services.
2.3
Customer warrants that any provided contact or payment information is correct and com-plete. In the event of any changes to the information provided to Iron Eagle, Customer will update the respective information without undue delay.
2.4
Customer represents and warrants to use the Services only as an enterprise (Unternehmer) within the meaning of § 14 of the German Civil Code (BGB).
2.5
By submitting an order for Services on the Nuco platform, the Customer declares a binding offer to obtain the Services under the terms and conditions set out in the order form and in this Agreement. Iron Eagle is entitled to accept or reject the contract offer within 24 hours upon receipt by providing the Services or by notifying the Customer by email. A confirma-tion of receipt does not constitute a binding acceptance of the contract offer.
2.6
After conclusion of the Agreement, the Customer receives a copy of the Agreement as an electronic copy.
3
Iron Eagle Services
4.1
The scope of the Service to be provided by Iron Eagle is determined by the Service Specifi-cation.
4.2
Customer is not authorised to rent or otherwise make the Services available to third parties.
4.3
Iron Eagle is entitled in its own discretion to engage subcontractors as vicarious agents for the performance of Services.
4
Provision of Services and Service Level
4.1
During the term of the Agreement, Iron Eagle will provide the Customer with the Services selected by the Customer in accordance with this Agreement.
4.2
Iron Eagle provides the Services with a minimum availability specified in the respective Ser-vice Specific Terms in "% annual average" ("Availability"). The first relevant period for the Availability begins at the time of conclusion of the Agreement and ends at the end of the calendar year in which the Agreement is concluded. Subsequent periods relevant for the Availability Rate shall each begin on the 1 January and end at the end of the 31 December in which the respective subsequent relevant period has begun. Unless otherwise specified in the Service Specific Terms, Availability excludes (1) any interruptions or performance issues caused by reasons beyond Iron Eagle’s control and responsibility, including in cases of force majeure; and (2) scheduled maintenance required for the operation and security of the Services, provided that Iron Eagle notifies Customer about such scheduled maintenance at least 24 hours ahead and that scheduled maintenance does not exceed 8 hours per calendar year.
5
Changes to the Services
5.1
Iron Eagle may change the Services for material reasons, including without limitation, if:
a)
the change is required to maintain the security of the Services,
b)
the change is required due to changes in statutory or case law,
c)
the change is required due to changes of third-party providers,
d)
similar material reasons emerge requiring a change of the Services considering the legitimate interests of the Customer.
5.2
Iron Eagle shall notify Customer by email of any changes at least 2 weeks before they take effect if reasonably possible, unless a change is limited to time-critical security updates, im-provements of a Service or insignificant updates of a Service.
6
Customer Obligations and Use Restrictions
6.1
Customer shall notify Iron Eagle immediately of any disruptions to the Services.
6.2
Customer shall keep any access credentials to Nuco and the Services safe and undertakes not to disclose any access credentials to third parties unless necessary for the contractually intended and permitted use of the Services. Customer is not entitled to sell, resell, subli-cense, transfer, or distribute the Services to third parties, unless expressly agreed otherwise.
6.3
Customer is obliged to comply with all legal obligations arising from the use of the Services.
6.4
Customer will not use the Services.
a)
in any way or for any purpose that violate applicable law, including without limitation, intellectual laws, data protection laws or youth protection laws;
b)
in connection with or for the purpose of operating critical infrastructure such as elec-trical power stations, military or defence equipment, medical appliances or other equipment whose failure or impairment would result in unforeseeable economical or physical damages, including but not limited to critical infrastructure in terms of the European Directive 2008/114/EC;
c)
for sending emails concealing the real identity of its sender, spam or any other unso-licited advertising;
d)
for developing, using or distributing malware;
e)
for mining, farming or plotting crypto currencies or
f)
to perform benchmark or other capacity testing of the Services or their technical in-frastructure.
6.5
Customer shall ensure that any software installed or used by Customer on the Services does not jeopardise or interfere with the operation of the Services or the security and integrity of other data stored by third parties.
7
Temporary Suspension
7.1
Iron Eagle may temporarily suspend Customer's access to the Services ("Suspension") if
a)
Iron Eagle has reasonable suspicion of a breach of Sections 7.2 to 7.5 by Customer,
b)
if the Suspension is required for security reasons;
c)
if Iron Eagle is obligated to suspend Customer’s access by statutory law, case law or binding official order;
d)
if Customer is more than 2 months in default with any payment to be made to Iron Eagle.
7.2
Iron Eagle will notify the Customer about the Suspension via email no later than 2 business day before the Suspension takes effect providing the reasons for the Suspension and will request that Customer to resolve the reason for the Suspension, provided that the notifica-tion is reasonable considering interests of both Parties and is compatible with the purpose of the Suspension. Iron Eagle will restore Customer’s access without undue delay if the rea-son for the Suspension is resolved.
8
Intellectual Property
All rights to any content uploaded to the Services or generated using the Services by Cus-tomer remain with Customer, including any data, software, scripts or assets (“Content”). Cus-tomer grants Iron Eagle a non-exclusive, worldwide, non-transferable right, limited to the term of this Agreement, to use all Content to the extent necessary and for the sole purpose of performing its obligations or enforce its rights under this Agreement. Iron Eagle may grant sub-licences to third parties to the extent necessary and for the sole purpose of the fulfil-ment of the Agreement.
9
Term and termination
9.1
Unless otherwise specified in the Service Specification, the Services Specific Terms or Third-Party Provider Terms or selected by Customer when submitting an order, the Agreement is concluded for an indefinite period and may be terminated by either party with a notice period of 2 weeks to the end of the month.
9.2
Iron Eagle may terminate the contract without notice if
a)
Customer is more than 3 months in default with any payments to be made to Iron Ea-gle;
b)
Customer culpably breaches his obligations under Section 7.2 to 7.5 and does not remedy the breach within a reasonable period of time after being notified of the breach by Iron Eagle.
9.3
The right of both Parties to terminate for good cause remains unaffected.
10
Pricing and Payment
10.1
Customer shall pay to Iron Eagle the remuneration for the Services displayed when Customer places their order.
10.2
Unless expressly agreed otherwise, the remuneration shall be net plus applicable value add-ed tax.
10.3
Unless expressly agreed otherwise, Iron Eagle will issue a monthly electronic invoice for all Services used by Customer in the preceding month. Invoices shall be payable within 14 days from receipt.
11
Warranties
11.1
Iron Eagle warrants (gewährleistet) that the Services substantially conform to this Agreement. The remedies in case of a breach of this warranty are stated exhaustively in the Service Spe-cific Terms, the Third-Party Provider Terms and this Section 11.
11.2
If Iron Eagle is in breach of Section 11.1, Iron Eagle shall remedy the defects within a rea-sonable period of time upon written notice by Customer. The provision of instructions to reasonably circumvent defects is also deemed a sufficient remedy.
11.3
If Iron Eagle is in breach of Section 11.2, Customer may reduce the agreed remuneration by a reasonable amount limited to the part of the Services that is defective in relation to the monthly remuneration, provided that Iron Eagle is responsible for the defect. If the reduction continues for 2 consecutive months or for 2 months of a quarter, Customer may terminate the contract without notice.
11.4
Customer shall notify Iron Eagle without undue delay if Customer identifies any defect in the Services and shall reasonably support Iron Eagle with identifying and rectifying any defects, including by providing Iron Eagle with all information reasonably required.
11.5
Further warranty claims, in particular claims due to initial defects according to Section 536a para. 1 BGB (German Civil Code) are excluded.
11.6
The limitation period for warranty claims is one (1) year, unless they are based on intent or gross negligence or relate to damage from injury to life, limb or health. The limitation period begins with the provision of the Services by Iron Eagle.
12
Liability
12.1
Iron Eagle shall be liable without limitation for intent and gross negligence as well as for damages caused by injury to life, body or health.
12.2
In the event of simple negligence, Iron Eagle shall be liable only for breaches of a material contractual obligation. A material contractual obligation is an obligation essential to the per-formance of the Agreement and on which the other party may reasonably rely.
12.3
In a case according to Section 12.2, Iron Eagle shall not be liable for any lack of commercial success, lost profits and indirect damages.
12.4
Liability according to Section 12.2 is limited to the typical, foreseeable damages at the time the Agreement was concluded.
12.5
Customer is obligated to regularly back up any data stored using the Services, to the extent reasonably possible. In the event of data loss, Iron Eagles's liability pursuant to Section 12.2 is limited to the expenses that would have been incurred even if Customer had performed proper data backup.
12.6
Any potential liability on the part of Iron Eagle for any guarantees (which must be expressly designated as such)  and for claims based on the German Product Liability Act shall not be affected.
12.7
Any further liability of Iron Eagle is excluded.
12.8
Any exclusion and/or limitation of liability set out in this Section 12 shall apply mutatis mu-tandis to the benefit of the employees, agents and vicarious agents of Iron Eagle.
13
Changes of these T&C
13.1
Iron Eagle may change and modify these T&C with effect for the future if there is a valid reason for the amendment and insofar as the changes are reasonable taking into account the interests of both Parties.
13.2
A valid reason exists in particular if the changes are necessary due to a disruption of the equivalence relationship of the Agreement, or if they are necessary for continuing the per-formance of the Agreement due to changes in case law or legislation.
13.3
Iron Eagle will send the amended T&C to Customer in text form before the planned entry into force and will separately refer to the new provisions and the date of entry into force. At the same time, Iron Eagle will grant Customer a reasonable period of at least 8 weeks to declare whether Customer accepts the amended T&C for further use of Nuco and the Services.
13.4
If Customer does not make any statement within this period, which begins to run from Cus-tomer’s receipt of the notification in text form, the amended T&C shall be deemed to have been agreed.
13.5
Iron Eagle will inform Customer separately about this legal consequence, i.e. the right of objection, the objection period and the significance of silence, at the beginning of the peri-od.
14
Miscellaneous
14.1
Amendments and ancillary agreements to these T&C must be made in writing, unless other-wise expressly stipulated in these T&C. This also applies to any waiver of this written form clause.
14.2
Customer may only offset against claims of Iron Eagle or assert a right to withhold counter-performance if the counterclaim is undisputed or or has been reduced to final res judicata judgment or is part of a synallagmatic relationship to the respective claim concerned.
14.3
This Agreement is exclusively governed by the laws of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods.
14.4
Exclusive place of jurisdiction for disputes arising from or in connection with this Agreement is Augsburg, Germany.
Service Specific Terms for “Cloud Servers STANDARD” and “Cloud Servers DEDICATED vCPU”.
Availability: [●99.8%●]
Service Specific Terms for “Cloud Compute” and “Optimised Cloud Compute”
Availability: [●99.8%●]
Service Specific Terms for “Bare Metal”
Availability: [●99.8%●]
Service Specific Terms for “Cloud GPU”
Availability: [●99.8%●]
Service Specific Terms for “Domain Configuration”
Availability: [●99.8%●]
Additional terms:
Customer is responsible for configuring any DNS configuration using the Services. Iron Eagle is not responsible for any interruption of services due to misconfiguration of DNS by Customer.
Customer is responsible for obtaining and maintaining any rights necessary for Customer's use of any domain names used for or with the Services (“Customer Domain”). Iron Eagle may request rea-sonably verification that Customer owns, controls or has sufficient rights in the Customer Domains. If Customer does not own or control or has sufficient rights in Customer Domains, Iron Eagle may sus-pend or terminate the Agreement with respect to the Domain Configuration Service.
Third-Party Provider Terms
Additional terms for Services supplied by Hetzner Online GmbH:
Restrictions of the use of the Services:
Customer may not: (i) operate applications for mining cryptocurrencies; (ii) scan foreign networks or foreign IP addresses (iii) manually change the hardware address (MAC) (if applicable) (iv) use fake source IPs.
Additional terms for Services supplied by Vultr (The Constant Company, LLC):
Termination:
Iron Eagle, in its sole discretion, may terminate the Agreement without cause upon 10 days’ notice.
Restrictions of the use of the Services:
Customer may not: (i) remove any copyright, trademark or other proprietary notices from any portion of the Services; (ii) reproduce, modify, prepare derivative works based upon, distribute, license, lease, sell, resell, transfer, publicly display, publicly perform, transmit, stream, broadcast or otherwise exploit the Services (iii) decompile, reverse engineer or disassemble the Services except as may be permitted by applicable law; (iv) link to, mirror or frame any portion of the Services; (v) cause or launch any programs or scripts for the purpose of scraping, indexing, surveying, or otherwise data mining any portion of the Services or unduly burdening or hindering the operation and/or functionality of any aspect of the Services; or (vi) attempt to gain unauthorized access to or impair any aspect of the Services or its related systems or networks.
Acceptable Use Policy:
This Acceptable Use Policy (the “AUP”) describes prohibited uses and acceptable practices relating to the use of the Services originally supplied by Vultr (The Constand Company, LLC) by Customers.
The examples described in this AUP are not exhaustive. If Customer violates the AUP or authorizes or helps others to do so, Iron Eagle may suspend or terminate Customer’s use of the Services and de-lete Customer’s Account.
Acceptable Use Policy:
This Acceptable Use Policy (the “AUP”) describes prohibited uses and acceptable practices relating to the use of the Services originally supplied by Vultr (The Constand Company, LLC) by Customers.
The examples described in this AUP are not exhaustive. If Customer violates the AUP or authorizes or helps others to do so, Iron Eagle may suspend or terminate Customer’s use of the Services and de-lete Customer’s Account.
1.
ChangesNo Illegal, Harmful, or Offensive user content, or use. of these T&C
Customer may not use, or encourage, promote, facilitate or instruct others to use, the Services for any illegal, criminal, unlawful, harmful, fraudulent, infringing or offensive use or enterprise, or to transmit, store, display, distribute or otherwise make available information or content (including user content) that is illegal, unlawful, harmful, fraudulent, infringing or offensive. Prohibited activities or content include:
Customer Illegal, Harmful or Fraudulent Activities. Any activities that are illegal, tortious, that vio-late the rights of others, or that may be harmful to others, our operations or reputa-tion, including disseminating, promoting or facilitating child pornography, offering or disseminating fraudulent goods, services, schemes, or promotions, make-money-fast schemes, ponzi and pyramid schemes, phishing, or pharming.is more than 3 months in default with any payments to be made to Iron Ea-gle;
Infringing Content and/or Use. Content that infringes or misappropriates the intellectu-al property or proprietary rights of others, including unauthorized disclosures of pri-vate information, or taking information directly from Iron Eagle or Vultr and/or Vultr’s users, and using it for Customer’s own personal or business purposes without per-mission or proper attribution. Customer agrees NOT to attempt to resell access to the Services without our written permission.
Offensive Content. Content that is harmful to minors in any way, defamatory, libelous, obscene, abusive, threatening, discriminatory, harassing, invasive of privacy, false, intentionally misleading, patently offensive, or otherwise objectionable, including con-tent that constitutes child pornography, relates to bestiality, depicts non-consensual sex acts or that promotes racism, bigotry, hatred, religious intolerance, misogyny, or physical harm of any kind against any group, individual or animal.
Harmful Content. Content or other computer technology that may damage, interfere with, surreptitiously intercept, or expropriate any system, program, or data, including viruses, Trojan horses, worms, time bombs, or cancelbots.
False Content. Submitting any content or information that falsely states, imperson-ates or otherwise misrepresents Customer’s identity, including but not limited to mis-representing Customer’s current or previous qualifications, or Customer’s affiliations with a person or entity, past or present, or assuming another’s identity.
2.
No SPAM, E-Mail or Other Message Abuse.
Customer will not distribute, publish, send, or facilitate the sending of unsolicited mass e-mail or oth-er messages, promotions, advertising, or solicitations (like “SPAM”), including commercial advertising and informational announcements. Customer will not alter or obscure mail headers or assume a send-er’s identity without the sender’s explicit permission. Customer will not collect replies to messages sent from another internet service provider if those messages violate this AUP or the acceptable use policy of that provider. Customer will not use ANY of our communication tools (forums, messaging, feeds) to market other businesses or opportunities not related to (or approved by) the Service.
3.
No Security Violations.
Customer may not use the Services to violate the security or integrity of any network, computer or communications system, software application, or network or computing device (each, a “System”). Prohibited activities include:
Unauthorized Access. Accessing or using any System without permission, including attempting to probe, scan, or test the vulnerability of a System or to breach any secu-rity or authentication measures used by a System.
Interception. Monitoring of data or traffic on a System without permission.
Falsification of Origin. Forging TCP-IP packet headers, e-mail headers, or any part of a message describing its origin or route.
4.
No Network Abuse.
Customer may not make network connections to any Customers, hosts, or networks unless Customer has permission to communicate with them. Prohibited activities include:
Monitoring or Crawling. Monitoring or crawling of a System that impairs or disrupts the System being monitored or crawled.
Denial of Services (DoS). Inundating a target with communications requests so the target either cannot respond to legitimate traffic or responds so slowly that it be-comes ineffective.
Intentional Interference. Interfering with the proper functioning of any System, includ-ing any deliberate attempt to overload a system by mail bombing, news bombing, broadcast attacks, or flooding techniques.
Operation of Certain Network Services. Operating network services like open proxies, open mail relays, or open recursive domain name servers.
Avoiding System Restrictions. Using manual or electronic means to avoid any use limitations placed on a System, such as access and storage restrictions.
Excessive Use. In the event any instance uses excessive CPU from Customer’s activi-ties that are not otherwise prohibited, Iron Eagle reserves the right to limit the CPU available to Customer’s instances in order to maintain a consistent level of perfor-mance on all our nodes.
5.
Authorized Use.
Customer agrees to (i) comply with this AUP, (ii) comply with all applicable laws and regulations, in-cluding, without limitation, criminal laws, privacy laws, intellectual property laws, export control laws, tax laws, and regulatory requirements within Customer’s field; and (iii) use the Services in a profes-sional manner.
6.
Our Monitoring and Enforcement
Iron Eagle reserves the right, but does not assume the obligation, to investigate any violation of this AUP or misuse of the Services. Iron Eagle may:
investigate violations of this AUP or misuse of the Services;
review any user content, and remove, disable access to, or modify any content or re-source (including user content) that violates this AUP or any other agreement Iron Ea-gle has with Customer for use of the Services;
monitor all prohibited actions, investigate, and/or take appropriate action at Iron Ea-gle’s sole discretion against Customer;If Customer violates this AUP Iron Eagle may terminate or suspend Customer’s Account, Customer’s access to any or all Services and the related services or any portion thereof at any time, with or with-out notice, for violating this AUP.
7.
Sample list of Prohibited Activities
The Services are designed to enable Customer to communicate with others via the Internet. Customer agrees to use the Services only to post, send and receive messages and material that is proper and, when applicable, related to the particular Service. By way of example, and not as a limitation, Cus-tomer agrees that when Customer is using a Service, Customer will not:
Use the Service in connection with unlawful contests, lotteries, or gambling; pyramid schemes, chain letters, junk email, spamming or any duplicative or unsolicited mes-sages (commercial or otherwise).
Defame, abuse, harass, stalk, threaten or otherwise violate the legal rights (such as rights of privacy and publicity) of others.
Publish, post, upload, distribute, traffic or disseminate any defamatory, obscene, or otherwise unlawful content, such as child pornography or virtual child pornography.
Publish, post, upload, distribute or disseminate any topic, name, material or infor-mation that incites discrimination, hate or violence towards one person or a group be-cause of their belonging to a race, a religion or a nation.
Upload, or otherwise make available files that contain images, photographs, software or other material protected by intellectual property laws, including, by way of exam-ple, and not as limitation, copyright or trademark laws (or by rights of privacy or pub-licity) unless Customer owns or controls the rights thereto or has received all neces-sary consents to do the same.
Use any material or information, including images or photographs, which are made available through the Services in any manner that infringes any copyright, trademark, patent, trade secret, or other proprietary right of any party.
Upload files that contain viruses, Trojan horses, worms, time bombs, cancelbots, cor-rupted files, or any other similar software or programs that may damage the operation of another's property.
Download any file posted by another user of a Service that Customer knows, or rea-sonably should know, cannot be legally distributed in such manner.
Falsify or delete any author attributions, legal or other proper notices or proprietary designations or labels of the origin or source of software or other material contained in a file that is uploaded.
Restrict or inhibit any other Customer from using and enjoying the Services.
RestriViolate any code of conduct or other guidelines which may be applicable for any par-ticular Service.ct or inhibit any other Customer from using and enjoying the Services.
Harvest or otherwise collect information about others, including e-mail addresses, ex-cept as needed to operate Customer’s site and as permitted in Customer’s site's pri-vacy policy (if any).
Violate any applicable laws or regulations.
ViolatCreate a false identity for the purpose of misleading others.e any applicable laws or regulations.
Host TOR exit nodes.
Use, download or otherwise copy, or provide (whether or not for a fee) to a person or entity any directory of users of the Services or other user or usage information or any portion thereof.
Network probing or port scanning tools are only permitted if explicitly authorized by the destination host and/or network. Unauthorized port scanning, for any reason, is strictly prohibited.
Utilize bots for the purpose of repeatedly and/or automatically acquiring merchandise and anything similar that violates 3rd party ToS that could result in the blocking of Iron Eagle or Vultr IP space or ASN.
Utilize autodialers or other VOIP based robocalling software.
Utilize and deploy the Servicec to conduct and deliver DOS/DDOS mitigation as a service.
Use the Service for CPU (Central Processing Unit) or GPU (Graphics Processing Unit) cryptocurrency mining.
(If applicable) Inappropriately use the Bring your own IP feature (BYOIP / BGP) for the purpose of hijacking, parking, or any other use not directly related a legitimate service or proportionate to the deployed Services.
8.
Reporting of Violations of this AUP
If Customer becomes aware of any violation of this AUP, Customer will immediately notify Iron Eagle and provide Iron Eagle with assistance, as requested, to stop or remedy the violation.
Additional terms for Services supplied by Cudo Ventures Limited
Availability:
For the purpose of calculating Iron Eagle’s service level Uptime, the following scenarios are not con-sidered:
(a) External Entity Interference: Downtimes arising due to actions of third parties, including security breaches, denial of service attacks, and viruses. Iron Eagle commits to reasonable efforts for soft-ware and system security maintenance.
(b) Maintenance Activities: Both scheduled maintenance and unscheduled emergency maintenance, the latter being interventions to address issues that could lead to prolonged downtime.
(c) Force Majeure and Uncontrollable Events: Downtimes resulting from events beyond Iron Eagle's or Cudo’s control, such as force majeure events, failures of third-party providers, or internet-wide disrup-tions.
(d) Law Enforcement and Legal Compliance: Any unavailability due to law enforcement activities, irre-spective of the party responsible for such activities.
(e) Other Party’s Responsibility: Downtime caused by acts or omissions for which the Customer or a third party, except for Cudo, is accountable.
(f) Violations of Acceptable Use Policy: Downtimes connected to breaches of the Acceptable Use Guidelines below.
(g) Software Issues External to Iron Eagle : Unavailability caused by software not provided by Iron Eagle, specifically running on Customer’s computing resources as per the Terms of Service.
(h) Third-Party Failures and Malfunctions: Downtimes attributable to failures, acts, or omissions of third parties, including internet service providers and equipment vendors, not directly controlled by Iron Eagle or Cudo.
Restrictions of the use of the Services:
Customer may not: (i) conduct, display or forward surveys, pyramid schemes, chain letters or any other promotion not directly associated with Customer or Customer’s company; (ii) attempt to access, decompile, decode or install software in the virtual environments running computational workloads for 3rd parties.
Acceptable Use Guidelines (“AUG”)
Iron Eagle does not monitor, verify, warrant, or vouch for the accuracy and quality of the information that Customer may acquire from the Internet, to this respect Iron Eagle acts as a mere conduit. For this reason, Customer must exercise their best judgement in relying on information obtained from the Internet, and also should be aware that some material posted to the Internet is sexually explicit or otherwise offensive. As Iron Eagle does not monitor or censor the Internet, and will not attempt to do so, Iron Eagle cannot accept any responsibility for injury to Customer that results from inaccurate, unsuitable, offensive, or illegal Internet communications.
Iron Eagle does not review, edit, censor, or take responsibility for any information Customer may create. When Customer places information on the Internet, Customer has the same liability as other authors for copyright infringement, defamation, and other harmful speech.
Customer breaches these AUG, when Customer engages in the following prohibited activities:
1.
Spamming
Sending unsolicited bulk and/or commercial messages over the Internet (known as "spamming"). It is not only harmful because of its negative impact on attitudes toward Iron Eagle or Cudo but also be-cause it can overload the suppliers network and disrupt Service to other Customers. Also, maintaining an open SMTP relay is prohibited.
2.
Intellectual Property Violations
Engaging in any activity that infringes or misappropriates the intellectual property rights of others, including copyrights, trademarks, Service marks, trade secrets, software piracy, and patents held by individuals, corporations, or other entities. Also, engaging in activity that violates privacy, publicity, or other personal rights of others.
3.
Obscene Materials
Using the Services to advertise, transmit, store, post, display, or otherwise make available child por-nography or depictions nudity obtained or disseminated without the consent of those depicted (e.g., “revenge pornography”).or obscene speech or material.
4.
Defamatory or Abusive Language
Using the Services as a means to transmit or post defamatory, harassing, abusive, or threatening language.
5.
Forging of Headers
Forging or misrepresenting message headers, whether in whole or in part, to mask the originator of the message.
6.
Illegal or Unauthorized Access to Other Computers or Networks
Accessing illegally or without authorisation computers, accounts, or networks belonging to another party, or attempting to penetrate security measures of another individual's system (often known as "hacking"). Also, any activity that might be used as a precursor to an attempted system penetration (i.e. port scan, stealth scan, or other information gathering activity).
7.
Distribution of Internet Viruses, Worms, Trojan Horses, or Other Destructive Activities
Distributing information regarding the creation of and sending Internet viruses, worms, Trojan horses, pinging, flooding, mail bombing, injection techniques, phishing, DNS hijacking, unauthorised brute force, sybil attacks, spoofing, smurfing, malware attacks, consensus-based attacks or denial of Ser-vice attacks. Also, activities that disrupt the use of or interfere with the ability of others to effectively use the Services or any connected network, system, Service, or equipment.
8.
Facilitating a Violation of this AUG
Advertising, transmitting, or otherwise making available any software, program, product, or Service that is designed to violate this AUG, which includes the facilitation of the means to spam, initiation of pinging, flooding, mail bombing, denial of Service attacks, and piracy of software.
9.
Export Control Violations
Exporting encryption software over the Internet or otherwise, to points outside the Customer’s country which is contrary to that respective country’s rules and regulations.
10.
Illegal Substances
Unlawfully selling or distributing controlled substances, including but not limited to any illegal or pre-scription drugs.
11.
Other Illegal Activities
Engaging in activities that are determined to be illegal, including advertising, transmitting, or otherwise making available ponzi schemes, pyramid schemes, fraudulently charging credit cards, and pirating software.

Data Processing Agreement

This Data Processing Agreement ("DPA") specifies the data protection rights and obligations of the parties in connection with the processing of personal data processed by Iron Eagle Capital GmbH (hereinafter "Processor") on behalf of "Customer" under the contract based on the General Terms and Conditions, the applicable Service Specific Terms and (if applicable) the Third Party Provider Terms (hereinafter "Main Agreement") concluded between the parties. 

1. Scope of application

When providing the services in accordance with the Main Agreement, Processor processes personal data which Customer has made available for purpose of providing the services and in respect of which Customer acts as controller in the sense of data protection law ("Customer Data"). In the event of contradictions between this DPA and provisions from other agreements, in particular from the Main Agreement, the provisions of this DPA shall take precedence.

2. Subject matter and scope of the processing / Customer’s authority to issue instructions

  1. Processor will process the Customer Data exclusively on behalf of Customer and in accordance with Customer's instructions, unless Processor is legally required to process such data under the law of the European Union or a Member State. In such a case, Processor shall inform Customer of these legal requirements prior to processing, unless the law in question prohibits such information on important grounds of public interest. 
  2. The processing of Customer Data by Processor shall be carried out exclusively in the nature, to the extent, and for the purposes specified in Annex 1 to this DPA; the processing shall only concern the types of personal data and categories of data subjects specified therein. 
  3. The duration of the processing corresponds to the term of the Main Agreement. 
  4. Processor is allowed to process Customer Data or have Customer Data processed by sub-processors outside the European Economic Area ("EEA") in accordance with Section 5 of this DPA if the requirements of Articles 44 to 48 GDPR are fulfilled, if an exception under Art. 49 GDPR applies or if the transfer outside the EEA is expressly requested or initiated by Customer. 
  5. The instructions are set out in the Main Agreement. Customer is entitled to issue further instructions regarding the nature, scope, purposes and means of processing Customer Data only where such instructions are required by the laws of the European Union or a Member State, or by court or administrative order.]
  6. Instructions shall be in writing (e-mail sufficient). Customer will confirm oral instructions in writing or by e-mail.
  7. Processor shall inform Customer immediately if, in its opinion, an instruction infringes this DPA, the GDPR or other data protection provisions of the European Union or the Member States. Processor is entitled to suspend the execution of such an instruction until Customer confirms the instruction in writing (e-mail sufficient). If Customer insists on the execution of an instruction despite the concerns expressed by Processor, Customer shall indemnify and hold harmless Processor from and against any and all damages and costs incurred by Processor as a result of the execution of Customer's instruction. Processor shall inform Customer of any damages and costs asserted against Processor, shall not acknowledge any claims of third parties without the consent of Customer and shall, in Processor's discretion, either conduct the defense in co-ordination with Customer or leave it to Customer.  

3. Requirements for personnel

  1. Processor shall obligate all personnel processing Customer Data to maintain confidentiality, unless they are subject to appropriate statutory confidentiality obligations. 
  2. Processor shall ensure that all personnel under his authority who have access to Customer Data only process this data in accordance with this DPA and Customer's instructions, unless they are required to process Customer Data under the law of the European Union or the Member States.

4. Security of processing

  1. Taking into account the state of the art, the costs of implementation and – as far as known to Processor – the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of data subjects, Processor shall implement appropriate technical and organisational measures to ensure a level of security for Customer Data appropriate to the risk. 
  2. Prior to the beginning of the processing of Customer Data, Processor shall in particular implement the technical and organisational measures specified in Annex 2 to this DPA and maintain them for the duration of the Main Agreement and ensure that the processing of Customer Data is carried out in accordance with these measures.
  3. Customer shall verify the technical and organisational measures implemented by Processor, in particular whether they are also sufficient with regard to circumstances of data processing not known to Processor.
  4. Since the technical and organisational measures are subject to technical progress, Processor is entitled and obligated to implement alternative, adequate measures in order not to fall below the security level of the measures specified in Annex 2. If Processor makes significant changes to the measures set out in Annex 2, it shall inform Customer thereof in advance.

5. Use of sub-processors

  1. Processor uses the sub-processors listed in Annex 3 for the processing of Customer Data. These are deemed to be authorised upon conclusion of this DPA.
  2. Processor may use further sub-processors to process Customer Data subject to the following conditions: 

Processor shall inform Customer at least 30 days before making use of the further sub-processor in written form (e-mail sufficient) to a contact address specified by Customer for this purpose. Unless Customer raises an objection within 14 days, the use of the further sub-processor shall be deemed to have been authorised.

  1. If Customer objects to the use of a further sub-processor Processor shall be entitled, at its discretion, to continue to provide the services without the rejected sub-processor or to terminate the Main Agreement and this DPA.
  2. Processormust obligate each sub-processor by means of a written agreement which imposes on thesub-processor, in substance, the same data protection obligations as the onesimposed on Processor in accordance with this DPA.
  3. Processor shall be obligated to select and use onlythose sub-processors who offer sufficient guarantees that the appropriatetechnical and organisational measures are implemented in such a way that theprocessing of Customer Data is carried out in accordance with the requirementsof the GDPR and this DPA.

6. Rights of data subjects

  1. Processor shall take all reasonable technical and organisational measures to assist Customer in fulfilling its obligation to respond to requests from data subjects to exercise their rights. 
  2. Processor will in particular, within the scope of his possibilities: 
    1. inform Customer without undue delay if a data subject should contact Processor directly with a request to exercise his rights in relation to Customer Data;
    2. provide Customer, upon request, with all information in its possession concerning the processing of Customer Data which Customer requires in order to respond to the request of a data subject and which is not available to Customer himself; 
    3. correct, delete or limit the processing of Customer Data without undue delay at Customer's instruction, insofar as Customer cannot do this himself and this is technically possible for Processor; 
    4. to assist Customer, if necessary, to receive Customer Data processed in Processor's sphere of responsibility – as far as technically possible – in a structured, commonly used and machine-readable format, provided that the data subject has a right to data portability with regard to Customer Data. 

7. Other obligations of Processor to assist Customer

  1. Processor shall notify Customer immediately after becoming aware of any Customer Data breach, in particular incidents which lead to the actual destruction, loss, alteration or unauthorised disclosure of or access to Customer Data. Such notification shall contain a description, if possible, of: 
    1. the nature of the Customer Data breach, specifying, where possible, the data categories and approximate number of data subjects concerned;
    2. the likely consequences of the Customer Data breach; 
    3. the measures taken or proposed by Processor to remedy the Customer Data breach and, where appropriate, measures to mitigate its possible adverse effects.
  2. In the event of any Customer Data breach, Processor shall, without delay, take all necessary and reasonable measures to remedy Customer Data breach and, if necessary, to mitigate its possible adverse effects.
  3. If Customer is obligated to provide information about the processing of Customer Data to a government agency or a third party or to otherwise cooperate with such entity, Processor shall be obligated to support Customer in providing such information or in fulfilling other obligations to cooperate.
  4. Processor shall assist Customer in complying with its obligations under Art. 32 GDPR, to the extent possible considering the information Processor has with respect to Customer’s use of Processor’s services.
  5. In the event that Customer is obligated to inform supervisory authorities and/or data subjects in accordance with Art. 33, 34 GDPR, Processor shall, insofar as this is possible, assist Customer in complying with these obligations at the latter's request. In particular, Processor is obligated to document all Customer Data breaches, including all related facts, in a manner that enables Customer to prove compliance with any relevant statutory reporting obligations.
  6. Processor shall support Customer with the information available to him and assist, within reason, in any data protection impact assessment to be carried out by Customer and, if necessary, subsequent consultations with the supervisory authorities in accordance with Art. 35, 36 GDPR.

8. Data deletion and return

  1. Upon termination of the Main Agreement , Processor shall, upon Customer's instruction, either completely delete all Customer Data or return it to Customer and delete existing copies, unless the law of the European Union or a Member State requires the continued storage of Customer Data. 
  2. However, Processor is entitled to keep backup copies of Customer Data for a period of 30 days, insofar as deletion of Customer Data from these backup copies is not required for technical reasons or with regard to Art. 32 GDPR. For this period, the rights and obligations of the parties under this DPA with regard to the backup copies shall continue to apply in deviation from Section 2.3
  3. Documentation which serves as proof of the orderly and proper processing of Customer Data is to be kept by Processor in accordance with the statutory retention periods beyond the term of this DPA.

9. Audit rights

  1. Processor shall ensure and regularly evaluate that the processing of Customer Data is carried out in accordance with this DPA, the Main Agreement and Customer's instructions.
  2. Processor shall document the implementation of the obligations under this DPA in a suitable manner and shall provide Customer with all necessary evidence of Processor's compliance with its obligations under the GDPR and this DPA at Customer's request.
  3. Customer shall be entitled to audit Processor regularly during the term of the Main Agreement with regard to compliance with the provisions of this DPA, in particular the implementation of the technical and organisational measures in accordance with Annex 2, either itself or through a qualified auditor subject to appropriate confidentiality obligations; this shall include inspections. Processor shall allow and shall contribute to such audits by taking all reasonable and appropriate measures; inter alia by granting the necessary access rights and by providing all necessary information. 
  4. The audits and inspections shall not, as far as possible, obstruct or unduly burden Processor in his normal business operations. In particular, inspections at Processor's premises without any specific reason should not take place more than once per calendar year and only during Processor's normal business hours. Customer shall notify Processor of inspections in good time in advance and in writing (e-mail sufficient).
  5. In accordance with the provisions of the GDPR, Customer and Processor are subject to public controls by the competent supervisory authority. At the request of Customer, Processor shall provide the supervisory authority with the desired information and shall give the supervisory authority or the persons appointed by it the opportunity to carry out audits, including inspections of Processor. In this context, Processor shall grant the competent supervisory authority the necessary rights of access, information and inspection.

10. Liability

The limitations of liability agreed in the Main Agreement apply accordingly.

11. Miscellaneous

  1. Amendments and subsidiary agreements to this DPA must be made in writing. This also applies to this written form clause.
  2. Agreements on the choice of law and place of jurisdiction from the Main Agreement shall apply accordingly to this DPA.]

Annex 1 - Purpose, nature and extent of data processing, type of data and categories of data subjects

Purpose of the data processing

Access to the Nuco.cloud web application and provision of the Services set out in the Main Agreement.

Nature and scope of data processing 

Automated processing of Customer Data to provide the Services set out in the Main Agreement.

Provision of the Nuco.cloud web application.

Type of data

All data uploaded, downloaded or generated by Customer when using the Services.

Name, email address, password and billing information of Customer and/or its employees.

Categories of data subjects

All data subjects concerned by the data uploaded, downloaded or generated by Customer when using the services.

Employees of Customer

Annex 2 – Technical and organisational measures

Depending on the third-party providers supplying the Services the following additional technical and organisational measures apply to the respective Services:

Hetzner Online GmbH: https://www.hetzner.com/AV/TOM.pdf

Vultr: https://www.vultr.com/legal/eea-gdpr-privacy/

Cudo Ventures Limited: https://www.cudocompute.com/privacy

Data Processing Agreement

This Data Processing Agreement ("DPA") specifies the data protection rights and obligations of the parties in connection with the processing of personal data processed by Iron Eagle Capital GmbH (hereinafter "Processor") on behalf of "Customer" under the contract based on the General Terms and Conditions, the applicable Service Specific Terms and (if applicable) the Third Party Provider Terms (hereinafter "Main Agreement") concluded between the parties. 

  1. Scope of application

When providing the services in accordance with the Main Agreement, Processor processes personal data which Customer has made available for purpose of providing the services and in respect of which Customer acts as controller in the sense of data protection law ("Customer Data"). In the event of contradictions between this DPA and provisions from other agreements, in particular from the Main Agreement, the provisions of this DPA shall take precedence.

Subject matter and scope of the processing / Customer’s authority to issue instructions

  1. Processor will process the Customer Data exclusively on behalf of Customer and in accordance with Customer's instructions, unless Processor is legally required to process such data under the law of the European Union or a Member State. In such a case, Processor shall inform Customer of these legal requirements prior to processing, unless the law in question prohibits such information on important grounds of public interest. 
  2. The processing of Customer Data by Processor shall be carried out exclusively in the nature, to the extent, and for the purposes specified in Annex 1 to this DPA; the processing shall only concern the types of personal data and categories of data subjects specified therein. 
  3. The duration of the processing corresponds to the term of the Main Agreement. 
  4. Processor is allowed to process Customer Data or have Customer Data processed by sub-processors outside the European Economic Area ("EEA") in accordance with Section 5 of this DPA if the requirements of Articles 44 to 48 GDPR are fulfilled, if an exception under Art. 49 GDPR applies or if the transfer outside the EEA is expressly requested or initiated by Customer. 
  5. The instructions are set out in the Main Agreement. Customer is entitled to issue further instructions regarding the nature, scope, purposes and means of processing Customer Data only where such instructions are required by the laws of the European Union or a Member State, or by court or administrative order.]
  6. Instructions shall be in writing (e-mail sufficient). Customer will confirm oral instructions in writing or by e-mail.
  7. Processor shall inform Customer immediately if, in its opinion, an instruction infringes this DPA, the GDPR or other data protection provisions of the European Union or the Member States. Processor is entitled to suspend the execution of such an instruction until Customer confirms the instruction in writing (e-mail sufficient). If Customer insists on the execution of an instruction despite the concerns expressed by Processor, Customer shall indemnify and hold harmless Processor from and against any and all damages and costs incurred by Processor as a result of the execution of Customer's instruction. Processor shall inform Customer of any damages and costs asserted against Processor, shall not acknowledge any claims of third parties without the consent of Customer and shall, in Processor's discretion, either conduct the defense in co-ordination with Customer or leave it to Customer.  
  8. Requirements for personnel
    1. Processor shall obligate all personnel processing Customer Data to maintain confidentiality, unless they are subject to appropriate statutory confidentiality obligations. 
    2. Processor shall ensure that all personnel under his authority who have access to Customer Data only process this data in accordance with this DPA and Customer's instructions, unless they are required to process Customer Data under the law of the European Union or the Member States.
  9. Security of processing
    1. Taking into account the state of the art, the costs of implementation and – as far as known to Processor – the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of data subjects, Processor shall implement appropriate technical and organisational measures to ensure a level of security for Customer Data appropriate to the risk. 
    2. Prior to the beginning of the processing of Customer Data, Processor shall in particular implement the technical and organisational measures specified in Annex 2 to this DPA and maintain them for the duration of the Main Agreement and ensure that the processing of Customer Data is carried out in accordance with these measures.
    3. Customer shall verify the technical and organisational measures implemented by Processor, in particular whether they are also sufficient with regard to circumstances of data processing not known to Processor.
    4. Since the technical and organisational measures are subject to technical progress, Processor is entitled and obligated to implement alternative, adequate measures in order not to fall below the security level of the measures specified in Annex 2. If Processor makes significant changes to the measures set out in Annex 2, it shall inform Customer thereof in advance.
  10. Use of sub-processors
    1. Processor uses the sub-processors listed in Annex 3 for the processing of Customer Data. These are deemed to be authorised upon conclusion of this DPA.
    2. Processor may use further sub-processors to process Customer Data subject to the following conditions: 

Processor shall inform Customer at least 30 days before making use of the further sub-processor in written form (e-mail sufficient) to a contact address specified by Customer for this purpose. Unless Customer raises an objection within 14 days, the use of the further sub-processor shall be deemed to have been authorised.

  1. If Customer objects to the use of a further sub-processor Processor shall be entitled, at its discretion, to continue to provide the services without the rejected sub-processor or to terminate the Main Agreement and this DPA.
  2. Processor must obligate each sub-processor by means of a written agreement which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on Processor in accordance with this DPA.
  3. Processor shall be obligated to select and use only those sub-processors who offer sufficient guarantees that the appropriate technical and organisational measures are implemented in such a way that the processing of Customer Data is carried out in accordance with the requirements of the GDPR and this DPA.
  1. Rights of data subjectssome text
    1. Processor shall take all reasonable technical and organisational measures to assist Customer in fulfilling its obligation to respond to requests from data subjects to exercise their rights. 
    2. Processor will in particular, within the scope of his possibilities: 
  1. inform Customer without undue delay if a data subject should contact Processor directly with a request to exercise his rights in relation to Customer Data;
  2. provide Customer, upon request, with all information in its possession concerning the processing of Customer Data which Customer requires in order to respond to the request of a data subject and which is not available to Customer himself; 
  3. correct, delete or limit the processing of Customer Data without undue delay at Customer's instruction, insofar as Customer cannot do this himself and this is technically possible for Processor; 
  4. to assist Customer, if necessary, to receive Customer Data processed in Processor's sphere of responsibility – as far as technically possible – in a structured, commonly used and machine-readable format, provided that the data subject has a right to data portability with regard to Customer Data. 
  1. Other obligations of Processor to assist Customersome text
    1. Processor shall notify Customer immediately after becoming aware of any Customer Data breach, in particular incidents which lead to the actual destruction, loss, alteration or unauthorised disclosure of or access to Customer Data. Such notification shall contain a description, if possible, of: 
  1. the nature of the Customer Data breach, specifying, where possible, the data categories and approximate number of data subjects concerned;
  2. the likely consequences of the Customer Data breach; 
  3. the measures taken or proposed by Processor to remedy the Customer Data breach and, where appropriate, measures to mitigate its possible adverse effects.
  1. In the event of any Customer Data breach, Processor shall, without delay, take all necessary and reasonable measures to remedy Customer Data breach and, if necessary, to mitigate its possible adverse effects.
  2. If Customer is obligated to provide information about the processing of Customer Data to a government agency or a third party or to otherwise cooperate with such entity, Processor shall be obligated to support Customer in providing such information or in fulfilling other obligations to cooperate.
  3. Processor shall assist Customer in complying with its obligations under Art. 32 GDPR, to the extent possible considering the information Processor has with respect to Customer’s use of Processor’s services.
  4. In the event that Customer is obligated to inform supervisory authorities and/or data subjects in accordance with Art. 33, 34 GDPR, Processor shall, insofar as this is possible, assist Customer in complying with these obligations at the latter's request. In particular, Processor is obligated to document all Customer Data breaches, including all related facts, in a manner that enables Customer to prove compliance with any relevant statutory reporting obligations.
  5. Processor shall support Customer with the information available to him and assist, within reason, in any data protection impact assessment to be carried out by Customer and, if necessary, subsequent consultations with the supervisory authorities in accordance with Art. 35, 36 GDPR.
  1. Data deletion and returnsome text
    1. Upon termination of the Main Agreement , Processor shall, upon Customer's instruction, either completely delete all Customer Data or return it to Customer and delete existing copies, unless the law of the European Union or a Member State requires the continued storage of Customer Data. 
    2. However, Processor is entitled to keep backup copies of Customer Data for a period of 30 days, insofar as deletion of Customer Data from these backup copies is not required for technical reasons or with regard to Art. 32 GDPR. For this period, the rights and obligations of the parties under this DPA with regard to the backup copies shall continue to apply in deviation from Section 2.3
    3. Documentation which serves as proof of the orderly and proper processing of Customer Data is to be kept by Processor in accordance with the statutory retention periods beyond the term of this DPA.
  2. Audit rights some text
    1. Processor shall ensure and regularly evaluate that the processing of Customer Data is carried out in accordance with this DPA, the Main Agreement and Customer's instructions.
    2. Processor shall document the implementation of the obligations under this DPA in a suitable manner and shall provide Customer with all necessary evidence of Processor's compliance with its obligations under the GDPR and this DPA at Customer's request.
    3. Customer shall be entitled to audit Processor regularly during the term of the Main Agreement with regard to compliance with the provisions of this DPA, in particular the implementation of the technical and organisational measures in accordance with Annex 2, either itself or through a qualified auditor subject to appropriate confidentiality obligations; this shall include inspections. Processor shall allow and shall contribute to such audits by taking all reasonable and appropriate measures; inter alia by granting the necessary access rights and by providing all necessary information. 
    4. The audits and inspections shall not, as far as possible, obstruct or unduly burden Processor in his normal business operations. In particular, inspections at Processor's premises without any specific reason should not take place more than once per calendar year and only during Processor's normal business hours. Customer shall notify Processor of inspections in good time in advance and in writing (e-mail sufficient).
    5. In accordance with the provisions of the GDPR, Customer and Processor are subject to public controls by the competent supervisory authority. At the request of Customer, Processor shall provide the supervisory authority with the desired information and shall give the supervisory authority or the persons appointed by it the opportunity to carry out audits, including inspections of Processor. In this context, Processor shall grant the competent supervisory authority the necessary rights of access, information and inspection.
  3. Liability

The limitations of liability agreed in the Main Agreement apply accordingly.

  1. Miscellaneoussome text
    1. Amendments and subsidiary agreements to this DPA must be made in writing. This also applies to this written form clause.
    2. Agreements on the choice of law and place of jurisdiction from the Main Agreement shall apply accordingly to this DPA.]
  1. Annex 1 - Purpose, nature and extent of data processing, type of data and categories of data subjects

Purpose of the data processing

Access to the Nuco.cloud web application and provision of the Services set out in the Main Agreement.

Nature and scope of data processing 

Automated processing of Customer Data to provide the Services set out in the Main Agreement.

Provision of the Nuco.cloud web application.

Type of data

All data uploaded, downloaded or generated by Customer when using the Services.

Name, email address, password and billing information of Customer and/or its employees.

Categories of data subjects

All data subjects concerned by the data uploaded, downloaded or generated by Customer when using the services.

Employees of Customer

  1. Annex 2 – Technical and organisational measures

Depending on the third-party providers supplying the Services the following additional technical and organisational measures apply to the respective Services:

Hetzner Online GmbH: https://www.hetzner.com/AV/TOM.pdf

Vultr: https://www.vultr.com/legal/eea-gdpr-privacy/

Cudo Ventures Limited: https://www.cudocompute.com/privacy

Data Processing Agreement

This Data Processing Agreement ("DPA") specifies the data protection rights and obligations of the parties in connection with the processing of personal data processed by Iron Eagle Capital GmbH (hereinafter "Processor") on behalf of "Customer" under the contract based on the General Terms and Conditions, the applicable Service Specific Terms and (if applicable) the Third Party Provider Terms (hereinafter "Main Agreement") concluded between the parties. 

  1. Scope of application

When providing the services in accordance with the Main Agreement, Processor processes personal data which Customer has made available for purpose of providing the services and in respect of which Customer acts as controller in the sense of data protection law ("Customer Data"). In the event of contradictions between this DPA and provisions from other agreements, in particular from the Main Agreement, the provisions of this DPA shall take precedence.

Subject matter and scope of the processing / Customer’s authority to issue instructions

  1. Processor will process the Customer Data exclusively on behalf of Customer and in accordance with Customer's instructions, unless Processor is legally required to process such data under the law of the European Union or a Member State. In such a case, Processor shall inform Customer of these legal requirements prior to processing, unless the law in question prohibits such information on important grounds of public interest. 
  2. The processing of Customer Data by Processor shall be carried out exclusively in the nature, to the extent, and for the purposes specified in Annex 1 to this DPA; the processing shall only concern the types of personal data and categories of data subjects specified therein. 
  3. The duration of the processing corresponds to the term of the Main Agreement. 
  4. Processor is allowed to process Customer Data or have Customer Data processed by sub-processors outside the European Economic Area ("EEA") in accordance with Section 5 of this DPA if the requirements of Articles 44 to 48 GDPR are fulfilled, if an exception under Art. 49 GDPR applies or if the transfer outside the EEA is expressly requested or initiated by Customer. 
  5. The instructions are set out in the Main Agreement. Customer is entitled to issue further instructions regarding the nature, scope, purposes and means of processing Customer Data only where such instructions are required by the laws of the European Union or a Member State, or by court or administrative order.]
  6. Instructions shall be in writing (e-mail sufficient). Customer will confirm oral instructions in writing or by e-mail.
  7. Processor shall inform Customer immediately if, in its opinion, an instruction infringes this DPA, the GDPR or other data protection provisions of the European Union or the Member States. Processor is entitled to suspend the execution of such an instruction until Customer confirms the instruction in writing (e-mail sufficient). If Customer insists on the execution of an instruction despite the concerns expressed by Processor, Customer shall indemnify and hold harmless Processor from and against any and all damages and costs incurred by Processor as a result of the execution of Customer's instruction. Processor shall inform Customer of any damages and costs asserted against Processor, shall not acknowledge any claims of third parties without the consent of Customer and shall, in Processor's discretion, either conduct the defense in co-ordination with Customer or leave it to Customer.  
  8. Requirements for personnel
    1. Processor shall obligate all personnel processing Customer Data to maintain confidentiality, unless they are subject to appropriate statutory confidentiality obligations. 
    2. Processor shall ensure that all personnel under his authority who have access to Customer Data only process this data in accordance with this DPA and Customer's instructions, unless they are required to process Customer Data under the law of the European Union or the Member States.
  9. Security of processing
    1. Taking into account the state of the art, the costs of implementation and – as far as known to Processor – the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of data subjects, Processor shall implement appropriate technical and organisational measures to ensure a level of security for Customer Data appropriate to the risk. 
    2. Prior to the beginning of the processing of Customer Data, Processor shall in particular implement the technical and organisational measures specified in Annex 2 to this DPA and maintain them for the duration of the Main Agreement and ensure that the processing of Customer Data is carried out in accordance with these measures.
    3. Customer shall verify the technical and organisational measures implemented by Processor, in particular whether they are also sufficient with regard to circumstances of data processing not known to Processor.
    4. Since the technical and organisational measures are subject to technical progress, Processor is entitled and obligated to implement alternative, adequate measures in order not to fall below the security level of the measures specified in Annex 2. If Processor makes significant changes to the measures set out in Annex 2, it shall inform Customer thereof in advance.
  10. Use of sub-processors
    1. Processor uses the sub-processors listed in Annex 3 for the processing of Customer Data. These are deemed to be authorised upon conclusion of this DPA.
    2. Processor may use further sub-processors to process Customer Data subject to the following conditions: 

Processor shall inform Customer at least 30 days before making use of the further sub-processor in written form (e-mail sufficient) to a contact address specified by Customer for this purpose. Unless Customer raises an objection within 14 days, the use of the further sub-processor shall be deemed to have been authorised.

  1. If Customer objects to the use of a further sub-processor Processor shall be entitled, at its discretion, to continue to provide the services without the rejected sub-processor or to terminate the Main Agreement and this DPA.
  2. Processor must obligate each sub-processor by means of a written agreement which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on Processor in accordance with this DPA.
  3. Processor shall be obligated to select and use only those sub-processors who offer sufficient guarantees that the appropriate technical and organisational measures are implemented in such a way that the processing of Customer Data is carried out in accordance with the requirements of the GDPR and this DPA.
  1. Rights of data subjectssome text
    1. Processor shall take all reasonable technical and organisational measures to assist Customer in fulfilling its obligation to respond to requests from data subjects to exercise their rights. 
    2. Processor will in particular, within the scope of his possibilities: 
  1. inform Customer without undue delay if a data subject should contact Processor directly with a request to exercise his rights in relation to Customer Data;
  2. provide Customer, upon request, with all information in its possession concerning the processing of Customer Data which Customer requires in order to respond to the request of a data subject and which is not available to Customer himself; 
  3. correct, delete or limit the processing of Customer Data without undue delay at Customer's instruction, insofar as Customer cannot do this himself and this is technically possible for Processor; 
  4. to assist Customer, if necessary, to receive Customer Data processed in Processor's sphere of responsibility – as far as technically possible – in a structured, commonly used and machine-readable format, provided that the data subject has a right to data portability with regard to Customer Data. 
  1. Other obligations of Processor to assist Customersome text
    1. Processor shall notify Customer immediately after becoming aware of any Customer Data breach, in particular incidents which lead to the actual destruction, loss, alteration or unauthorised disclosure of or access to Customer Data. Such notification shall contain a description, if possible, of: 
  1. the nature of the Customer Data breach, specifying, where possible, the data categories and approximate number of data subjects concerned;
  2. the likely consequences of the Customer Data breach; 
  3. the measures taken or proposed by Processor to remedy the Customer Data breach and, where appropriate, measures to mitigate its possible adverse effects.
  1. In the event of any Customer Data breach, Processor shall, without delay, take all necessary and reasonable measures to remedy Customer Data breach and, if necessary, to mitigate its possible adverse effects.
  2. If Customer is obligated to provide information about the processing of Customer Data to a government agency or a third party or to otherwise cooperate with such entity, Processor shall be obligated to support Customer in providing such information or in fulfilling other obligations to cooperate.
  3. Processor shall assist Customer in complying with its obligations under Art. 32 GDPR, to the extent possible considering the information Processor has with respect to Customer’s use of Processor’s services.
  4. In the event that Customer is obligated to inform supervisory authorities and/or data subjects in accordance with Art. 33, 34 GDPR, Processor shall, insofar as this is possible, assist Customer in complying with these obligations at the latter's request. In particular, Processor is obligated to document all Customer Data breaches, including all related facts, in a manner that enables Customer to prove compliance with any relevant statutory reporting obligations.
  5. Processor shall support Customer with the information available to him and assist, within reason, in any data protection impact assessment to be carried out by Customer and, if necessary, subsequent consultations with the supervisory authorities in accordance with Art. 35, 36 GDPR.
  1. Data deletion and returnsome text
    1. Upon termination of the Main Agreement , Processor shall, upon Customer's instruction, either completely delete all Customer Data or return it to Customer and delete existing copies, unless the law of the European Union or a Member State requires the continued storage of Customer Data. 
    2. However, Processor is entitled to keep backup copies of Customer Data for a period of 30 days, insofar as deletion of Customer Data from these backup copies is not required for technical reasons or with regard to Art. 32 GDPR. For this period, the rights and obligations of the parties under this DPA with regard to the backup copies shall continue to apply in deviation from Section 2.3
    3. Documentation which serves as proof of the orderly and proper processing of Customer Data is to be kept by Processor in accordance with the statutory retention periods beyond the term of this DPA.
  2. Audit rights some text
    1. Processor shall ensure and regularly evaluate that the processing of Customer Data is carried out in accordance with this DPA, the Main Agreement and Customer's instructions.
    2. Processor shall document the implementation of the obligations under this DPA in a suitable manner and shall provide Customer with all necessary evidence of Processor's compliance with its obligations under the GDPR and this DPA at Customer's request.
    3. Customer shall be entitled to audit Processor regularly during the term of the Main Agreement with regard to compliance with the provisions of this DPA, in particular the implementation of the technical and organisational measures in accordance with Annex 2, either itself or through a qualified auditor subject to appropriate confidentiality obligations; this shall include inspections. Processor shall allow and shall contribute to such audits by taking all reasonable and appropriate measures; inter alia by granting the necessary access rights and by providing all necessary information. 
    4. The audits and inspections shall not, as far as possible, obstruct or unduly burden Processor in his normal business operations. In particular, inspections at Processor's premises without any specific reason should not take place more than once per calendar year and only during Processor's normal business hours. Customer shall notify Processor of inspections in good time in advance and in writing (e-mail sufficient).
    5. In accordance with the provisions of the GDPR, Customer and Processor are subject to public controls by the competent supervisory authority. At the request of Customer, Processor shall provide the supervisory authority with the desired information and shall give the supervisory authority or the persons appointed by it the opportunity to carry out audits, including inspections of Processor. In this context, Processor shall grant the competent supervisory authority the necessary rights of access, information and inspection.
  3. Liability

The limitations of liability agreed in the Main Agreement apply accordingly.

  1. Miscellaneoussome text
    1. Amendments and subsidiary agreements to this DPA must be made in writing. This also applies to this written form clause.
    2. Agreements on the choice of law and place of jurisdiction from the Main Agreement shall apply accordingly to this DPA.]
  1. Annex 1 - Purpose, nature and extent of data processing, type of data and categories of data subjects

Purpose of the data processing

Access to the Nuco.cloud web application and provision of the Services set out in the Main Agreement.

Nature and scope of data processing 

Automated processing of Customer Data to provide the Services set out in the Main Agreement.

Provision of the Nuco.cloud web application.

Type of data

All data uploaded, downloaded or generated by Customer when using the Services.

Name, email address, password and billing information of Customer and/or its employees.

Categories of data subjects

All data subjects concerned by the data uploaded, downloaded or generated by Customer when using the services.

Employees of Customer

  1. Annex 2 – Technical and organisational measures

Depending on the third-party providers supplying the Services the following additional technical and organisational measures apply to the respective Services:

Hetzner Online GmbH: https://www.hetzner.com/AV/TOM.pdf

Vultr: https://www.vultr.com/legal/eea-gdpr-privacy/

Cudo Ventures Limited: https://www.cudocompute.com/privacy

This Data Processing Agreement ("DPA") specifies the data protection rights and obligations of the parties in connection with the processing of personal data processed by Iron Eagle Capital GmbH (hereinafter "Processor") on behalf of "Customer" under the contract based on the General Terms and Conditions, the applicable Service Specific Terms and (if applicable) the Third Party Provider Terms (hereinafter "Main Agreement") concluded between the parties.

  1. Scope of application

When providing the services in accordance with the Main Agreement, Processor processes personal data which Customer has made available for purpose of providing the services and in respect of which Customer acts as controller in the sense of data protection law ("Customer Data"). In the event of contradictions between this DPA and provisions from other agreements, in particular from the Main Agreement, the provisions of this DPA shall take precedence.

  1. Subject matter and scope of the processing / Customer’s authority to issue instructionssome text
    1. Processor will process the Customer Data exclusively on behalf of Customer and in accordance with Customer's instructions, unless Processor is legally required to process such data under the law of the European Union or a Member State. In such a case, Processor shall inform Customer of these legal requirements prior to processing, unless the law in question prohibits such information on important grounds of public interest.
    2. The processing of Customer Data by Processor shall be carried out exclusively in the nature, to the extent, and for the purposes specified in Annex 1 to this DPA; the processing shall only concern the types of personal data and categories of data subjects specified therein.
    3. The duration of the processing corresponds to the term of the Main Agreement.
    4. Processor is allowed to process Customer Data or have Customer Data processed by sub-processors outside the European Economic Area ("EEA") in accordance with Section 5 of this DPA if the requirements of Articles 44 to 48 GDPR are fulfilled, if an exception under Art. 49 GDPR applies or if the transfer outside the EEA is expressly requested or initiated by Customer.
    5. The instructions are set out in the Main Agreement. Customer is entitled to issue further instructions regarding the nature, scope, purposes and means of processing Customer Data only where such instructions are required by the laws of the European Union or a Member State, or by court or administrative order.]
    6. Instructions shall be in writing (e-mail sufficient). Customer will confirm oral instructions in writing or by e-mail.
    7. Processor shall inform Customer immediately if, in its opinion, an instruction infringes this DPA, the GDPR or other data protection provisions of the European Union or the Member States. Processor is entitled to suspend the execution of such an instruction until Customer confirms the instruction in writing (e-mail sufficient). If Customer insists on the execution of an instruction despite the concerns expressed by Processor, Customer shall indemnify and hold harmless Processor from and against any and all damages and costs incurred by Processor as a result of the execution of Customer's instruction. Processor shall inform Customer of any damages and costs asserted against Processor, shall not acknowledge any claims of third parties without the consent of Customer and shall, in Processor's discretion, either conduct the defense in co-ordination with Customer or leave it to Customer.  
  2. Requirements for personnelsome text
    1. Processor shall obligate all personnel processing Customer Data to maintain confidentiality, unless they are subject to appropriate statutory confidentiality obligations.
    2. Processor shall ensure that all personnel under his authority who have access to Customer Data only process this data in accordance with this DPA and Customer's instructions, unless they are required to process Customer Data under the law of the European Union or the Member States.
  3. Security of processingsome text
    1. Taking into account the state of the art, the costs of implementation and – as far as known to Processor – the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of data subjects, Processor shall implement appropriate technical and organisational measures to ensure a level of security for Customer Data appropriate to the risk.
    2. Prior to the beginning of the processing of Customer Data, Processor shall in particular implement the technical and organisational measures specified in Annex 2 to this DPA and maintain them for the duration of the Main Agreement and ensure that the processing of Customer Data is carried out in accordance with these measures.
    3. Customer shall verify the technical and organisational measures implemented by Processor, in particular whether they are also sufficient with regard to circumstances of data processing not known to Processor.
    4. Since the technical and organisational measures are subject to technical progress, Processor is entitled and obligated to implement alternative, adequate measures in order not to fall below the security level of the measures specified in Annex 2. If Processor makes significant changes to the measures set out in Annex 2, it shall inform Customer thereof in advance.
  4. Use of sub-processorssome text
    1. Processor uses the sub-processors listed in Annex 3 for the processing of Customer Data. These are deemed to be authorised upon conclusion of this DPA.
    2. Processor may use further sub-processors to process Customer Data subject to the following conditions:

Processor shall inform Customer at least 30 days before making use of the further sub-processor in written form (e-mail sufficient) to a contact address specified by Customer for this purpose. Unless Customer raises an objection within 14 days, the use of the further sub-processor shall be deemed to have been authorised.

  1. If Customer objects to the use of a further sub-processor Processor shall be entitled, at its discretion, to continue to provide the services without the rejected sub-processor or to terminate the Main Agreement and this DPA.
  2. Processor must obligate each sub-processor by means of a written agreement which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on Processor in accordance with this DPA.
  3. Processor shall be obligated to select and use only those sub-processors who offer sufficient guarantees that the appropriate technical and organisational measures are implemented in such a way that the processing of Customer Data is carried out in accordance with the requirements of the GDPR and this DPA.
  1. Rights of data subjectssome text
    1. Processor shall take all reasonable technical and organisational measures to assist Customer in fulfilling its obligation to respond to requests from data subjects to exercise their rights.
    2. Processor will in particular, within the scope of his possibilities:
  1. inform Customer without undue delay if a data subject should contact Processor directly with a request to exercise his rights in relation to Customer Data;
  2. provide Customer, upon request, with all information in its possession concerning the processing of Customer Data which Customer requires in order to respond to the request of a data subject and which is not available to Customer himself;
  3. correct, delete or limit the processing of Customer Data without undue delay at Customer's instruction, insofar as Customer cannot do this himself and this is technically possible for Processor;
  4. to assist Customer, if necessary, to receive Customer Data processed in Processor's sphere of responsibility – as far as technically possible – in a structured, commonly used and machine-readable format, provided that the data subject has a right to data portability with regard to Customer Data.
  1. Other obligations of Processor to assist Customersome text
    1. Processor shall notify Customer immediately after becoming aware of any Customer Data breach, in particular incidents which lead to the actual destruction, loss, alteration or unauthorised disclosure of or access to Customer Data. Such notification shall contain a description, if possible, of:
  1. the nature of the Customer Data breach, specifying, where possible, the data categories and approximate number of data subjects concerned;
  2. the likely consequences of the Customer Data breach;
  3. the measures taken or proposed by Processor to remedy the Customer Data breach and, where appropriate, measures to mitigate its possible adverse effects.
  1. In the event of any Customer Data breach, Processor shall, without delay, take all necessary and reasonable measures to remedy Customer Data breach and, if necessary, to mitigate its possible adverse effects.
  2. If Customer is obligated to provide information about the processing of Customer Data to a government agency or a third party or to otherwise cooperate with such entity, Processor shall be obligated to support Customer in providing such information or in fulfilling other obligations to cooperate.
  3. Processor shall assist Customer in complying with its obligations under Art. 32 GDPR, to the extent possible considering the information Processor has with respect to Customer’s use of Processor’s services.
  4. In the event that Customer is obligated to inform supervisory authorities and/or data subjects in accordance with Art. 33, 34 GDPR, Processor shall, insofar as this is possible, assist Customer in complying with these obligations at the latter's request. In particular, Processor is obligated to document all Customer Data breaches, including all related facts, in a manner that enables Customer to prove compliance with any relevant statutory reporting obligations.
  5. Processor shall support Customer with the information available to him and assist, within reason, in any data protection impact assessment to be carried out by Customer and, if necessary, subsequent consultations with the supervisory authorities in accordance with Art. 35, 36 GDPR.
  1. Data deletion and returnsome text
    1. Upon termination of the Main Agreement , Processor shall, upon Customer's instruction, either completely delete all Customer Data or return it to Customer and delete existing copies, unless the law of the European Union or a Member State requires the continued storage of Customer Data.
    2. However, Processor is entitled to keep backup copies of Customer Data for a period of 30 days, insofar as deletion of Customer Data from these backup copies is not required for technical reasons or with regard to Art. 32 GDPR. For this period, the rights and obligations of the parties under this DPA with regard to the backup copies shall continue to apply in deviation from Section 2.3
    3. Documentation which serves as proof of the orderly and proper processing of Customer Data is to be kept by Processor in accordance with the statutory retention periods beyond the term of this DPA.
  2. Audit rights some text
    1. Processor shall ensure and regularly evaluate that the processing of Customer Data is carried out in accordance with this DPA, the Main Agreement and Customer's instructions.
    2. Processor shall document the implementation of the obligations under this DPA in a suitable manner and shall provide Customer with all necessary evidence of Processor's compliance with its obligations under the GDPR and this DPA at Customer's request.
    3. Customer shall be entitled to audit Processor regularly during the term of the Main Agreement with regard to compliance with the provisions of this DPA, in particular the implementation of the technical and organisational measures in accordance with Annex 2, either itself or through a qualified auditor subject to appropriate confidentiality obligations; this shall include inspections. Processor shall allow and shall contribute to such audits by taking all reasonable and appropriate measures; inter alia by granting the necessary access rights and by providing all necessary information.
    4. The audits and inspections shall not, as far as possible, obstruct or unduly burden Processor in his normal business operations. In particular, inspections at Processor's premises without any specific reason should not take place more than once per calendar year and only during Processor's normal business hours. Customer shall notify Processor of inspections in good time in advance and in writing (e-mail sufficient).
    5. In accordance with the provisions of the GDPR, Customer and Processor are subject to public controls by the competent supervisory authority. At the request of Customer, Processor shall provide the supervisory authority with the desired information and shall give the supervisory authority or the persons appointed by it the opportunity to carry out audits, including inspections of Processor. In this context, Processor shall grant the competent supervisory authority the necessary rights of access, information and inspection.
  3. Liability

The limitations of liability agreed in the Main Agreement apply accordingly.

  1. Miscellaneoussome text
    1. Amendments and subsidiary agreements to this DPA must be made in writing. This also applies to this written form clause.
    2. Agreements on the choice of law and place of jurisdiction from the Main Agreement shall apply accordingly to this DPA.]

Annex 1 - Purpose, nature and extent of data processing, type of data and categories of data subjects

Purpose of the data processing

Access to the Nuco.cloud web application and provision of the Services set out in the Main Agreement.

Nature and scope of data processing

Automated processing of Customer Data to provide the Services set out in the Main Agreement.

Provision of the Nuco.cloud web application.

Type of data

All data uploaded, downloaded or generated by Customer when using the Services.

Name, email address, password and billing information of Customer and/or its employees.

Categories of data subjects

All data subjects concerned by the data uploaded, downloaded or generated by Customer when using the services.

Employees of Customer

Annex 2 – Technical and organisational measures

Depending on the third-party providers supplying the Services the following additional technical and organisational measures apply to the respective Services:

Hetzner Online GmbH: https://www.hetzner.com/AV/TOM.pdf

Vultr: https://www.vultr.com/legal/eea-gdpr-privacy/

Cudo Ventures Limited: https://www.cudocompute.com/privacy

Annex 3 – Sub-processors

Name

Nature of the service

Hetzner Online GmbH

Third-party provider (if applicable)

The Constant Company, LLC.

Third-party provider (if applicable)

Cudo Ventures Limited

Third-party provider (if applicable)

Join our community for the latest updates

Summarize nuco.cloud’s unique position, the growing demand for cloud computing, and how nuco.cloud is poised to meet this demand on a global scale.

Join our Telegram GroupFollow us on X

info@nuco.cloud

nuco.cloud SKYNET
nuco.cloud PRO
nuco.cloud GO
What sets us apart
Whitepaper
Roadmap
News
Tokenomics
Exchanges
Team
Contact
Discord
Telegram Group
Telegram Channel
X
LinkedIn
Youtube
Whitepaper
Risk Warnings
Privacy Policy
Legal Notice