Additional Terms and Conditions

Last updated: November 08, 2025

Service Provider Information
Scope and conclusion of the contract
Subject matter of the contract
The shipping management function can include the following
Service fees
Limitation and exclusion of liability
Information about PeakShip features and other developments
Termination of Agreement
Warranty
Enforcement options
Other legal remedies
Unilateral amendment of the Supplementary Terms and Conditions
Copyright
Data protection, protection of personal data
Force majeure
Other provisions

Service Provider Information

This document contains information about Peak Tech Limited Liability Company (Hungary, (ZIP:) 1196 Budapest, (Street:) Hunyadi utca 140. Fsz. 2. ajtó; tax number: 32863576-2-43, (hereinafter: "Service Provider") on the Shopify platform, which is accessible via the PeakShip extension (hereinafter: "Merchant"). These GTC set out only supplementary terms and conditions; the terms and conditions specified by Shopify at https://www.shopify.com/legal/terms are binding on the parties.

Scope and conclusion of the contract

The Service Provider is an extension of the Shopify platform, therefore these terms of service are supplementary in nature. In order to use the extension, you must accept the Shopify Terms of Service and all terms contained or expressly referenced therein, including Shopify's Acceptable Use Policy ("AUP") and Privacy Policy, as well as, where applicable, 2 the additional terms of service for EU merchants ("EU Terms"), the Shopify API License and Terms of Use ("API Terms"), and the Shopify Data Processing Addendum ("DPA").

The scope of these GTC extends to both free and paid services provided by the Service Provider. Downloading the extension constitutes an online contract, the details of which are governed by this contract.

The order is considered an electronically concluded contract, which is governed by Act V of 2013 on the Civil Code (Hungarian law) and Act CVIII of 2001 on certain issues related to electronic commerce services and information society services (Hungarian law). The contract is subject to Government regulation 45/2014 (II.26.) on the detailed rules of contracts between consumers and businesses (Hungarian law), and takes into account the provisions of Directive 2011/83/EU of the European Parliament and of the Council on consumer rights.

Subject matter of the contract

An add-on for providing shipping management functions to online store owners using Shopify.

The shipping management function can include the following:

Smooth shipping operations for webshop owners, with the integration of multiple courier services by the Service Provider. ( GLS, MPL, Foxpost, DPD, Express One, Fáma Futár)
Bulk creation of shipping labels
Real-time tracking of deliveries
Interactive parcel point map selector, which makes it easy for merchants to select a pickup location
Customization of cash on delivery payment settings (modification of cash on delivery fees, disabling)
Merchant service support for shipping management functions.

Service fees

Prices and subscription details for paid services must be specified in the Shopify App Store. Payments are processed securely by Shopify. For details, click on the link: https://www.shopify.com/legal/terms#5-payment-of-fees-and-taxes

Limitation and exclusion of liability

The Service Provider shall do everything that can be expected of it to ensure the security of operations (protection of software, data, hardware, and client devices), but errors or attacks (physical or software) that lead to the unavailability or damage of the Service cannot be ruled out.

By accepting this contract, the Merchant agrees that - the Merchant uses the service at its own risk.

The Service Provider shall only be liable for damages caused to the Merchant intentionally or otherwise attributable to it.

The Service Provider shall not be liable for any damages caused by malicious programs (viruses, etc.) and shall not be obliged to pay any compensation.

The Service Provider shall not be liable for any damages or compensation in the event that the service is unavailable due to an interruption in the Internet service.

The Service Provider's liability for damages does not extend to damages for which others are responsible and which are not directly causally related to the Service Provider's activities.

The Service Provider shall only be liable for damages that have actually occurred, and is therefore not liable for damages of a punitive nature, loss of profits, loss of benefits, claims by third parties, or consequences of data loss or data errors, even if the Service Provider has been informed of the possibility of such damages occurring.

The Service Provider is a program that provides integrations, which can only function if the Service Provider involved in the process is also available. If the service fails for this reason, the Service Provider excludes its liability for any damages resulting therefrom. The PeakShip convenience program facilitates delivery, but if it is unavailable, the online store can use other solutions to handle daily deliveries. The Merchant can generate labels on the courier service's website, so it cannot claim that the damage was caused by the Service Provider.

Examples of the Service Provider's inability to operate due to integration issues:

PeakShip works as an extension of the Shopify system, so if Shopify is unavailable, the PeakShip application will not work either.

The Service Provider is not responsible for errors resulting from courier service system updates or system downtime.

It is the Merchant's responsibility to check the accuracy of the information on the label and to notify the Service Provider immediately if any errors are found. If the Merchant fails to do so and the labels are delivered to the Courier Service with inaccurate information, the Service Provider shall not be held liable.

The Merchant is responsible for the accuracy of the data provided for invoices and labels, and the Service Provider shall not be liable for any damages caused by the provision of inaccurate data.

Information about PeakShip features and other developments

The Merchant acknowledges that this software is not designed exclusively for them, so it is possible that features may be added that they do not need, or that the Service Provider may remove features from the add-on if they are not widely used.

The Merchant acknowledges that feature developments may vary depending on the courier service.

Due to the nature of the software and add-ons provided by the Service Provider, it follows the updates of the Shopify platform software, so changes may occur for this reason as well.

Termination of Agreement

Either Party may terminate this Agreement in writing with 30 days' notice, without cause. Termination and termination of the agreement shall be governed by Shopify's general terms and conditions.

If Shopify suspends the Merchant's Shopify account due to a breach of any of the above-mentioned agreements, the provision of this service to the Merchant cannot be guaranteed, and the Service Provider shall not be liable for any damages resulting therefrom. In the event that Shopify restores the Merchant's account, we will provide the service to the Merchant for the paid period.

Warranty

In the event of faulty performance of the Service, the Merchant may enforce a warranty claim against the Company in accordance with the provisions of the Civil Code.

The Service Provider is a program that provides integrations, which can only function if the Service Provider participating in the process is also available. If the service fails for this reason, the Service Provider excludes its liability for the resulting error, as the error is due to reasons beyond its control.

In addition to the above, the Merchant may request repair or replacement, unless the fulfillment of the Merchant's chosen request is impossible or would entail disproportionate additional costs for the Service Provider compared to the fulfillment of other requests. If the repair or replacement has not been requested or could not be requested, the Merchant may request a proportionate reduction in the price, or the defect may be repaired by the Merchant at the expense of the business, or repaired by another party, or, as a last resort, the contract may be terminated.

In the case of a contract between a consumer and a business for the sale of goods classified as movable property, the provision of digital content or the provision of digital services, the Trader may not repair the defect itself or have it repaired by another party at the expense of the Service Provider in the exercise of its warranty rights. The Consumer may switch from one warranty right to another, but the cost of the switch shall be borne by the Merchant, unless it was justified or caused by the business.

The Merchant is obliged to report the defect immediately after its discovery, but no later than two months after the discovery of the defect. At the same time, I would like to draw your attention to the fact that you cannot enforce your warranty rights after the two-year limitation period from the date of performance of the contract.

The Merchant may enforce its warranty claim against the Service.

Within one year of performance, there are no other conditions for enforcing the warranty claim other than reporting the defect, provided that the Merchant proves that the product or service was provided by the Service Provider. However, after one year from the date of performance, the Merchant is obliged to prove that the defect recognized by the Merchant already existed at the time of performance.

Enforcement options

Place, time, and method of complaint handling.

The Merchant may submit complaints regarding the service or the Service Provider's activities using the contact details provided in point 1.

The Service Provider shall remedy verbal complaints immediately, if possible. If it is not possible to remedy a verbal complaint immediately due to its nature, or if the Merchant does not agree with the handling of the complaint, the Service Provider shall record the complaint and send a substantive response within 30 days.

The Service Provider shall respond to complaints received in writing within 30 days. For the purposes of this contract, a response shall mean a reply sent to the email address or by post.

If the complaint is rejected, the Service Provider shall inform the Merchant of the reasons for the rejection.

Other legal remedies

If any legal dispute between the Service Provider and the Merchant cannot be resolved through negotiations with the Service Provider, the Merchant shall be entitled to:

Pursuant to the authorization contained in Act CLV of 1997 on consumer protection (Hungarian law), the consumer protection authority shall act as the authority in respect of infringements of contracts for the provision of digital content and digital services within the European Union.

To file a complaint with the consumer protection authority:https://cdn.nkfh.gov.hu/static/uploads/kormanyhivatalok_elerhetosegei_c92289cb4d.pdf
To initiate proceedings before an arbitration body

The contact details of conciliation bodies can be found at: https://bekeltetes.hu/udvozlo, or for foreign users at https://www.magyarefk.hu/hu/ .

Initiating court proceedings. If direct negotiations are unsuccessful, the court with jurisdiction over the Service Provider's registered office shall proceed, depending on the value limit.

Unilateral amendment of the Supplementary Terms and Conditions

The Service Provider is entitled to unilaterally amend these General Terms and Conditions after giving prior notice to the user of the extension.

The Service Provider also reserves the right to make any changes or corrections to the extension at any time without prior notice.

Copyright

The Service Provider's extension solutions are protected by copyright. The copyrights are exercised exclusively by the Service Provider. Intellectual works are protected by the relevant parts of copyright law.

Data protection, protection of personal data

The Service Provider hereby states that the data processing agreement (Annex 2) forms an annex to these GTC.

The Service Provider declares that its data processing complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: "GDPR"), Act CXII of 2011 on the right to self-determination and freedom of information (Hungarian law), and other data and confidentiality protection rules, and has implemented appropriate technical and organizational measures to ensure the protection of the rights of data subjects in relation to the security of the data it processes.

The Merchant shall be entitled to issue any instructions relating to data processing, exclusively in writing, provided that if the Service Provider considers that any instruction issued by the Merchant violates the GDPR or the data protection provisions of a Member State or other EU provisions, it shall immediately notify the Merchant thereof in writing.

The Parties shall take appropriate measures to protect personal data provided by the other party, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage.

Under the Agreement, the Service Provider is considered a data processor, and therefore, pursuant to Article 28(3) of the GDPR, it is mandatory to conclude a data processing agreement specifying the subject matter, duration, nature and purpose of the data processing, the types of personal data, the categories of data subjects, and the obligations and rights of the data controller. The parties shall fulfill this obligation by means of the data processing agreement attached to these GTC, which the Merchant also acknowledges as binding upon accepting the provisions of these GTC.

The Service Provider undertakes to treat all information that comes to its knowledge during the processing of personal data on behalf of the Merchant as confidential, in accordance with the rules of business secrecy.

The Merchant is obliged to inform the Service Provider if a data subject wishes to exercise their rights under the GDPR. If, due to the Merchant's failure to do so, any information is not provided to the Service Provider or is provided late, the Merchant undertakes to compensate the Service Provider without delay.

If a data protection incident occurs at the Service Provider, the Merchant shall be notified immediately. The information necessary to report the data protection incident shall be provided to the Merchant without delay, within 24 hours of becoming aware of the incident. The Merchant is also obliged to notify Shopify of any data protection incident affecting Shopify's Merchant data ("Data Protection Incident") immediately, but no later than twenty-four (24) hours after becoming aware of such an event, by reporting the problem to Shopify Merchant Services by email at https://help.shopify.com/questions/partners

If the Agreement is terminated, the Service Provider shall permanently and irrevocably delete all personal data processed by it in connection with the Agreement from all its systems and records within 60 days, except for data that the Service Provider is required to retain by law.

Detailed information on the personal data processed by the Service Provider in connection with the service is contained in the Service Provider's data processing policy.

Force majeure

Force majeure shall mean any external event beyond the control of the Parties that cannot reasonably be prevented or avoided and that temporarily or permanently prevents either Party from performing the Agreement (e.g., earthquake, flood, war, natural disaster, problems arising from integration, see Exclusion and limitation of liability).

The Service Provider shall not be liable for any failure to perform if the failure is the result of force majeure. The Service Provider may only invoke force majeure if it has notified the User of the force majeure event, its causes and expected duration.

The deadlines specified in the Contract that are affected by the force majeure event shall be modified in accordance with the duration of the force majeure event, based on a separate agreement between the Parties.

Any Party invoking force majeure shall notify the other Party of the current force majeure event without delay or, if the force majeure event precludes notification, as soon as notification becomes possible. This written notification shall include the characteristics of the event and its impact on the performance of this contract, as well as the expected date of performance due to the delay.

Other provisions

The Service Provider shall not be liable for critical or other opinions written about the service, which in all cases reflect the views of visitors to the site. Nevertheless, the Service Provider shall be entitled to delete opinions and statements that violate public taste, the business interests of the Service Provider, or the law, at its own discretion.

However, the Service Provider is not subject to the provisions of Act XLVII of 2008 on the prohibition of unfair commercial practices against consumers in the course of its activities (Hungarian law).

Effective date of these General Terms and Conditions: November 8, 2025.

I have read and accept the Terms and Conditions

Appendix Withdrawal/Termination Notice

Addressee: Peak Tech Limited Liability Company (1196 Budapest, Hunyadi utca 140. Fsz. 2. ajtó; tax number: 32863576-2-43, (hereinafter: "Service Provider")

The undersigned declare that I/we exercise my/our right of withdrawal/termination with regard to the contract for the provision of the following service:

Date of conclusion of contract/date of receipt:

Name(s) of consumer(s):

Address(es) of consumer(s):

Signature(s) of consumer(s) (only in the case of a paper-based declaration):

Date

Signature:

GTC Appendix 2

DATA PROCESSING AGREEMENT

The Service Provider (hereinafter: Data Processor) and the Merchant (hereinafter: Data Controller) in view of the relationship established between them in connection with the Service, in accordance with Article 29 of the GDPR and in compliance with the obligation set out in Article 28(3) of the GDPR, agree as follows with regard to the data processing carried out by the Service Provider:

I. Subject matter of the contract

Based on the Supplementary Terms and Conditions, the parties have agreed that the Merchant shall process the data of its customers in connection with the services provided by the Service Provider, therefore the Merchant shall be considered the data controller (hereinafter: data controller) and the Service Provider shall be considered the data processor (hereinafter: data processor). The Data Processor guarantees that it will not process the personal data processed by it within the scope of the assignment for any other purpose and may only use the data generated in an anonymized manner.
The data processing operation includes the processing of data of natural persons who are in a legal relationship with the data controller.
The Parties declare that, for the purpose of performing the tasks specified in point 1, the data processed by the Data Processor belong to the following data types:
- Customer name, email address, contact, billing, and shipping information.
- Purchase and other transaction information from the Merchant's online store
- Updates on the status of transaction(s) with the Merchant or its online store
- Customer activity on the Merchant's online store, including products viewed and/or added to the shopping cart.
- Customer preference signals, including global privacy control ("GPC"), unsubscribe and opt-in signals.
- Customer device information about the device(s) used to visit the Merchant's online store, including IP address, browser, and network activity.
- Other information about Customers' interactions with the Online Stores.
- Any other personal data that the Merchant or its customers provide to Shopify and PeakShip.
The Parties declare that, in order to perform the operations specified in point 1, the data processed by the Data Processor relate to the following categories of data subjects: data of the online store owner, data of visitors, data of online store customers.

II. Rights and obligations of the Data Controller

When transferring personal data, the Data Controller shall apply appropriate technical and organizational measures to ensure that the confidentiality, integrity, and availability of personal data are not compromised. The Data Processor excludes its liability for the Data Controller hacking into the Merchant Account or gaining unauthorized access to it.
The Data Controller may monitor the Data Processor's performance of its contractual obligations.
The Data Controller may specify data processing operations for the Data Processor in order to ensure the proper performance of the tasks specified in the contract.
The Data Controller shall be solely responsible for the lawfulness of its instructions regarding data processing operations related to the tasks specified in the contract.
The Data Controller shall be obliged to adequately inform the data subjects regarding the personal data transferred to the Data Processor.
f the data subject submits a request to the data processor in order to exercise his or her rights in relation to the personal data concerned by the data processing operations covered by this contract, the data processor shall forward it to the data controller without delay, but no later than within 3 days, who shall assess the request.
If the data subject exercises his or her right to erasure, rectification, or restriction of processing, and the data concerned are held by the data processor, the data controller shall notify the data processor within 3 working days in order to carry out the operations. If the restriction needs to be lifted, and if the data needs to be deleted or corrected after the restriction is lifted, the data controller shall notify the data processor thereof without delay.
If the data subject wishes to exercise their right to data portability and the Data Processor has the technical background to perform the related data processing operations, the Data Controller shall notify the Data Processor immediately upon receipt of the request.
If the Data Controller specifies new contact details or modifies existing ones for the purpose of notification of data protection incidents, it shall immediately inform the Data Processor thereof.
If any third party submits a request to the Data Processor for access to personal data held by the Data Processor in connection with the data processing operations covered by this Agreement, the Data Controller shall in all cases be entitled and obliged to assess and respond to the request.

III. Rights and obligations of the Data Processor

The Data Processor shall perform the tasks specified in Section 1 in accordance with the instructions of the Data Controller and in the interests of the Data Controller. The Data Processor may deviate from the instructions of the Data Controller only in cases of urgent necessity, in the interests of the Data Controller and with immediate notification.
The data controller authorizes the data processor to use the transferred data in an anonymized form for development and business policy purposes.
The data processor may only engage another data processor to perform its data processing activities with the prior written authorization of the data controller.
All personal data and information that comes to the knowledge of the data processor in the course of performing the assignment may only be used by the data controller.
The data processor may not make any substantive decisions concerning data processing and may only process data carriers containing personal data in accordance with the instructions of the data controller.
The data processor shall only be entitled to perform the data processing operations that are the subject of the assignment.
Requests submitted for the exercise of the rights of data subjects, if received by the data processor, shall be forwarded by the data processor to the data controller by electronic means within 3 working days.
The data processor shall forward any request submitted to it by a third party concerning access to personal data in its possession that is affected by the data processing operations covered by this contract to the data controller within 3 working days by electronic means.
In order to ensure the data subject's right to information and access, the data processor shall provide the data controller with the information necessary for the provision of information on the data processing operations carried out in the course of the data processing activities.
If the data subject requests the rectification or erasure of their data or exercises their right to be forgotten, and the data subject is the data controller, or the data processor is able to take the necessary steps to exercise the right to be forgotten, the data processor shall perform the necessary operations in accordance with the instructions of the data controller and shall inform the data controller thereof.
The data processor shall ensure the right of restriction of processing for the data subject with regard to the data processed by it. If the restriction needs to be lifted, and if the data needs to be deleted or corrected after the restriction is lifted, the data processor shall lift the restriction and correct or delete the data in accordance with the instructions of the data controller.
If the data subject wishes to exercise their right to data portability and the data processor has the technical background to perform the related data processing operations, the data processor shall, upon request by the data controller, compile the data within the deadline and in the format specified by the data controller and send it to the data controller.
The data processor shall comply with the conditions set out by the data controller and the following data security requirements.
If, at any time during the performance of the contract, circumstances arise that prevent the data processor from performing the contract on time, the data processor shall immediately, but no later than within 3 working days, notify the data controller in writing of the delay, its expected duration, and its reasons.
If a data breach occurs at the data processor, the data controller shall be notified immediately. The information necessary for reporting the data breach shall be provided to the data controller without delay, within 24 hours of becoming aware of the breach, so that the data controller can also submit it to Shopify.
The information provided shall include a description of the nature of the incident (including, where possible, the categories and approximate number of data subjects concerned), the contact details of the point of contact where further information on the incident can be obtained the likely consequences of the incident and the measures taken or planned to address the incident, including any mitigation of adverse effects.
Where it is not possible to provide all such information at the same time, the initial notification shall contain the information available at that time, and further information shall be provided without undue delay as it becomes available.
The data processor shall also take reasonable steps to contain, investigate and mitigate the effects of the data breach. Notification of the incident to the data controller or response to it in accordance with this section shall not be construed as an admission by the data processor of fault or liability in relation to the data breach.
The data controller shall be responsible for notifying the data protection authority of the data breach, unless the data controller instructs the data processor to make the notification on its behalf.

IV. Data Security

The Parties agree that the data security requirements system means supporting the protection of personal data with technical and organizational measures, as well as physical and IT solutions.
The Data Processor shall apply the following safeguards:
A. Logical security measures
1. Access control: Shopify shall make its systems available only to authorized persons and only to the extent necessary to maintain and provide the Services. The Data Processor maintains access controls designed to manage authorization of access to its systems, including the use of firewalls and/or other technological and authentication controls.
2. Restricted Merchant Access: The Data Processor secures and restricts access to its systems in accordance with the principles of least privilege based on personnel job functions and (ii) requires two-factor authentication (2FA) for access to its systems.
3. Vulnerability Assessments: The Data Processor maintains a vulnerability assessment and penetration testing program that is responsible for investigating and following up on issues identified in relation to the Services, where necessary.
4. Extension Security: The data processor maintains an extension security program responsible for protecting the Services from extension security threats.
5. Change Management: The data processor maintains controls for logging, authorizing, testing, approving, and documenting changes to existing service resources and documents the details of the change in its change management or deployment tools. The data processor shall test changes in accordance with its change management standards before transitioning to production.
6. Availability: The data processor shall implement redundancy for the Services as necessary to minimize the impact of failure on the Services, designs the Services to anticipate and tolerate failures, and implements appropriate processes to remove personal data traffic from affected areas if necessary to recover from failures.
7. Business Continuity and Disaster Recovery: The Data Processor maintains a risk management program designed to support the continuity of critical business functions, including processes and procedures for identifying, responding to, and recovering from events that could prevent or significantly impair the Services provided by Shopify.
8. Incident management: The data controller has set out in its Additional Terms and Conditions and in this agreement how it should proceed in the event of a data protection incident.
B. Physical Security Measures: Where necessary to protect the Services, Shopify will (i) take reasonable measures to prevent unauthorized physical access, damage, or interference with the Services, (ii) use appropriate controls to limit physical access to the Services to authorized personnel who have a legitimate business need for such access, and (iii) conduct regular reviews to verify compliance with standards.

C. Administrative safeguards: Employees of the data processor who are authorized to access the data controller's personal data are bound by confidentiality obligations as part of their terms of employment. The data processor shall implement and maintain employee security training programs regarding the data processor's information security requirements. Security awareness training programs shall be reviewed and updated regularly.

V. Amendment and termination of the contract

Any amendment to this contract shall only be valid in writing.
The Parties agree that in the event of termination of the contractual relationship serving as the basis for the data processing contract, this contract shall also be terminated.
Following the termination of the contract, the data processor shall delete the personal data in its possession within 60 days of termination and shall continue to process certain data exclusively in an anonymous manner.

VI. Cooperation, communication

The Parties shall cooperate in order to fulfill this contract. Communication between the parties shall take place through the contact persons specified in the contract concluded between the parties.

VII. Confidentiality

With regard to the Data Controller and the Data Processor's obligations arising from the contract, the Data Processor shall take the technical and organizational measures and establish the procedural rules necessary to enforce the data protection and confidentiality rules.
The Parties shall treat all information, data, or facts that come to their knowledge during the conclusion and performance of the contract as confidential. An exception to this obligation shall be if the disclosure of the information is required by law, other legal regulations, a court order, or any other legal procedure for the Party concerned, as well as in the case of data transfer based on the provisions of the relevant legislation. Disclosure to an unauthorized third party shall also be considered disclosure. If the immediate and mandatory transfer of data specified in this section takes place, the data processor shall immediately notify the data controller.
Neither party shall be entitled to transfer or disclose confidential information arising in connection with this contract, except for the essential elements of the contract, i.e. the identity of the Parties, the subject matter of the contract and the amount of consideration, or any provisions whose disclosure is required by law in relation to the data controller or data processor.
Any information relating to this contract and its performance, or to either Party, in particular its operations and organization, as well as any facts, data, plans, documents, procedures, and other information whose disclosure would harm the business interests of the Parties, and for the confidentiality of which the entitled party has taken the necessary measures, shall be considered confidential information.
The data processor shall be bound by the confidentiality obligation without limitation in time, regardless of the performance or termination of the contract.
The disadvantages arising from a breach of the confidentiality obligation or the unauthorized disclosure of data, as well as the costs necessary to eliminate them, including compensation for both pecuniary and non-pecuniary damage, shall be borne by the party responsible for the unauthorized disclosure, in addition to any other liability.

VIII. Liability issues

The disadvantages arising from the unauthorized use, transfer, or disclosure of personal data, and the costs necessary to eliminate them, including both compensation for damages and payment of damages for pain and suffering, shall be borne by the party responsible for the above unauthorized activities, in addition to any other liability.
The Data Processor shall reimburse the Data Controller for any fines imposed on the Data Controller as a result of data protection incidents occurring within the Data Processor's sphere of interest, as well as in the event of an impact assessment and prior consultation deemed necessary by the Data Controller, due to a lack of cooperation.
If the Data Controller is obliged to pay a data protection fine due to a data protection incident occurring at the Data Processor, the Data Processor shall reimburse the Data Controller for this amount if it can be proven that the fine was imposed expressly and unequivocally because the Data Processor failed to comply with the data protection and data security measures specified by the Data Controller.

IX. Other provisions

This agreement forms an integral part of the GTC.