Terms & Conditions (AGB)

1. Scope and Eligibility

These terms apply exclusively to business customers (entrepreneurs as per § 14 BGB). By providing a Company Name during registration, the customer explicitly confirms they are acting in a commercial or self-employed capacity. We do not provide services to consumers.

2. Data Access and Switching (EU Data Act 2026)

In accordance with the EU Data Act, customers may initiate a switch to another provider or on-premises infrastructure with a maximum notice period of 30 days. Iten Media will provide reasonable assistance and export data in a structured, machine-readable format (JSON/CSV).

3. DPP Compliance (ESPR)

PassportLab provides the technical infrastructure for Digital Product Passports. The customer is the sole 'Data Holder' and responsible for the accuracy and legal compliance of the product data according to the Ecodesign for Sustainable Products Regulation (ESPR).

4. Payment and Invoicing

Payments are processed via Stripe. In accordance with § 19 UStG (Small Business Regulation), no VAT is charged or displayed. Starting in 2026, invoices will be provided in a machine-readable format (ZUGFeRD/XRechnung) upon request to comply with German e-invoicing mandates.

5. Data Retention

DPP data will remain hosted for at least 10 years after the product is placed on the market, as required by EU law, provided the customer maintains an active archival subscription.

6. Acceptable Use

The customer may use PassportLab solely for lawful business purposes in connection with EU product compliance. The following are prohibited: (a) uploading false, fraudulent, or misleading product data; (b) using the platform to process personal data of consumers without a valid legal basis; (c) attempting to circumvent quota limits, access controls, or rate limits; (d) reverse-engineering, reselling, or sublicensing the platform without written consent; (e) any use that violates applicable law, including export control regulations. Iten Media reserves the right to suspend access immediately upon a material breach of this clause without prejudice to any other remedy.

7. Limitation of Liability

To the maximum extent permitted by applicable law, Iten Media's total aggregate liability to the customer for any claims arising out of or relating to these terms or the service — whether in contract, tort (including negligence), or otherwise — shall not exceed the total fees paid by the customer in the twelve (12) months immediately preceding the event giving rise to the claim. Iten Media shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, loss of data, or loss of business opportunity, even if advised of the possibility of such damages. Nothing in these terms limits liability for death or personal injury caused by negligence, fraud, or any other liability that cannot be excluded under applicable law.

8. Force Majeure

Neither party shall be liable for any failure or delay in performance of its obligations under these terms to the extent such failure or delay is caused by circumstances beyond its reasonable control, including but not limited to: acts of God, natural disasters, war, terrorism, civil unrest, pandemic, government action, internet or infrastructure outages, or failure of third-party service providers (including cloud infrastructure or DNS providers). The affected party shall notify the other party promptly and use reasonable efforts to resume performance as soon as practicable.

9. Governing Law and Jurisdiction

These terms and any dispute or claim arising out of or in connection with them shall be governed by and construed in accordance with the laws of the Federal Republic of Germany, excluding its conflict of law provisions. The UN Convention on Contracts for the International Sale of Goods (CISG) shall not apply. The exclusive place of jurisdiction for all disputes arising from or in connection with these terms shall be Köln, Germany, provided the customer is a registered merchant (Kaufmann) or a legal entity under public law.

10. Data Processing Agreement

Where PassportLab processes personal data on behalf of the customer as a data processor within the meaning of Art. 4(8) GDPR, the parties agree to the Data Processing Agreement (DPA) available at passportlab.io/dpa, which is incorporated into these terms by reference. By accepting these terms, the customer also accepts the DPA. In the event of any conflict between these terms and the DPA with respect to data processing, the DPA shall prevail.