General Terms and Conditions (GTC)

General Terms and Conditions (GTC)

1. Scope

These General Terms and Conditions (GTC) apply to all offers, deliveries, and services of datahub gmbh ("Layer") and form an integral part of all contracts that Layer concludes with its customers. Any differing terms and conditions of the customer shall not apply unless Layer has expressly agreed to their validity in writing.


2. Subject matter of the contract

These terms and conditions govern the provision of recurring services and products by Layer, particularly in the area of ​​license costs for software products (e.g. Matomo+, Superset+), Guided Analytics and Data Support.

3. Payment terms

3.1. Advance payment

License fees and recurring services can be invoiced by Layer up to three months in advance, on a quarterly basis. The calculations are based on the scope of services specified in the offer.

3.2. Invoicing and Due Date

Invoices for recurring costs (Guided Analytics, Data Support) and license fees are issued quarterly in advance and are due 30 days after receipt, unless otherwise agreed. Payments must be made on time and without deductions.

3.3. Additional Costs

Costs for external services, such as hosting fees or additional license fees incurred due to above-average service usage, will be itemized separately and invoiced subsequently. Layer will inform customers of such additional costs in a timely manner.


4. Scope of services and additional hours

4.1. Scope of Services

The scope of services to be provided is defined in the respective offer. Any changes or additions require the written consent of both parties.


4.2. Additional hours

Should it become apparent during the execution of the contract that the agreed number of hours will be exceeded, Layer will inform the client immediately. Additional hours will be invoiced at the hourly rate specified in the offer during the next billing period.


4.3. External hosting fees (Google Cloud)

When using Google Cloud for services, customers will be charged additional fees if they exceed the free storage quota provided by Google. These fees will be carried over to the next billing period. Layer will inform the customer as soon as it becomes apparent that the limit will be exceeded, but assumes no liability for the amount of the resulting Google fees.


5. Contract duration and termination

5.1. Contract duration

The contract begins upon acceptance of the offer and runs indefinitely unless an end date has been agreed upon.

5.2. Termination

The contract can be terminated by either party in writing with 30 days' notice to the end of the quarter.

5.3. Changes to services and prices

Layer reserves the right to adjust services and prices. Customers will be notified of any changes at least 60 days in advance. In the event of price adjustments, customers have the right to terminate their contract with immediate effect.


6. Warranty and Liability

Layer provides the contractually agreed services to the best of its knowledge and belief. Layer is not liable for disruptions or outages that are outside its control, in particular for outages of third-party infrastructure such as Google Cloud.


7. Confidentiality

Both parties undertake to treat all confidential information obtained within the scope of the contractual relationship as strictly confidential and to use it exclusively within the scope of the agreed services.


8. Confidentiality

Layer and the customer agree to treat all trade and business secrets of the other party as strictly confidential, unless such information is already publicly known or is lawfully obtained from third parties without any obligation of confidentiality. This obligation shall continue even after termination of the contract.


9. Limitation of Liability

Layer is liable for direct damages only in cases of intent or gross negligence. Liability for indirect damages, consequential damages, or lost profits is excluded. Should statutory liability not be completely excluded, it is limited to the value of the order. This limitation also applies to Layer's employees.


10. Data protection

Layer processes customer data in accordance with applicable data protection regulations. Further information can be found in the privacy policy on Layer's website.

11. Data Processing on Behalf of the Controller (DPC)

11.1. Scope

This section governs the processing of commissioned data in accordance with the provisions of the applicable data protection law, in particular the GDPR, when Layer processes personal data on behalf of the client as a contractor.


11.2. Subject matter of the contract

Data processing on behalf of a controller encompasses all activities in which employees or third parties commissioned by Layer come into contact with the client's personal data. This applies in particular to data processed to fulfill the contractually agreed services. The precise details of the processing purpose, as well as the categories of data and individuals concerned, are set out in the attached Annex 1 .


11.3. Obligations of the Contractors

Layer is committed to implementing appropriate technical and organizational measures to ensure the protection of the personal data processed. This includes, in particular, measures for access control, authorization control, and ensuring data integrity. A complete overview of these measures can be found in Appendix 2.


11.4. Obligations of the Client

The clients remain responsible under data protection law for assessing the lawfulness of the processing. They are obligated to ensure that the processing of the data is based on a legal foundation and that the rights of the data subjects are protected.


11.5. Contract duration and termination

This section applies for the entire duration of the contractual cooperation and ends with the termination of the main contract. After termination of the contract, Layer will delete or return all personal data in accordance with the client's instructions, unless there are statutory retention obligations.


11.6. Use of subcontractors

Layer may engage subcontractors if they are also subject to data protection obligations. A list of approved subcontractors and their areas of responsibility can be found in Appendix 3.


11.7. Final Provisions

Any changes to this agreement must be in writing. Otherwise, the general provisions of these Terms and Conditions apply.


Attachment :

- Annex 1: Purpose and nature of processing, categories of personal data and data subjects

- Annex 2: Technical and organizational measures (TOM)

- Annex 3: Approved Subcontractors


12. Assignment and Set-off

The assignment of the customer's rights and obligations under this contract requires Layer's written consent. The customer may only offset undisputed or legally established claims.


13. Communication

Layer typically communicates with customers via email. The customer is responsible for ensuring that the provided email address is accessible and that messages are read. Layer reserves the right to choose other suitable communication methods if necessary.


14. Changes to the Terms and Conditions

Layer reserves the right to amend these Terms and Conditions with future effect. Customers will be notified of any changes at least 60 days in advance. If the customer does not object within two weeks of notification, the changes will be deemed accepted.


15. Jurisdiction and applicable law

Swiss law applies exclusively, excluding international agreements. The place of jurisdiction is Lucerne.


As of: October 10, 2024, datahub gmbh, data@layer.swiss

1. Scope

These General Terms and Conditions (GTC) apply to all offers, deliveries, and services of datahub gmbh ("Layer") and form an integral part of all contracts that Layer concludes with its customers. Any differing terms and conditions of the customer shall not apply unless Layer has expressly agreed to their validity in writing.


2. Subject matter of the contract

These terms and conditions govern the provision of recurring services and products by Layer, particularly in the area of ​​license costs for software products (e.g. Matomo+, Superset+), Guided Analytics and Data Support.

3. Payment terms

3.1. Advance payment

License fees and recurring services can be invoiced by Layer up to three months in advance, on a quarterly basis. The calculations are based on the scope of services specified in the offer.

3.2. Invoicing and Due Date

Invoices for recurring costs (Guided Analytics, Data Support) and license fees are issued quarterly in advance and are due 30 days after receipt, unless otherwise agreed. Payments must be made on time and without deductions.

3.3. Additional Costs

Costs for external services, such as hosting fees or additional license fees incurred due to above-average service usage, will be itemized separately and invoiced subsequently. Layer will inform customers of such additional costs in a timely manner.


4. Scope of services and additional hours

4.1. Scope of Services

The scope of services to be provided is defined in the respective offer. Any changes or additions require the written consent of both parties.


4.2. Additional hours

Should it become apparent during the execution of the contract that the agreed number of hours will be exceeded, Layer will inform the client immediately. Additional hours will be invoiced at the hourly rate specified in the offer during the next billing period.


4.3. External hosting fees (Google Cloud)

When using Google Cloud for services, customers will be charged additional fees if they exceed the free storage quota provided by Google. These fees will be carried over to the next billing period. Layer will inform the customer as soon as it becomes apparent that the limit will be exceeded, but assumes no liability for the amount of the resulting Google fees.


5. Contract duration and termination

5.1. Contract duration

The contract begins upon acceptance of the offer and runs indefinitely unless an end date has been agreed upon.

5.2. Termination

The contract can be terminated by either party in writing with 30 days' notice to the end of the quarter.

5.3. Changes to services and prices

Layer reserves the right to adjust services and prices. Customers will be notified of any changes at least 60 days in advance. In the event of price adjustments, customers have the right to terminate their contract with immediate effect.


6. Warranty and Liability

Layer provides the contractually agreed services to the best of its knowledge and belief. Layer is not liable for disruptions or outages that are outside its control, in particular for outages of third-party infrastructure such as Google Cloud.


7. Confidentiality

Both parties undertake to treat all confidential information obtained within the scope of the contractual relationship as strictly confidential and to use it exclusively within the scope of the agreed services.


8. Confidentiality

Layer and the customer agree to treat all trade and business secrets of the other party as strictly confidential, unless such information is already publicly known or is lawfully obtained from third parties without any obligation of confidentiality. This obligation shall continue even after termination of the contract.


9. Limitation of Liability

Layer is liable for direct damages only in cases of intent or gross negligence. Liability for indirect damages, consequential damages, or lost profits is excluded. Should statutory liability not be completely excluded, it is limited to the value of the order. This limitation also applies to Layer's employees.


10. Data protection

Layer processes customer data in accordance with applicable data protection regulations. Further information can be found in the privacy policy on Layer's website.

11. Data Processing on Behalf of the Controller (DPC)

11.1. Scope

This section governs the processing of commissioned data in accordance with the provisions of the applicable data protection law, in particular the GDPR, when Layer processes personal data on behalf of the client as a contractor.


11.2. Subject matter of the contract

Data processing on behalf of a controller encompasses all activities in which employees or third parties commissioned by Layer come into contact with the client's personal data. This applies in particular to data processed to fulfill the contractually agreed services. The precise details of the processing purpose, as well as the categories of data and individuals concerned, are set out in the attached Annex 1 .


11.3. Obligations of the Contractors

Layer is committed to implementing appropriate technical and organizational measures to ensure the protection of the personal data processed. This includes, in particular, measures for access control, authorization control, and ensuring data integrity. A complete overview of these measures can be found in Appendix 2.


11.4. Obligations of the Client

The clients remain responsible under data protection law for assessing the lawfulness of the processing. They are obligated to ensure that the processing of the data is based on a legal foundation and that the rights of the data subjects are protected.


11.5. Contract duration and termination

This section applies for the entire duration of the contractual cooperation and ends with the termination of the main contract. After termination of the contract, Layer will delete or return all personal data in accordance with the client's instructions, unless there are statutory retention obligations.


11.6. Use of subcontractors

Layer may engage subcontractors if they are also subject to data protection obligations. A list of approved subcontractors and their areas of responsibility can be found in Appendix 3.


11.7. Final Provisions

Any changes to this agreement must be in writing. Otherwise, the general provisions of these Terms and Conditions apply.


Attachment :

- Annex 1: Purpose and nature of processing, categories of personal data and data subjects

- Annex 2: Technical and organizational measures (TOM)

- Annex 3: Approved Subcontractors


12. Assignment and Set-off

The assignment of the customer's rights and obligations under this contract requires Layer's written consent. The customer may only offset undisputed or legally established claims.


13. Communication

Layer typically communicates with customers via email. The customer is responsible for ensuring that the provided email address is accessible and that messages are read. Layer reserves the right to choose other suitable communication methods if necessary.


14. Changes to the Terms and Conditions

Layer reserves the right to amend these Terms and Conditions with future effect. Customers will be notified of any changes at least 60 days in advance. If the customer does not object within two weeks of notification, the changes will be deemed accepted.


15. Jurisdiction and applicable law

Swiss law applies exclusively, excluding international agreements. The place of jurisdiction is Lucerne.


As of: October 10, 2024, datahub gmbh, data@layer.swiss

Attachment

Annex 1:

Purpose and nature of the processing operation, categories of personal data and data subjects.


1. Purpose of the processing operation 

Intended purpose:

-> Collection of contact and customer data

-> Storage of contact and customer data

-> Segmentation of contact and customer data

-> Correction and formatting of contact data

-> Use and processing of contact data 


2. Type of processing operation

Subject of the order or order processing: 

-> Analysis 

-> Recording

Pattern recognition

-> Segmentation 

-> Evaluation  


3. Categories of personal data

-> Address data

-> Inventory data

-> Order data 

-> Purchase data

-> Personal details 

-> Invoice data

-> Contract details

-> Customer history


4. Categories of affected persons

-> Subscribers

-> Suppliers

-> Customers

-> Employees

-> Interested parties

-> Subcontractors 


5. Contact details of the contractor's data protection officer:
Data Protection Officer of the contractor:
Tina H., tina@layer.swiss 


6. Approved Subcontractors 

The client agrees to the engagement of the following subcontractors, subject to the contractually necessary agreement in accordance with the GDPR:

Ops One AG


The contractor warrants that a valid confidentiality and data protection agreement has been signed for all these partners, ensuring that instructions are in place. The subcontractors and their services are listed in Appendix 3. 


Annex 2:
Overview of ensuring the protection objectives through technical and organizational measures

The contractor guarantees the legally required security measures under Article 28 GDPR for the processing of personal data in accordance with the contract and will provide proof of these measures upon request of the client. The contractor warrants that it will take all measures required under Article 32(1)(b) GDPR to adequately achieve the defined security objectives. 


Data Protection Officer of the Contractor:
Tina H., tina@layer.swiss


1. Confidentiality

1.1 Access control: Prevention of unauthorized physical access to data processing facilities.

Implementation at the contractor's site: 

-> Key

-> Electronic door lock 


1.2 Access control (system): Preventing unauthorized system access to data processing systems. 

Implementation at the contractor's site: 

-> Secure authentication

-> Password rules 

-> User IDs 

1.3 Access control (data): Preventing unauthorized access to data so that unauthorized reading, copying, modification or removal of information within a data processing system is not possible. 

Implementation at the contractor's site: 

-> Differentiated authorization concept 

-> Transparent rights allocation through authorization groups

-> Secure network connections with https or SSL


1.4 Separation control: Ensuring that personal data collected for different purposes can be processed separately. 

Implementation at the contractor's site: 

-> Data minimization / Deleting unnecessary data 

-> Customer-segregated systems (multi-tenancy) 

-> No tests with original data 


1.5 Pseudonymization: Processed personal data can no longer be attributed to a specific data subject without the use of additional information. The additional information required for this purpose is stored separately and securely. 

Implementation at the contractor's site: 

-> Access only for authorized persons

2. Integrity 

2.1 Access control: Preventing unauthorized reading, copying, modification or removal of information during electronic transmission or manual transport. 

Implementation at the contractor's site: 

-> Securing the transmission through encryption methods (VPN, SSL) 

-> Logging of the transfer (server log files)


2.2 Input control: It can be determined at any time whether and by whom personal data has been entered, changed or removed from data processing systems. 

Implementation at the contractor's site: 

-> «Last modified» date 

-> Individual access to tools with data

3. Availability and resilience


3.1 Availability control: Securing personal data against accidental destruction or loss.

Implementation at the contractor's site: 

-> Backup procedure / data backup (Google Workspace/ Google Cloud)

-> Redundant systems (Google Workspace/Google Cloud) 


3.2 Resilience (systems and services): The resilience of personal data is ensured under high system load in the event of errors or malfunctions, insofar as the data remains available. 

Implementation at the contractor's site: 

-> Scalable Google Workspace/Google Cloud infrastructure 

4. Procedures for regular review, assessment and evaluation 


4.1 Data Protection Management: The obligation to provide evidence of compliance with data protection processes must be demonstrated in a suitable form and at all times through established IT security procedures for the implementation quality of data processing. 


4.2 Data protection-friendly default settings: It must be ensured that personal data is not made accessible to third parties without the intervention of the data subject through default settings. 

Implementation at the contractor's site: 

-> Clear contract design 

-> Data processing in accordance with instructions 


Annex 3: Agreement with subcontractor (Ops One AG)


Ops One AG manages our hosting services (Matomo+). Our solution is hosted in Switzerland by Ops One. We have signed a comprehensive data processing agreement with Ops One to regulate this process. An overview of the infrastructure is attached.

Attachment

Annex 1:

Purpose and nature of the processing operation, categories of personal data and data subjects.


1. Purpose of the processing operation 

Intended purpose:

-> Collection of contact and customer data

-> Storage of contact and customer data

-> Segmentation of contact and customer data

-> Correction and formatting of contact data

-> Use and processing of contact data 


2. Type of processing operation

Subject of the order or order processing: 

-> Analysis 

-> Recording

Pattern recognition

-> Segmentation 

-> Evaluation  


3. Categories of personal data

-> Address data

-> Inventory data

-> Order data 

-> Purchase data

-> Personal details 

-> Invoice data

-> Contract details

-> Customer history


4. Categories of affected persons

-> Subscribers

-> Suppliers

-> Customers

-> Employees

-> Interested parties

-> Subcontractors 


5. Contact details of the contractor's data protection officer:
Data Protection Officer of the contractor:
Tina H., tina@layer.swiss 


6. Approved Subcontractors 

The client agrees to the engagement of the following subcontractors, subject to the contractually necessary agreement in accordance with the GDPR:

Ops One AG


The contractor warrants that a valid confidentiality and data protection agreement has been signed for all these partners, ensuring that instructions are in place. The subcontractors and their services are listed in Appendix 3. 


Annex 2:
Overview of ensuring the protection objectives through technical and organizational measures

The contractor guarantees the legally required security measures under Article 28 GDPR for the processing of personal data in accordance with the contract and will provide proof of these measures upon request of the client. The contractor warrants that it will take all measures required under Article 32(1)(b) GDPR to adequately achieve the defined security objectives. 


Data Protection Officer of the Contractor:
Tina H., tina@layer.swiss


1. Confidentiality

1.1 Access control: Prevention of unauthorized physical access to data processing facilities.

Implementation at the contractor's site: 

-> Key

-> Electronic door lock 


1.2 Access control (system): Preventing unauthorized system access to data processing systems. 

Implementation at the contractor's site: 

-> Secure authentication

-> Password rules 

-> User IDs 

1.3 Access control (data): Preventing unauthorized access to data so that unauthorized reading, copying, modification or removal of information within a data processing system is not possible. 

Implementation at the contractor's site: 

-> Differentiated authorization concept 

-> Transparent rights allocation through authorization groups

-> Secure network connections with https or SSL


1.4 Separation control: Ensuring that personal data collected for different purposes can be processed separately. 

Implementation at the contractor's site: 

-> Data minimization / Deleting unnecessary data 

-> Customer-segregated systems (multi-tenancy) 

-> No tests with original data 


1.5 Pseudonymization: Processed personal data can no longer be attributed to a specific data subject without the use of additional information. The additional information required for this purpose is stored separately and securely. 

Implementation at the contractor's site: 

-> Access only for authorized persons

2. Integrity 

2.1 Access control: Preventing unauthorized reading, copying, modification or removal of information during electronic transmission or manual transport. 

Implementation at the contractor's site: 

-> Securing the transmission through encryption methods (VPN, SSL) 

-> Logging of the transfer (server log files)


2.2 Input control: It can be determined at any time whether and by whom personal data has been entered, changed or removed from data processing systems. 

Implementation at the contractor's site: 

-> «Last modified» date 

-> Individual access to tools with data

3. Availability and resilience


3.1 Availability control: Securing personal data against accidental destruction or loss.

Implementation at the contractor's site: 

-> Backup procedure / data backup (Google Workspace/ Google Cloud)

-> Redundant systems (Google Workspace/Google Cloud) 


3.2 Resilience (systems and services): The resilience of personal data is ensured under high system load in the event of errors or malfunctions, insofar as the data remains available. 

Implementation at the contractor's site: 

-> Scalable Google Workspace/Google Cloud infrastructure 

4. Procedures for regular review, assessment and evaluation 


4.1 Data Protection Management: The obligation to provide evidence of compliance with data protection processes must be demonstrated in a suitable form and at all times through established IT security procedures for the implementation quality of data processing. 


4.2 Data protection-friendly default settings: It must be ensured that personal data is not made accessible to third parties without the intervention of the data subject through default settings. 

Implementation at the contractor's site: 

-> Clear contract design 

-> Data processing in accordance with instructions 


Annex 3: Agreement with subcontractor (Ops One AG)


Ops One AG manages our hosting services (Matomo+). Our solution is hosted in Switzerland by Ops One. We have signed a comprehensive data processing agreement with Ops One to regulate this process. An overview of the infrastructure is attached.

1) Data Processing on the Backup Infrastructure: Data is transferred to the backup infrastructure via direct peering between the various data centers. Both the transport and storage of backups are encrypted at all times. Therefore, no actual data processing takes place on the backup infrastructure. 

Layer guides you purposefully through the complexity of your user and customer data to enable a data-driven way of working and strategy.

datahub gmbh
Sentimattstrasse 6
6003 Luzern

+41 78 715 42 08

contact@layer.swiss

Services

Digital Analytics

Matomo

About us

Legal

Data protection

Terms and conditions

Imprint

©2026 datahub gmbh. All rights reserved.

To German version

Layer guides you purposefully through the complexity of your user and customer data to enable a data-driven way of working and strategy.

datahub gmbh
Sentimattstrasse 6
6003 Luzern

+41 78 715 42 08

contact@layer.swiss

Services

Digital Analytics

About us

Matomo

Legal

Data protection

Terms and conditions

Imprint

©2026 datahub gmbh. All rights reserved.

To German version

Layer guides you purposefully through the complexity of your user and customer data to enable a data-driven way of working and strategy.

datahub gmbh
Sentimattstrasse 6
6003 Luzern

+41 78 715 42 08

contact@layer.swiss

Services

Digital Analytics

Matomo

About us

Legal

Data protection

Terms and conditions

Imprint

©2026 datahub gmbh. All rights reserved.

To German version