Priovox

Terms and Conditions - Priovox

Last updated: May 7, 2026

Note on language: This English version is a translation provided for informational purposes only. The legally binding version of these Terms and Conditions is the German version available at priovox.com/de/legal/agb. In case of discrepancies between the two versions, the German version prevails.

Terms and Conditions for the use of the Priovox service. These Terms apply exclusively to entrepreneurs (§ 14 of the German Civil Code, BGB), legal persons under public law and special funds under public law.

Provider

Haus B GmbH
operating under the brand Priovox
Mainzer Straße 98
66121 Saarbrücken
Germany

Commercial register: Saarbrücken Local Court (Amtsgericht), HRB 19335
VAT ID: DE277687676
Managing Director: Allegra Beck
Email: [email protected]

— hereinafter „Priovox" —

§ 1 Scope, Contracting Parties

(1) These Terms and Conditions („Terms") apply to all contracts between Priovox and its customers regarding the provision of the AI-based telephone assistance service as Software-as-a-Service (hereinafter „Service" or „Priovox Service").

(2) Customers within the meaning of these Terms are exclusively entrepreneurs within the meaning of § 14 BGB, legal persons under public law and special funds under public law. Contracts with consumers (§ 13 BGB) are not concluded on the basis of these Terms.

(3) Deviating, conflicting or supplementary general terms and conditions of the Customer shall not become part of the contract — even if Priovox is aware of them — unless their applicability is expressly agreed in text form. This also applies to general scope clauses in the Customer's orders, order confirmations or other declarations.

(4) In case of contradictions between individual contractual elements, the following order of precedence applies:

  1. the individual offer or order confirmation by Priovox,
  2. the price and service overview displayed on priovox.com/preise at the time of contract conclusion,
  3. these Terms, including the integrated Data Processing Addendum (§ 27) and the technical and organisational measures (§ 28).

More specific provisions take priority (§ 305b BGB remains unaffected).

§ 2 Conclusion of Contract

(1) The presentation of the Service on the website or in offers does not constitute a binding offer. By placing an order via the website (in particular through the booking flow integrated into the Stripe checkout) or through a signed order confirmation, the Customer makes a binding contractual offer. The Customer is bound to this offer for two weeks.

(2) The contract is concluded upon acceptance by Priovox, declared either by an order confirmation in text form or by activation of the Service.

(3) The contract language is German. An English version of these Terms is provided for informational purposes only; in case of conflict, the German version prevails.

(4) The obligations under § 312i para. 1 sentence 1 nos. 1 to 3 and sentence 2 BGB are mutually waived pursuant to § 312i para. 2 BGB.

(5) Priovox stores the contract text and makes it available to the Customer upon request.

§ 3 Scope of Services

(1) During the term of the contract, Priovox provides the Customer with the Priovox Service as a web-based SaaS application as well as the telephony connection required to receive calls. Depending on the booked tariff, the Service includes in particular:

  • provision of an AI-based telephone assistant for handling incoming calls;
  • configuration of a system prompt and a knowledge base tailored to the Customer's business;
  • recording, transcription and summarisation of calls;
  • handover of call data to connected third-party systems (in particular calendar, email, CRM);
  • a web portal for configuration, monitoring and analytics;
  • where applicable, the provision of a phone number assigned by Priovox (see § 11).

(2) The specific scope of features and any usage limits result from the service and price overview of the chosen tariff displayed on priovox.com/preise at the time of contract conclusion.

(3) One-off configuration, migration, training or consulting services are not included in the SaaS tariff and are agreed and remunerated separately.

(4) Priovox is entitled to develop the Service technically, to replace individual functions, language models, voices or third-party components, to add new functions, or to discontinue individual functions with reasonable advance notice (typically 30 days), provided that the essential contractual core remains intact. In case of a substantial reduction of the scope of services, the Customer has a right of extraordinary termination effective on the date the reduction takes effect.

§ 4 Availability (SLA)

(1) Priovox provides the Service with an availability of 98.0 % on annual average. Availability means the Service's ability to receive incoming calls and to process them in a quality corresponding to the booked tariff.

(2) Priovox is entitled to perform maintenance, update, security and optimisation work daily between 00:00 and 06:00 (Europe/Berlin time zone) without prior notice („regular maintenance window"). Service interruptions during the regular maintenance window — regardless of their duration — are not included in the availability calculation.

(3) Outside the regular maintenance window, Priovox will give at least 48 hours' email notice of planned maintenance work that may cause significant disruption. Such announced maintenance work also does not count as an outage, provided it does not exceed 4 hours per calendar month in total.

(4) The following are also excluded from the availability calculation:

  • outages due to force majeure within the meaning of § 23;
  • outages of third-party providers whose services are used by Priovox (in particular telephony carriers, calendar interfaces, AI model providers, cloud hosters);
  • disruptions originating in the Customer's sphere (internet connection, configuration of call forwarding, end devices, third-party integrations, faulty configuration of the knowledge base);
  • beta features within the meaning of § 15;
  • suspensions due to breach of contract by the Customer.

(5) In case of a non-trivial shortfall of the annual availability, the Customer may request a credit on the monthly base fee. The credit amounts to 10 % of the base fee owed for the affected billing month per full percentage point of SLA shortfall, capped at 50 % of the monthly base fee. The claim must be asserted within 30 days after the end of the relevant calendar year.

(6) Further claims, in particular reduction of fees pursuant to § 536 BGB, are settled by the credit under paragraph 5, unless Priovox has caused the defect intentionally or by gross negligence. § 22 (Liability) remains unaffected.

§ 5 Support

(1) Priovox provides technical support by email at [email protected].

(2) Support business hours: Monday to Friday, 10:00 to 17:00 (Europe/Berlin time zone), excluding statutory holidays at the seat of Priovox.

(3) Priovox endeavours to respond promptly. Within business hours, the following response times apply depending on the reported severity:

  • Category 1 (Service not usable): response within 4 hours;
  • Category 2 (significant functional impairment): response within 1 working day;
  • Category 3 (other queries, questions, minor defects): response within 5 working days.

No resolution time is guaranteed.

(4) Onboarding, training, migration, individual configuration and consulting are not included in support and are remunerated separately.

§ 6 Customer Cooperation Obligations

(1) The Customer provides Priovox with the information required to deliver the Service completely and truthfully, in particular details on opening hours, prices, services, employee routing, answers to frequent inquiries and other business matters that the AI telephone assistant is to communicate to callers. The Customer is solely responsible for the accuracy of content introduced into the system.

(2) The Customer ensures functional call forwarding to the phone number provided by Priovox and adequate internet and end-device equipment to use the web portal.

(3) The Customer makes its own backups of data exported from the Service.

(4) The Customer reports recognisable defects of the Service without delay after discovery in text form.

(5) For outbound activation and other security- or legally-sensitive functions, the Customer cooperates in identification and approval processes (KYC).

(6) The Customer operates the Service exclusively within the framework of applicable law and ensures lawful use vis-à-vis its callers, employees and other affected persons.

§ 7 Rights of Use

(1) Priovox grants the Customer for the term of the contract a simple, non-exclusive, non-transferable and non-sublicensable right to use the Priovox Service within the agreed tariff scope for its own business purposes.

(2) Reproduction, modification, decompilation or reverse engineering of the underlying software is prohibited outside the mandatory statutory permissions (in particular § 69e of the German Copyright Act, UrhG).

(3) Transfer or provision of the Service to third parties, in particular by way of reselling, white-labelling or shared use by persons not belonging to the Customer's organisation, requires Priovox's prior written consent.

(4) Priovox is entitled to mention the Customer's name and logo as a reference on the Priovox website and in other marketing materials. The Customer may revoke this use at any time by declaration in text form.

§ 8 Intellectual Property, Customer Data, Training Licence

(1) All rights to the Priovox software, system prompts, models, voices, voice profiles, methods, algorithms developed by Priovox and the entire service infrastructure remain with Priovox or the respective licensors. No transfer of ownership or protective rights takes place.

(2) Content introduced by the Customer into the Service (in particular knowledge base entries, system prompt adjustments, media files, contact data) remains owned by or subject to the protective rights of the Customer. The Customer grants Priovox a simple, worldwide, royalty-free right to use such content insofar as required for the provision and operation of the Service.

(3) Training Licence for Anonymised Data. The Customer grants Priovox an irrevocable, worldwide, royalty-free, non-exclusive right to use any call data — including audio recordings, transcripts, voice samples, metadata and telemetry — generated in connection with the Service in anonymised or aggregated form for the following purposes:

  • training, fine-tuning and evaluation of own or commissioned AI models;
  • quality assurance, error analysis and Service improvement;
  • development of new functions, products and services;
  • statistical and scientific analyses.

(4) Anonymisation within the meaning of this paragraph means processing of the data in such a way that identification of individual natural persons is not possible or only possible with disproportionate effort (Art. 4 no. 1 GDPR in conjunction with Recital 26 GDPR). Aggregation includes the formation of statistical figures from which individual calls cannot be reconstructed.

(5) Use of non-anonymised personal data for training or improvement purposes beyond the data processing defined in the DPA (§ 27) does not occur. Non-anonymised call content is not transferred to third parties for model training purposes.

(6) Suggestions, improvement proposals and defect reports submitted by the Customer to Priovox („Feedback") may be used by Priovox without restriction for further development of the Service, without giving rise to any compensation or participation claims by the Customer.

§ 9 Prohibited and Restricted Use

(1) The Service may not be used for the following purposes:

  • purposes that violate laws, regulatory requirements or rights of third parties;
  • practices prohibited by Art. 5 of Regulation (EU) 2024/1689 („AI Act"), in particular subliminal manipulation, exploitation of vulnerable groups, social scoring, predictive policing against natural persons, untargeted scraping of facial images, biometric categorisation of sensitive characteristics;
  • imitation or impersonation of real persons without their consent;
  • creation or distribution of deepfake content (Art. 50 para. 4 AI Act) without appropriate labelling;
  • distribution of illegal or criminal content, including malware;
  • emergency call substitution or other safety or emergency communication; the Service is not an emergency service within the meaning of § 67 of the German Telecommunications Act (TKG);
  • load tests, penetration tests or automated bulk calls without express written authorisation by Priovox;
  • harassment, threats, debt collection pressure or premium-rate services without applicable regulatory permissions.

(2) Telephone marketing (outbound calls). The Service is by default restricted to incoming calls. Outbound functions are provided only after separate activation by Priovox. For outbound use, the following applies:

  • For calls to consumers, prior express consent is required (§ 7 para. 2 no. 1 of the German Act Against Unfair Competition, UWG).
  • For calls to other market participants (B2B), at least presumed consent is required, which only exists where there are concrete, factual indications of an interest of the called party (settled case law; cf. Federal Administrative Court, judgment of 29 January 2025 — 1 C 18.23).
  • The Customer documents consent pursuant to § 7a UWG and retains the documentation for at least five years. Upon Priovox's request, the Customer presents the documentation in suitable form.
  • Caller-ID spoofing or use of phone numbers not assigned to the Customer is prohibited.

(3) Recording and Transcription (§ 201 of the German Criminal Code, StGB). Call recording and transcription concern the non-publicly spoken word. The Customer ensures that every caller gives express, informed and voluntary consent before recording begins; silence or merely not hanging up does not constitute consent. The default greeting message provided by Priovox includes the corresponding notice and the option to hang up. If the Customer modifies the greeting in such a way that this notice is omitted or insufficient, the Customer assumes full criminal and civil responsibility and indemnifies Priovox against third-party claims. For cross-border use in jurisdictions with two-party consent requirements (e.g. certain US states, Switzerland), the Customer is obliged to adapt the greeting.

(4) Transparency under Art. 50 AI Act (effective from 2 August 2026). Priovox's default greeting informs callers that they are interacting with an AI system. The Customer may not remove or obscure this notice. If the Customer modifies the greeting such that the requirements of Art. 50 AI Act are no longer met, the Customer assumes full deployer responsibility under the AI Act and indemnifies Priovox against third-party claims and regulatory fines.

(5) Customer Responsibility for AI Outputs. The Service generates AI-generated statements which, due to their statistical nature, may be erroneous, incomplete or inaccurate. The Customer reviews all AI outputs (in particular bookings, appointments, lead notes, summaries, call handovers) on its own responsibility before making business decisions or entering into obligations vis-à-vis callers or third parties on this basis. § 22 para. 4 (Liability exclusion for AI outputs) remains unaffected.

(6) In case of breach of this section, Priovox is entitled to suspend the Service in whole or in part without prior notice. No refund of fees already paid is granted in this case. The right to extraordinary termination (§ 14 para. 3) remains unaffected. The Customer indemnifies Priovox against any third-party claims and regulatory fines resulting from a breach of this section.

§ 10 Access and Security

(1) The Customer receives access credentials, which it must keep secure and not make accessible to unauthorised third parties. Loss, theft or unauthorised use must be reported to Priovox without delay.

(2) Priovox is entitled to temporarily suspend access where there is reasonable suspicion of misuse.

(3) The Customer is responsible for activities that take place under its account, unless they were enabled by a failure of Priovox's security mechanisms.

§ 11 Phone Numbers

(1) If Priovox provides the Customer with a phone number, this number is assigned and operated by Priovox or its carrier partner. The Customer receives only a simple, non-exclusive right of use for the contract term.

(2) With respect to phone numbers provided by Priovox, the Customer does not become an end user within the meaning of § 59 TKG vis-à-vis the carrier; the phone number is and remains assigned to Priovox or the carrier. Number portability within the meaning of § 59 TKG to a third-party provider is excluded with respect to phone numbers provided by Priovox. Upon contract termination, the phone number reverts to Priovox and may be reassigned to other customers at Priovox's reasonable discretion.

(3) At the Customer's request, an existing phone number already assigned to the Customer may be ported into the Priovox network („Port-In"). The Customer bears the costs and risk of the Port-In; Priovox coordinates with the relinquishing provider but provides no guarantee of success. A reverse porting at the end of the contract is possible upon request against a flat-rate handling fee per the price list, provided that and to the extent the Customer is the holder of the original assignment vis-à-vis the Federal Network Agency and a reverse porting is required by law.

(4) Call forwarding beyond the contract term may be set up upon request against an additional fee for a maximum of 30 days.

§ 12 Fees, Minute Allowance, Payment

(1) Fees are based on the chosen tariff and the price and service overview displayed on priovox.com/preise (hereinafter „Price List"). All prices are net of value-added tax (VAT) at the applicable rate. For intra-EU services to a Customer with a valid VAT identification number, the reverse charge mechanism applies.

(2) Minute Allowance. Each tariff includes a defined minute allowance per billing period. Unused minutes expire at the end of the respective billing period; rollover into subsequent billing periods does not occur.

(3) Call duration billing increments. Each connected call is billed in full 30-second increments. The minimum billing duration per connected call is 30 seconds. Connection, setup and handover times are part of the billed call duration. The increments are additionally indicated in the Price List.

(4) Allowance overage. If the Customer uses up its allowance, additional minute bundles may be purchased in advance. Purchased minute bundles expire at the end of the billing period in which they were purchased, unless the Price List provides otherwise. The Service is suspended only when neither the base allowance nor any purchased minute bundles remain.

(5) Payment method. The fee is collected in advance via the payment service provider Stripe Payments Europe Ltd. Accepted payment methods are indicated in the Price List.

(6) Default in payment. If a payment fails, Priovox will request the Customer to pay. If payment is not made within seven days, Priovox is entitled to suspend the Service. Default interest is calculated pursuant to § 288 para. 2 BGB at nine percentage points above the base rate. In addition, Priovox may claim the default lump sum under § 288 para. 5 BGB in the amount of EUR 40.00 as well as further default damages.

(7) Set-off and right of retention. The Customer is entitled to set-off or retention only if its counterclaim is undisputed or has been finally adjudicated.

§ 13 Price Adjustment

(1) Priovox is entitled to adjust prices with an advance notice period of six weeks. The adjustment is communicated to the Customer in text form and takes effect on the indicated date.

(2) The Customer has the right to terminate the contract within four weeks of receipt of the adjustment notice with effect on the date the adjustment takes effect.

(3) Adjustments are made exclusively to compensate for objectively verifiable changes in cost factors, in particular carrier tariffs, costs of AI model interfaces, energy, personnel and hosting costs, and to compensate for statutory levies and taxes. Unilateral price adjustment at Priovox's free discretion does not occur.

§ 14 Term and Termination

(1) Unless otherwise stated in the order confirmation, the minimum contract term is:

  • for monthly tariffs: one month;
  • for annual tariffs: twelve months.

(2) The contract is automatically extended by the minimum contract term unless terminated beforehand:

  • monthly tariffs: termination with a notice period of seven days to the end of the billing period;
  • annual tariffs: termination with a notice period of three months to the end of the contract term.

(3) Extraordinary termination. The right to extraordinary termination for cause (§ 314 BGB) remains unaffected. A cause exists for Priovox in particular:

  • in case of payment default of more than 14 days despite reminder;
  • in case of a material breach of § 9 (prohibited use);
  • in case of repeated or serious breach of other obligations under these Terms;
  • upon the opening of insolvency proceedings against the Customer's assets or upon reasonable concern of insolvency;
  • in case of persistent impairment of the Service infrastructure attributable to the Customer;
  • where the Customer has provided false information to Priovox intentionally or by gross negligence which was material to the conclusion of the contract.

(4) Form. Terminations require text form (§ 126b BGB). Termination by email to the address indicated in the order confirmation or via the cancellation function provided in the web portal is sufficient.

(5) Consequences of contract termination. Upon effectiveness of termination, the Customer's right of use ends. Priovox provides the Customer with a 30-day data export option; thereafter, customer data is deleted, unless statutory retention obligations (in particular § 257 of the German Commercial Code, HGB; § 147 of the German Tax Code, AO) apply. Fees already paid are not refunded. Excluded from this are advance payments for service periods in which Priovox no longer provides the Service due to extraordinary termination caused by Priovox; these are refunded pro rata.

§ 15 Beta Features

(1) Priovox expressly designates certain features as „Beta", „Preview" or „Experimental" (collectively „Beta Features"). Beta Features are provided „as is, as available".

(2) Beta Features are subject to neither the availability commitment under § 4 nor the support commitment under § 5. Warranty for Beta Features is excluded to the extent permitted by law.

(3) Priovox may modify, discontinue or replace Beta Features at any time without prior notice and without compensation.

(4) Activation of a Beta Feature is by express action of the Customer only. By activating, the Customer accepts these conditions.

(5) Priovox's liability with respect to Beta Features is limited to intent and gross negligence; § 22 para. 1 (mandatory liability) remains unaffected.

§ 16 Third-Party Services, Interfaces

(1) The Service uses third-party services, in particular:

  • cloud hosting within the European Union,
  • telephony carriers for connection to the public telephone network,
  • AI model providers and speech synthesis services,
  • interfaces to calendar, email, messaging and CRM providers,
  • payment service providers.

(2) A list of third-party services and sub-processors used is provided by Priovox to the Customer upon request in text form. Data protection obligations regarding sub-processors are governed by the DPA (§ 27).

(3) The availability, performance and substantive correctness of third-party services is not within Priovox's responsibility. Priovox is liable only for fault in selection.

(4) When the Customer connects external systems (in particular via OAuth authorisation to calendar or email accounts), the Customer authorises Priovox to access such systems within the scope of the granted permissions.

§ 17 Data Protection, Sub-processors, Third-Country Transfer

(1) Priovox processes personal data of the Customer's callers and employees exclusively on behalf of the Customer. The Data Processing Addendum pursuant to Art. 28 GDPR is integrated as § 27 of these Terms and is deemed concluded upon contract conclusion.

(2) Third-country transfer. Where, for the provision of the Service, transfer of personal data to third countries (in particular the USA) is required — e.g. for the use of AI model providers — such transfer is based on:

  • an adequacy decision of the European Commission, in particular the EU-US Data Privacy Framework (decision of 10 July 2023), provided the recipient is certified; or
  • the EU Standard Contractual Clauses (Implementing Decision [EU] 2021/914) in their respective applicable version, supplemented by a Transfer Impact Assessment.

Should the aforementioned transfer mechanisms cease to be available or applicable, Priovox will make appropriate adjustments or restrict the Service accordingly.

(3) Sub-processors. A list of sub-processors is provided to the Customer upon request. A change to the sub-processor roster is communicated to the Customer in text form with an advance notice period of 30 days. Within this period, the Customer may object to the change for important data protection reasons; if the parties cannot reach an amicable solution within a further 30 days, the Customer may extraordinarily terminate the contract effective on the planned change date.

(4) Data breaches. Priovox notifies the Customer of personal data breaches pursuant to Art. 33 GDPR without undue delay, and at the latest within 24 hours of becoming aware. Details are governed by the DPA.

(5) The Customer remains the data controller (Art. 4 no. 7 GDPR) responsible for the lawfulness of data processing in connection with its business operations.

§ 18 Confidentiality, Trade Secrets

(1) The parties treat all confidential information of the other party that becomes known to them in connection with the performance of the contract as confidential. Confidential information includes in particular information marked as confidential as well as information whose confidentiality results from the circumstances.

(2) The Customer treats in particular Priovox's architecture, source code, system prompts, internal models, voice profiles, security measures, pricing structures and strategy documents as protected trade secrets within the meaning of § 2 no. 1 of the German Trade Secrets Act (GeschGehG). Priovox takes appropriate confidentiality measures.

(3) The confidentiality obligation survives termination of the contract by five years.

(4) Disclosure to tax advisors, auditors and legal advisors under appropriate confidentiality obligations or to authorities on legal grounds remains permitted.

§ 19 Non-Solicitation of Employees

During the term of the contract and for twelve months after termination, the parties undertake not to actively solicit employees of the other party. In case of breach of this obligation, the breaching party owes the other party a flat-rate contractual penalty in the amount of one gross annual salary of the affected employee; proof of a lower or higher actual damage remains reserved to either party.

§ 20 Warranty

(1) Priovox provides the Service with the diligence of a prudent merchant according to the state of the art at the time of contract performance. No warranty is given for any fitness of the Service for a purpose beyond the agreed scope of services.

(2) No warranty is given for the substantive accuracy, completeness, suitability, lawfulness or business utility of any statements, bookings, appointments, summaries, lead notes or other outputs produced by the AI telephone assistant. The AI assistant does not replace professional advice or human communication.

(3) Warranty for non-material defects is excluded.

(4) The Customer reports recognisable defects without delay after discovery in text form (in analogy to § 377 HGB).

(5) No warranty is given for Beta Features (§ 15).

§ 21 Third-Party Rights

(1) Priovox ensures that the Service, when used as intended, does not infringe rights of third parties domiciled within the European Union.

(2) If a third party asserts claims against the Customer due to infringement of protective rights through intended use of the Service, Priovox will, at its own expense:

  • obtain authorisation for use of the Service, or
  • modify or replace the Service so that the asserted infringement no longer exists.

(3) If both are only possible for Priovox at disproportionate effort, both parties are entitled to terminate the contract with effect for the future. Fees already paid are refunded pro rata.

(4) Priovox's obligations under paragraph 2 are conditional on the Customer informing Priovox of the asserted claims without delay, leaving the defence to Priovox and providing all information necessary for the defence.

(5) Content introduced by the Customer into the Service (in particular knowledge base, voice samples, media files) is not covered by the third-party-rights protection of this section. The Customer warrants that it holds the rights necessary to use the introduced content within the Service and indemnifies Priovox against third-party claims regarding such content.

§ 22 Liability

(1) Unlimited liability. Priovox is liable without limitation:

  • for intent and gross negligence;
  • for injury to life, body or health;
  • under the German Product Liability Act;
  • for fraudulently concealed defects;
  • under any guarantee expressly assumed by Priovox.

(2) Liability for slight negligence. For slight negligence, Priovox is liable only for breach of essential contractual duties („Cardinal Obligations"). Essential contractual duties within the meaning of these Terms are those duties whose fulfilment is essential for the proper performance of the contract, whose breach jeopardises the achievement of the contractual purpose and on whose observance the Customer regularly relies and may rely. Essential contractual duties include in particular:

  • provision of the Service in the agreed availability (§ 4);
  • preservation of confidentiality of customer data pursuant to the DPA (§ 27);
  • compliance with the agreed technical and organisational security measures (§ 28).

In such cases, liability is limited in amount to typical foreseeable damage; this corresponds to at most the net fee actually paid by the Customer for the Service in the twelve months preceding the damaging event.

(3) Otherwise, liability for slight negligence is excluded.

(4) Liability exclusion for AI outputs. To the extent permitted by law, Priovox's liability for the substantive accuracy, completeness, suitability, lawfulness or business utility of any statements, bookings, appointments, summaries, lead notes, handovers or other outputs produced by the AI telephone assistant is excluded — including where such outputs contain incorrect information that the Customer did not supply to Priovox. The Customer reviews AI outputs on its own responsibility before acting on them. Paragraph 1 (mandatory liability) remains unaffected.

(5) Indirect damages. Liability for lost profits, indirect damages, consequential damages, data loss and lost use is excluded except in the cases of paragraph 1.

(6) Data loss. In case of data loss, liability is limited in amount to the effort that would have been required for restoration with proper, regular data backup by the Customer.

(7) The above liability provisions also apply to breaches of duty by Priovox's legal representatives, employees and vicarious agents.

(8) Limitation period. Claims for damages arising out of or in connection with this contract become time-barred twelve months from the time at which the Customer became aware of the damage and the identity of the liable party or, without gross negligence, ought to have become aware, and at the latest three years from the damaging event. For claims under paragraph 1 of this section and for claims based on intentional breach of duty, the statutory limitation periods apply.

§ 23 Force Majeure

(1) Force majeure within the meaning of these Terms means events outside the control of the parties, which were unforeseeable or unavoidable with reasonable diligence and which substantially impede or render impossible the performance of contractual obligations, in particular war, terrorist attacks, pandemic, regulatory orders, large-scale energy, telecommunications or internet outages, severe cyberattacks by third parties, failure of essential subcontractors.

(2) During an event of force majeure, the parties are released from their contractual obligations for the duration and to the extent of the event.

(3) If the event lasts longer than 60 consecutive days, either party is entitled to extraordinarily terminate the contract.

§ 24 Amendments to these Terms

(1) Priovox is entitled to amend these Terms with effect for the future. Amendments are communicated to the Customer in text form with an advance notice period of six weeks.

(2) The notice contains the wording of the change, the effective date, an express reference to the Customer's right of objection and the consequences of silence.

(3) If the Customer does not object in text form within four weeks of receipt of the notice, the amendments are deemed accepted. In case of a timely objection, Priovox is entitled to terminate the contract with effect on the planned amendment date.

(4) Material amendments, in particular changes to the principal performance or the amount of remuneration, require the express consent of the Customer; the deemed acceptance under paragraph 3 does not apply in this case.

§ 25 Assignment, Transfer of Contract

(1) The Customer may assign rights under this contract to third parties or transfer the contract as a whole only with Priovox's prior written consent. § 354a HGB remains unaffected.

(2) Priovox is entitled to transfer the contract by way of contractual takeover or to transfer individual rights and obligations to affiliated companies within the meaning of §§ 15 et seq. of the German Stock Corporation Act (AktG) or to a legal successor by way of universal or special succession (in particular asset deal or share sale), provided that proper performance of the contract remains ensured.

§ 26 Final Provisions

(1) Text form. Declarations concerning this contract require text form (§ 126b BGB). Neither party may rely on an oral side agreement that is not expressly contained in the individual offer or in these Terms.

(2) Severability. Should individual provisions of these Terms be or become invalid in whole or in part, the validity of the remaining provisions remains unaffected. The invalid provision is replaced by the statutory provision pursuant to § 306 para. 2 BGB.

(3) Applicable law. The laws of the Federal Republic of Germany apply, excluding the United Nations Convention on Contracts for the International Sale of Goods (CISG).

(4) Place of jurisdiction. The exclusive place of jurisdiction for all disputes arising out of or in connection with this contract is the seat of Priovox, provided the Customer is a merchant, a legal person under public law or a special fund under public law within the meaning of § 38 of the German Code of Civil Procedure (ZPO). Priovox is also entitled to sue the Customer at its general place of jurisdiction.

§ 27 Data Processing Addendum (DPA) pursuant to Art. 28 GDPR

(1) Applicability. Insofar as Priovox processes personal data on behalf of the Customer, this § 27 applies as a data processing agreement within the meaning of Art. 28 para. 3 GDPR. It does not require separate signature; it is deemed concluded upon contract conclusion.

(2) Subject matter. The subject matter of the processing is the provision of the Priovox Service by Priovox to the Customer pursuant to § 3 of these Terms.

(3) Duration. The duration of the processing corresponds to the contract term. After termination, deletion or return takes place pursuant to § 14 para. 5 and paragraph 11 of this § 27.

(4) Nature and purpose. The processing serves the receipt, processing, recording, transcription and summarisation of incoming telephone calls, the handover of call data to connected third-party systems and the provision of analytics and configuration features in the web portal.

(5) Type of personal data. In particular, the following are processed:

  • audio recordings and transcripts of telephone calls;
  • phone numbers and call metadata (date, time, duration, call direction);
  • personal data mentioned by the caller during the call (name, address, request, contact data, appointment information);
  • employee and user data of the Customer (login credentials, configuration logs).

(6) Categories of data subjects.

  • callers (customers, prospects, suppliers, applicants, employees etc. of the Customer);
  • employees and users of the Customer who use the web portal.

(7) Obligations of the processor (Priovox). Priovox undertakes:

  • to process personal data only on documented instructions from the Customer; an exception applies only insofar as Priovox is required to do so by Union or member-state law (Art. 28 para. 3 lit. a GDPR);
  • to oblige persons authorised to process the data to confidentiality;
  • to take the technical and organisational measures required pursuant to Art. 32 GDPR (see § 28);
  • to comply with the requirements of Art. 28 paras. 2 and 4 GDPR when engaging sub-processors (see § 17);
  • to assist the Customer in responding to requests by data subjects (Art. 12–22 GDPR), insofar as possible for the Customer and reasonable for Priovox;
  • to assist the Customer with compliance with the obligations under Art. 32 to 36 GDPR;
  • upon termination of the processing services, to delete or return personal data at the Customer's choice, unless statutory retention obligations apply;
  • to make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in Art. 28 GDPR and to allow for audits.

(8) Obligations of the controller (Customer). The Customer is the controller within the meaning of Art. 4 no. 7 GDPR and is solely responsible for the lawfulness of the data processing. The Customer issues to Priovox the instructions necessary for the performance of the contract in text form; oral instructions are confirmed in text form without delay.

(9) Sub-processors. The Customer consents to the use of sub-processors pursuant to § 17. The list of sub-processors used is provided by Priovox upon request in text form. Changes are communicated with an advance notice period of 30 days; the right of objection under § 17 para. 3 remains unaffected.

(10) Audit rights. The Customer is entitled to verify Priovox's compliance with the obligations of this § 27. Verification is generally provided through compliance reports submitted by Priovox (e.g. certifications, penetration test reports, audit reports). On-site audits may be agreed in justified individual cases, no more than once per year, with 30 days' advance notice, during Priovox's normal business hours, after signing a non-disclosure agreement. The Customer bears the costs unless the audit reveals material breaches.

(11) Deletion / return. Upon termination, personal data is deleted or returned pursuant to § 14 para. 5 of these Terms. Statutory retention periods (in particular § 257 HGB, § 147 AO) remain unaffected.

(12) Notification of data breaches. Priovox notifies the Customer of personal data breaches without undue delay, at the latest within 24 hours of becoming aware. The notice contains the information required pursuant to Art. 33 para. 3 GDPR, insofar as available at the time of notification.

(13) Third-country transfer. Transfer to third countries takes place pursuant to § 17 para. 2.

§ 28 Technical and Organisational Measures (TOMs) pursuant to Art. 32 GDPR

Priovox implements the following technical and organisational measures to protect personal data, taking into account the state of the art, implementation costs, the nature, scope, circumstances and purposes of the processing as well as the likelihood and severity of the risk to data subjects:

(1) Confidentiality

  • Hosting in certified data centres in Germany.
  • Physical access controls operated by the data centre provider (multi-factor authentication, biometric controls, video surveillance, security personnel).
  • Logical access controls with personalised user accounts, minimum password requirements and two-factor authentication for administrative access.
  • Role- and permissions-based access controls following the principle of least privilege.
  • Encryption of personal data in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent).
  • Separation of production, staging and development environments.
  • Logical tenant separation of customer data.

(2) Integrity

  • Input controls through audit logs of all administrative accesses and security-relevant events.
  • Versioned database and configuration changes with traceable change management.
  • Verification of data integrity through backup consistency checks.

(3) Availability and Resilience

  • Daily automated backups with encrypted storage.
  • Backup retention of at least 30 days.
  • Documented recovery procedures with defined Recovery Time and Recovery Point Objectives.
  • 24/7 monitoring of service availability and security-relevant indicators.
  • Protection against Distributed Denial-of-Service attacks via an upstream edge provider.

(4) Procedures for Regular Review, Assessment and Evaluation

  • Regular review of security measures.
  • Annual data protection training for employees.
  • Written confidentiality undertakings of all employees.
  • Risk-based selection and review of sub-processors with data protection assessment.
  • Documented procedures for detection and notification of personal data breaches.

(5) Data Minimisation and Storage Limitation

  • Collection limited to data necessary for contract performance.
  • Defined retention periods per data category.
  • Automated deletion routines after expiry of the respective retention period.
  • Pseudonymisation where technically feasible and appropriate.

(6) Vendor Control

  • Contractual binding of all sub-processors to equivalent data protection obligations.
  • Regular review of sub-processor compliance.