Terms and Conditions

Service Agreement / Terms of Use for simrelay Services

of

SIMRelay GmbH

Lilienthalstraße 5c

12529 Schönefeld

("Provider")

Preamble

The Provider operates a service for the technical provision of dedicated, hosted SIM mobile numbers ("Hosted SIM"). Through these numbers, the customer can receive incoming SMS messages, which are automatically forwarded to recipients predetermined by the customer according to individual configuration. The service is particularly intended for flexible reception and team-wide forwarding of SMS messages, such as one-time passwords (OTP), notifications, or other business processes. The offer is exclusively directed at commercial users within the scope of their entrepreneurial or professional activities (B2B). No services are provided to consumers.

1. Contracting Parties, Scope of Application

1.1 The contracting parties within the meaning of this contract are SIMRelay GmbH Lilienthalstraße 5c, 12529 Schönefeld ("Provider") and the company named and identified during the ordering process (hereinafter "Customer").

1.2 These terms regulate the use of the "Hosted SIM SMS Forwarding" service including all associated functions, modules, and additional services. Conflicting or deviating general terms and conditions of the Customer will not become part of the contract unless the Provider expressly agrees to their validity in writing.

2. Service Description

2.1 The Provider provides the Customer with the number of dedicated SIM mobile numbers specified in the order for the contract term, through which incoming SMS messages are technically processed and forwarded to destination addresses predetermined by the Customer (e.g., mobile numbers, email addresses, APIs).

2.2 Forwarding to multiple recipients (multi-recipient function) is possible within the scope of the selected tariff and the service description applicable to that tariff. Technical delivery is carried out according to the state of the art; the Provider does not guarantee uninterrupted accessibility of all destination networks and assumes no responsibility for the deliverability of individual SMS messages.

2.3 Operational provision, maintenance, and troubleshooting within the scope of the service are carried out according to the respective Service Level Agreement (SLA) booked. The scope of support (e.g., customer service availability, response times) is governed by the service description in the ordering process.

2.4 The Provider reserves the right to make technical changes that improve the overall availability, security, or functionality of the service. Significant restrictions or deteriorations of the main service will be announced to the Customer in advance.

2.5 The Provider is entitled to temporarily restrict access to the service if this is necessary for maintenance work, security measures, or troubleshooting. Where possible, planned restrictions will be announced to the Customer in advance.

3. Customer Obligations and Cooperation

3.1 The Customer is obligated to specify recipient addresses for forwarding independently, completely, and correctly, and to configure data processing settings independently. The Customer is responsible for ensuring that all specified recipients are authorized to receive the messages and that no third-party rights are violated.

3.2 The Customer is obligated to cease using the mobile numbers assigned to them at the time of contract termination. This includes deregistering the relevant mobile numbers from all services in connection with which the mobile numbers were used (e.g., registration for OTP delivery). The Customer has been informed in this context that the mobile numbers used by them can be assigned to other customers of the Provider after contract termination - and without transition periods. The Customer is solely responsible for preventing the delivery of any messages directed to them at these mobile numbers after contract termination through the aforementioned deregistration.

3.3 The Customer may use the service exclusively within the framework of applicable laws and only for their own business purposes. Any abusive, unlawful, or immoral use is prohibited, particularly the transmission of illegal, harassing, discriminatory, defamatory, harmful, or fraud-related content, as well as use for spam, unsolicited mass communication, or similar purposes.

3.4 When using for security-relevant procedures (particularly for OTP/multi-factor authentication or other compliance-required purposes), the Customer is responsible for compliance with any requirements, guidelines, and other specifications of banks, platforms, or service providers.

3.5 The Customer is obligated to keep access data, user passwords, and API keys to the service secret and protect them from unauthorized access. In case of signs of abusive use, data loss, or security incidents, the Provider must be informed immediately.

3.6 Violations of the above obligations may lead to immediate suspension of access and/or termination for cause. Further damage compensation and injunctive relief claims of the Provider remain unaffected.

4. Availability, Maintenance, and Support

4.1 Please refer to the current service description and/or Service Level Agreement (SLA) for average target availability and any schedulable maintenance times.

4.2 The Provider will make every effort and with reasonable expense to remedy disruptions and restrictions of the service immediately upon becoming aware of them. Legally mandatory defect rights of the Customer remain unaffected.

4.3 The Provider assumes no responsibility for failures, disruptions, or delays resulting from force majeure, unforeseeable events, or network failures not influenced by third parties.

4.4 The Provider provides the Customer with a support channel; contact details and response times can be found in the respective SLA or on the website.

5. Data Security, Telecommunications Secrecy, and Traffic Data

5.1 As a provider of a communication service, the Provider is subject to the legal obligation to maintain telecommunications secrecy and data protection. It processes communication content (e.g., SMS text) and traffic data (e.g., sender and recipient number, timestamp) exclusively to the extent necessary for service provision, billing, troubleshooting, or prevention and detection of abuse.

5.2 Data inspections are limited to the necessary extent ("need-to-know principle") and only allowed to authorized employees. Every access is logged and regularly controlled.

5.3 The Provider takes appropriate technical and organizational measures (TOMs) according to the state of the art to protect communication content and traffic data from unauthorized access, disclosure, alteration, or loss. Key measures include encryption, access control, logging of security-relevant processes, and a graduated authorization system. Details are described in the appendix "Data Protection & Security (TOMs)".

5.4 Content data is generally only temporarily cached and automatically deleted after the purpose is achieved, unless legal retention obligations stand in the way. Traffic data is deleted or anonymized at the latest after expiration of legal or contractual retention periods.

5.5 Communication data is only transmitted to third parties when there is a legal obligation or official order based on an applicable legal basis. The disclosure and the occasion are documented, and the Customer is informed - to the extent legally permissible.

5.6 The Provider supports the Customer to the extent legally required in exercising legal data subject rights and in measures to ensure data security and compliance with telecommunications secrecy.

6. Data Protection and Data Processing Agreement

6.1 Insofar as the Provider processes personal data on behalf of the Customer, the conclusion of a Data Processing Agreement ("DPA") according to Art. 28 GDPR between both parties is deemed mandatory. A corresponding DPA is offered by simrelay in the customer account for conclusion by the Customer.

6.2 The Provider is entitled to use sub-processors. When services are provided by sub-service providers outside the European Economic Area (EEA), an adequate level of data protection is ensured through suitable guarantees (e.g., EU Standard Contractual Clauses). The Provider maintains the current list of sub-processors; changes are communicated to the Customer in a timely manner.

6.3 The regulations on retention periods and automatic deletion as well as the associated concept of data minimization apply in addition to the DPA. The details, particularly retention periods, deletion periods, and storage locations, are regulated in a separate appendix.

7. Prices, Billing, and Payment Terms

7.1 The prices for the respective service packages, additional services, and any excess usage result from the Provider's current price list and/or the order confirmation shown at contract conclusion.

7.2 Billing occurs monthly in advance or according to the cycle agreed in the ordering process. Invoices are due for payment immediately upon receipt.

7.3 In case of payment default, the Provider is entitled to demand reminder fees and default interest at the statutory rate. If payment remains outstanding after a reminder, the Provider may temporarily suspend access to the service after announcement.

8. Warranty and Liability

8.1 The Provider warrants the contractual operation of the service according to recognized technical standards. In case of justified defect claims, statutory warranty rights apply.

8.2 The Provider is fully liable for damages from injury to life, body, and health, as well as for other damages based on intentional or grossly negligent breach of duty.

8.3 For slightly negligent breaches of duty, the Provider is only liable for contract-typical, foreseeable damage and only insofar as an essential contractual obligation (cardinal obligation) is violated. Liability is further limited to the amount of annual remuneration agreed in the current contract.

8.4 Liability for indirect, consequential damages, or lost profits is excluded unless it concerns a case of unlimited liability according to paragraph 8.2.

9. Contract Term and Termination

9.1 The contract is concluded for an indefinite period and can be terminated at any time with 30 days' notice to the last day of the current contract month. Termination can be made in the Customer's customer account or by email to [email protected].

9.2 The right to immediate termination for cause remains unaffected. A cause exists particularly when a party violates its contractual obligations significantly, fails to remedy despite a deadline, or persistently violates legal requirements.

9.3 After contract termination, automatic deactivation of the provided interfaces/access occurs. The details for deletion of data stored with the Provider are regulated in Section 6 and the associated appendix.

10. Confidentiality

10.1 Both contracting parties are obligated to treat all confidential information, business secrets, and details about technical processes and security measures obtained within the framework of the contractual relationship strictly confidentially and to use them exclusively for proper contract fulfillment. The obligation to confidentiality continues after contract termination.

10.2 Excluded are information that is obvious, already publicly known, or becomes accessible to third parties without violation of this provision, or insofar as a legal disclosure obligation exists.

11. Final Provisions

11.1 German law applies, excluding the UN Convention on Contracts for the International Sale of Goods. Exclusive jurisdiction for disputes arising from or in connection with this contract is, to the extent legally permissible and the Customer is a merchant, [Provider's registered office].

11.2 Changes, additions, or side agreements require written form. This also applies to the waiver of the written form requirement.

11.3 Should a provision of this contract be or become invalid or unenforceable, the validity of the remaining contract remains unaffected ("Severability Clause"). The parties commit to establishing, instead of the invalid provision, one that comes closest economically to the sense and purpose of the original provision.