for the Use of BigBlueButton Hosting Services of think modular - digital solutions GmbH, FN 510603m, Ebendorferstr. 3/14, 1010 Vienna, Austria
General
think modular - digital solutions GmbH (hereinafter referred to as the "Provider") provides hosting, support, and additional services in connection with the provision and operation of the web-based video conferencing software BigBlueButton (hereinafter referred to as the "Service") for its users (hereinafter referred to as the "Customer").
1. Scope and Subject Matter of the Contract
1.1 These terms and conditions apply as soon as the Customer uses the services provided by the Provider, for example via the website https://shop.bbb-connect.com, or makes use of other services of the Provider.
1.2 By using the services, the Customer accepts the terms and conditions applicable at the time of use, which shall become effective upon publication at https://shop.bbb-connect.com/agb. At the same time, the Customer acknowledges the privacy policy available at https://shop.bbb-connect.com/data-protection. When using certain service offerings, additional terms of use applicable to the specific offering may apply. The Customer will be informed accordingly, where applicable.
1.3 The Provider reserves the right to amend or supplement the terms of use at any time. Amendments shall become effective after the expiry of 30 days from the date of publication or notification of the Customer regarding the amendment.
1.4 The Service is intended exclusively for entrepreneurs within the meaning of Section 1 of the Austrian Commercial Code (UGB), including authorities and associations, provided they do not qualify as consumers. Use by consumers within the meaning of the Austrian Consumer Protection Act (KSchG) is excluded.
1.5 The contract is concluded upon confirmation of the order placed by the Customer by the Provider or upon actual provision of the ordered Service to the Customer. The Provider may reject orders without stating reasons.
1.6 By placing an order, the Customer expressly confirms that they are an entrepreneur within the meaning of Section 1 UGB or an authority or association and that they use the Service exclusively for business purposes. The Provider is entitled to verify the Customer's information and to revoke conclusions or terminate contracts if it subsequently becomes apparent that the Customer is to be classified as a consumer.
1.7 Upon conclusion of the contract, exclusively these terms and conditions, including any written supplements, shall apply, and all prior oral or written agreements shall lose their validity. Any terms and conditions of the Customer shall have no effect on the contractual relationship.
2. Description of Services
2.1 The Provider shall provide the Customer with a BigBlueButton instance (dedicated server environment) in the respectively agreed capacity, including system operation, monitoring, software updates, and security measures.
2.2 The Service is operated exclusively in ISO 27001-certified data centers in Germany. In addition, encrypted backup servers are operated in ISO 27001-certified data centers within the EU (currently in Helsinki) for failover protection and geo-redundancy (see also Section 6 below and the privacy policy at https://shop.bbb-connect.com/data-protection).
2.3 Optional additional services (e.g. branding, storage extensions, event support, premium SLA) may be agreed upon.
2.4 Test systems or preview versions are provided on a non-binding basis and at the Customer's own risk; no entitlement to functionality or availability exists for these.
2.6 The Provider is entitled to make technical or functional changes and to further develop the Service. There is no entitlement to a specific software version.
2.7 Use of the Service requires suitable end devices, up-to-date browsers, and sufficient internet connectivity (see Section 8 below).
3. Availability
3.1 The Provider guarantees a monthly availability of 99.5%.
3.2 Availability excludes in particular:
- duly announced maintenance windows,
- events of force majeure,
- disruptions within the responsibility of network operators or other third parties,
- peering issues, DNS outages, or regional carrier disruptions.
3.3 Maintenance windows shall be announced at least 48 hours in advance.
3.4 Availability is measured monthly based on the reachability of the BigBlueButton API.
3.5 An outage exists if the API is continuously unavailable for more than 60 seconds or if no sessions can be started. Impairments of individual functions do not constitute an outage.
4. Maintenance and Updates
4.1 Security-relevant updates are installed promptly.
4.2 Functional updates are tested and implemented during announced maintenance windows.
4.3 The Provider is entitled to make changes insofar as they serve security, stability, or further development.
5. Support Services and Response Times
5.1 Support services are provided in accordance with the agreed support level.
5.2 Standard response times (Mon-Fri, 08:00-18:00 CET):
- Critical incident: within 4 hours
- High priority: within 8 hours
- Medium priority: within one business day
- Low priority: within two business days
5.3 Extended support models (e.g. 24/7 on-call service) are possible and require separate agreements.
6. Data Protection and Data Security
6.1 The Provider processes personal data exclusively for the purpose of service provision and in accordance with the provisions of the GDPR and the Austrian Data Protection Act (DSG) as amended. In addition, the Provider processes technical log data for error analysis, security, and system stability. Meeting content is not logged. Customer data is hosted and maintained by the Provider itself; third parties have no access to it.
6.2 Insofar as the Provider processes personal data on behalf of the Customer within the scope of use, it acts as a processor. In this case, the Customer must conclude a data processing agreement pursuant to Art. 28 GDPR with the Provider, which shall be provided by the Provider and is a prerequisite for the processing of Customer data by the Provider.
6.3 Data processing takes place predominantly in Germany. For encrypted backups, the Provider uses ISO 27001-certified data centers within the EU (currently in Helsinki). In addition, Stripe (payment processing) and CrowdSec (security services) process personal data within the framework of cooperation with the Provider in accordance with mandatory GDPR provisions.
6.4 Personal data is disclosed to third parties exclusively to the following service providers in GDPR-compliant form:
Use of Stripe for payment processing (https://stripe.com/at
Stripe is used for payment processing. The processing of payment data takes place exclusively for the purpose of order processing, execution of the payment transaction, and administration of the order in the webshop shop.bbb-connect.com.
The data exchange with Stripe exclusively concerns the Customer as the ordering party. Once the Customer has been provided with BigBlueButton as an independent solution by the Provider, separate from this shop, no (further) data exchange takes place between Stripe, the Customer, and the participants of video conferences.
Use of CrowdSec for security purposes (https://www.crowdsec.net
The Provider uses CrowdSec to provide security and protection mechanisms for its systems. Only IP addresses with known patterns of potentially malicious activity are matched in order to protect the network from possible intrusion attempts. Beyond the IP address, no further personal data is transmitted to CrowdSec.
6.5 Customer data is not used for advertising, analytics purposes, or AI training. No data is disclosed beyond the processes described.
6.6 Further details regarding data disclosure and processing are contained in the privacy policy at https://shop.bbb-connect.com/data-protection.
7. Data Backup
7.1 The Provider performs daily, redundant backups of system-relevant data.
7.2 The standard retention period is 7 days.
7.3 Backups serve exclusively for system restoration.
7.4 The Customer is solely responsible for the management, lawfulness, and deletion of their own content and recordings.
7.5 The Provider deletes all Customer data 30 days after termination of the contract, unless statutory retention obligations apply.
7.6 There is no entitlement to individual data migration, special export formats, or additional data provision. The return or safeguarding of a customary export within the scope of the data processing agreement remains unaffected.
8. Obligations of the Customer
8.1 The Customer undertakes to use or allow the use of the Service only in compliance with applicable laws and regulations, in particular in accordance with the GDPR. The Customer shall ensure that the processing of personal data in connection with the use of the Service is based on a valid legal basis and that data subjects are duly informed in accordance with the GDPR (e.g. in connection with recording a video conference).
8.2 Use of the web-based Service requires suitable end devices (PC including operating software, screen, camera, microphone, etc.), up-to-date browsers, and sufficient internet connectivity. The Customer is responsible for ensuring the availability and functionality of these technical prerequisites.
8.3 The capacity limits ordered by the Customer must be observed (e.g. maximum number of concurrent users).
8.4 In the event of overload (e.g. exceeding capacity limits) or endangerment of system stability, the Provider is entitled to restrict the Service to the necessary extent.
8.5 The Provider may block access in cases of misuse, security risks, or violations (e.g. if a Customer attempts to circumvent security mechanisms).
8.6 If the Customer violates contractual obligations and/or applicable legal provisions, e.g. by disseminating unlawful content, the Provider is entitled to temporarily or permanently block access and, in particular, to remove the affected content.
8.7 The Customer shall support the Provider in support matters (e.g. by providing relevant information or a comprehensible description of the problem).
8.8 The Customer must comply with mandatory export control and sanctions regulations when using the Services.
8.9 Reverse engineering, automated scanning, circumvention of technical protection measures, or excessive API usage by the Customer are prohibited. License terms, where communicated in the offering, must be complied with.
8.10 Technical disruptions in the use of the Services provided must be reported to the Provider without undue delay; delayed reporting may exclude claims.
8.11 Paid or free transfer or subleasing of the Service to third parties is not permitted without the Provider's written consent.
9. Performance Limits and Liability
9.1 The Provider operates the Service with reasonable care; there is no entitlement to uninterrupted availability or specific performance values.
9.2 The Provider's liability is limited to intent and gross negligence, insofar as legally permissible. This applies in particular to liability for damages arising from the use of the open-source software.
9.3 The Provider shall be liable for indirect damages or loss of profit exclusively in cases of intent, insofar as legally permissible.
9.4 Except in cases of intent, the Provider's liability is limited in amount to the annual fee for the current contractual year.
9.5 The Provider shall not be liable for events of force majeure or circumstances beyond its control.
10. Remuneration, Contract Term, and Termination
10.1 The remuneration owed by the Customer shall be invoiced in the amount and on the basis of the selected service package.
10.2 Fixed-term subscriptions (e.g. annual or monthly packages) are automatically renewed for the originally selected contract period unless terminated before the expiry of the original or extended contract period.
10.3 The Provider reserves the right to change prices and will announce such changes with reasonable notice. Price changes shall always apply only from the next contract period and will be communicated in such a way that timely termination by the Customer is possible.
10.4 Invoiced fees are due for payment within 14 days.
10.5 In the event of default of payment, the Provider may charge statutory default interest and suspend access.
10.6 The Provider may terminate the contract with immediate effect for good cause.
11. Service Adjustments and Upgrades
11.1 Upgrades (e.g. increase of capacity limits or additional features) may be requested by the Customer at any time.
11.2 Where feasible, upgrades shall be implemented by the Provider within 1-3 business days.
11.3 Downgrades (e.g. reduction of capacity limits or features) shall take effect from the next contract period.
13. Final Provisions
13.1 The contractual relationship between the Provider and the Customer shall be governed exclusively by the laws of the Republic of Austria, excluding the UN Convention on Contracts for the International Sale of Goods and the conflict-of-law rules of private international law. The contract language is German; in the event of discrepancies between language versions, the German version shall prevail.
13.2 The place of jurisdiction for all disputes arising out of or in connection with the contractual relationship, including its formation, shall be the court with subject-matter jurisdiction for Vienna.
13.3 Should individual provisions of these terms of use be or become invalid, this shall not affect the validity of the remaining provisions. Invalid provisions of these terms and conditions or other contractual agreements shall be replaced by valid provisions that come closest to their economic purpose. This applies mutatis mutandis to genuine contractual gaps.
13.4 The Provider is entitled to transfer the contract to a legal successor.