ด้านล่างนี้มีระบบจองออนไลน์ต้นแบบสามแบบให้คุณลองใช้งานตามฟังก์ชันการทำงาน เพียงทำการจองให้เสร็จสิ้น ไม่ต้องกังวล — ระบบจะไม่สร้างคำสั่งซื้อจริง อย่างไรก็ตามหากคุณกรอกที่อยู่อีเมลถูกต้อง คุณจะได้รับอีเมลยืนยันการจอง ดังนั้นคุณจึงลองขั้นตอนจองทั้งหมดรวมถึงการยืนยันทางอีเมลได้อย่างสบายๆ
ผู้ให้บริการเว็บไซต์และบริการนี้คือ Vemido, Thomas Sokolowski, ประเทศสวิตเซอร์แลนด์
สำหรับการติดต่อสอบถาม โปรดใช้ แบบฟอร์มติดต่อ
เนื้อหาทั้งหมดบนเว็บไซต์นี้ (ข้อความ กราฟิก เครื่องหมายการค้า และองค์ประกอบการออกแบบ) ได้รับความคุ้มครองลิขสิทธิ์ ห้ามใช้งาน ทำซ้ำ หรือเผยแพร่โดยไม่ได้รับอนุญาตเป็นลายลักษณ์อักษรล่วงหน้า
การใช้บริการตามสัญญาของบริการที่เสนอในที่นี้อยู่ภายใต้ ข้อกำหนดและเงื่อนไขทั่วไป (GTC) ของเรา โดย GTC จะถูกจัดให้ผู้สนใจก่อนทำสัญญาและก่อนเริ่มให้บริการ และถือเป็นส่วนหนึ่งของความสัมพันธ์ทางสัญญาของเราเสมอ
ซูริก, 15.03.2026
เว็บไซต์นี้สามารถเข้าถึงได้ตามมาตรฐาน WCAG 2.2 ระดับความสอดคล้อง AA ตรวจสอบเมื่อ 15.03.2026 โดยผู้เชี่ยวชาญภายใน
หากคุณยังพบอุปสรรคในการเข้าถึง โปรดแจ้งผ่าน แบบฟอร์มติดต่อ เราจะตรวจสอบทุกข้อเสนอแนะโดยเร็ว
Last updated: March 15, 2026
The controller responsible for the processing of personal data in connection with the website and services of Vemido is:
Thomas Sokolowski
Niederlenzerstrasse 79
5600 Lenzburg, Switzerland
Email: support@vemido.com
This Privacy Policy provides information on the nature, scope, and purpose of the processing of personal data in connection with the website www.vemido.com and the use of the services offered by Vemido. It serves to fulfill the information obligations under the Swiss Federal Act on Data Protection (FADP).
As a rule, the website may be visited for informational purposes without creating a user account.
Vemido does not use web analytics services and does not load external fonts via APIs. On the website, Vemido uses only those cookies or comparable technical means that are necessary for functionality and user-friendly presentation, in particular for storing the language selected by the user.
Google Maps may be used within a booking system created by one of our customers in order to provide map content. The map is loaded only when the user actively accesses it via a link (no iframe). Only in this context may personal data, in particular technical connection data, usage data, and, where applicable, the IP address, be transmitted to Google or recipients affiliated with Google. In its Privacy Policy, Google states that it collects, among other things, data regarding the interaction of apps, browsers, and devices with its services, as well as the IP address.
A disclosure abroad cannot be excluded in this context. To the extent that a disclosure is made to countries that do not provide an adequate level of data protection, such disclosure shall take place only on the basis of the safeguards required under applicable data protection law or another permissible legal basis. Under the FADP, information must be provided regarding recipients and cross-border disclosures.
If you contact Vemido, in particular by email or via a contact form, Vemido processes the personal data that you provide yourself to the extent necessary to handle your inquiry, communicate with you, and initiate or perform a contract.
If you register for a trial period, a user account, or a paid service offered by Vemido, Vemido processes the personal data required for registration, contract administration, service provision, administration, invoicing, communication, support, data security, and the assertion and enforcement of legal claims.
Depending on usage, this may include in particular master and contact data, contract data, billing data, user and access data, communication data, as well as the content, appointment, booking, and administrative data processed in the course of using Vemido.
To the extent that Vemido processes personal data on behalf of a customer, such processing is carried out as processor activities within the meaning of applicable data protection law. In such case, the respective customer is, as a rule, responsible under data protection law for the lawfulness of the processing. For this purpose, a Data Processing Agreement (DPA) is concluded between Vemido and the customer, which forms an integral part of the contractual relationship. The Swiss FADP expressly regulates processing by processors.
Vemido discloses personal data to third parties only to the extent necessary for the provision of the website and services, the performance of the contract, compliance with legal obligations, or the protection of legitimate interests.
This may include, in particular, disclosure to technical service providers such as hosting, infrastructure, communication, or support providers. If such recipients are located abroad or if data is processed abroad, this shall take place in compliance with the applicable data protection requirements.
Personal data is processed and retained only for as long as necessary for the respective purpose or for as long as statutory retention obligations, contractual obligations, or legitimate interests, in particular for the assertion, exercise, or defense of legal claims, so require.
Unless such reasons prevent it, personal data will be deleted or anonymized as soon as it is no longer required for the purposes pursued.
Within the framework of applicable data protection law, data subjects have, in particular, the right to obtain information about the data processed concerning them and, depending on the statutory requirements, the right to rectification, deletion, or restriction of processing. The right of access is governed by the Swiss FADP.
Requests to exercise such rights may be sent to support@vemido.com.
Vemido may amend this Privacy Policy if required due to legal, technical, or operational changes. The version published on the website from time to time shall be controlling.
for the use of Vemido
Version dated: March 10, 2026
The provider of Vemido is:
Thomas Sokolowski
Niederlenzerstrasse 79
5600 Lenzburg
Switzerland
Vemido is operated under the designation “Vemido” and is accessible via the website www.vemido.com.
2.1 These General Terms and Conditions govern the conclusion, content, and performance of all contractual relationships between the Provider and its customers relating to the use of the Vemido software solution and any related services.
2.2 Vemido is intended exclusively for businesses, self-employed persons, associations, foundations, public-law entities, and other organizations. The conclusion of contracts with consumers for private purposes is excluded unless expressly agreed otherwise in writing.
2.3 Any conflicting, supplementary, or deviating terms and conditions of the Customer shall not apply unless the Provider has expressly agreed to their validity in writing.
2.4 In the event of any conflict, individual quotations, service descriptions, price lists, supplementary agreements, data processing agreements, service descriptions, or other contractual documents shall take precedence over these GTC.
3.1 The contract is concluded through acceptance of a quotation, an online order, registration, activation of a customer account, or use of Vemido’s services.
3.2 Upon conclusion of the contract, the Customer acknowledges these GTC as a binding part of the contract.
3.3 The Provider is entitled to reject registrations, orders, or contract conclusions without stating reasons.
4.1 Vemido is a digital software solution for the management, organization, and execution of booking, appointment, resource, and related administrative processes.
4.2 The specific scope of services is determined by the package booked in each case, the current service description, the quotation, and any supplementary agreements.
4.3 The Provider owes the provision of the contractually agreed functions in accordance with the current technical and operational standard. Any particular economic success, specific increase in revenue, specific cost saving, or suitability for a special purpose assumed by the Customer shall only be owed if expressly warranted in writing.
4.4 The standard scope of services does not include, in particular, individual legal advice, tax advice, business consulting, industry-specific compliance reviews, custom developments, migrations, interface customizations, data cleansing, content reviews, or customer-specific special solutions, unless expressly agreed.
4.5 The Provider is entitled to further develop Vemido technically and functionally, to modify, expand, restrict, or replace functions with equivalent functions, provided that the essential contractual benefit is not unreasonably impaired as a result.
4.6 Vemido may be used free of charge for a period of 30 days. The trial period begins when the account is activated and ends automatically after 30 days unless a paid continuation is agreed. If no continuation is agreed, all data of the trial account will be irreversibly deleted after the trial period ends. It is the user’s responsibility to arrange a continuation in due time before the trial period ends or to secure the data by other means. Vemido shall not be liable for data losses resulting from the user failing to arrange a timely continuation or failing to perform their own data backup. The free trial period may only be used once per user, per company, and per account. Separately designated paid service packages, in particular our SMS messaging, are not part of the free trial period and will be charged separately if used, including during the trial period.
5.1 For the duration of the contract, the Provider grants the Customer a non-exclusive, non-transferable, non-sublicensable, and revocable right to use Vemido within the contractually agreed scope.
5.2 All rights in and to Vemido, in particular copyrights, trademark rights, distinctive signs, database rights, rights in software, source code, user interfaces, layouts, designs, configurations, documentation, concepts, modules, and further developments, shall remain exclusively with the Provider or the respective rights holders.
5.3 In particular, the Customer is prohibited from:
6.1 The Customer is solely responsible for the use of Vemido, for all content entered, uploaded, stored, processed, transmitted, or published, and for the conduct of its employees, agents, administrators, and end users.
6.2 The Customer undertakes to use Vemido exclusively in a lawful, proper, and contractually compliant manner.
6.3 In particular, the Customer shall ensure that no content is processed, stored, or published via Vemido that:
6.4 The Customer is solely responsible for complying with all legal, regulatory, contractual, and professional requirements necessary for its activities. This applies in particular to regulations relating to data protection, unfair competition law, employment law, tax law, consumer protection law, health law, professional regulations, and industry-specific special regulations.
6.5 The Customer is obliged to keep all access credentials, passwords, authentication features, administrative access credentials, and other security features confidential, to protect them against access by unauthorized third parties, and to make them available only to authorized persons.
6.6 The Customer is solely responsible for the security of its user accounts, access credentials, and authentication features within its own organizational and sphere of responsibility. The Customer shall implement appropriate technical and organizational protective measures, in particular:
6.7 The Customer shall ensure that access credentials are not stored, documented, transmitted, or disclosed jointly, unencrypted, carelessly, or otherwise in a manner susceptible to misuse.
6.8 All actions performed using the Customer’s valid access credentials, user accounts, or authentication features shall be attributed to the Customer unless the Customer proves that such use was caused exclusively by circumstances lying exclusively within the Provider’s sphere of responsibility.
6.9 The Customer shall notify the Provider without undue delay of any suspicion of loss, theft, disclosure, misuse, or other compromise of access credentials and shall take all reasonable measures to mitigate damage.
6.10 In the event of suspected misuse, a security risk, or unauthorized access, the Provider is entitled to temporarily block user accounts or access, reset passwords, deactivate authentication means, or take other appropriate security measures.
6.11 Unless a separate backup or restore service has been expressly agreed in writing, the Customer is obliged to independently back up all data essential to its business operations outside Vemido at appropriate intervals and under its own responsibility. In particular, the Customer must ensure that data exports are performed, backups are verified, and, where necessary, data can be restored or otherwise used independently of the Provider.
6.12 The Customer is obliged to notify the Provider without undue delay of any recognizable defects, malfunctions, security incidents, or cases of misuse and to cooperate to a reasonable extent in error analysis and remediation.
6.13 The Customer acknowledges that the protection of its user accounts, access credentials, and authentication features forms an essential part of its own operational security organization.
6.14 The Provider assumes no responsibility for how the Customer internally manages, stores, documents, discloses, or organizationally safeguards access credentials, unless this is expressly the subject of a separate written security or administration agreement.
6.15 The Customer bears the risk of damage, data loss, incorrect bookings, unauthorized modifications, deletions, disclosures, or other disadvantages resulting from insufficient protection, disclosure, revelation, theft, or misuse of its access credentials within its sphere of influence, organization, or responsibility.
6.16 The Customer is obliged to design its internal processes in such a way that unauthorized access, privilege escalation, password sharing, shared user accounts, and misuse of administrative rights are prevented as far as possible.
7.1 The prices agreed at the time of conclusion of the contract shall apply.
7.2 Unless stated otherwise, all prices are quoted in Swiss francs (CHF) and exclude any applicable statutory charges, in particular value added tax.
7.3 Recurring fees are payable in advance. One-time services, additional services, expenses for support, training, setup, data migration, custom developments, or third-party integrations shall be invoiced separately unless otherwise agreed in writing.
7.4 Invoices are payable without deduction within the payment period stated on the invoice.
7.5 In the event of default in payment, the Customer owes statutory default interest as well as reminder fees, collection costs, debt enforcement costs, and other reasonable enforcement costs.
7.6 Set-off against counterclaims is permitted only if such counterclaims are undisputed or have been finally adjudicated.
8.1 If the Customer is in whole or partial default with due payments, the Provider is entitled, at its sole discretion and without any obligation to compensate the Customer, to:
8.2 The blocking or discontinuation of services does not release the Customer from its existing payment obligations.
8.3 The Provider is also entitled to block, restrict, or discontinue services in whole or in part with immediate effect if:
8.4 The Provider is not obliged to conclusively clarify all factual or legal issues before implementing a suspension, provided that, from an objective perspective, there is a factual reason for a precautionary measure.
9.1 The Customer may not use Vemido to publish, distribute, store, or process unlawful content.
9.2 The Provider is entitled to block, deactivate, or restrict the availability of content if there are concrete indications of a legal violation, a breach of these GTC, or a risk to third parties.
9.3 The Provider is not obliged to generally or proactively review or continuously monitor the legality of content posted or processed by the Customer.
9.4 The Customer shall be fully liable to the Provider for all disadvantages, damages, costs, and claims incurred by the Provider as a result of unlawful or contractually non-compliant content or use by the Customer.
10.1 The Provider will endeavor to operate Vemido with as few disruptions as possible.
10.2 Unless a separate service level agreement has been expressly concluded, the Provider does not owe any specific minimum availability, uninterrupted accessibility, continuous operational readiness, or completely error-free functioning of Vemido.
10.3 The Provider is entitled to temporarily take Vemido out of operation in whole or in part, or to restrict its functionality, for maintenance, security updates, patches, upgrades, migrations, releases, bug fixes, performance optimizations, load balancing, backups, tests, or other technical work.
10.4 Disruptions, interruptions, delays, data loss, performance reductions, or functional impairments may in particular be caused by:
10.5 The Provider gives no warranty as to the compatibility of Vemido with all browsers, end devices, operating systems, APIs, plug-ins, email services, payment services, SMS services, third-party modules, or other third-party systems, unless expressly agreed in writing.
11.1 To the extent that technical options for data backup, backups, exports, or restoration exist within Vemido, they serve exclusively as a supporting function and, absent an express written supplementary agreement, do not establish any obligation of the Provider to perform complete, gapless, continuously available, or always successful data backup or data restoration.
11.2 The Customer is solely responsible for data backup in accordance with its business, legal, and operational requirements. The Customer shall regularly secure data essential to its business operations in an appropriate form, use export options, periodically verify the readability and completeness of its backups, and implement appropriate organizational emergency measures.
11.3 The Provider gives no warranty that backups, backup states, or export files will be available at all times, complete, current, error-free, or suitable for every purpose of the Customer.
11.4 Data restoration shall, where technically possible, be performed exclusively on the basis of the backup states available at the relevant time. There is no entitlement to restoration of any particular data set, version, or point in time.
11.5 To the extent permitted by law, the Provider shall not be liable for damage resulting from the Customer’s failure to back up, export, verify, archive, or otherwise keep its data available independently of Vemido, or from doing so insufficiently. This also applies to damage resulting from the Customer’s insufficient protection of its access credentials, thereby enabling unauthorized third parties to gain direct or indirect access to data, functions, bookings, or systems.
12.1 The Provider shall be liable only for direct damage demonstrably caused to the Customer by intentional misconduct or gross negligence on the part of the Provider. To the extent permitted by law, the Provider’s liability for slight negligence is excluded.
12.2 To the extent permitted by law, any liability of the Provider is excluded for:
12.3 In particular, the Provider shall not be liable for damage, financial losses, or lost income arising from the temporary or permanent unavailability of Vemido, from bookings not being processed, being processed late, or being processed incorrectly, from data being lost or corrupted in whole or in part, from data not being restorable in time, or from third parties gaining access to Vemido or to data processed therein as a result of insufficient protection of the Customer’s access credentials.
12.4 To the extent permitted by law, the Provider shall in particular not be liable for damage, data loss, incorrect bookings, unauthorized data alterations, unauthorized bookings, financial losses, or other disadvantages arising from third parties gaining access to Vemido or to data processed therein as a result of insufficient protection of the Customer’s access credentials.
12.5 The Customer acknowledges that Vemido is an internet-based software system whose operation depends on technical infrastructure and third-party services. Temporary unavailability, disruptions, delays, data loss, or data corruption cannot be ruled out with absolute certainty even where the standard of care customary in the industry is applied.
12.6 To the extent permitted by law, the Provider’s total liability per event of damage and per contract year is limited to the amount of remuneration actually paid by the Customer during the twelve months preceding the event giving rise to the damage.
12.7 Any further contractual or non-contractual liability of the Provider is excluded.
12.8 Mandatory statutory liability provisions remain reserved.
13.1 The Provider warrants that Vemido will be provided substantially in accordance with the agreed service description.
13.2 Insignificant deviations, purely visual defects, temporary disruptions, maintenance interruptions, or impairments that do not materially frustrate contractual use shall not give rise to warranty claims.
13.3 In the event of material defects, the Provider shall have the right, at its discretion and within a reasonable period, to remedy the defect, provide a workaround, provide a replacement, or adjust the affected function.
13.4 Any further claims of the Customer, in particular for price reduction, rescission, self-remedy, or damages, are excluded to the extent permitted by law.
14.1 To the extent that the Provider processes personal data on behalf of the Customer within the framework of Vemido, the Provider shall act as a processor within the meaning of the applicable data protection law.
14.2 The Customer remains responsible for the lawfulness of the data processing initiated by it. This applies in particular to the permissibility of the processing purposes, compliance with information obligations, obtaining any necessary consents, safeguarding data subject rights, and the permissibility of any disclosures.
14.3 The Provider shall implement appropriate technical and organizational measures to protect the processed data. Absolute data security is not owed.
14.4 The Provider is entitled to involve third parties and subprocessors in Switzerland and abroad in the performance of services to the extent legally permissible.
14.5 Upon conclusion of the contract, the parties shall enter into a data processing agreement (hereinafter referred to as the “DPA”). The DPA shall be made available to the Customer in its respectively applicable version during the electronic ordering, registration, or onboarding process. Before concluding the contract, the Customer shall have the opportunity to review the DPA in a storable format.
14.6 The DPA shall be deemed validly concluded when the Customer expressly agrees to it during the electronic ordering, registration, or onboarding process, in particular by clicking an appropriately designated checkbox or by completing the ordering process after having been expressly informed of the applicability of the DPA.
14.7 The relevant version of the DPA shall be the version displayed to the Customer at the time of its consent or otherwise made available in a storable format. For documentation and evidentiary purposes, the Provider is entitled to store the date, time, user account, contract or order ID, version status of the DPA, and the time of consent.
14.8 After conclusion of the contract, the Provider shall transmit to the Customer an electronic confirmation in text form, in particular by email, enclosing or linking to the version of the DPA applicable at the time of conclusion of the contract.
14.9 In the event of conflicts between these GTC and the DPA, the DPA shall take precedence for data protection issues relating to commissioned data processing. In all other respects, these GTC shall remain unaffected.
15.1 The Customer shall indemnify and hold harmless the Provider, its auxiliaries, and engaged third parties from and against all claims, demands, proceedings, damages, losses, fines, costs, and expenses arising out of or in connection with:
15.2 The indemnification also includes reasonable attorneys’ fees, consulting costs, court costs, investigation costs, settlement costs, and enforcement costs.
16.1 Support services shall be provided only to the extent agreed.
16.2 Unless expressly agreed otherwise in writing, there are no guaranteed response, intervention, remediation, or restoration times.
16.3 The Provider is entitled to refuse support requests or invoice them separately if they:
17.1 Unless agreed otherwise, the contract is concluded for an indefinite period.
17.2 Recurring subscriptions or usage agreements may be terminated by either party with 30 days’ notice to the end of a current billing period, unless otherwise contractually agreed.
17.3 The right to terminate without notice for good cause remains reserved.
17.4 Good cause for the Provider exists in particular if:
17.5 Upon termination of the contract, the Customer’s right of use shall automatically end.
17.6 After the end of the contract, the Provider is entitled to block access and delete data upon expiry of any statutory or contractual retention periods.
17.7 It is the Customer’s responsibility to ensure, in good time before termination of the contract, that its data is exported or otherwise secured.
18.1 The Provider is entitled to amend services, functions, prices, and these GTC with effect for the future, provided there is an objective reason for doing so. Objective reasons include in particular:
18.2 Changes shall be communicated to the Customer in an appropriate manner.
18.3 If the Customer does not object to a material change in text form within 30 days of notification, the change shall be deemed approved.
18.4 If the Customer objects in due time, the Provider is entitled to terminate the contract ordinarily or extraordinarily as of the effective date of the change.
19.1 Both parties undertake to treat as confidential all commercial, technical, organizational, and operational information of the other party that is not generally known.
19.2 The confidentiality obligation shall not apply to information that:
20.1 Neither party shall be liable for non-performance or delayed performance of its obligations to the extent caused by events beyond its reasonable control.
20.2 Cases of force majeure include in particular natural events, war, civil unrest, terrorism, pandemics, official orders, strikes, power outages, cyberattacks, failures of telecommunications or hosting infrastructures, and other unforeseeable and unavoidable events.
20.3 For the duration of an event of force majeure, the affected performance obligations shall be suspended.
21.1 Should individual provisions of these GTC be or become wholly or partially invalid, void, or unenforceable, the validity of the remaining provisions shall remain unaffected. The invalid provision shall be replaced by a legally permissible provision that comes as close as possible to the economic purpose of the invalid provision.
21.2 Side agreements, amendments, and supplements must be made at least in text form in order to be valid, unless mandatory law requires a stricter form.
21.3 The Provider is entitled to assign rights and obligations arising from the contractual relationship, in whole or in part, to third parties.
21.4 The Customer may assign rights and obligations arising from the contractual relationship to third parties only with the Provider’s prior written consent.
21.5 Swiss substantive law shall apply exclusively, to the exclusion of conflict of laws rules.
21.6 The exclusive place of jurisdiction shall be Lenzburg, Switzerland, unless a mandatory statutory place of jurisdiction takes precedence.
Version dated: March 10, 2026
1.1 This Data Processing Agreement governs the processing of personal data by the Processor on behalf of the Controller in connection with the use of the Vemido software solution.
1.2 This Agreement supplements the General Terms and Conditions (GTC), quotations, service descriptions, service specifications, and any other master agreements existing between the parties concerning the use of Vemido.
1.3 Unless otherwise provided in this Agreement, the provisions of the GTC and the master agreement shall apply in addition.
1.4 This Agreement shall apply to the extent that the Processor processes personal data on behalf of the Controller and acts as a processor under applicable data protection law.
1.5 Electronic Formation: This DPA may be entered into as part of Vemido’s electronic ordering, registration, or onboarding process. It shall be deemed validly agreed if the Controller had the opportunity, before or in direct connection with the conclusion of the contract, to review the text of this DPA in a storable form and agrees to it electronically, in particular by clicking a correspondingly designated checkbox or by completing the ordering process after being expressly notified that this DPA applies.
1.6 Controlling Version and Versioning: The controlling version shall be the version of the DPA that was made available to the Controller at the time of its consent. For documentation and evidentiary purposes, the Processor shall be entitled to store the date, time, user account, contract or order ID, DPA version status, and the time at which consent was given.
1.7 Confirmation in Text Form: Promptly after execution of this DPA, the Processor shall provide the Controller with an electronic confirmation in text form, in particular by email, attaching or linking to the version of the DPA that was controlling at the time the contract was concluded.
2.1 The Controller shall determine the purposes of, and the essential means for, the processing of the personal data that are collected, stored, organized, administered, transmitted, or otherwise processed via Vemido.
2.2 The Processor shall process personal data exclusively on behalf of, and in accordance with, the documented instructions of the Controller, unless a legal obligation requires different processing.
2.3 To the extent that the Processor processes personal data for its own purposes, in particular to comply with its own legal obligations, for billing, abuse prevention, IT security, documentation, or the enforcement of its own claims, such processing shall take place outside the scope of this DPA and under the Processor’s own responsibility under data protection law.
3.1 The subject matter of the processing is the provision of the services associated with Vemido, in particular provisioning, hosting, technical operation, administration, support, maintenance, troubleshooting, data backup, restoration, logging, and other processing activities related to the master agreement.
3.2 The nature and purpose of the processing, the categories of data subjects, and the categories of personal data processed are set out in Annex 1 to this Agreement.
3.3 The Controller bears sole responsibility for ensuring that the processing of personal data initiated by it is lawful and that only such personal data are processed via Vemido as may lawfully be processed in the specific individual case.
4.1 The Processor shall process personal data exclusively on the basis of documented instructions from the Controller, except to the extent that legal obligations require processing without, or contrary to, such instructions.
4.2 The following in particular shall be deemed documented instructions:
4.3 Oral instructions shall be confirmed without undue delay in text form.
4.4 If, in the Processor’s assessment, an instruction is problematic under data protection law, unlawful, or poses a technical security risk, the Processor shall notify the Controller accordingly. The Processor shall be entitled to suspend or refuse execution of an instruction that is manifestly unlawful until the matter has been clarified.
5.1 The Processor undertakes to process personal data only within the scope of this Agreement and the master agreement.
5.2 The Processor shall not use personal data made available or accessible to it in connection with the engagement for its own purposes that are incompatible with the engagement.
5.3 The Processor shall ensure that only those persons are granted access to personal data who:
5.4 The Processor shall implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing and against loss, destruction, accidental alteration, or unauthorized disclosure. The principles of these measures are set out in Annex 2.
5.5 The Processor shall support the Controller to an appropriate extent with:
5.6 The Processor shall not be obligated to perform legal assessments, balancing of interests, or independent substantive reviews of the permissibility of the processing on behalf of the Controller.
6.1 The Controller represents that it processes, or causes to be processed, personal data only in compliance with applicable data protection law.
6.2 The Controller shall be responsible in particular for:
6.3 The Controller shall configure and use Vemido in such a way that the data protection requirements applicable to its use case are complied with.
6.4 The Controller shall remain responsible for the security of its user accounts, access credentials, role and permission concepts, internal approval processes, and data backup within its own organizational sphere, unless additional services by the Processor have expressly been agreed in writing.
6.5 As a general rule, the Controller shall itself respond to requests for access and other data subject requests. The Processor shall support the Controller in this regard to an appropriate extent.
7.1 The Processor shall treat all personal data processed on behalf of the Controller as confidential.
7.2 The Processor shall ensure that its employees, auxiliary persons, and engaged third parties who may come into contact with personal data are bound to confidentiality or are subject to an adequate statutory duty of secrecy.
7.3 The duty of confidentiality shall continue to apply after termination of this Agreement.
8.1 The Processor shall implement appropriate technical and organizational measures, taking into account in particular:
8.2 The essential measures are described in Annex 2.
8.3 The Processor shall be entitled to further develop and modify the technical and organizational measures, provided that the overall level of protection is not reduced inappropriately.
9.1 The Controller hereby grants the Processor general prior authorization to engage additional processors to the extent required for the provision of the services.
9.2 The sub-processors engaged at the time of contract formation are listed in Annex 3.
9.3 The Processor shall inform the Controller in an appropriate manner of any intended changes concerning sub-processors, in particular their replacement or the engagement of additional sub-processors.
9.4 If the Controller, for factually justified reasons relating to data protection, objects in writing to a new sub-processor within 30 days from notification, and if no reasonable alternative can be offered, both parties shall be entitled to terminate the affected service or the master agreement upon reasonable notice.
9.5 The Processor shall contractually bind sub-processors to data protection and security standards that correspond in substance to the protections of this Agreement.
9.6 The Processor shall remain responsible vis-à-vis the Controller for the proper performance of the services assumed by sub-processors, to the extent permitted by law and subject to any differing liability provisions in the master agreement.
10.1 As a general rule, the Processor shall process personal data in Switzerland or in countries with an adequate level of data protection.
10.2 To the extent that processing or accessibility abroad occurs or is possible, the Processor shall ensure that the applicable requirements under data protection law are complied with.
10.3 If disclosure takes place to a country without an adequate level of data protection, such disclosure may occur only on the basis of appropriate safeguards or another legally permissible justification.
10.4 The Controller acknowledges that the use of certain technical services, support services, communication services, or infrastructure services may involve processing with a foreign nexus, provided that this is disclosed in the master agreement, the annexes, or the documentation.
11.1 If the Processor receives inquiries from data subjects concerning processing carried out by the Controller, the Processor shall forward such inquiries to the Controller without undue delay and without conducting its own substantive review, provided that an allocation is possible.
11.2 The Processor shall not independently respond to such inquiries unless:
11.3 The Processor shall support the Controller to an appropriate extent with the information and functionalities available to it so that the Controller can fulfill its legal obligations.
12.1 The Processor shall inform the Controller as quickly as possible of any data security breaches that affect or may affect the Controller’s personal data.
12.2 To the extent possible and reasonable at the relevant time, the Processor’s notice shall include, in particular, information regarding:
12.3 The Processor shall support the Controller to an appropriate extent in the assessment, containment, documentation, and handling of a data security breach.
12.4 The legal assessment of whether notification to a data protection supervisory authority or communication to data subjects is required shall, as a general rule, be the responsibility of the Controller.
13.1 Upon reasonable request, the Processor shall make available to the Controller the information necessary to demonstrate compliance with this Agreement.
13.2 Such demonstration may in particular be provided by means of:
13.3 On-site audits shall be permissible only if:
13.4 The Processor may require that audits be carried out by a qualified, independent auditor who is bound to confidentiality.
13.5 The Controller shall bear the costs of an audit initiated by it, unless there is a demonstrable serious breach by the Processor of this Agreement.
14.1 Upon termination of the master agreement or upon the Controller’s written instruction, the Processor shall, at the Controller’s option, with respect to the personal data processed on behalf of the Controller:
14.2 Statutory retention obligations, evidentiary and documentation obligations, and technically unavoidable residual copies in backup or recovery systems remain reserved. Such residual copies shall not be further processed in production and shall be removed within the framework of the usual overwrite and deletion cycles.
14.3 The Controller shall be obligated, prior to the end of the contract, to independently and in a timely manner make use of available export and backup options to the extent that, under the master agreement, this falls within its area of responsibility.
15.1 Unless expressly agreed otherwise, compliance with this DPA shall be covered by the compensation under the master agreement to the extent that it does not exceed the usual and reasonable effort.
15.2 Additional effort arising from extraordinary instructions, extensive cooperation obligations, special audits, individualized security attestations, migration-related export services, extensive data subject requests, or administrative proceedings may, after prior notice to the Controller, be invoiced separately by the Processor on a time-and-materials basis.
16.1 The liability of the parties shall be governed by the provisions of the master agreement and the GTC, unless this DPA expressly provides otherwise.
16.2 This DPA does not create any strict liability of the Processor beyond that provided for in the master agreement.
16.3 To the extent permitted by law, the limitations of liability, exclusions of liability, and cooperation obligations of the Controller set out in the GTC shall remain unaffected.
17.1 This DPA shall enter into force upon the Controller’s electronic or otherwise documented acceptance, but in any event no later than before the first productive processing of the Controller’s personal data by Vemido.
17.1a Until this DPA has been validly concluded, the Processor shall neither be obligated nor authorized to process the Controller’s personal data in production within the framework of processing on behalf of the Controller. The Processor shall be entitled to withhold activation of the relevant functions until this DPA has been validly concluded or to restrict the customer account to non-productive use without the processing of personal data.
17.2 This DPA shall remain in effect for as long as the Processor processes the Controller’s personal data on behalf of the Controller.
17.3 Upon termination of the master agreement, this DPA shall also terminate automatically, subject to those provisions that by their nature continue beyond termination, in particular regarding confidentiality, liability, evidence, statutory retention, and deletion and residual copies in backup systems.
18.1 This DPA supplements the master agreement and the GTC.
18.2 In the event of inconsistencies between this DPA and the GTC or other contractual documents, this DPA shall prevail for issues of data protection relating to processing on behalf of the Controller.
18.3 In all other respects, the GTC and the master agreement shall remain unchanged and in full force and effect.
19.1 Amendments and supplements to this DPA must be made at least in text form.
19.2 Should individual provisions of this DPA be or become wholly or partially invalid or unenforceable, the validity of the remaining provisions shall remain unaffected. The invalid provision shall be replaced by a legally permissible provision that comes as close as possible to the economic purpose of the invalid provision.
19.3 Swiss substantive law shall apply unless mandatory data protection law requires otherwise.
19.4 To the extent permissible and unless the master agreement provides otherwise, the place of jurisdiction shall be Lenzburg, Switzerland.
19.5 Language Versions: This DPA may be provided in multiple language versions. As a general rule, the controlling language version shall be the one displayed to, and accepted by, the Controller in the electronic ordering, registration, or onboarding process. If the parties subsequently expressly agree that another language version or a bilingual contract version shall be binding, such individual agreement shall prevail.
1. Subject Matter of the Processing: Provision and operation of the Vemido software solution as a booking, scheduling, resource, and administration platform.
2. Purpose of the Processing: Enabling the capture, organization, administration, confirmation, communication, documentation, and evaluation of bookings, appointments, resources, customer data, user access, and related business processes of the Controller.
3. Nature of the Processing: Collection, capture, structuring, organization, storage, retention, adaptation, modification, retrieval, consultation, use, disclosure by transmission, making available, alignment, restriction, deletion, and destruction.
4. Categories of Data Subjects (depending on use):
5. Categories of Personal Data (depending on use):
6. Sensitive Personal Data: Only to the extent that the Controller processes such data within the scope of its use and such processing is lawful, in particular in health-related, therapeutic, or comparable use cases.
7. Duration of the Processing: For the duration of the master agreement and thereafter only to the extent required by statutory obligations, evidentiary purposes, backup copies, or technically unavoidable residual copies.
The Processor shall implement appropriate technical and organizational measures, in particular in the following areas:
Sub-processors engaged at the time this DPA is concluded, to the extent used in the Controller’s specific setup:
วีมิโดใช้คุกกี้ที่จำเป็นทางเทคนิคเท่านั้น โดยเฉพาะเพื่อจัดเก็บภาษาของเว็บไซต์ที่คุณเลือก ไม่มีการใช้คุกกี้เพื่อการวิเคราะห์หรือการตลาด