Marketplace Terms of Service Agreement

1. Subject Matter

1.1 Subject Matter. Personio GmbH & Co. KG (hereinafter “Personio”) offers a web-based personnel administration and recruiting software (hereinafter “Personio Software”) for small and medium-sized companies, in particular via personio.com. The Partner offers and operates a software or online service (hereinafter “Partner Application”) and intends to create an application interface between the Partner Application and the Personio Software so that data and commands can be exchanged between the Personio Software and the Partner Application (hereinafter “Integration”). To facilitate the Integration the Partner intends to use an Application Programming Interface (API) of Personio (hereinafter “Personio API”). Once the Integration is accepted by Personio, Personio will list the Integration on the Personio marketplace (currently at marketplace.personio.com) (hereinafter “Personio Marketplace”).
This Marketplace Terms of Service Agreement (hereinafter “Agreement”) sets forth the rights and obligations of Parties in connection with the Integration, including the requirements and the process of review and acceptance of the Partner Application.

1.2. Applicable Terms. Terms and conditions of the Partner do not apply, unless Personio expressly agrees to their application in writing. Personio does not offer the Integration to Partners who are consumers within the meaning of § 13 BGB (German Civil Code)

2. Partner Integration Review and Acceptance

2.1. Acceptance Requirement. Before the Partner may use the API, manage real live data with the API and offer the Integration to its customers, the Integration must be reviewed and accepted by Personio as set out in this Agreement. For the avoidance of doubt, the use of the API for testing and development purposes does not require such acceptance, provided that only (anonymous) testing data is used.

2.2. Review Process. Partner must complete an application form and submit all required documents for review. Submitted information must be accurate and complete. Personio will conduct a technical quality check of the Integration. Within such quality check Personio will review whether the Integration complies with the Partner Integration Acceptance Criteria, which includes (i) the API Security Policy, (ii) the API Use Policy and (iii) the terms of this Agreement. If Personio deems the requirements to be fulfilled, Personio will in its discretion accept the Integration after a live/demo presentation of the Integration and the Partner Application in a joint session. The review process description, the application form, a list of all required documentation and the Partner Integration Acceptance Criteria are available online on our Developer Hub. The Partner Integration Acceptance Criteria may include criteria like data security, compliance with Personio’s technical specifications, user friendliness and quality of the Partner Application. Personio is not obliged to accept an Integration.

2.3. Changes to the Integration. If the Partner intends to materially change the Integration after acceptance, the Partner must submit the changes for a new acceptance before offering the changed version of the Integration to its customers. A change is material if it raises again the question of compliance with the Partner Integration Acceptance Criteria.

3. Personio Obligations

3.1. Integration Review. Personio will conduct the review process in a timely manner, provided that the Partner submits all required documentation.

3.2. Listing. Personio will list accepted Integrations on the Personio Marketplace. Details of the listing remain in the discretion of Personio.

3.3. API Availability. Personio will use commercially reasonable efforts to make the Personio API available 99 % an annual average. Excluded from this are times in which the server cannot be reached due to other technical problems beyond the control of Personio (in particular force majeure, third party negligence). Also excluded are planned maintenance work which Personio will announce duly in advance.

3.4. Support. Unless otherwise agreed Personio shall not be obliged to provide support for the Personio API.

4. Partner Obligations

4.1. Compliance of Integration. The Partner will ensure that the Integration conforms to the Partner Integration Acceptance Criteria (including the API Security Policy and the API Use Policy) during the entire term of this Agreement. The Partner will use the Personio API in compliance with this Agreement and will - in the course of using the Personio API - not violate third party rights or any applicable laws or regulations, in particular data protection laws and regulations and copyright laws. The Partner may use the Personio API solely for the purpose of providing the Partner Application and Integration as set out in the description of the Partner available at the Personio Marketplace and as set out in the joint review process.

4.2. Limited Use Purposes. The Partner shall not use the API for the purpose of (i) creating publicly available directories based on the information retrieved from the API (e.g. a public employee handbook) or (ii) for building an alternative HR record keeping system, or for (iii) creating a tool to migrate Personio customers to a competitor of Personio except respectively with the prior written consent of Personio, which Personio will not unreasonably withhold.

4.3. Test Environment. Partner will provide Personio with a fully functional test environment and logins for the Integration, which Personio may use, store, copy and distribute for internal testing and evaluation purposes. The test environment must be functionally identical to your production environment.

4.4. Access Credentials. The Partner will keep all access credentials provided by Personio for the Personio API secret and confidential, and will not share, assign, or transfer them to any third party. The Partner is responsible for all activities that occur using its access credentials.

4.5. Notification of Changes and Problems. The Partner will notify changes of the Integration to Personio and obtain Personio’s prior acceptance in accordance with section 2.3. The Partner shall report to Personio without undue delay disruption of the availability of the Personio API or any other malfunction of the Personio API.

4.6. Support. The Partner will provide Personio with a support contact and offer reasonable support in case of any issue raised by Personio in connection with any technical aspect of the Integration, e.g. in case of a complaint by a Personio customer or a synchronization error.

4.7. Responsibility. Partner shall be fully responsible for the Partner Application and the Integration, in particular that the Partner Application and Integration is free from defects, does not violate third party rights or any applicable laws or regulations. Customer of the Partner or any other third parties shall have no rights against Personio form this Agreement.

4.8. Warranties. The Partner warrants that (i) all information the Partner provides to Personio is true, accurate, and complete, and that (ii) the Integration (a) does not contain, and will not transmit to Personio, any viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs, and (b) will not interfere with, disrupt, or harm Personio, the Personio API, the systems, servers, or networks providing the foregoing, or anyone’s use of the Personio Software, (iii) the Partner will not use the Personio APIs or any data obtained using the Personio APIs to identify, exploit or publicly disclose any potential security vulnerabilities; and (iv) the Partner will not reverse engineer, decompile, disassemble, or derive source code from the Personio API or Personio Software.

4.9. No representation. The Partner will not suggest any affiliation with Personio, including any suggestion that Personio sponsors, endorses or guarantees the Integration or Partner Application, except for the API Integration relationship expressly contemplated in this Agreement. The Partner will not make any representations, warranties or commitments on behalf of Personio or regarding the Personio Software or the Personio APIs.

5. Remuneration

Unless otherwise agreed any services of each Party under this Agreement shall be free of charge.

6. Intellectual Property Rights, Use of Names and Trademarks

6.1. IP Rights. Each Party shall remain owner of its intellectual property rights, in particular Personio shall keep all rights in the Personio Software and the Personio API and the Partner shall keep all rights in the Partner Application and the Integration.

6.2. Use of Names and Trademarks. Personio and Partner each grant the other Party hereby a limited, non-exclusive, non-sublicensable, non-transferable and non-assignable license during the term of this Agreement to display the licensing’s party trade names, trademarks, service marks, logos and domain names (“Brand Features”) that the licensing’ party makes available solely for the purposes of: (a) online and offline marketing and promotion of the availability of the Integration in the Personio Marketplace; and (b) for any mutually agreed marketing activities. Both Parties agree: (I) not to display the licensing’ party Brand Features in any way that violates applicable law, including laws regarding libel, slander, obscenity and infringement, or in a way that suggests that it has created, sponsored, or endorsed the Integration or its content, and (ii) that all displays of the licensing’s party Brand Features will be in accordance with the licensing’s party branding guidelines made available to the other Party. The branding guidelines of Personio are available at our Partner Marketing Kit page.

6.3. Feedback. Either Party may from time to time elect, in its sole discretion, to provide suggestions, comments, improvements, ideas or other feedback to the other Party related to such other Party’s products and services (”Feedback”). Such Feedback is provided on an “as is” basis with no warranties of any kind and the receiving Party will have a non-exclusive, perpetual and irrevocable right and license to use such Feedback. Each Party agrees not to provide Feedback that it knows is subject to any intellectual property claim by a third party or any license terms which would require products or services derived from such Feedback to be licensed to or from, or shared with, any third party.

6.4. Data Analytics. Personio may analyze the use of the Personio API by Partner (e.g. amount and times of access requests, transferred amount of data) for the purpose of ensuring compliance with this Agreement, data security and in order to improve or further develop the Personio API and other services of Personio.

7. Data Protection and Security

7.1. Roles. Personio acts as a data processor within the meaning of Article 3 no. 8 EU General Data Protection Regulation (GDPR) for its customers which act as data controllers within the meaning of Article 3 no. 7 GDPR. It is the Parties intend and understanding that the Partner acts as an independent data processor for the customer or as a data controller, but Personio and Partner are neither joint controllers (within the meaning of Art. 26 GDPR) nor are in a processor and sub-processors relationship.

7.2. Compliance and Customer instructions. The Partner shall comply with all applicable laws and regulations on the protection of personal data, in particular the GDPR, when processing personal data in the course of the Integration. Partner shall access, modify or otherwise process personal data through the Personio API only if and to the extent authorized or instructed by the customer and data controller.

7.3. Personal Data Breach. If the Partner becomes aware of a personal data breach within the meaning of Art. 3 no 12 GDPR that occurred in connection with the use of the Personio API (e.g. unauthorized access to customer data through the Personio API), the Partner shall inform Personio without undue delay and provide Personio with the information as set out in Art. 33 para 3, 4 GDPR. The Partner shall consult and cooperate with investigations, assist with any required notices, and provide any information reasonably requested by Personio.

8. Term and Termination

8.1. Term and Termination for Convenience. This Agreement shall have an indefinite term. It may be terminated for convenience by either party with a 90 days notice period.

8.2. Termination for Cause. The right to terminate for good cause shall remain unaffected. A good cause shall in particular exist if the Partner fails to comply with data security requirements or caused a personal data breach or if the Partner during the term of this Agreement fails to comply with the Partner Integration Acceptance Criteria and does not rectify such defect within 30 days.

8.3. Form of Termination. Termination shall be made in writing (no email). If this Agreement was entered into in electronic form, termination in the same electronic form (e.g. copy of signed PDF, DocuSign) shall be considered sufficient.

8.4. Special Right to Terminate. Personio shall be entitled to terminate this Agreement without a notice period if (a) Personio decides to generally cease to provide the Personio API or to materially change its offer of an application programming interface (API), or (b) the Partner or an affiliated company of Partners becomes a competitor of Personio or of an affiliated company of Personio.

8.5. Effect of Termination. Upon termination of this Agreement the Partner will cease to use the Personio API and cease to operate, market and offer the Integration and Personio will no longer list the Integration in the Marketplace.

8.6. Blocking of Access. Personio is entitled to temporarily block access to the Personio API if Personio has good reason to believe that the use of the API is violating the Partner Integration Acceptance Criteria, including the API Security Policy and the API Use Policy, or otherwise constitutes a potential security or performance threat. Personio shall immediately inform the Partner of any such blocking and the Parties shall cooperate in good faith to resolve the reason for the blocking.

9. Confidentiality

9.1. Duty of Confidentiality. During the term of this Agreement and for five years thereafter, the Parties will use all Confidential Information within the meaning of section 9.2 solely for purposes of this Agreement and will keep it confidential; in particular, the disclosure of Confidential Information to Third Parties requires the prior written consent of the other party.

9.2. Confidential Information. "Confidential Information" refers to all documents, information and data labelled or referred to as "confidential" by the disclosing Party, which have been made accessible to the parties, or of which they became aware, due to their cooperation, and all information which is confidential by its nature. Confidential Information includes in particular customer data exchanged through the API.

9.3. Exceptions. Without granting any right or license, the obligations pursuant to section 9.1 do not apply to the extent the Party receiving Confidential Information can demonstrate that the Confidential Information lawfully
a. was in the public domain at the time of disclosure or entered the public domain thereafter, or
b. was disclosed to the receiving party by a Third Party, or
c. was already in the possession of or known to the receiving party at the time of disclosure, or
d. was developed by the receiving party independently from the Confidential Information, or
e. must be disclosed pursuant to statutory or regulatory provisions or because of a court order if the disclosing Party is immediately notified of this requirement and if the scope of disclosure is limited as much as possible.

9.4. Third Parties. The term “Third Parties” within the meaning of the preceding provisions does not include lawyers, auditors and tax offices as well as persons who are bound by professional non-disclosure obligations. Vis-à-vis Personio, sub-contractors of Personio are not third parties.

10. Liability and Claims for Defects

10.1. Limitation of Liability. Personio is providing the Personio API and its other services under this Agreement free of charge. Insofar the provisions on loan of the German Civil Code (BGB) shall apply, i.e. in particular, Personio’s liability for defects is limited to fraudulent intent according to § 600 BGB, liability is limited to intent and gross negligence according to § 599 BGB and the reduced limitation period of six months according to § 606 BGB applies.

10.2. Failure of Personio API. Personio shall not be liable for any damages resulting from the non-availability, irresponsiveness or malfunction of the Personio API, except in case of intend.

11. Indemnification

11.1. Duty to Indemnify. If third parties (including data subjects, customers or user of the Personio Software or Partner Application) assert claims or legal infringements against Personio based on the allegation that the Partner has breached this Agreement, in particular has used the Personio API in violation of applicable data protection laws or in otherwise illegal manner, the following shall apply: Partner shall indemnify Personio against such claims, provide Personio with reasonable assistance in defending its rights and indemnify Personio against the costs of defending its rights.

11.2. Conditions. It is a prerequisite for the indemnification obligation according to clause 11.1 that Personio immediately informs the Partner in writing about asserted claims, does not make any acknowledgements or equivalent declarations and enables the customer to conduct all judicial and extrajudicial negotiations about the claims at the partner's expense - as far as possible.

12. Reservation of Changes

12.1. Changes of terms. Personio has the right to change the terms of this Agreement including the Partner Integration Acceptance Criteria at any time or to amend terms for the use of any newly introduced additional services or features of the Personio API. Changes and amendments to this Agreement shall be announced to the Partner not later than four weeks before the scheduled change. The Partner’s consent to the change of the terms of the Agreement will be deemed granted if the Partner does not object to the change in textual form (e. g. letter, fax, email) within a period of two weeks, beginning with the day following the day of the announcement of the change. Personio undertakes to separately indicate in the announcement of the change the possibility of objection, the deadline for an objection, the and the meaning or consequences of omitting an objection. If the Partner objects to the change, Personio reserves the right to terminate the Agreement with effect to the effective date of the announced change.

12.2. Changes of the Personio API. Personio reserves the right to technically modify the Personio API or to offer deviating functionalities. Personio will announce material changes to Personio API in due advance on its website. Personio in particular reserves the right to modify the Personio API or to offer deviating functionalities, (i) to the extent necessary to make the services offered by Personio compliant to the law applicable to such services, in particular if the legal situation changes; (ii) to the extent Personio complies with a court order or authority decision addressed to Personio; (iii) to the extent necessary to eliminate security vulnerabilities; (iv) due to significant changes in the services or contractual conditions of third-party providers, or (v) to the extent that this is predominantly beneficial for the customer. Personio especially reserves the right to restrict or discontinue the provision of functionalities if the technical partners for these additional functionalities or the providers of the third party systems significantly change or limit their services or terms of service and Personio can therefore no longer reasonably be expected to continue providing the above, such as if the additional expense due to Personio’s involvement would be disproportionately high.

13. Final Provisions

13.1. Applicable Law. This Agreement and all disputes related thereto (both under contract and tort aspects) are exclusively governed by German law excluding UN Sales Law (United Nations Convention on Contracts for the International Sale of Goods, CISG).

13.2. Language of Contract and Interpretation. The text of the Agreement may be available in German and English language. In case of a conflict or in case of ambiguities, the German version is decisive for customers in the DACH region. In all language versions, legal terms have the meaning afforded to them by the legal understanding in Germany pursuant to German law.

13.3. Venue. If the Customer is a merchant, a legal person under public law or a special fund under public law, the sole venue is the place of jurisdiction of Personio. Personio remains entitled to bring action at the establishment of the Customer.

13.4. Severability. If individual terms of this Agreement were to be or become invalid, the validity of the remaining terms is not affected. In lieu of the invalid provision, the following shall apply: such provision as the Parties would have agreed in good faith pursuant to the originally intended purpose from an economic perspective. This also applies in case of a gap.