Logo

Terms and Conditions

Preamble

Lunelink GmbH ("Lunelink") operates a cloud-based, AI-powered marketing platform ("Platform") for the management of advertising accounts, the creation of advertising assets, community management, review management, and the analysis and optimization of marketing campaigns on third-party platforms (e.g., Meta, Google, TikTok, LinkedIn, Pinterest). These General Terms and Conditions ("GTC") govern the contractual basis for the use of the Platform by companies, agencies, self-employed individuals, and other commercial customers ("Users"). The Platform is not intended for consumers within the meaning of Section 13 of the German Civil Code (BGB).

1. Use of the Platform

  1. Access to the platform is generally via a web application. Lunelink may also offer mobile applications. There is no entitlement to the provision of specific access methods.
  2. Use of the platform requires user registration (“Registration”). Upon completion of Registration or upon signing an individual offer, a user agreement is concluded between the user and Lunelink.
  3. Only natural persons with full legal capacity, as well as legal entities and partnerships acting in the course of their commercial or self-employed professional activities, are eligible to register. Registration or use on behalf of a third party or a fictitious person is prohibited. Providing false information during registration and/or in the user account is also prohibited.
  4. If the registration is for a company or organization, the person registering represents and warrants that they are duly authorized to act on behalf of the company and to enter into binding agreements with Lunelink.
  5. Lunelink may refuse registration on the platform without providing reasons. Lunelink reserves the right to verify the authenticity of registration requests and to make completion of registration contingent upon successful verification. This does not affect Lunelink’s right to verify the authenticity of existing accounts at any time by random spot checks and to delete such accounts if they violate the foregoing requirements.
  6. Users are required to keep their login credentials secure, in particular not to disclose them to third parties, and to take appropriate measures to protect their account from unauthorized access.
  7. Although user content and data are stored and made available on the platform, the scope of Lunelink’s services does not include a dedicated cloud storage service. Lunelink is not obligated to keep user content permanently available or to archive it unless expressly agreed otherwise.
  8. Use of the platform by minors is prohibited.
  9. The contract language is German. After a contract is concluded with a user, Lunelink does not store an individualized copy of the contract text; however, the current version is available to the user on the website and within the platform.
  10. Communication between Lunelink and users may occur via electronic channels (in particular email, in-app notifications, and messaging within the platform).

2. Scope of Services of the Platform and Third-Party Platforms

  1. Lunelink provides the user with a platform for the duration of the contract term through which the user can, in particular, manage ad accounts, create AI-powered ad creatives, manage communication channels (e.g., comments and messages), manage reviews, access AI-powered optimization recommendations, and view analytics and dashboards. The specific scope of features is governed by the service description in effect at the time the contract is concluded or by the individual offer.
  2. The platform enables the integration of advertising accounts and other accounts with third-party providers (e.g., Meta Ads, Google Ads, LinkedIn Ads, TikTok Ads, Pinterest Ads, review platforms). Use of these third-party platforms and their APIs is governed by the respective contractual relationships between the user and the respective third-party provider. Lunelink is not a party to these contractual relationships and is not liable for the availability, functionality, or changes to the third-party platforms.
  3. The user is solely responsible for complying with the applicable terms of use, advertising policies, and other requirements of the connected third-party platforms. Lunelink does not review content created by users or delivered via the platform for compliance with legal requirements or third-party policies.
  4. AI features (e.g., for creating ad creatives, reply suggestions for community management, or optimization recommendations) are based on statistical models and historical data. Lunelink does not guarantee any specific business outcomes (e.g., specific conversion rates, revenue, or reach) and is not liable for user decisions made based on the provided analyses or recommendations.
  5. Lunelink may further develop, adapt, or modify the platform’s functionality, taking users’ interests into account, provided that no core contractual obligations are restricted or reasonable alternatives are made available to users.

3. User Obligations and Content

  1. The user is fully responsible for all content, data, and information that they add to the platform or process through it, in particular advertisements, creatives, texts, images, videos, reviews, responses to reviews, comments, and messages.
  2. The user represents and warrants that they hold or have duly obtained all rights required for the use, publication, and processing of the content (including, in particular, copyright, trademark, personality rights, and other protective rights) and ensures that no third-party rights are infringed.
  3. The user agrees not to post any illegal, discriminatory, offensive, harmful-to-minors, extremist, pornographic, indecent, or otherwise prohibited content via the platform, and not to engage in unlawful advertising (e.g., under the UWG). The same applies to automated reply suggestions, which the user is solely responsible for reviewing before sending.
  4. The user agrees to comply with all applicable laws (in particular data protection law, competition law, telemedia law, consumer protection law, and professional regulations) as well as the relevant policies of the integrated third-party platforms.
  5. The user shall indemnify and hold Lunelink harmless from all third-party claims arising from the user’s unlawful use of the platform or from breaches of duty attributable to the user. This also includes reasonable costs of legal defense.

4. Fees and Payment Terms

  1. Use of the platform generally requires payment of a fee. The fees payable by the user (“Fees”) are set forth in Lunelink’s price list in effect at the time the contract is concluded or in an offer individually agreed with the user. Lunelink may provide individual features, clearly labeled as such, free of charge during test phases.
  2. Unless otherwise agreed, fees are invoiced in advance as recurring charges (e.g., monthly or annual fees). If usage-based components (e.g., based on the number of accounts, seats, or volume) are agreed, they will be billed in arrears on a regular basis.
  3. Invoices are due within 14 days of the invoice date, payable without any deductions, unless otherwise stated on the invoice. Payments are to be made to the business account specified on the invoice or via the available electronic payment services.
  4. In the event of payment default, Lunelink is entitled to charge statutory default interest and, upon prior notice, temporarily suspend access to the platform. The user’s obligation to pay the agreed fees shall remain unaffected.

5. Privacy Policy

  1. Lunelink processes users’ personal data, as well as the personal data of data subjects whose data are processed via the platform, in accordance with applicable data protection laws and the Privacy Policy available on the website and within the platform.
  2. As a general rule, the respective user is to be regarded as the controller for data protection purposes in relation to the personal data they process via the platform. In this respect, where applicable, Lunelink acts as a processor within the meaning of Article 28 GDPR.
  3. The upload and processing of personal data in connection with use of the platform are the sole responsibility of the user. Insofar as the user is required to enter into a data processing agreement, the data processing agreement attached hereto as Annex 1 (DPA) serves as the basis for data processing by Lunelink on the user’s behalf.

6. Contract Term and Termination

  1. The User Agreement between Lunelink and the user runs for an indefinite term or for the agreed minimum term. If a minimum term has been agreed, the contract automatically renews for the agreed renewal period unless terminated in accordance with the applicable notice period.
  2. Unless otherwise agreed, the parties may terminate the User Agreement at any time, effective at the end of the respective contract or renewal term, with one month's notice and without cause.
  3. The right of either party to extraordinary termination for good cause remains unaffected. In particular, good cause for Lunelink exists if the user, despite a reminder and the granting of a reasonable grace period, is in default on due payments of a not insignificant amount or repeatedly breaches material contractual obligations, in particular Section 3 of these Terms and Conditions.
  4. When the termination becomes effective, the user's access to the platform ends. Lunelink is entitled to store or delete data in accordance with statutory retention requirements. Any further obligations to provide data exist only to the extent expressly agreed or required by mandatory statutory provisions.

7. Liability

  1. Lunelink is liable under statutory provisions for injury to life, limb, or health resulting from a culpable breach of duty. Lunelink is also liable under statutory provisions for other damages resulting from intentional or grossly negligent breaches of contract. To the extent the Product Liability Act applies, Lunelink is liable without limitation in accordance with its provisions.
  2. If damage is based on a breach of a material contractual obligation caused by ordinary negligence (i.e., an obligation the fulfillment of which first enables proper performance of the contract, the breach of which endangers achievement of the contract’s purpose, and on the observance of which users may regularly rely), Lunelink’s liability is limited to the foreseeable, contract-typical damage.
  3. Any further liability of Lunelink for damages (regardless of the legal basis) is excluded. This applies in particular to lost profits, failure to realize savings, production downtime, business interruptions, or other indirect and consequential damages. Mandatory statutory liability provisions remain unaffected.

8. Other

  1. If any individual provisions of these Terms and Conditions are or become invalid or unenforceable, the validity of the remaining provisions shall not be affected. In place of the invalid or unenforceable provision, a valid provision shall be deemed agreed that most closely reflects the intended economic purpose of the invalid provision.
  2. Substantive German law applies, excluding German conflict-of-law rules and the UN Convention on Contracts for the International Sale of Goods (CISG). Where legally permissible, the courts of Hamburg shall have jurisdiction.

Annex 1: DPA

Preamble

The Contractor (Lunelink) processes personal data on behalf of the Client (User) within the meaning of Article 4(8) and Article 28 of Regulation (EU) 2016/679 – General Data Protection Regulation (“GDPR”). This Data Processing Agreement (“Agreement”) specifies the data protection obligations of the contracting parties arising from the processing on behalf described in the main contract. This Agreement applies to all activities related to the main contract in which employees of the Contractor or third parties engaged by the Contractor may come into contact with personal data provided by the Client.

1. Definitions

  1. Personal data means all information provided by the client that relates to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to that natural person’s physical, physiological, genetic, mental, economic, cultural, or social identity (Article 4(1) GDPR).
  2. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4(2) GDPR).
  3. Instructions means any instructions issued by the Controller to the Processor directing the Processor to process personal data. The Instructions are initially set out in the Main Agreement and may thereafter be amended, supplemented, or replaced by the Controller through individual instructions ("Individual Instructions").

2. Subject Matter of the Contract, Responsibility

The Processor processes the personal data on behalf of the Controller. The Controller is solely responsible for compliance with the statutory provisions of data protection laws, in particular for the lawfulness of the disclosure of the personal data to the Processor as well as for the lawfulness of processing such data (the "controller" within the meaning of Art. 4(7) GDPR).

3. Duration

The term of this agreement matches the term of the master agreement. The right to terminate for cause remains unaffected.

4. Scope, Nature, and Purpose of the Intended Processing of Personal Data

The scope, nature, and purpose of the processing of personal data by the Processor on behalf of the Controller are specifically described in the main agreement. The processing is carried out in particular for the purpose of providing the Lunelink marketing platform, including ad account management, ad creative production, community management, review management, and the analysis and optimization of marketing activities.

5. Data type

The processing of personal data concerns, in particular, the following types/categories of data:

  • Contact and master data of users (e.g., names, contact details, login credentials).
  • Personal data of customers, prospects, or other communication partners of the client that are processed as part of marketing, communication, or review processes (e.g., names, contact details, communication content, review content).
  • Usage, tracking, and campaign data, to the extent that they relate to identified or identifiable natural persons.

6. Affected Persons

The categories of data subjects whose personal data are processed include, in particular:

  • Users (e.g., employees of the client who use the platform).
  • Customers, prospects, and other communication partners of the client.

7. Correction, Deletion, Blocking, and Provision of Data

  1. The Client may, at any time during and after termination of this Agreement or the Master Agreement, demand the rectification, deletion, blocking, and return of personal data pursuant to a lawful specific instruction.
  2. The client defines the measures for returning the provided storage media and/or deleting the stored personal data after termination of the contract, either in the contract or by individual instruction.

8. Technical and Organizational Measures

  1. The Contractor shall implement appropriate technical and organizational measures to secure personal data against misuse and loss, in accordance with Articles 24 and 32 of the GDPR. This includes, in particular, where appropriate,

    • Prevent unauthorized persons from accessing data processing facilities where personal data are processed and used (access control)

    • to prevent data processing systems from being used by unauthorized persons (access control),

    • to ensure that those authorized to use a data processing system can access only the data covered by their access rights, and that personal data cannot be read, copied, modified, or removed without authorization during and after processing (access control),

    • To ensure that personal data cannot be read, copied, modified, or removed without authorization during electronic transmission, transport, or storage on data carriers, and that it can be verified and determined to which recipients personal data are intended to be transmitted by means of data transmission systems (transfer control)

    • to ensure that it can subsequently be verified and established whether and by whom personal data have been entered into, modified, or removed from data processing systems (input control),

    • to ensure that personal data can only be processed in accordance with the controller's instructions (order control),

    • to ensure that personal data are protected against accidental destruction or loss (availability control),

    • to ensure that data collected for different purposes can be processed separately (separation control),

    • the pseudonymization and encryption of personal data,

    • The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services,

    • the ability to restore the availability of and access to personal data in a timely manner in the event of a physical or technical incident,

    • A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of processing.

  2. The technical and organizational measures are subject to technological progress and further development. Accordingly, the Processor is permitted to implement alternative appropriate measures, provided that the level of security of the specified measures is not reduced. Material changes that may affect the integrity, confidentiality, or availability of personal data must be documented.

9. Instructions

  1. The client has the right, at any time, to issue specific instructions to the contractor regarding the nature, scope, and method of processing personal data. Specific instructions must be given in writing.
  2. The Contractor may process personal data only within the scope of the Main Agreement, this Agreement, and specific instructions, unless the Contractor is required to process the personal data under Union law or the law of the Member States.
  3. Provisions regarding any compensation for additional costs incurred by the contractor as a result of the client’s individual instructions shall remain unaffected.
  4. The Contractor shall notify the Client of any exceptions to its duty to comply with instructions arising from laws applicable to it, unless such law prohibits such notification on grounds of an important public interest.

10. Other Rights and Obligations of the Contractor

  1. The Contractor shall appoint—where required by law—a Data Protection Officer who can perform their tasks in accordance with Articles 37, 38, and 39 of the GDPR. Their contact details will be provided to the Client upon request for the purpose of direct contact.
  2. The Contractor ensures that employees involved in processing personal data are bound by a duty of confidentiality (Art. 29 GDPR) and have been instructed on the GDPR’s protective provisions. The duty of confidentiality continues to apply after the end of their activities.
  3. The Processor shall notify the Controller in the event of serious disruptions to business operations, suspected personal data breaches, or other irregularities in the processing of personal data. This also applies to any audits and measures by the supervisory authority pursuant to Articles 51-59 GDPR, or investigations under Articles 83 and 84 GDPR.

  4. It is understood that under Article 33 GDPR, the Processor may have notification obligations in the event of the unlawful disclosure of or access to certain personal data. Therefore, such incidents must be reported to the Controller without undue delay, regardless of who caused them. The Processor’s notification to the Controller must in particular include the following information:

    • A description of the nature of the personal data breach, including, where possible, the categories and the approximate number of data subjects concerned, and the categories and the approximate number of personal data records concerned;

    • A description of the measures taken or proposed by the contractor to remedy the personal data breach and, where applicable, measures to mitigate its possible adverse effects.

    The contractor shall take appropriate measures to secure the data and to mitigate any potential adverse effects on data subjects.

  5. The Contractor is obligated to provide the Client with information at any time insofar as the Client’s data and documents are affected by a personal data breach. The Contractor shall carry out the destruction of material in compliance with data protection requirements on the basis of a separate order from the Client, at the Client’s expense. In special cases specified in writing by the Client, retention or handover will take place.
  6. The Client permits the processing of data in private residences (telework or home working by the Contractor’s employees). Insofar as data are processed in a private residence, the Contractor undertakes to ensure that the measures under Art. 32 GDPR are also implemented for telework and home working.
  7. To the extent the Contractor provides services under this Agreement that are not compensated under the Main Agreement, the Contractor is entitled to reasonable compensation.

11. Rights and Obligations of the Client

  1. The Customer is solely responsible for assessing the lawfulness of the processing of personal data and for safeguarding the rights of data subjects.
  2. The Customer must notify the Contractor without undue delay and in full, in writing, if it identifies errors or irregularities regarding data protection regulations during the review of the deliverables.
  3. The customer is responsible for the information obligations arising from Article 33 of the GDPR.

12. Data Subject Requests

  1. If the Client is required under applicable data protection laws to provide an individual with information about the processing of that individual’s personal data, the Contractor will, to the extent necessary, assist the Client in providing this information, provided that the Client has requested the Contractor to do so in writing.
  2. The Contractor shall inform the Client if data subjects exercise their rights with respect to the Contractor.

13. Cooperation with the Supervisory Authority

The controller and the processor, and, where applicable, their representatives, shall cooperate, on request, with the supervisory authority in the performance of its tasks.

14. Customer's Monitoring Obligations

The Customer shall verify, prior to the commencement of data processing and thereafter on a regular basis, the Contractor’s technical and organizational measures and shall document the outcome. For this purpose, it may, for example, obtain self-assessments from the Contractor or have an audit conducted at its own expense. In the event of an audit, the Customer shall also bear the costs of the Contractor’s employees who are required to participate in the audit.

15. Subcontractor

  1. The use of subcontractors is permitted under this Agreement for the activities specified in Sections 3, 4, 5, and 6, provided that the Contractor ensures that the subcontractor agrees to be bound by the obligations under this Agreement toward the Contractor. In particular, the requirements set out in this Agreement regarding confidentiality, data protection, and data security shall apply.
  2. The client shall be granted audit and inspection rights in accordance with section 14. Upon written request, the client is entitled to obtain from the contractor information on the material terms of the contract and the implementation of the subcontractor’s data protection obligations, including, where necessary, by reviewing the relevant contractual documents.
  3. The Contractor is entitled to engage subcontractors, provided that they meet the requirements set out in Clauses 15.1 and 15.2, the Contractor notifies the Client thereof, and the Client does not object in writing within seven days of such notice.
  4. In the event that personal data are processed by sub-processors in a third country, the Processor ensures that this is carried out on the basis of an adequacy decision of the European Commission or subject to appropriate safeguards pursuant to Articles 46 et seq. GDPR, and provided that data subjects have enforceable rights and effective legal remedies available.

16. Confidentiality Obligation

The contractor is required to maintain confidentiality when processing personal data. The contractor undertakes to observe the same confidentiality rules as those applicable to the client. The client is required to notify the contractor in writing of any specific confidentiality rules.

17. General Provisions, Information Obligations, Written Form Clause, Choice of Law

  1. If personal data held by the Processor are put at risk by attachment or seizure, by insolvency or composition proceedings, or by other events or measures by third parties, the Processor shall inform the Controller without undue delay. The Processor shall promptly inform all responsible parties in this context that control and ownership of the personal data rest exclusively with the Controller as the “controller” within the meaning of the GDPR.
  2. The processing of personal data takes place exclusively within the territory of the Federal Republic of Germany, in a Member State of the European Union, or in another state party to the Agreement on the European Economic Area. Any transfer to a third country requires the prior consent of the customer and may only take place if the specific requirements of Articles 44, 45, and 46 of the GDPR are met. Insofar as processing is carried out by a sub-processor, the customer hereby gives its consent.
  3. Amendments and supplements to this Agreement and all of its components—including any representations by the Contractor—must be made in writing and must expressly state that they constitute an amendment or supplement to this Agreement. This requirement of form also applies to any waiver thereof.
  4. German law applies, excluding its conflict-of-laws rules.
  5. The place of jurisdiction shall be as set out in the main agreement.
Logo
Automate, optimize, dominate – your marketing, smarter than ever before.
© Lunelink GmbH
Lunelink
Features