Complete Document Content

PART A - Core Terms and Conditions

GENERAL TERMS AND CONDITIONS OF SWIFT17 GMBH

AS OF: 01. 04. 2026

VERSION 26. 02

Scope

These General Terms and Conditions (GTC) apply to all contracts between

SWIFT17 GmbH, Zimmermühlenweg 71, 61440 Oberursel, HRB 16660, Bad Homburg vor der Höhe District Court, Managing Director: Armand de Beer - hereinafter "Provider” -

and its customers about the use of the Oceanone platform and all services offered through it.

These terms and conditions apply exclusively. Differing or conflicting conditions of the customer do not become part of the contract unless the provider expressly agrees to their validity in text form.

Platform description (Oceanone)

Oceanone is an integrated digital platform for creating, managing and operating digital applications, in particular:

Websites and online shops
Domains
Booking systems
Email Services
digital services

The services are provided as a uniform platform product.

Subject of the contract

The subject of the contract is the provision of digital services via the Oceanone platform to the agreed extent.

The specific scope of services results from:

the booked product or tariff
the respective service description
the additional product modules

There is no entitlement to a specific technical design or specific functionalities.

Product modules

Additional special conditions ("product modules”) apply to individual services, in particular for:

Domain registrations
Website and eCommerce features
Booking systems
Email Services
Services

The respective product modules are part of the contract.

In the event of contradictions, the regulations of the product modules take precedence over these General Terms and Conditions.

If several product modules are used at the same time, they apply cumulatively. To the extent that regulations overlap or contradict each other, the following order of precedence applies:

More specific regulations take precedence over general regulations
A module that is technically closer to the application takes precedence

In case of doubt, the stricter regulations apply for the provider economically and in terms of risk

A restriction of rights or extension of obligations in a product module also affects other modules used, as long as they are functionally connected to one another.

Use of technical systems and third-party services

The provider is entitled to use technical systems, software solutions and services from third parties to provide its services.

The services may depend in whole or in part on the availability, performance and further development of such systems.

A customer's claim to:

Use of certain technical systems
permanent retention of individual functions
or unchanged technical implementation

does not exist.

Changes, restrictions or further developments of external systems can affect the services without giving rise to any claims against the provider.

References to third-party content and external systems

If the services contain references, links or integrations to external websites, applications, systems or third-party content, these are provided exclusively as a service.

The provider has no influence on the content, availability, security or functionality of these third-party offers and assumes no responsibility for them.

The terms and conditions of the respective third-party providers apply exclusively to such content and services.

Use is at the customer's own risk.

Services of the provider

The provider provides the agreed services within the scope of technical and operational possibilities.

A claim to:

uninterrupted availability
complete freedom from errors
Access at any time

does not exist.

Availability depends on the agreed Service Level Agreement (SLA) or - if no SLA has been agreed - on the industry standard.

The provider is not obliged to permanently provide, further develop or update certain functions.

Commitment to accessibility

The provider strives to make the platform and the services provided as barrier-free and accessible as possible.

However, complete accessibility in the sense of legal requirements is only required if this is expressly agreed or mandatory by law.

The specific design of accessibility can depend in particular on the technical framework, the systems used and third-party providers.

The provider is entitled to continually improve accessibility within the scope of technical and economic possibilities.

Support and communication

The provider provides support services via the following channels:

e-mail
integrated chat systems

The provider is entitled to process or forward support requests in whole or in part via technical systems or within the framework of the infrastructure used.

A claim to:

immediate processing
telephone support
fixed response times

does not exist unless this is expressly agreed.

Emails or messages via the Platform will not be considered legally binding delivery to the extent a stricter form is required by law.

Electronic communication

The customer agrees that contractual notices, information, invoices, notices of changes to services and other communication in connection with the contractual relationship can be made in electronic form, in particular by email, via the customer account or via integrated notification functions.

To the extent permitted by law, electronic transmission in text form is sufficient. Legally mandatory formal requirements remain unaffected.

Obligations of the customer

The customer is obliged:

to provide all information completely and correctly
Keep access data secret
not to misuse the systems
not to distribute any illegal content
to respect the rights of third parties

The customer is responsible for all content and activities that occur via his account.

Prohibited use

Any use of the services that:

violates legal regulations, official orders or third-party rights,
contains malware, phishing, fraud, impersonation, spam, misleading communications or abusive automation,
compromises the security, integrity, availability or performance of the Platform or third-party systems,
is aimed at circumventing technical or contractual usage restrictions,

Concerns content that is unlawful, deceptive, discriminatory, extremist, glorifies violence, harmful to minors or otherwise impermissible.

The provider is entitled to define and update additional guidelines for the permitted use of the platform (Acceptable Use Policy).

These specifically specify prohibited content and uses, including, but not limited to:

illegal content
Misuse of system resources
Security threats
fraudulent or misleading activities
misuse of AI functions

The current version is part of the contract.

Review, Rejection and Removal of Content

The provider is entitled, but not obliged, to check, monitor, reject, block, deactivate, remove or delete content, configurations, files or other content provided by the customer or via its services if, at its reasonable discretion, there are indications that these violate legal regulations, third-party rights, these General Terms and Conditions, product modules, security requirements or legitimate interests of the provider or may impair the integrity, security, availability or performance of the platform.

There is no obligation to carry out a preliminary check.

The provider may provide a procedure for reporting legal infringements (e.g. copyright infringements).

If the information is legitimate, content will be removed or blocked.

Affected users can submit a statement or counter statement.

Intellectual property of the provider

All rights to the platform, its structure, software, user interfaces, dashboards, configurations, modules, documentation, designs, databases, identifiers, logos, brands, business names, texts, graphics and other components of the services remain - unless expressly regulated otherwise - with the provider or its licensors.

The customer only receives the simple, non-exclusive, non-transferable and non-sublicensable usage rights required for the contractual use of the services for the duration of the contractual relationship.

Without the express prior consent of the provider, the customer is not entitled to use the provider's trademarks, logos, business names or other characteristics outside of the contractual use.

Feedback and ideas

If the customer sends suggestions, ideas or feedback to the provider for the further development of the platform, this is done free of charge.

The provider is entitled to use, implement or further develop such suggestions without restriction, without this giving rise to any claims from the customer.

Open source software and third party software

If open source software or third-party software is used as part of the services, the respective license conditions of this software also apply.

The provider assumes no guarantee that such software is free of third-party rights or remains permanently available.

The customer is obliged to comply with the applicable license conditions.

No use of third-party trademarks without authorization

The customer warrants that he is entitled to use brands, logos, images, names or other identifiers provided by him and releases the provider from third-party claims to the extent that such claims are based on materials provided by the customer.

Reference and use as a project example

The provider is entitled to name the customer as a reference and to use the company name, the company logo and publicly accessible project results (e.g. websites) to an appropriate extent for marketing and sales purposes.

This includes in particular the presentation on the provider's website, in presentations, offer documents and in other communication and advertising materials, including social media.

There will be no use of confidential information or non-publicly accessible content.

The customer can object to the reference use in text form for important reasons. The provider will take the objection into account if the legitimate interests of the customer outweigh them.

Notices of legal violations

If the provider receives traceable evidence of legal violations, violations of intellectual property rights or other impermissible content, the provider is entitled to temporarily block, deactivate or remove the relevant content, functions, websites, domains, mailboxes or access until clarification.

In the event of repeated or serious violations, the provider can terminate the contractual relationship extraordinarily.

Rights to customer content / granting of rights of use

The customer remains the owner of the content, data, text, images, designs, configurations, files and other materials ("Customer Content”) that he has posted, uploaded, imported, connected, generated or otherwise used within the scope of the Services.

For the duration of the contractual relationship, the customer grants the provider the non-exclusive, worldwide, sublicensable and free right to host, store, reproduce, transmit, technically edit, display, analyze and otherwise process customer content to the extent that this is necessary to provide, maintain, improve, secure or technically provide the services.

This also includes the right to pass on customer content to technical subcontractors, infrastructure or system service providers to the extent necessary or to enable them to process it to the extent that this is necessary to provide the service.

The customer warrants that he is entitled to grant the above rights.

The provider is not obliged to check, monitor or legally evaluate content provided by the customer in advance.

Account and Registration

In order to use individual services, it may be necessary to set up a customer account. The customer is obliged to provide complete, correct and current information when registering and using the customer account and to keep it up to date.

The customer is obliged to keep access data, passwords and authentication features secret and to protect them from access by unauthorized third parties. The customer account is not transferable and may not be given, rented, sold or otherwise made available to third parties for use in whole or in part without the express consent of the provider.

All actions taken via the customer account are considered to be attributable to the customer unless the customer can prove that the use was made through no fault of their own. The customer must immediately inform the provider of any unauthorized use, suspected compromise or other security incidents in connection with his customer account.

The provider is entitled to refuse the registration of a customer account or to temporarily block or permanently close a customer account if there are objective indications of a violation of contractual obligations, legal regulations or legitimate security interests of the provider.

The provider is entitled to temporarily block or permanently delete customer accounts if:

the customer violates these terms and conditions or applicable law,
there is a safety risk,
there is suspicion of improper use,
or further use is unreasonable for the provider.

In the event of deletion, the right to use the platform ends. Statutory retention obligations remain unaffected.

The provider is entitled to automatically create user accounts within the scope of certain functions, provided that the customer initiates this through an appropriate action (e.g. use of certain functions or consent).

Prices and payment

The remuneration is based on the prices valid at the time the contract is concluded.

Billing takes place in advance depending on the tariff selected.

The provider is entitled to adjust prices at its reasonable discretion in accordance with Section 315 of the German Civil Code (BGB), in particular in the event of changes to:

Infrastructure costs
License costs
technical framework conditions

In the event of a price change, the customer has a special right of termination.

To the extent that payment functions are provided as part of the platform, payment processing is carried out exclusively via external payment service providers.

The provider is not a payment service provider, a payment institution or a bank.

The customer acts as the sole responsible provider ("Merchant”) in relation to his end customers and is in particular responsible for:

Compliance with all legal requirements in payment transactions
tax treatment of transactions
Obtaining required consents

The contractual relationship regarding payment processing exists exclusively between the customer and the respective payment service provider.

To the extent permitted by law, payments for digital services, subscriptions and term-related usage rights are generally non-refundable.

The customer is obliged to find out about the scope of services, prices, durations and conditions on his own responsibility before concluding the contract. A subsequent appeal for lack of knowledge does not constitute a claim to reimbursement, to the extent permitted by law.

This does not affect legal claims and refunds in the event of proven billing errors.

Contract term and termination

The minimum contract term and the notice periods are determined by the respective tariff and are clearly and understandably displayed to the customer before the contract is concluded as part of the ordering process (portal and checkout) in accordance with Section 312j BGB in conjunction with Section 312i Paragraph 1 Sentence 1 No. 2 BGB. The contract is concluded through active confirmation by the customer; With this confirmation, the customer bindingly accepts the term and notice period stated at the time the contract was concluded. There is no specific deadline set in these General Terms and Conditions; Only the tariff information displayed during the ordering process is relevant.

Unless otherwise agreed, contracts are automatically extended by the agreed period.

A downgrade between the Launch, Grow, Scale and Hosting tariffs to a lower tariff is not possible. A downgrade is only possible if the existing tariff is first properly canceled and a new website is then created with a newly purchased tariff. There is no entitlement to retroactive or interim downgrade of existing websites.

The provider is entitled to block or restrict services in the event of late payment.

The right to extraordinary termination remains unaffected.

Availability and maintenance

The provider is entitled to provide services to carry out:

Maintenance work
Security measures
technical adjustments

temporarily restrict.

Planned maintenance will be announced - wherever possible.

Times outside the provider's control are not considered downtime.

Liability

The provider is liable:

unlimited in cases of intent and gross negligence

in the case of simple negligence only in the event of a breach of essential contractual obligations

In this case, liability is limited to the foreseeable damage that is typical for the contract.

A liability for:

External system failures
Limitations due to the technologies used
Data loss beyond our control

is excluded to the extent permitted by law.

Liability is - to the extent permissible - limited to the fees paid in the respective contractual relationship in the last 12 months.

AS-IS / NO WARRANTY

To the extent permitted by law, the Services are provided "as is” and "as available.”

In particular, the provider assumes no liability for:

the achievement of certain economic or technical results,
the suitability of the services for a specific purpose,
the permanent, uninterrupted or error-free availability of the platform,
complete freedom from errors or compatibility with all systems.

The customer uses the services at his own risk, to the extent permitted by law.

If a Service Level Agreement (SLA) has been agreed, its availability regulations take precedence.

exemption

The customer releases the provider from all third-party claims arising from:

unlawful use of the services
Violation of third party rights
Violations of legal regulations

result.

The provider is only liable for damages in connection with compliance tools in the event of intent or gross negligence. Liability for fines, warnings, official sanctions or other consequences resulting from incorrect or incomplete configuration of such tools is - to the extent permitted by law - excluded. The customer expressly releases the provider from all claims from third parties or authorities that arise in connection with the use of compliance tools on the customer's website.

The legal responsibility for the proper implementation of data protection and cookie requirements on the customer's website lies solely with the customer. The customer is obliged to independently check the suitability, timeliness and legal conformity of the compliance tools used and, if necessary, to ensure this through their own legal advice.

These compliance tools are provided as technical aids only. The provider does not guarantee that their use ensures or is sufficient to comply with legal regulations - in particular the GDPR, the TTDSG or other applicable data protection regulations.

To the extent that the provider provides tools to support data protection and cookie requirements as part of its services (e.g. cookie banners, consent management, data protection declarations or comparable third-party services, hereinafter "compliance tools”), the following applies:

Changes to services and terms and conditions

The provider is entitled to adapt services and these terms and conditions, provided:

there is an objective reason
the changes are reasonable

The provider will inform the customer in good time.

Data protection

Personal data is processed in accordance with the privacy policy and, where applicable, a Data Processing Agreement (DPA).

Final provisions

The law of the Federal Republic of Germany applies, excluding the UN Convention on Contracts for the International Sale of Goods.

The place of jurisdiction is - to the extent permissible - Frankfurt am Main.

PART B - Product Modules

PM-01 - Domain conditions

Module - Special conditions for domain registration, domain management and domain-related services

AS OF: 01. 04. 2026

VERSION B-PM-01 26. 03

Scope of the domain module

This domain module applies in addition to the currently valid general terms and conditions of SWIFT17 GmbH for all services related to the registration, transfer, administration, extension, termination and other provision of domains.

In the event of contradictions, the regulations of this domain module take precedence over the general terms and conditions.

Subject of the contract

The subject of this module is domain-related services, in particular:

Registration of domains
Transfer of existing domains
Renewal and management of domains
technical connection of domains with the services provided by the provider
Changes to owner, admin or technical data, where provided
Termination, deletion or release of domains

The provider is not responsible for the permanent availability of a specific domain, but only for the contractual efforts to register, manage or transfer within the framework of the applicable procurement rules.

The provider is entitled to change, update or discontinue functions, content, infrastructure or technologies at any time to the extent this is necessary for technical development, security or performance optimization.

The registration and use of domains is also subject to the conditions of the respective registry, the registrar and the regulations of ICANN.

A contract for a domain is only concluded when:

the customer ordered the domain,
all required information is complete,

and the domain was actually registered or taken over by the responsible registry or the respective technical service provider involved.

Displaying the availability of a domain during the ordering process does not constitute a binding commitment.

The domain remains reserved for other registration until the actual registration or successful transfer.

The provider assumes no responsibility if the registration or transfer of a domain is rejected or refused by the responsible authority.

Awarding by third parties / awarding rules

The allocation of domains is carried out by the responsible registration authorities, registration authorities, registers or other administrative bodies in accordance with their regulations.

The respective registration conditions, allocation guidelines, registration guidelines, dispute resolution rules and technical specifications of the responsible authorities also apply to the allocation of domains.

These rules and regulations become part of the contractual relationship to the extent that they apply to the respective domain.

The provider is entitled to use technical or organizational service providers to provide domain-related services.

If additional or different conditions of the respective registrar, registration office or registry apply to a domain, these take precedence over the regulations of this module in the event of a conflict.

No guarantee for registration and existence

The provider does not guarantee that:

a domain desired by the customer can be registered,
the registration remains permanent,
the domain is free of third party rights,

or the domain does not become the subject of objections, disputes or deletion proceedings.

The provider does not owe any legal examination of the admissibility, absence of trademarks or property rights status of a domain.

It is the sole responsibility of the customer to check whether the desired domain violates the rights of third parties, name rights, trademark rights or other rights.

Obligations of the customer
The customer is obliged to
to provide all information required for registration, transfer or administration completely and correctly,
Notify us of any changes to this information immediately,
not to use the domain illegally,

to register or use only those domains whose use does not violate the rights of third parties,

as well as complying with the respective award and registration conditions.

The customer is responsible for ensuring that the domain desired or used by him does not violate any legal regulations and does not affect the rights of third parties.

The customer ensures that stored contact and owner details are always up to date and accessible.

In order to register and manage domains, it is necessary that certain data of the domain owner (in particular name, address, contact details) be transmitted to the relevant registration offices, registrars and technical service providers.

The customer agrees that this data will be processed, stored and - if necessary - made publicly accessible (e.g. WHOIS databases) as part of the domain registration, provided this is provided for by the applicable regulations.

The customer is obliged to provide correct and current data and to update it immediately in the event of changes.

Ownership and attribution

As far as legally and technically possible, a domain is registered in the name and for the account of the customer.

The provider is entitled to act as a contact person, technical contact, administrative contact or billing-related body as part of the registration process, technical administration or the processing of domain-related services, to the extent that this is necessary for the implementation.

The customer has no right to a specific form of administrative or technical entry, provided that the contractual use of the domain remains guaranteed.

The registration of a domain does not create any ownership right to the domain itself, but rather only a time-limited right of use within the framework of the applicable allocation rules.

Term, extension and termination

Domain services generally run for the agreed contract term.

Unless otherwise agreed, domain-related services are automatically extended by the underlying billing period unless they are terminated in a timely manner.

If the customer cancels a domain or the underlying product, this does not automatically include the backup, transfer or other continuation of the domain unless this is expressly requested.

The customer is obliged to inform in good time before the end of the contract whether a domain:

deleted,
released,
transmitted,

or should be continued.

If the customer does not give instructions in a timely manner, the provider is entitled to have the domain deleted, released or returned to the responsible authority after the end of the contract and a reasonable period of time.

Change of provider/domain transfer

A transfer of a domain to or from another provider requires that:

the technical and administrative requirements are met,
There are no outstanding claims, to the extent permitted by law,

and the customer provides all necessary cooperation activities in a timely manner.

The provider assumes no liability for the successful or timely implementation of a domain transfer if the cause is beyond its control.

During a transfer, the availability of individual services may be temporarily restricted.

The services may be based in whole or in part on infrastructure or third-party services. The provider assumes no liability for their availability, security and functionality.

Blocking, deactivation and deletion

The provider is entitled to temporarily restrict or block domains or domain-related functions or to take measures to make them unavailable if:

there are objective indications of legal violations,
To credibly assert third party rights to the domain,
there are official or court orders,
contracting authority-related requirements require this,
the customer violates essential contractual obligations,

or outstanding, due fees are not paid despite a reminder, to the extent permitted by law.

In serious cases, the provider is entitled to terminate the contractual relationship extraordinarily and to have the domain deleted or released.

The claim to payment remains valid as long as the blocking is based on circumstances for which the customer is responsible.

Return, deletion and forfeiture

After termination of the contract, the customer has no right to have a domain retained, reserved or secured indefinitely.

If a timely transfer or continuation instruction is not provided, the domain can be deleted, released or returned to the responsible registry.

The customer is aware that a deleted or released domain can subsequently be registered by third parties.

The provider is not obliged to monitor, maintain or re-register a domain for the benefit of the customer after the end of the contract.

Fees and continued payment obligation

The agreed fees apply to domain services.

Fees may apply in particular for:

registration
extension
transmission
Restoration
reactivation
Ownership change
special technical services
manual processing

The customer's obligation to pay continues even if a domain has been registered, extended or held at the customer's request, even if the customer does not actually use the domain.

If awarding bodies or technical providers charge the provider fees that are caused by the customer's domain, the provider can pass these on to the customer, provided this is contractually or legally permissible.

Domain disputes

The provider is not involved in disputes between the customer and third parties in connection with domain names.

Such disputes are subject exclusively to the applicable regulations of the responsible registries, in particular the Uniform Domain Name Dispute Resolution Policy (UDRP) or comparable regulations.

Liability and responsibility of the customer

The customer is solely responsible for:

the legal admissibility of the domain,
the use of the domain,
the timeliness of the domain owner data,

and compliance with all applicable registration and procurement rules.

The customer releases the provider from all third-party claims resulting from the registration, use, transfer or other use of the domain, provided that the customer is responsible for the underlying circumstances. This also includes the reasonable costs of legal defense.

The provider assumes no liability for the availability or allocation of domain names or for decisions made by registrars or registration authorities.

Force majeure

The provider is not liable for non-performance of services due to force majeure events, in particular natural disasters, war, strikes, official measures, failures of telecommunications networks or other unforeseeable events beyond its control.

Statute of limitations

The customer's claims expire - to the extent permitted by law - within 12 months of becoming aware of the event giving rise to the claim.

No legal advice / no license plate check

The provider does not provide legal advice as part of domain-related services.

In particular, there is no check
whether the domain is permitted under trademark law,
whether naming rights are violated,
whether there are risks under competition law,

or whether the domain is legally safe in a particular country or market.

Such tests are the sole responsibility of the customer.

Supplementary application of the Core Terms and Conditions

Otherwise, the General Terms and Conditions of SWIFT17 GmbH apply in their respective versions.

PM-02 - Website, AI and eCommerce Services

Module - Special Conditions for Website, AI Website Generation and E-Commerce Services

AS OF: 01. 04. 2026

VERSION B-PM-02 26. 03

Scope

This product module applies in addition to the General Terms and Conditions of SWIFT17 GmbH for all services related to:

the creation and operation of websites
the use of AI-powered website generation functions
the provision of e-commerce functionalities
the use of associated hosting and system resources

In the event of contradictions, the regulations of this product module take precedence over the general terms and conditions.

Subject of the contract

The purpose of this module is to provide an integrated solution to:

Creation, editing and publishing of websites
automated or partially automated generation of content using AI
Management of online shops and digital products
Provision of technical infrastructure to carry out these functions

The services are provided as part of the Oceanone platform.

There is no claim to specific designs, layouts, technical architectures or specific functionalities.

The provider is entitled to provide services in whole or in part via third party providers. The provider has no direct influence on this.

Trials, upgrades and refunds

If the provider offers free test phases, trial access or time-limited evaluation services, these end automatically at the end of the respective test period, unless a paid tariff is activated beforehand.

If the customer activates paid additional functions, additional services, domains, websites, storage, shipping, infrastructure, shop, CDN, security or other paid components during a test phase, the test phase can end prematurely with the activation of these paid services and switch to a paid tariff.

Unless mandatory legal regulations conflict with this or the provider expressly agrees otherwise in individual cases, payments for digital services, subscriptions, usage fees, extensions and term-related platform services are generally non-refundable. Refunds remain unaffected if there is evidence of billing errors by the provider.

AI-assisted generation (AI functions)

The provider provides functions for the automated creation of:

Texting
layouts
designs
structural website elements

ready.

The results can:

incomplete
faulty
legally inadmissible
or unsuitable for its intended purpose

be.

The provider assumes no liability for:

content accuracy
legal admissibility
Trademark or copyright freedom
economic usability

The customer is obliged to independently check all generated content before use.

It cannot be ruled out that content generated by AI is wholly or partially identical or similar to content generated for other users.

Import, replication and reconstruction of websites

To the extent that the provider provides functions for analyzing, importing, technically replicating, reconstructing or automatically recreating existing websites or individual content, these functions may only be used for content and websites to which the customer has the necessary rights or whose use, analysis, replicating or technical reconstruction is legally permitted for the customer.

The customer guarantees that he has all the necessary rights, consents and authorizations with regard to the content imported, processed, analyzed or reconstructed by him and that he does not violate any rights of third parties, in particular copyrights, trademarks, name rights, design rights, database rights or other intellectual property rights.

The provider does not check whether the websites, content, layouts, structures, texts, images or other materials used or imported by the customer may be used legally. The customer bears sole responsibility for this.

The provision of an import, analysis or reconstruction function serves exclusively to provide technical support to the customer and does not constitute an assurance of legal admissibility or an exemption from third-party intellectual property rights.

Classification of AI-generated results

To the extent that texts, images, layouts, structures, codes or other results generated by AI-supported functions are output ("output”) and the customer saves, edits, publishes, uses or incorporates these into its services, this output is considered customer content within the meaning of the Core Terms and Conditions.

The customer is obliged to independently check all output for accuracy, completeness, legal conformity, freedom from intellectual property rights, objective suitability and any risks of discrimination, bias or other risks before use.

Use of tokens / usage quotas

To the extent that usage or consumption quotas (e.g. computing power, generation processes or comparable units - hereinafter referred to as "tokens”) are used as part of the services, the following applies:

Tokens represent a limited usage quota
There is no entitlement to unlimited use
Unused quotas may expire unless otherwise agreed

The provider is entitled:

Adapt token logics
to change quotas
or to change the calculation basis

as far as this is reasonable for the customer.

The following also applies to token quotas included in the tariff:

The token quota included in the respective tariff is made available at the beginning of each billing period (monthly credit). Unused tokens expire at the end of the respective billing period and are not carried over to the following month. There is no entitlement to payment or crediting of unused tokens.

Token quotas granted as a one-time starting balance (kickoff balance or token balance at contract start) as part of an AI tariff (e.g. Launch, Grow, Scale), as well as token quotas purchased by the customer as a paid additional quota (add-on), are credited to the customer account indefinitely and do not expire at the end of a billing period. They remain valid until the provider changes the validity regulations for such token quotas for objective reasons. The amount of the starting balance is determined by the tariff booked at the time of contract conclusion and the tariff information displayed in the ordering process.

The provider is entitled to change the regulations on token use, in particular quota sizes, expiry regulations, calculation bases and the distinction between tariff, starting balance and add-on tokens, for objective reasons (e.g. technical, economic or legal requirements) with a notice period of 14 days. The change will be communicated to the customer in text form. If the customer does not object within this period, the change is deemed to have been accepted.

The price for purchasing additional token quotas (add-ons) is based on the price information displayed in the dashboard at the time of booking. By completing the purchase process, the customer accepts the price displayed. Token prices are not fixed in these terms and conditions; the provider is entitled to adjust prices at any time.

E-commerce features

The provider provides functions for creating and operating online shops.

This includes in particular:

Product management
Order processing
Presentation of goods and services

There is no entitlement to specific functionalities, integrations or payment methods.

The following also applies to services described as "unlimited”:

Use is limited to normal, appropriate use ("Fair Use”)

The provider is entitled to restrict use if:

system stability is at risk
exceptionally high loads occur
or there is improper use
Content and responsibility

The customer is solely responsible for:

all content of the website
products and services offered
legal requirements (imprint, data protection, consumer rights, etc.)

The provider does not undertake to check the content for:

Legal compliance
Competition law
tax or commercial law requirements

The customer acts in his own name and on his own account towards his end customers. The provider does not become a contractual partner of the end customer.

Hosting and system availability

The services are provided via a technical infrastructure.

The provider does not owe any:

uninterrupted availability
permanent accessibility
or error-free functioning of individual components

In particular you can:

System updates
Further developments
or external technical changes

lead to adjustments to services.

Security measures and interventions in technical components

The provider is entitled to carry out security checks, technical analyses, malware scans, integrity checks and other protective measures to protect the platform, the infrastructure, the websites of the customer, other customers or third parties.

If the provider determines, at its reasonable discretion, that individual plugins, themes, scripts, extensions, configurations, files, integrations or other components cause security risks, place a disproportionate burden on the infrastructure or endanger the integrity, availability or performance of the services, the provider is entitled to temporarily deactivate, isolate, block, remove or restrict the execution of these components.

As far as possible, the provider will inform the customer about this. Advance information is not necessary if this is unreasonable for safety reasons, to avert danger or to stabilize the systems.

Changes and further developments

The provider is entitled to use functions, content and technical principles at any time:

change
develop further
restrict
or remove

if this is necessary for technical, economic or legal reasons.

There is no entitlement to the unchanged continuation of certain functions.

Updates, changes and technical risks

The provider regularly carries out updates, further developments and adjustments to the platform and the systems used.

These can in particular:

Incompatibilities with existing configurations,
malfunctions of individual components,
Limitations of features,
or in individual cases to data loss

lead.

The customer is obliged to independently take appropriate security measures (in particular backups) before making significant changes, updates or interventions.

The provider assumes no liability for damage resulting from failure to back up data, to the extent permitted by law.

Data and backup

The customer is responsible for:

securing its contents
the storage of data outside the platform
the regular creation of backups

The provider is not obliged to permanently retain or restore data.

Restriction and blocking

The provider is entitled to restrict or block services if:

Content violates legal regulations
Third party rights are violated
Systems are placed under excessive strain
or there is misuse

The provider is entitled to temporarily or permanently restrict or block access in the event of violations of these conditions or legal regulations.

Further rights arise from the general terms and conditions.

Liability

The provider is not liable for:

economic success of websites or shops
Sales, conversion rates or business models
Losses due to technical limitations
Errors in AI-generated content

Otherwise, the liability provisions of the General Terms and Conditions apply.

No exclusivity / no restrictions on competition

The provider is entitled to offer identical or comparable services to third parties.

There is no claim to exclusivity.

Supplementary application of the Core Terms and Conditions

Otherwise, the general terms and conditions of SWIFT17 GmbH apply.

PM-03 - Booking system

Module - Special conditions for booking systems and appointment management services

AS OF: 01. 04. 2026

VERSION B-PM-03 26. 03

Scope

This product module applies in addition to the General Terms and Conditions of SWIFT17 GmbH for all services related to:

the provision of booking systems
Appointment management
Customer bookings
calendar-based services

In the event of contradictions, the regulations of this module take precedence over the general terms and conditions.

Subject of the contract

The provider provides a system for:

Management of appointments
Acceptance and organization of bookings
Management of customer information
Presentation of services and availability

The provider only provides the technical infrastructure.

The specific range of functions of the booking system can depend on the tariff selected, activated functions and technical conditions.

The provider is entitled to change, restrict, expand or discontinue functions at any time. There is no entitlement to certain functionalities or their permanent availability.

The Services may be based in whole or in part on third-party software, plugins, interfaces or infrastructure. Their terms and conditions apply exclusively to these.

Role of the customer

The customer is solely responsible for:

services offered
Appointment availability
Prices
Contractual conditions towards its end customers
Implementation of the booked services

The provider assumes no responsibility for:

Conclusion of contracts
Service provision
Quality or success of services

The customer acts towards his end customers exclusively in his own name and on his own account. The provider does not become a contractual partner of the end customer.

The customer is obliged to protect his access data and to ensure that there is no unauthorized use. All activities via the customer account are attributed to the customer.

There is no support for the customer's end customers.

Bookings and availability

The booking system is merely a technical option for making appointments.

The provider assumes no liability for:

actual availability of appointments
correct display of availability
error-free synchronization

Incorrect bookings, double bookings or system deviations cannot be completely ruled out.

This applies in particular when using external systems, interfaces or calendar integrations (e.g. Google Calendar, Outlook or comparable services).

The provider assumes no liability for discrepancies, synchronization errors or data inconsistencies caused by such third-party systems.

Payments in the booking system

As far as payment functions are integrated:

The processing takes place via external payment service providers
the provider is not a payment service provider

The provider assumes no liability for:

Defaults
incorrect transactions
Chargebacks or Disputes
Payment processing, merchant role and taxes

To the extent that payment functions, online payments, deposits, recurring payments or other transaction functions are provided as part of the booking system, the customer acts as the sole responsible dealer, service provider or merchant in relation to his end customers.

The contractual relationship regarding payment processing exists exclusively between the customer and the respective payment service provider or payment processor used. The provider is neither a bank, payment institution nor e-money institution and is not a party to a separate merchant or payment processing agreement.

The customer is solely responsible for:

the lawful collection of payment consent from its end customers,
compliance with all applicable payment, consumer protection, distance selling, tax and record-keeping obligations,
the appropriate determination, collection, reporting and payment of taxes, fees and charges,

the security, integrity and lawful processing of payment and transaction data within its area of responsibility.

To the extent that card payment-related functions are used, the customer is obliged to comply with all applicable security standards and compliance requirements, in particular PCI-DSS, to the extent that these are within his area of responsibility.

Cancellations, no-shows and cancellations

The provider only provides the technical infrastructure to manage:

Cancellations
Rebookings
Appointment cancellations

ready.

The regulation of:

Cancellation conditions
Failure fees
Refunds

is the sole responsibility of the customer.

The provider is not liable for:

No-show by end customers
Appointment postponements
economic failures
Customer data and data protection

Personal data is processed as part of the booking system.

The customer is responsible for:

lawful processing
Information for its end customers
Compliance with data protection regulations

The provider processes data exclusively within the scope of the agreed services.

Content and use

The customer is responsible for:

Content in the booking system
services offered
legal compliance

Prohibited content includes in particular:

unlawful offers
misleading information
prohibited services

In addition, the customer is prohibited from using the booking system for:

the distribution of malware, viruses or other harmful content, fraudulent, misleading or deceptive activities
unauthorized automated use (particularly scraping, bots or mass requests)
the manipulation of bookings, availability or system functions

the creation or distribution of misleading content, including AI-generated content with the intent to deceive

use in connection with illegal, discriminatory or violent content

The use of the system to develop competing products or to analyze the platform is not permitted.

Technical limitations

The provider is entitled:

to change functions
Adapt systems
restrict services

especially with:

technical requirements
Further developments
System optimizations

There is no claim to unchanged functionality.

The provider is entitled to make updates, upgrades and changes at any time, in particular to ensure security, stability and further development of the systems.

This may result in functional changes, restrictions or incompatibilities with existing systems or integrations.

Integration with other systems

The booking system can be connected to other technical systems.

The provider assumes no liability for:

error-free integration
lasting compatibility
complete data transfer

This applies in particular to third-party plugins, external interfaces (APIs) and other systems over whose functionality the provider has no influence.

Restriction and blocking

The provider is entitled to restrict or block services if:

legal regulations are violated
Third party rights are affected
misuse exists
System stability is at risk

The provider is entitled to remove content, restrict functions or block access in whole or in part if this is necessary to secure the platform, comply with legal regulations or protect third parties.

In the event of serious or repeated violations, the provider is entitled to terminate the contractual relationship extraordinarily.

If illegal activities are suspected, the provider is entitled to pass on relevant information to authorities to the extent permitted by law.

Liability

The provider is not liable for:

economic success of bookings
Sales or utilization
Scheduling errors
Data loss beyond our control

The provider does not owe any specific economic success, in particular no specific number of bookings, sales or occupancy.

Otherwise, the liability provisions of the General Terms and Conditions apply.

No guarantee of availability

The provider assumes no liability for:

permanent availability of the booking system
uninterrupted use
Real-time processing
Supplementary application of the Core Terms and Conditions

Otherwise, the general terms and conditions of SWIFT17 GmbH apply.

In the event of inconsistencies between these product-related conditions and the Core Terms and Conditions, the provisions of these product-related conditions take precedence to the extent that they contain specific regulations for the booking system.

PM-04 - Email Services

Module - Special Conditions for Email Services

AS OF: 01. 04. 2026

VERSION B-PM-04 26. 03

Scope

This product module applies in addition to the General Terms and Conditions of SWIFT17 GmbH for all services related to:

Provision of email inboxes
Sending and receiving emails
Email-related features and services

In the event of contradictions, the regulations of this module take precedence over the general terms and conditions.

Subject of the contract

The provider provides the customer with email services, in particular:

Setting up and operating email inboxes
Sending and receiving electronic messages
Access via appropriate interfaces and applications

The provider only provides the technical infrastructure. There is no entitlement to specific technical systems, protocols or implementations.

No guarantee of delivery or availability

The provider does not guarantee that:

Emails are delivered
Emails arrive complete or unchanged
Emails are delivered on time

In particular, delivery can be influenced by:

external systems
Spam filter
Blacklisting
Network failures

There is no right to uninterrupted availability.

Customer's usage obligations

The customer is obliged to use the email services exclusively within the framework of applicable laws.

In particular it is prohibited:

Sending spam or unsolicited messages
Sending malware
Phishing or fraudulent communications
Use for illegal content
abusive mass mailings

The customer is responsible for all content sent via his email accounts.

Spam, blacklisting and protection measures

The provider is entitled to take measures to ensure system integrity, in particular:

Blocking or filtering emails
Limitation of shipping functions
Blocking mailboxes or accounts

This applies in particular to:

Suspected spam
unusual shipping behavior
Security risks

The provider is not obliged to inform the customer in advance.

Shipping Limits and Fair Use

The provider is entitled to set technical or organizational limits, in particular for:

Number of emails sent
Shipping speed
Storage space

The following also applies to services described as "unlimited”:

Use is limited to normal, appropriate use ("Fair Use”)

If the limit is exceeded, the provider is entitled to restrict services.

Security and credentials

The customer is obliged:

Keep access data safe
to use strong passwords
to prevent unauthorized access

If misuse is suspected, the customer must take immediate action.

The provider is entitled to block access if there is a security risk.

Data loss and data backup

The customer is responsible for:

Backup his emails
Archiving
Data recovery

The provider assumes no liability for:

permanent storage
complete backup
Recoverability
Content and responsibility

The customer is solely responsible for:

Contents of the emails
Legality of communication
Compliance with legal requirements (e.g. data protection, competition law)

The provider generally does not check content.

Restriction and blocking

The provider is entitled to restrict or block services if:

legal regulations are violated
Third party rights are affected
misuse exists
Security risks exist

The claim to payment remains valid if the blocking is based on circumstances for which the customer is responsible.

Liability

The provider is not liable for:

Non-delivery of emails
Delays
Data loss
Damage caused by spam filters or blocks
Blacklisting or external restrictions

Otherwise, the liability provisions of the General Terms and Conditions apply.

Changes to benefits

The provider is entitled:

Adjust functions
systems to change
to further develop services

There is no claim to unchanged functionality.

Supplementary application of the Core Terms and Conditions

Otherwise, the general terms and conditions of SWIFT17 GmbH apply.

PM-05 Services

Module - Special conditions for services, support and project-related services

AS OF: 01. 04. 2026

VERSION B-PM-05 26. 03

Scope

This product module applies in addition to the General Terms and Conditions of SWIFT17 GmbH for all services related to:

booked services
Support services
project-related activities
Hourly quotas and individual services

In the event of contradictions, the regulations of this module take precedence over the general terms and conditions.

Subject of the contract

The provider provides services based on individual orders, in particular:

Advice
technical support
Configuration and setup
Adjustments and optimizations
project-related services

The services are provided at cost or within agreed quotas. This includes in particular the Maintenance Plan offered by OceanOne, which includes regular maintenance, care and support services as part of a flat rate and is subject to the regulations of this module.

Support services will be provided within available capacity and during normal business hours, unless expressly agreed otherwise.

Type of service (service, no success is owed)

All services are provided as services.

No concrete success is owed, only the professional provision of the service.

In particular, there is no entitlement to:

certain results
economic success
specific technical or business goals
Hourly quotas and billing

(1) Services can be based on:

Hourly quotas
Individual billing
Flat rates

be provided.

(2) If hourly quotas have been agreed:

These only apply for the agreed period

Unused hours may expire unless otherwise agreed.

If hourly quotas are agreed as part of a flat rate, unused hours will be reset at the end of the respective billing period. The exact extent of the hourly quota depends on the tariff booked by the customer. Unused hours expire at the end of the billing period and are not carried over to the following period. There is no entitlement to payment, credit or other utilization of unused hours.

(3) The provider is entitled to bill units of time that have been started appropriately.

Scope of services and obligations to cooperate

The specific scope of services results from:

the individual agreement
the service description
the respective order

The customer is obliged:

provide all necessary information
to provide cooperation activities in a timely manner
To provide access to systems

Delays due to lack of cooperation are not at the expense of the provider.

Dates and deadlines

Information about:

Processing times
Project durations
completion dates

are generally non-binding unless expressly agreed to be binding.

The provider is not liable for delays resulting from:

lack of participation
technical dependencies
external systems

are attributable.

Support services

Support is provided via the channels defined in the core (specifically email and chat).

A claim only exists within the framework of:

booked services
agreed quotas

Without a separate agreement, there is no entitlement to:

immediate processing
fixed response times
specific solution times
Change requests and additional services

Changes to the scope of services require a separate agreement.

The provider is entitled:

Additional services must be billed separately
to claim additional expenses
Acceptance (for project-related services)

If acceptance is planned:

The service is deemed to have been accepted if the customer does not object within a reasonable period of time

Insignificant defects do not justify refusal of acceptance
Rights of use of work results

To the extent that work results arise as part of services:

the customer receives a simple right of use within the scope of the purpose of the contract

Further rights require a separate agreement
Liability

The provider is not liable for:

economic success of measures
Customer business decisions
Consequential damage from implemented recommendations

Otherwise, the liability provisions of the General Terms and Conditions apply.

Restriction and discontinuation of services

The provider is entitled to restrict or discontinue services if:

the customer does not fulfill his obligations to cooperate
There is a delay in payment
important reasons exist
Supplementary application of the Core Terms and Conditions

Otherwise, the general terms and conditions of SWIFT17 GmbH apply.

PM-06 Service Level Agreement (SLA)

Service Level Agreement (SLA) for the Oceanone platform

AS OF: 01. 04. 2026

VERSION B-PM-06 26. 03

definition

The only relevant availability is the accessibility of the website published by the customer via HTTP/HTTPS.

In particular, the following are not part of the availability guarantee:

Administration areas (e.g. dashboard)
Support systems
APIs and integrations
Third Party Services
other additional functions

Scope

This Service Level Agreement (SLA) applies in addition to the General Terms and Conditions of SWIFT17 GmbH for the provision of the Oceanone platform and the associated services.

The services can be provided in whole or in part via technical systems and infrastructure from third-party providers. This SLA applies regardless.

This SLA applies to the extent that it has been expressly agreed upon.

In the event of contradictions, the provisions of this SLA take precedence over the General Terms and Conditions.

Availability guarantee

This SLA does not represent a guarantee in the legal sense, but rather describes target values for the provision of services.

Subject of performance

This SLA regulates:

Availability of the systems
Response times in the event of disruptions
Maintenance measures
Support level
Availability

The provider provides an average annual system availability of:

99% annual average

ready.

Availability is calculated based on a monthly billing cycle.

In particular, the following do not count as downtime:

planned maintenance work
Emergency maintenance
Third Party Interference
Errors caused by the customer
Force majeure
external infrastructure problems (e.g. Internet, DNS)
calculation

Availability is calculated as follows:

Total Time - Downtime——————————————Total Time

Only the measurements of the provider's systems are decisive for determining availability and downtimes.

Maintenance and planned downtime

The provider is authorized to carry out maintenance work. Planned maintenance work can be carried out regularly and will - where possible - be announced in advance.

These may lead to temporary restrictions.

If possible, maintenance is carried out outside normal usage times
Major maintenance will be announced - wherever possible
Disorders and classification

Disorders are divided into the following categories:

Critical (Priority 1)
System not reachable
Central functions cannot be used
High (Priority 2)
essential functions restricted
Medium (Priority 3)
individual functions affected
Low (Priority 4)
minor restrictions
Response times

The provider strives for the following response times:

Priority 1: within 24 hours
Priority 2: within 48 hours
Priority 3: within 3 working days
Priority 4: subject to availability
Support services

Support is provided via:

e-mail
Chat systems

Support is provided during normal business hours unless otherwise agreed.

A claim to:

telephone support
24/7 support
fixed solution times

does not exist.

Support services will be provided within available capacity and during normal business hours, unless expressly agreed otherwise.

The customer's obligation to cooperate

The customer is obliged:

Faults must be adequately documented
provide all necessary information
to participate in error analysis

Delays due to lack of cooperation are not at the expense of the provider.

Performance limitations

Services may be limited by:

technical dependencies
Third Party Systems
System updates
Further developments

There is no right to all functions being available at all times.

Service credits (optional)

The maximum amount of SLA credits is limited to 50% of the monthly compensation. SLA credits are only granted upon customer request.

If expressly agreed, service credits can be granted if availability is not reached.

This:

are limited in height
represent the sole compensation
do not constitute any further claims

SLA credits are issued as credit only and are not paid out in cash. SLA credits expire if the contractual relationship is terminated before they have been offset.

Exclusion of further claims

Reasons for deviations from the target values described in the SLA:

no claims for damages
no termination rights
no reduction

unless mandatory legal regulations conflict with this.

Changes to the SLA

The provider is entitled to adapt this SLA to the extent that:

technical developments require this
Changes are reasonable for the customer
Liability

The provider assumes no liability for delays or failures in support, especially if these are due to third-party providers, external systems or force majeure.

Supplementary application of the Core Terms and Conditions

Otherwise, the general terms and conditions of SWIFT17 GmbH apply.

Privacy Policy - (Oceanone / SWIFT17 GmbH)

AS OF: 01. 04. 2026

VERSION DS 26. 03

Responsible person

The person responsible within the meaning of data protection laws is:

SWIFT17 GmbH

Zimmermühlenweg 71, 61440 Oberursel

HRB 16660, Bad Homburg vor der Höhe district court

Managing Director: Armand de Beer

Email: armand.debeer@sw-ift.com

General information on data processing

We process personal data exclusively within the framework of applicable data protection laws, in particular the GDPR.

Processing is carried out to:

Provision of our platform
Execution of contracts
technical provision and security
Communication with users
Contract-related data processing

When using our platform, we process in particular:

Master data (name, company, address)
Contact details (email, telephone number)
Contract data
Payment details
Usage Data

Purpose:

Fulfillment of contract
Invoice
Customer management
Legal basis: Article 6 Paragraph 1 Letter b GDPR
Advanced data collection according to usage scenarios

Depending on how the platform is used, the following data in particular may be processed:

Registration data (name, email, password, account ID)
Payment-related data (billing information, transaction data)
Communication data (support requests, chat histories, emails)
technical access data (IP address, log files, device information)
Usage data (interactions within the platform, use of functions)
Content data (website content, booking data, emails, uploaded files)
System data (server logs, error reports, performance data)

The specific processing depends on the functions and modules used.

Use of the platform (Oceanone)

When using the platform, the following are automatically processed:

Login details
Usage behavior
System access
technical log data
IP addresses

Purpose:

Provision of the platform
System security
Error analysis
Abuse detection
Legal basis: Article 6 Paragraph 1 Letter f GDPR
Automated setup of test, demo or project environments

If the user activates a corresponding function or agrees to this, the provider can automatically create accounts, test environments, temporary website copies, project previews, demo instances or other technical environments to demonstrate services, test, migrate, optimize or prepare for use of the platform.

Data, content, access information, URL information, website structures or other technical information provided or connected by the user may be processed to the extent that this is necessary to provide the respective function.

Temporary copies or demo environments can be automatically deleted after a period specified by the provider, provided there is no further use or legal retention requirements conflict with this.

The legal basis is Article 6 Paragraph 1 Letter b GDPR and, if applicable, Article 6 Paragraph 1 Letter a GDPR (consent).

Use of technical systems and subsystems

We use technical systems and infrastructure components to provide our services.

It may be necessary that personal data:

processed
saved
or transferred

become.

This processing takes place exclusively for contract fulfillment and system provision.

Data will only be passed on if this is necessary to provide the service.

International data processing

As part of the provision of services, data may also be processed outside the European Union.

In such cases we ensure that:

Appropriate guarantees exist in accordance with Art. 44 ff. GDPR
in particular standard contractual clauses are used
Use of third party providers and subcontractors

We use external service providers to provide the services, in particular for:

Hosting and infrastructure
Payment processing
Communication and support
Analysis and monitoring
AI-powered features

These may in particular be providers from the areas of cloud hosting, payment services, email communication, analysis tools and AI technologies.

A current overview of the subcontractors used can be provided upon request.

The legal basis is Article 6 Paragraph 1 Letter b GDPR and Article 6 Paragraph 1 Letter f GDPR (efficient and secure provision of our services).

Embedded content

Our platform can integrate content and services from third parties (e.g. videos, maps, external services).

These providers may collect personal data, in particular IP addresses.

The data protection regulations of the respective providers apply to the processing.

AI-powered features

When using AI functions, data entered can:

processed
analyzed
and used to generate content

The user is responsible for not entering sensitive or confidential personal data into such systems unless absolutely necessary.

The legal basis is Article 6 Paragraph 1 Letter b GDPR and Article 6 Paragraph 1 Letter f GDPR.

Email and communication

When you contact us, the following are processed:

E-mail address
Communication content
Metadata

Purpose:

Processing inquiries
Support
Contract communication
Communication and direct mail

We use your contact details to contact you about:

contract-relevant information
safety-related information
Changes to our services

to inform.

Where permitted by law, we may also send you information about similar products or services.

You can object to the use of your data for advertising purposes at any time.

The legal basis is Article 6 Paragraph 1 Letter f GDPR (legitimate interest in direct advertising) and - if necessary - Article 6 Paragraph 1 Letter a GDPR (consent).

Payment processing

Payment service providers are used to process payments.

The necessary payment data is transmitted to them.

The provider remains the customer's contractual partner.

The legal basis is Article 6 Paragraph 1 Letter b GDPR (fulfillment of the contract) and Article 6 Paragraph 1 Letter c GDPR (legal obligations).

Use of cookies and similar technologies

Our platform uses cookies and similar technologies to:

technical provision of the platform
Authentication and session management
Security and stability
Analysis and improvement of usage

Technically necessary cookies are used on the basis of Article 6 Paragraph 1 Letter f GDPR.

All other cookies and tracking technologies are used exclusively based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR.

You can withdraw your consent or adjust your cookie settings at any time.

Storage period

Personal data will only be stored for as long as necessary for:

Contract execution
legal retention obligations
legitimate interests

Unless specific information is provided, storage takes place:

for the duration of the contractual relationship
until the user account is deleted
in accordance with legal retention requirements
or until the respective processing purpose has been achieved

Short-term data processing (e.g. logs, temporary systems, analysis or test data) can be deleted after just a few days or weeks.

Unless specific storage periods are specified, personal data will be deleted as soon as they are no longer required for the respective purposes and there are no legal retention requirements.

Automated decisions

There is no exclusively automated decision-making within the meaning of Art. 22 GDPR.

If analysis or optimization processes are carried out, these serve exclusively to improve the platform and have no legal effect on the user.

Rights of data subjects

Data subjects have the right to:

to receive information about your data stored by us (Article 15 GDPR),
to request correction of incorrect data (Article 16 GDPR),
to request deletion of your data (Article 17 GDPR),
to request restriction of processing (Article 18 GDPR),
to request data portability (Art. 20 GDPR),
to object to the processing (Art. 21 GDPR),
to revoke consent given at any time (Art. 7 Para. 3 GDPR).

To exercise your rights, an informal message to the above contact address is sufficient.

You also have the right to complain to a data protection supervisory authority.

Obligation to provide data

The provision of certain personal data is necessary for the conclusion and execution of contracts.

Without this data, individual functions of the platform cannot be used or contracts cannot be carried out.

Right of appeal

There is a right to lodge a complaint with a data protection supervisory authority.

Security

We use technical and organizational measures to protect data from:

Loss
manipulation
unauthorized access

to protect.

Reporting data breaches

In the event of a breach of the protection of personal data, a report will be made to the responsible supervisory authority and to data subjects in accordance with Articles 33 and 34 of the GDPR, to the extent required by law.

Data Processing Agreement (DPA)

Pursuant to Art. 28 GDPR
contracting parties
Between

SWIFT17 GmbH

Zimmermühlenweg 71, 61440 Oberursel HRB 16660, Bad Homburg vor der Höhe District Court

Managing Director: Armand de Beer

hereinafter "processor” -
and
the customer - hereinafter "responsible person” -

the following agreement is concluded:

Subject and duration of processing

(1) The subject of this agreement is the processing of personal data by the processor on behalf of the controller as part of the use of the Oceanone platform.

(2) Processing is carried out on the basis of the contractual agreement between the parties.

(3) The duration of processing corresponds to the term of the respective main contract.

Type and purpose of processing

The processing includes in particular:

Provision and operation of websites and online services
Hosting and technical infrastructure
Management of domains
Providing email services
Provision of booking and communication systems
technical processing as part of AI-supported functions

The purpose of the processing is to carry out the contract and to provide the agreed services.

Type of data and categories of data subjects

(1) Data types:

Master data (name, company)
Contact details (email, telephone number)
Content data (website content, text, images)
Usage Data
Communication data
if applicable, payment details

(2) Affected persons:

Customers of the person responsible
Website users
End customers
Employees of the person responsible
Obligations of the processor

The processor undertakes:

Process data exclusively on documented instructions from the person responsible
to maintain confidentiality

Implement appropriate technical and organizational measures (TOMs).

to support those responsible in exercising the rights of those affected
Report data breaches immediately
comply with legal obligations
Right to give instructions

(1) The processor processes data exclusively in accordance with the instructions of the person responsible.

(2) Instructions can arise in particular from the main contract, the General Terms and Conditions and these AVV.

(3) Changes or additions to instructions must be in text form.

confidentiality

The processor ensures that:

all persons involved in the processing are obliged to maintain confidentiality
this obligation continues even after the termination of the activity
Technical and organizational measures (TOMs)

The processor takes appropriate technical and organizational measures in accordance with Art. 32 GDPR.

These include in particular:

Access controls
Encryption
Securing the systems
Backup strategies
Protection against unauthorized access
Ensuring availability and resilience

The measures are regularly checked and adjusted.

A detailed description of the technical and organizational measures will be made available to the person responsible upon request.

Use of subcontractors (subcontract processing)

(1) The processor is entitled to use additional processors.

(2) This includes in particular technical infrastructure, hosting, software components and supporting systems.

(3) The processor ensures that:

Subcontractors are contractually obliged
an adequate level of data protection is guaranteed

(4) The person responsible agrees to the use of such subcontractors.

(5) The processor informs the person responsible about planned changes regarding the addition or replacement of additional processors at least 4 weeks in advance in text form. The person responsible may raise a written objection against a new subcontractor within 14 days of receiving the information, provided there are objective reasons.

Data transfer to third countries

(1) Processing can also take place outside the European Union.

(2) In such cases, the processor ensures that:

appropriate guarantees exist (e.g. standard contractual clauses)
an adequate level of data protection is guaranteed
Support obligations

The processor supports the person responsible with:

the protection of the rights of those affected
compliance with reporting obligations
Data protection impact assessments

to the extent that this is possible and reasonable within the scope of processing.

Control Rights

(1) The person responsible is entitled to check compliance with this agreement.

(2) This can be done by:

Self-disclosures
appropriate evidence
Certificates

(3) On-site inspections are only permitted if there are legitimate reasons and after appropriate advance notice.

Reporting data breaches

The processor immediately informs the person responsible about:

Personal data breaches
Security incidents

as far as these affect the person responsible.

Reporting data breaches

In the event of a breach of the protection of personal data, a report will be made to the responsible supervisory authority and affected persons within the statutory deadlines, in particular in accordance with Articles 33 and 34 of the GDPR, to the extent required by law.

Deletion and return of data

After termination of the contractual relationship, the processor will:

delete personal data or
return upon request

provided there are no legal retention obligations to the contrary.

This will take place no later than 60 days after termination of the contractual relationship.

The processor will confirm the complete deletion or return to the person responsible in text form upon request.

Liability

Liability is based on the contractual provisions agreed between the parties.

Final provisions

(1) Changes and additions to this agreement must be in text form.

(2) This AVV is concluded bindingly by agreeing to the general terms and conditions of the processor (e.g. by accepting the general terms and conditions when registering or using the Oceanone platform). The currently valid version is available on the processor's website.

(3) If individual provisions are ineffective, the effectiveness of the remaining provisions remains unaffected.

As of: 15/05/2026

Oceanone - Security & Compliance

overview

Oceanone (SWIFT17 GmbH) attaches great importance to the security, availability and integrity of the systems and services provided. Our security architecture is based on industry standards and is continually being developed.

This page serves to transparently present our security measures and does not represent a contractual guarantee of certain properties.

Security strategy

We pursue a multi-layered security approach ("defense-in-depth”) that combines technical, organizational and procedural measures.

Infrastructure & Hosting

The platform is provided via modern cloud infrastructures with high reliability.

Access & Authentication
Role-based access controls
Strong password requirements
Multi-factor authentication (if available)
Data Backup & Restore
Regular backups
Separate storage
Recovery options
Monitoring & protection mechanisms
System and traffic monitoring
Automatic warning mechanisms
Protection against typical attacks
Software & update security

Systems are regularly updated and checked.

Customer responsibility

The customer is responsible for secure use, access data and content.

Data protection & data processing

Processing takes place in accordance with the data protection declaration and, if applicable, AVV.

Security incidents

Appropriate analysis and remediation measures will be taken.

Responsible Disclosure

Report security vulnerabilities to: security@oceanone.io

Disclaimer

This information is for informational purposes only and does not constitute a contractual guarantee.

Oceanone Trust Center

Enterprise-grade security, privacy and availability

1. Overview

Oceanone (SWIFT17 GmbH) puts security, data protection and system availability at the center of all services. This trust center provides an overview of our technical, organizational and legal standards.

2. Security & Infrastructure

Oceanone follows a multi-layered security approach ("defense-in-depth”). This includes access controls, encryption, monitoring and protection mechanisms against attacks. The infrastructure is based on modern cloud technologies and is continually being developed.

3. Availability & Service Levels

The platform is designed for high availability. The decisive factor is the accessibility of published websites via HTTP/HTTPS. Availability is measured monthly. Details are regulated in the service level agreement (SLA).

The processing of personal data takes place in accordance with the GDPR. Measures include data minimization, access restrictions and the use of verified service providers. Details can be found in the data protection declaration.

5. Order processing (AVV)

If data is processed on behalf of the customer, this is done on the basis of an AVV in accordance with Art. 28 GDPR. This regulates the scope, purpose and security measures of processing.

6. Third Party Providers & Infrastructure

Third-party providers can be used to provide the service (e.g. cloud, hosting, payment services). These are subject to high security and data protection requirements.

7. Domain Services

Domain registrations are carried out via connected registrars. The allocation is subject to the respective guidelines (e.g. ICANN). Oceanone acts as a technical provider or intermediary.

8. System Operations & Updates

Systems are regularly maintained and updated. Updates may cause technical changes. Customers should make appropriate backups.

9. Customer Responsibility

Customers are responsible for secure credentials, legal content and compliance with legal requirements.

10. Security Incidents

Security incidents are analyzed, isolated and resolved. If necessary, legally required information will be provided.

11. Responsible Disclosure

Vulnerabilities can be reported to: security@oceanone.io

12. Legal Notice

This trust center serves exclusively for informational purposes and does not represent a contractual guarantee. The general terms and conditions, SLA and AVV are decisive.

Oceanone - Acceptable Use Policy (AUP)

Policy on Acceptable Use
principle

Use of the Oceanone Platform may occur solely within the scope of applicable laws and this Agreement.

Prohibited Content and Activities

In particular, the use of the platform for:

a) Illegal content
Violations of applicable law
Violation of copyright, trademark or personal rights
b) Harmful or abusive content
Distribution of malware or malware
Phishing, fraud or deception
Spam or unsolicited mass communications
c) Security threat
unauthorized access
Load or disruption of systems (e.g. DDoS)
Exploitation of security vulnerabilities
d) Abuse of AI functions
Creating unlawful or misleading content
Deception through automated content (e.g. deepfakes)
Violation of third party rights through AI-generated content
e) Violation of data protection
unlawful processing of personal data
unauthorized data collection or sharing
Actions in the event of violations

In the event of violations, the provider is entitled:

Remove or block content
Restrict services
Suspend or terminate accounts

We reserve the right to take further legal action.

Changes

This policy can be adjusted if this is reasonable for the user.

Complete Document Content

PART A - Core Terms and Conditions

Scope

Platform description (Oceanone)

Subject of the contract

Product modules

Use of technical systems and third-party services

References to third-party content and external systems

Services of the provider

Commitment to accessibility

Support and communication

Electronic communication

Obligations of the customer

Prohibited use

Review, Rejection and Removal of Content

Intellectual property of the provider

Feedback and ideas

Open source software and third party software

No use of third-party trademarks without authorization

Reference and use as a project example

Notices of legal violations

Account and Registration

Prices and payment

Contract term and termination

Availability and maintenance

Liability

AS-IS / NO WARRANTY

Data protection

Final provisions

PART B - Product Modules

PM-01 - Domain conditions

Scope of the domain module

Subject of the contract

Creation of domain-related services

Awarding by third parties / awarding rules

No guarantee for registration and existence

Registration Data and Sharing

Ownership and attribution

Term, extension and termination

Change of provider/domain transfer

Blocking, deactivation and deletion

Return, deletion and forfeiture

Fees and continued payment obligation

Domain disputes

Liability and responsibility of the customer

Force majeure

Statute of limitations

No legal advice / no license plate check

Supplementary application of the Core Terms and Conditions

PM-02 - Website, AI and eCommerce Services

Scope

Subject of the contract

Trials, upgrades and refunds

AI-assisted generation (AI functions)

Import, replication and reconstruction of websites

Classification of AI-generated results

Use of tokens / usage quotas

E-commerce features

Hosting and system availability

Security measures and interventions in technical components

Changes and further developments

Updates, changes and technical risks

Data and backup

Restriction and blocking

Liability

No exclusivity / no restrictions on competition

Supplementary application of the Core Terms and Conditions

PM-03 - Booking system

Scope

Subject of the contract

Role of the customer

Bookings and availability

Payments in the booking system

Cancellations, no-shows and cancellations

Content and use

Technical limitations

Integration with other systems

Restriction and blocking

Liability

No guarantee of availability