SaaS (Software as a Service) / General Terms and Conditions / Terms of Use

Modern online platforms are often designed as software as a service (SaaS). Economically, the aim is to offer the customer a service and relieve them of the burden of maintenance and care. The contract is structured as a continuing obligation in which payment is made according to certain time units (often monthly or annually). But how should the general terms and conditions be structured and what are the legal requirements?

Overview of the legal structuring measures

In particular, the following must be taken into account in the legal structure

  • the design of the general terms and conditions (GTC) of the SaaS platform (also: terms of use), i.e. the contractual relationship between the provider and the customer

  • compliance with information obligations

  • the design of the platform in accordance with e-commerce law, including the necessary technical measures (e.g. an email to confirm access to a registration application)

  • compliance with data protection law when designing the technology, e.g. when integrating cookies

  • the design of the content of the "Data protection" page, i.e. the privacy policy or data protection information

  • compliance with consumer law if customers may be consumers

  • the design to prevent warnings if consumers are not intended to be customers

  • the limitation of liability risks, e.g. in the event of the failure of a rented server

  • the warning-proof design of all advertising statements in text and images, in particular in accordance with competition law (UWG) and trademark law (MarkenG, UMV) as well as sector-specific laws depending on the subject matter of the SaaS platform

  • the proper integration of third-party content, such as third-party images and their licenses

  • the consideration and reduction of liability risks with regard to the setting of hyperlinks or "framing", such as YouTube videos

  • compliance with the German Price Indication Ordinance (PAngV)

  • compliance with third-party license terms, e.g. if parts of the SaaS platform are based on open source software

  • the design of the legal notice

Prioritizing the legal issues

In view of the scope of the regulations to be observed, a measured assessment must be made of which steps are necessary and to what extent. For example, the design of the general terms and conditions of the SaaS platform should be in place from the outset in order to ensure that the necessary contractual rights and obligations towards all customers become part of the contract.

Basic consideration: Operator of the platform

The first thing to consider, however, is who the platform operator should be. It is conceivable, for example, to establish a separate company (e.g. a GmbH). On the one hand, liability can be further limited via a separate company. On the other hand, the company also makes it possible to simply sell the platform at a later date - should this be desired. This is because all contracts and data protection relationships are concluded in the person of the platform operator. If the platform operator is therefore a natural person, a subsequent sale can cause considerable difficulties. If the platform was operated by a limited liability company (GmbH), the shares in the GmbH could be transferred comparatively easily.

Basic consideration: Orientation towards foreign countries

Another fundamental consideration concerns the question of which countries the SaaS platform should be aimed at. There is a certain degree of standardization within the EU and the EEA. However, there are still numerous differences that need to be taken into account, depending on the specific focus of the SaaS platform. In Germany, for example, a customer submits a contract offer by sending the registration form, which the platform operator can accept or reject. In France, on the other hand, the registration form on the SaaS platform is generally regarded as an offer by the operator that the customer can accept. The difference is significant for the question of when exactly the contract is concluded and at what point in time, for example, the general terms and conditions must be included or information about a consumer's right of withdrawal must be provided.

Fortunately, however, there is increasing standardization. From 25.05.2018, for example, the EU General Data Protection Regulation (GDPR) will come into force, meaning that a largely uniform data protection law will apply throughout Europe without the need to comply with national standards to a significant extent. On the other hand, it should be noted that the GDPR expressly stipulates that in the event of data protection violations, "dissuasive" fines that can amount to up to EUR 20 million or 4% of annual global turnover. Under the German Federal Data Protection Act (BDSG), the range of fines was only up to EUR 0.3 million. A breach of the GDPR may already exist if the required consent is missing.

Conclusion

As you can see from the topics presented, the design of the GTC for the SaaS platform is only one of many topics, albeit a fundamental one. It is interesting to note that under German law, there is not even an obligation to use GTCs. The use of GTCs is solely in your interest to limit liability and to define the rights and obligations in relation to the customer. Often, however, legally required information is also provided within GTCs. If no GTC are provided, this information must be contained in other documents. It is important to create a legal structure tailored to your SaaS platform with its special features.