Terms of Service

§ 1 Scope

These Terms govern the contractual relationship between the customer (hotel operator) and the operator of the Climactra platform (hereinafter “Provider”). Consumers within the meaning of § 13 BGB / Art. 3 D.Lgs. 206/2005 are excluded from using the service. Deviating terms of the customer do not apply. The service is offered exclusively to hotel operators based in Italy and the DACH region (Germany, Austria, Switzerland). The Provider may reject registrations and contract offers from customers based outside this target market without giving reasons, or deactivate already-created accounts without grandfathering.

§ 2 Subject Matter

Climactra is a web-based sustainability platform for hotels. The service includes recording, calculating and documenting CO₂ emissions per the GHG Protocol and HCMI, a weighted sustainability score, readiness assessment for sustainability labels, measure recommendations with savings potential, as well as PDF reports, label export templates and dashboard features as per the chosen plan. Climactra is a reporting and preparation tool; the awarding of certifications or labels is carried out solely by the respective responsible bodies.

§ 3 Registration, Account and Authority to Contract

• Registration with a valid business email address is required for use. The email address is verified by sending a one-time code (OTP); without successful verification the account cannot be activated.
• The customer is responsible for the security of their login credentials and is liable for all activity under their account. The Provider strongly recommends activating two-factor authentication (TOTP).
• Multiple accounts for the same individual are not permitted.
• The Provider may suspend or delete accounts for violations of these Terms after prior notice.
• Authority to contract: By creating each hotel within the account, the customer confirms that they are authorised to conclude the usage agreement, including the Data Processing Agreement (Appendix 1), on behalf of the relevant hotel entity. For an account managing multiple hotels of different legal entities, this confirmation applies per hotel.
• Invited staff (roles EDITOR, VIEWER, AUDITOR): Acceptance of these Terms and the Privacy Policy by invited users is a prerequisite for platform use but does not constitute a separate contract with the Provider. The contractual partner remains the account owner (OWNER) who created the hotel.

§ 4 Scope of Services

Features depend on the chosen plan:

• Trial: 14 days free, no credit card required. Full feature set for data capture and analysis (data entry, GHG Protocol Scope 1–3 calculation, sustainability score, label readiness, measure recommendations with ROI). The Trial does not include the official exports: all PDF reports (including the CO₂ report with serial number), label submission documents and CSV export. After 14 days the account automatically switches to read-only mode unless a paid subscription is concluded.
• Professional: Subscription per hotel — each hotel has its own subscription. A single account can manage any number of hotels; each hotel starts in a 14-day Trial and is switched to Professional individually. Per hotel: unlimited users, all PDF report types (CO₂ report with serial number and SHA-256 checksum), full audit trail, historical year-over-year comparisons, CSV import/export, label submission exports for Green Key, GreenSign, EU Ecolabel and the South Tyrol Sustainability Label, plus the Audit Bundle for external auditors.

The exact scope of features is defined by the current service description on the website.

The Provider may develop and improve the scope of services. Material reductions to existing core features of the subscribed plan will be announced at least 30 days in advance via email. In such case, the customer has the right to terminate the agreement effective at the date of the change.

§ 5 Pricing and Payment

• The Professional plan costs €89/month per hotel when billed annually (€1,068/year). Earlybird offer: any individual hotel subscription first upgraded to the Professional plan on or before 31 August 2026 receives a permanently reduced price of €59/month (€708/year). The Earlybird price is tied to the specific hotel subscription and applies only as long as that subscription continues uninterrupted; if it is cancelled and the hotel is later re-added, the discount no longer applies. Additional hotels added after 31 August 2026 are billed at the then-current regular price. Current prices are available on the pricing page at https://climactra.com/preise and in the app under Account → Billing. Climactra operates under the Italian flat-rate scheme (Regime Forfettario, Law 190/2014). Invoices are issued without Italian VAT pursuant to Article 1(58)(d) of Law 190/2014 — the stated price is therefore both the net and the gross amount. The stamp duty payable under Italian law on invoices exceeding €77.47 (marca da bollo, currently €2.00) is borne by the Provider and not charged to the customer. Should Climactra exceed the Forfettario revenue threshold and move to the standard tax regime, customers will be notified by email in good time.
• Payment is processed via credit card through Stripe.
• Invoices are provided electronically within the account.
• In case of payment default, the Provider may suspend access to the Professional plan after a reminder with a 14-day grace period; the account is then placed in read-only mode — data remains viewable and downloadable via the data-export function in your account (GDPR Art. 20), while new entries as well as report and CSV exports are disabled.

§ 6 Free Trial

• The Professional plan can be tested free of charge for 14 days.
• After the trial period, the account is automatically placed in read-only mode unless a paid subscription has been taken out. In read-only mode all data remains viewable and downloadable via the data-export function in your account (GDPR Art. 20); new entries as well as report and CSV exports are disabled.
• All data is fully retained during the downgrade.

§ 7 Term and Termination

• An account without a paid subscription (trial or read-only mode) is indefinite and can be terminated at any time by deleting the account.
• The Professional plan has a minimum term of one year (annual billing) and renews automatically for the same period.
• Termination is possible at any time, effective at the end of the current billing period — via email to info@climactra.com or through the account settings.
• Upon termination of the Professional subscription, the affected hotel switches to read-only mode at the end of the current billing period. In this state all data remains viewable; a full download of your own data remains available via the data-export function in your account (GDPR Art. 20). New entries as well as report generation and CSV exports are disabled. There is no automatic deletion — data is retained until the customer actively deletes the hotel or account (GDPR Art. 17, right to erasure).
• Upon active deletion of a hotel or account (Account → Settings), deletion is immediate and irreversible. Active Stripe subscriptions are automatically cancelled prior to deletion. Evidence documents are subject to the retention periods set out in the Privacy Policy (see § 4 there).

§ 8 Availability

• The Provider operates the platform on a best-effort basis in accordance with current technical standards. No specific minimum uptime or service level is guaranteed. Scheduled maintenance windows are excluded.
• Scheduled maintenance is announced at least 48 hours in advance via email.
• Short-term interruptions for security updates are permitted without prior notice.

The Provider is not liable for interruptions or data loss caused by force majeure, including but not limited to natural disasters, war, pandemics, government orders, failure of third-party providers (hosting, DNS, payment processors) or cyberattacks that could not be prevented despite reasonable security measures.

§ 9 Customer Obligations

• The customer shall ensure that all consumption data entered is accurate and complete. Responsibility for data quality rests with the customer.
• The customer is responsible for complying with their own data protection obligations as a data controller under the GDPR. In particular, the customer informs their staff and any other users of the hotel account pursuant to Art. 13 GDPR about data processing in Climactra, including the audit trail (every data change is logged with user attribution), and about the existence of this Data Processing Agreement (Appendix 1).
• The service may not be misused, in particular for automated mass requests, reverse engineering, or attempts to circumvent security mechanisms.

§ 10 Intellectual Property

• All rights to the software, design, algorithms and the Climactra brand remain with the Provider.
• Data entered by the customer remains the intellectual property of the customer.
• Generated PDF reports may be freely used, copied and shared with third parties by the customer.

§ 11 Limitation of Liability

• The Provider is fully liable for intent, gross negligence and for damages resulting from injury to life, body or health. A limitation of liability for these cases would in any event be void under Art. 1229 Italian Civil Code.
• For slight negligence, the Provider is liable only for breach of material contractual obligations (cardinal obligations), limited to foreseeable, typically occurring damages.
• Insofar as the Provider is liable for slight negligence only, liability is limited in amount to the fees paid by the customer in the preceding 12 months, but no less than €500. This monetary cap expressly does not apply to the cases listed in § 11a (intent, gross negligence, personal injury) and does not apply within the scope of Art. 1229 Italian Civil Code.
• Climactra reports do not replace an external audit or accredited certification. The Provider is not liable for regulatory, financial or business decisions made on the basis of the reports.

§ 12 Warranty

• The Provider warrants that the service substantially conforms to the current service description.
• Emission factors are sourced from recognised public sources — in particular ISPRA, DESNZ/DEFRA, UBA (German Federal Environment Agency), AIB (electricity residual mix), IPCC and EU F-gas Regulation (EU) 2024/573, and Eurostat (HICP for inflation adjustment). Spend-based Scope 3 factors (e.g. food) are based on EEIO sector averages as an internal estimate following GHG Protocol methodology. The factor source used for each calculation is disclosed in the generated report. The Provider does not warrant the accuracy of the source data.
• Defects will be remedied within a reasonable time after notification. The customer must report defects promptly upon discovery.

§ 13 Data Protection

The processing of personal data is governed by the Privacy Policy (available at /en/datenschutz). Where the customer provides personal data to the Provider for processing on the customer's behalf, the Data Processing Agreement (Appendix 1 of these Terms) applies. All customer data is stored on servers within the European Union (Hetzner Online GmbH, Germany). Transfers to third countries are made solely to the recipients listed in the Privacy Policy (Stripe Inc. for payment processing, Functional Software Inc. for error monitoring, HaveIBeenPwned for password security checks) on the legal bases set out there (EU-US Data Privacy Framework, Standard Contractual Clauses, K-Anonymity).

§ 14 Amendments

• The Provider may amend these Terms with 30 days' notice.
• Amendments will be communicated via email to the registered address and displayed in the account.
• If the customer does not object within 30 days of receiving the amendment notice, the new Terms are deemed accepted. This legal consequence will be stated in the amendment notice.
• In case of objection, the Provider may terminate the agreement effective at the date the new Terms come into force.

§ 15 Final Provisions

• The laws of the Republic of Italy shall apply, to the exclusion of the United Nations Convention on Contracts for the International Sale of Goods (CISG) and to the exclusion of conflict-of-laws rules.
• The exclusive place of jurisdiction for all disputes arising from this agreement is Bolzano (Italy).
• Should any provision of these Terms be or become invalid, the validity of the remaining provisions shall remain unaffected.
• No oral side agreements exist. Amendments and additions require text form (email suffices).
• The Provider may transfer rights and obligations under this agreement to a legal successor. The customer will be notified 30 days in advance and may terminate the agreement effective at the transfer date. The customer may only transfer the agreement with the Provider written consent.
• In case of discrepancies between language versions of these Terms, the Italian version shall prevail.
• Provider information pursuant to D.Lgs. 70/2003 (Italian E-Commerce Act) is available in the Legal Notice (Impressum).

§ 16 Express Approval of Specific Clauses (Art. 1341–1342 Italian Civil Code)

Pursuant to Art. 1341 and 1342 of the Italian Civil Code (Codice Civile), the customer expressly approves the following clauses upon registration:

• § 7b — Automatic contract renewal
• § 8d — Liability exclusion for force majeure
• § 11 — Limitation of liability
• § 14c — Tacit acceptance of amended terms
• § 14d — Provider's right to terminate upon objection
• § 15b — Exclusive jurisdiction in Bolzano
• § 15e — Provider's right to transfer the agreement

§ 17 Data Foundations and Trademark Rights

Climactra's calculations (emission factors, score thresholds, certification criteria) are based exclusively on publicly available scientific and governmental data sources. A complete list of all sources, their licenses and mandatory attributions is available on the Data Sources page. /datenquellen

• Climactra is an internal reporting and preparation tool. Climactra is NOT a certification body, does not issue labels and does not replace an official audit pursuant to ISO 14064-3 or comparable standards.
• Climactra is not accredited by or affiliated with Foundation for Environmental Education (Green Key), GreenSign GmbH, EU Ecolabel, IDM Südtirol or any other certification body.
• All trademarks, logos and word marks are the property of their respective owners. Climactra uses these names exclusively in the sense of nominative use under Art. 14 EU Trademark Regulation and the equivalent national provisions (§ 23 German Trademark Act, Art. 21 Italian Industrial Property Code).
• Mandatory attributions under the applied licenses: "Contains public sector information licensed under the Open Government Licence v3.0" (UK DESNZ/DEFRA); "Extracts from ISPRA documents are reproduced on the condition that the source is acknowledged"; "Source: Eurostat"; JRC133332 under CC BY 4.0; UBA emission factors under CC0 1.0.
• The customer acknowledges that the factors underlying the calculations are subject to periodic updates. Climactra documents the factors used together with their data status per activity (frozen-factor pattern), ensuring that historical calculations remain reproducible.

A§ 1 Subject and Duration

The processor processes personal data on behalf of the controller as part of providing the Climactra platform. The duration of processing corresponds to the term of the service agreement.

A§ 2 Nature and Purpose of Processing

Processing includes the storage, calculation and display of consumption data, emission values and operational metrics for CO₂ accounting per GHG Protocol and HCMI.

A§ 3 Types of Personal Data

• User account master data (first name, last name, email address, language preference)
• Hotel data (name, address, star classification, number of rooms/beds, operational metrics, primary contact email) and, for Italian hotels, the tax identification details where provided (Partita IVA, Codice Fiscale, PEC email address, ATECO code), or for DACH hotels the VAT ID.
• Consumption data, calculated emission values and other environmental metrics
• Security logs (IP addresses, user agent, login timestamps, authentication hashes)
• Uploaded evidence documents (e.g. energy bills, delivery notes, audit evidence) which may contain personal data of third parties (supplier contact persons, hotel staff acknowledging receipt)
• Audit-trail entries with user attribution for each data change (obligation to ensure reproducibility of historical reports)
• Membership data: assignment of user accounts to hotels with role (OWNER, EDITOR, VIEWER, AUDITOR)

A§ 4 Categories of Data Subjects

• Hotel users (hotel staff, sustainability managers, management)
• Indirectly: hotel guests (only as aggregated metrics — guest nights; no individual personal data)

A§ 5 Obligations of the Processor

• Processing only on documented instructions of the controller (Art. 28(3)(a) GDPR).
• Confidentiality obligations for all persons involved in data processing (Art. 28(3)(b) GDPR).
• Implementation of technical and organisational measures per Art. 32 GDPR (see A§ 7).
• Assistance with data subject requests (Art. 28(3)(e) GDPR).
• Assistance with data protection impact assessments upon request (Art. 35–36 GDPR).
• Notification of data breaches to the controller without undue delay, no later than 48 hours after becoming aware.

A§ 6 Sub-processing

The processor engages the following sub-processors:

• Hetzner Online GmbH, Gunzenhausen, Germany — hosting (VPS) and backup storage (EU servers)
• Stripe Payments Europe Ltd., Dublin, Ireland (parent company Stripe Inc., USA) — payment processing and invoicing (payment and billing master data: company name, VAT ID/Partita IVA, billing address, PEC, Codice Fiscale; no emission/consumption data; EU-US Data Privacy Framework + Standard Contractual Clauses)
• Functional Software Inc. (Sentry), San Francisco, USA — error tracking and performance monitoring (technical error data only, no personal data; Standard Contractual Clauses)
• Brevo SAS (formerly Sendinblue), Paris, France — delivery of transactional emails (verification codes, security warnings, billing notifications). Processes only the recipient email address, subject and message content. Primarily located and processing within the EU (France); for its mailing infrastructure Brevo uses sub-processors including in the USA (Amazon Web Services) on the basis of Standard Contractual Clauses and the EU-US Data Privacy Framework.
• IONOS SE, Montabaur, Germany — domain registrar, DNS and email mailbox (info@climactra.com) for receiving business correspondence. EU servers, no third-country transfer.

The controller consents to the engagement of the above sub-processors by accepting these Terms.

Changes to sub-processors will be communicated 30 days in advance via email. In case of objection, the controller may terminate the agreement effective at the change date.

A§ 7 Technical and Organisational Measures (Art. 32 GDPR)

• Passwords: bcrypt with cost factor 12
• TOTP secrets: AES-256-GCM encryption
• Transport: HTTPS with HSTS (1 year, preload)
• Database: PostgreSQL on dedicated EU servers (Hetzner, Germany)
• Backup: Daily encrypted backups (rotation: 7 daily, 4 weekly, 6 monthly)
• Access control: Role-based permission system (OWNER, EDITOR, VIEWER, AUDITOR)
• Brute-force protection: Persistent rate limiting and account lockout
• Audit trail: Full change history of all emission data with user attribution

A§ 8 Assistance with Data Subject Rights

The processor assists the controller through:

• Data export (JSON) via account settings (Art. 15, 20 GDPR)
• Account deletion including all associated data (Art. 17 GDPR)
• Information on stored data upon written request (Art. 15 GDPR)

A§ 9 Deletion and Return

• After termination of the agreement, the data initially remains accessible in read-only mode and is not deleted automatically. Deletion takes place at the controller's choice (Art. 28(3)(g) GDPR): as soon as the controller actively deletes the hotel or account, all personal data is deleted immediately and irreversibly, unless a statutory retention obligation applies.
• The controller may perform a complete data export (JSON) via the account settings prior to deletion.

A§ 10 Audit Rights

• The controller has the right to verify compliance with this DPA (Art. 28(3)(h) GDPR).
• The processor shall provide all information necessary to demonstrate compliance with Art. 28 GDPR upon request.
• On-site inspections are facilitated after prior written arrangement with at least 30 days' notice. The costs of inspection are borne by the controller.