Terms of Use for the Sennheiser CIAM Service
1. Introduction
The “Customer Identification and Access” service (“CIAM Service”) of Sennheiser electronic SE & Co. KG, Am Labor 1, 30900 Wedemark, Germany (hereinafter “Sennheiser”), enables users to register, sign in, and manage digital identities. By using the service, users accept these Terms of Use. Use of the service is only permitted if these conditions are complied with.
Sennheiser operates CIAM Service and is responsible for its technical and organizational management. Sennheiser is also the data controller within the meaning of the General Data Protection Regulation (GDPR) for the processing of users’ personal data within the CIAM Service.
The service is based on cloud infrastructure and identity services provided by Microsoft Corporation, in particular Microsoft Entra External ID. Microsoft is used as a subcontractor within the meaning of the GDPR. Processing takes place based on appropriate data processing agreements and suitable safeguards in accordance with Art. 28 and Art. 46 GDPR.
Sennheiser remains responsible in all cases for controlling the processing, ensuring the security of the service, and fulfilling data protection obligations towards users.
2. Definitions
“User”: Any natural person who uses the CIAM Service on their own behalf or on behalf of another party (e.g., as a representative of a legal entity).
“Organization”: A company providing its end users with access to the service.
“Service”: The CIAM service for authentication and authorization.
“Account”: The individual user account.
“MFA”: Multifactor authentication.
“Credentials”: Access information such as passwords or tokens.
“Security Incident”: Suspicion or confirmation of unauthorized access.
3. Scope & Conclusion of Contract
These terms apply worldwide, except in regions excluded by sanctions (see Section 15). The contract is concluded when registering for or using the service.
4. Account Creation & Identity
Users must provide accurate and complete information and keep it up to date. Accounts may not be shared.
Sennheiser may, to the extent permitted by law, require identity verification measures and additional authentication procedures, including multifactor authentication (MFA), if needed to secure the service or comply with legal requirements. The type and scope of data processed for this purpose follow from the privacy policy.
5. Permitted Use & Prohibited Activities
The service may only be used for authentication and authorization of approved applications. The following actions are strictly prohibited: circumvention of security mechanisms, automated attacks, reverse engineering, manipulation of tokens, and any activity that jeopardizes the security or integrity of the service. Violations may result in account suspension. The same applies in cases of a security incident.
Sennheiser may temporarily or permanently suspend user accounts if there are specific indications of misuse, a security incident, or a violation of these Terms of Use. Users will be informed of the suspension unless security or legal reasons prevent this, and they will have the opportunity to clarify the situation.
There is no right to reinstatement of access.
There is no entitlement to permanent availability of a user account or a particular digital identity.
Sennheiser may adjust, extend, or restrict authentication methods and security mechanisms at any time if required for security, technical, or regulatory reasons.
6. Security & Access Controls
Sennheiser implements appropriate technical and organizational security measures, including MFA options and rolebased access control. Security incidents are handled according to appropriate processes.
Sennheiser will promptly notify affected users if a security incident is likely to pose a risk to their personal data or account security. Legally required notifications to supervisory authorities will be made in accordance with GDPR requirements.
Incidents without any impact on personal data or user accounts do not require notification.
7. Data Protection & Data Processing
Personal data is processed in accordance with the GDPR. Additional details are provided in the separate privacy policy. Data is stored in the EU/EMEA; transfers to third countries occur only under the legal conditions.
8. Availability & Maintenance
The service is provided “as available.” No service levels are guaranteed. Maintenance may lead to temporary limitations; users will be notified in advance where possible.
9. Communication
Communications may be made via the user portal or by email and are deemed delivered when received. Users must provide a valid email address.
10. APIs, SDKs & Branding
Organizations and their developers may use provided APIs or SDKs on a nonexclusive, revocable basis. Prohibited activities include sharing keys, bypassing rate limits, or performing load tests without approval. Branding may only be used according to applicable guidelines.
11. Liability
Sennheiser provides no guarantee for uninterrupted availability. Unlimited liability applies in cases of intent, gross negligence, and damage to life, body, or health. In all other cases, liability for slight negligence is limited to typical, foreseeable damage.
The CIAM Service is based on thirdparty cloud infrastructure and identity services, in particular Microsoft Entra External ID. Sennheiser is not liable for disruptions, outages, or limitations caused by factors outside Sennheiser’s control, including errors, interruptions, or changes in the performance of the respective cloud providers.
Statutory liability of Sennheiser for intent, gross negligence, and for damages to life, body, or health remains unaffected.
12. Suspension & Termination
Sennheiser may immediately suspend accounts in case of violations or security risks. Ordinary termination may occur with 30 days’ notice. After termination, the account will be deactivated, and data will be deleted or anonymized in accordance with legal requirements.
13. Changes to These Terms
Sennheiser may amend these Terms of Use. Material changes will be announced in advance and may require renewed consent. Sennheiser may suspend further use of the service until users have accepted the changes.
Sennheiser may adjust the operation of the CIAM Service if required to comply with legal, regulatory, or governmental requirements.
14. Governing Law & Jurisdiction
German law applies. Jurisdiction is the location of the operator’s registered office, where legally permissible.
15. Geographic Restrictions (Sanctions)
Use of the service is not permitted in countries sanctioned by the United States and/or the European Union, or by persons or organizations listed as sanctioned in such countries. Sennheiser may block access if sanction circumvention is suspected.
Last updated: December 9, 2025
