Legal
Here you will find answers to your questions about our guidelines, intellectual property, corporate governance, corporate compliance, and other topics. The protection and security of your data and other legal topics are very important to us. View legal topics below to learn more.
According to § 5 TMG
sqanit GmbH
Balanstraße 71a
81541 Munich
Represented by Business Executives
Mr. Markus Gatzke, Mr. Christian Hieronimi
Contact
sqanit GmbH
Balanstraße 71a
81541 Munich
Telephone +49 (0) 89 44451155
E-Mail: info@sqanit.com
Sales Tax Identification Number
Sales tax identification number according to §27a sales tax law:
UStID DE 297723328
Commercial Register Entry
Register Court Munich
HRB 214318
Last update Feb 2024
The protection and security of your personal data are very important to us, sqanit GmbH. We take the legal requirements of data protection and data security very seriously.
The following information applies to our website under https://www.sqanit.com (“sqanit website”) and provides you with an overview of which personal data we collect via The sqanit website and for what purposes. In addition, we hereby inform you of your rights in relation to us with regard to your personal data.
IN NO CASE WILL YOUR PERSONAL DATA BE FORWARDED TO THIRD PARTIES, UNLESS OTHERWISE SPECIFIED BELOW.
1. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?
sqanit GmbH, Balanstraße 71a, 81541 Munich, Germany (“sqanit”), is responsible for processing your personal data.
You can also contact us by e-mail with your data protection concerns or in exercise of your rights: privacy@sqanit.com.
2. WHAT ARE PERSONAL DATA?
“Personal data” means any information relating to an identified or identifiable natural person, i.e. in your case all information that we are able to associate with you, even if only indirectly.
3. HOW DO WE COLLECT YOUR DATA?
We collect your data by a contact form we provide for this purpose on our sqanit website. Other data will be automatically recorded by our IT systems when you visit the sqanit website. Further details you may find below.
4. WHICH PERSONAL DATA DO WE COLLECT AND FOR WHAT PURPOSES?
4.1 Log files (internet protocols)
When you visit our sqanit website, our IT systems automatically collect and store so-called log file information that your internet browser transmits to us. This includes:
- Internet browser type/version
- operating system used
- host name of the accessing computer (your IP address)
- date and time of the request to our server
- requested website.
This information is partly required for technical reasons in order to show you our sqanit website and to ensure its stability.
IP addresses are stored in our log files in order to enable us to pursue our rights in the event of an attack on our IT systems and restore the security of the IT systems (our legitimate interest; legal basis is Art. 6(1)(f) of the General Data Protection Regulation, “GDPR“).
We are not able to assign the data to any person except for the IP address. The IP address is only assigned in the case of an attack. Beyond that we do not merge the data with other data sources. The IP addresses are deleted within 14 days.
4.2 Contact form on the sqanit website
If you use the contact form on the sqanit website, we collect the following information from you (legal basis is Art. 6 (1)(f) GDPR):
- Company
- Name
- Email address
- Additional data, if voluntarily provided by you
On the sqanit website, an e-mail address (contact@sqanit.com/kontakt@sqanit.com) for contacting us is provided on the contact form highlighted in blue when you click on “SEND REQUEST”. If you send us an email, the personal data transmitted with the email will be collected. If your email contact is aimed at concluding a contract (e.g. a binding offer), an additional legal basis for the processing is Art. 6(1)(b) GDPR. In case we are contacted by you, this also constitutes our necessary legitimate interest in processing the data.
The data will only be used for processing your contact request. Your personal data will be deleted as soon as they are no longer required for this purpose. This is the case when the respective request from you has been completely processed, unless (i) you consent that your data may be retained beyond this term (legal basis is Art. 6(1)(a) GDPR, (ii) we are obliged to retain your data due to statutory retention obligations, or (iii) we are entitled to retain your data for another reason.
4.3 Registration form for events on the sqanit website
If you use the registration form on the sqanit website, we collect the following data from you (legal basis is Art. 6 (1)(f) GDPR):
- First name
- Last name
- Email address
- Company name, which you may provide voluntarily
- Message, which you may provide voluntarily
If you click on “SUBMIT” in the registration form on the sqanit website, you will receive an email address (webinar@sqanit.com) where you can contact us. If you send us an email, we will collect the personal data transmitted with the email. If your email contact is aimed at the conclusion of a contract (e.g. binding offer), a further legal basis for the processing is Art. 6(1)(b) GDPR. If we are contacted by you, this also constitutes our necessary legitimate interest in processing the data.
The data will only be used to process your contact request. Your personal data will be deleted as soon as it is no longer required for this purpose. This is the case when the respective request has been fully processed by you, unless (i) you consent that your data may be stored beyond this period (legal basis is Art. 6(1)(a) GDPR, (ii) we are obliged to store your data due to legal obligations).
4.4 Use of Matomo
On our sqanit website, we use the web analysis service Matomo to analyze and check the use of our sqanit website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user.
Matomo cookies are stored on your computer for the purpose of web analysis. To analyze website usage, your IP address and information such as timestamps, websites visited and your language settings are recorded. We store the information collected in this way on our own server.
Our sqanit website uses Matomo with the “AnonymizeIP” extension. This shortens IP addresses. The shortened IP address transmitted by your browser using Matomo is not merged with other data collected by us. The legal basis for the use of Matomo is Art. 6(1)(a) GDPR. You can revoke your consent at any time, the easiest way to do this is via our cookie manager.
The Matomo program is an open source project. Information from the third-party provider on data protection can be found at Privacy Policy – Analytics Platform – Matomo.
4.5 HubSpot CRM
collects data about user behavior and device information through cookies and similar technologies. The collected data may include:
- Anonymized IP addresses of devices during website use,
- Screen size,
- Device type (including unique device identifiers),
- Browser details, and
- Preferred language settings for viewing our website.
This information is stored on our behalf by HubSpot CRM in pseudonymized user profiles. The data is processed within the AWS infrastructure in the United States East region or the Germany region, depending on the user’s geographic location and data residency preferences. HubSpot CRM is contractually obligated not to sell or misuse the data collected on our behalf.
For more information about how HubSpot CRM processes your data, please refer to HubSpot’s Privacy Policy. (https://legal.hubspot.com/privacy-policy)
4.6 Use of Google Maps
We use Google Maps services on our sqanit website. This allows us to show you interactive maps directly on our sqanit website and enables you to use the map function conveniently. The legal basis for the use of the maps is Art. 6(1)(a) GDPR, i.e. the integration only takes place with your consent.
By visiting our sqanit website, Google receives the information that you have accessed our sqanit website. In addition, the above-mentioned basic data such as IP address and timestamp are transmitted. This occurs regardless of whether Google provides a user account, where you are logged in, or whether no user account exists. If you are logged into your Google account, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
The information collected is stored on Google servers, including in the USA. In these cases, Google has stated that it is subject to the EU-U.S. Data Privacy Framework and has undertaken to comply with applicable data protection laws when transferring data internationally.
Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: Privacy Policy – Privacy & Terms – Google.
4.7 Use of Google Analytics
Our sqanit website uses Google Analytics, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The purpose of this tool is to enable us to analyse your user interaction on our sqanit website and to use the statistics and reports obtained to improve our offer and make it more interesting for you as a user.
We primarily record the interactions between you as a user of the website and our sqanit website via data on the device/browser, IP addresses and website or app activities. In Google Analytics, your IP addresses are also recorded to ensure the security of the service and to provide us as the website operator with information about the country, region or location from which the respective user comes (so-called “IP location determination”). For your protection, however, we naturally use the anonymization function (“IP masking”), i.e. Google truncates the IP addresses by the last octet within the EU/EEA.
Google acts as a processor and we have concluded a corresponding contract with Google. The information generated and the (usually shortened) IP addresses about your use of our sqanit website are usually transferred to a Google server in the USA and processed there. In these cases, Google has stated that it is subject to the EU-U.S. Data Privacy Framework and has undertaken to comply with applicable data protection laws when transferring data internationally.
The legal basis for the collection and further processing of the information is your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. In apps, you can reset the advertising ID in the Android or iOS settings or install the Google browser add-on, which can be accessed via the following link: Google Analytics Opt-out Browser Add-on Download Page.
For more information on the scope of services provided by Google Analytics, please see Terms of Service | Google Analytics – Google.
Google provides information on data processing when using Google Analytics at the following link: Safeguarding your data – Analytics Help (google.com).
General information on data processing, which according to Google should also apply to Google Analytics, can be found in Google’s privacy policy under Privacy Policy – Privacy & Terms – Google.
4.8 Google AdWords Conversion
a) We use Google AdWords to highlight our attractive offers on external websites through advertisements (so-called Google AdWords). This allows us to evaluate the effectiveness of individual advertising campaigns. Our goal is to present you with advertisements that are relevant to your interests, make our website more engaging for you, and ensure fair advertising cost calculations.
b) These advertisements are delivered by Google via “ad servers.” Ad server cookies are used to measure specific parameters of success, such as ad impressions or user clicks. If you visit our website through a Google ad, Google AdWords will place a cookie on your computer. These cookies generally expire after 30 days and do not personally identify you. The cookie typically stores a unique ID, the number of ad impressions per placement (frequency), the last impression (for post-view conversions), and opt-out information (indicating the user’s preference to no longer be targeted by ads).
c) These cookies allow Google to recognize your internet browser. If you visit certain pages on a website belonging to an AdWords customer and the cookie has not expired, Google and the AdWords customer can recognize that you clicked on the ad and were redirected to the website. Each AdWords customer is assigned a different cookie, so cookies cannot be tracked across the websites of different AdWords customers. We do not collect or process personal data through these advertising measures. Instead, we receive aggregated statistical evaluations from Google, which help us identify which advertising methods are particularly effective. We do not receive any further data from the use of these advertisements, and we cannot identify users through this information.
d) The marketing tools used automatically establish a direct connection between your browser and Google’s servers. We have no control over the scope and further use of data collected by Google through these tools. Based on our knowledge, we inform you of the following: through AdWords Conversion integration, Google receives information that you have visited a specific page on our website or clicked on one of our ads. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with or logged into Google, it is possible that Google will collect and store your IP address.
e) You can prevent participation in tracking in several ways:
- By configuring your browser to block third-party cookies, which will prevent ads from third-party providers.
- By disabling cookies for conversion tracking by blocking cookies from the domain “www.googleadservices.com“ in your browser settings (this setting will reset if you delete your cookies).
- By opting out of interest-based ads from providers participating in the “About Ads” self-regulation campaign via http://www.aboutads.info/choices (this setting will reset if you delete your cookies).
- By permanently disabling these cookies in your browser using the plugin available at http://www.google.com/settings/ads/plugin.
Please note that disabling these features may prevent you from fully utilizing all the functions of our website.
For more information on Google’s data protection policies, please visit:
Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. Google complies with the EU-US Privacy Shield Framework, as detailed here: https://www.privacyshield.gov/EU-US-Framework.
4.9 Google Remarketing
a) In addition to Google AdWords Conversion, we use the Google Remarketing application to re-engage with our website visitors. This process allows us to display our advertisements to you as you browse the internet after visiting our website. This is achieved through cookies stored in your browser, which Google uses to track and analyze your browsing behavior across various websites. These cookies enable Google to recognize your previous visits to our website. According to Google, the data collected through remarketing is not combined with any personal data stored by Google. Google states that pseudonymization is used during the remarketing process.
This includes:
- Internet browser type/version
- operating system used
- host name of the accessing computer (your IP address)
- date and time of the request to our server
- requested website.
b) You can prevent participation in this tracking process in several ways:
- Configure your browser settings to block third-party cookies, which will prevent you from receiving ads from third-party providers.
- Deactivate “personalized advertising” in your Google account settings via https://www.google.de/settings/ads.
- Disable interest-based ads from providers participating in the “About Ads” self-regulation campaign via http://www.aboutads.info/choices. Note that this setting will reset if you delete your cookies.
- Permanently disable personalized ads in your browser (e.g., Firefox, Internet Explorer, or Google Chrome) by installing the plugin available at http://www.google.com/settings/ads/plugin.
Please note that disabling these features may limit your ability to fully use all functionalities of our website.
For more details on Google’s data protection practices, visit:
Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. Google complies with the EU-US Privacy Shield Framework, as detailed here: https://www.privacyshield.gov/EU-US-Framework.
4.10 Use of LinkedIn Insight Tag
Furthermore, the sqanit website uses the LinkedIn Insight Tag (or LinkedIn Pixel) of LinkedIn Ireland Unlimited Company (“LinkedIn”). By integrating this JavaScript tag, we can show you, as a user of our sqanit website, interest-based advertisements that are relevant to you when you visit the LinkedIn social network or other websites that also use the process, and we receive statistics about website visitors and demographics. Furthermore, we can evaluate your use of our LinkedIn advertising and interest in our offers using a conversion tracking function and also show you LinkedIn ads on other websites via retargeting. In this way, we pursue the interest of improving the effectiveness of LinkedIn ads and making our sqanit website more interesting for you.
By integrating the LinkedIn Insight tag, your browser automatically establishes a direct connection with the LinkedIn server, both when you visit the LinkedIn website and from websites that have integrated the LinkedIn Insight tag. We have no influence on the extent and type of use of the data by LinkedIn, we therefore inform you according to our level of knowledge: By integrating the LinkedIn Insight tag, LinkedIn receives the information that you have accessed the corresponding website of our internet presence or have clicked on an advertisement from us. If you are registered with a LinkedIn service, LinkedIn can assign the visit to your account. Even if you are not registered with LinkedIn or have not logged in, there is a possibility that the provider will find out your IP address, time window and other identifying features and link them to the actions assigned to you.
The deactivation of the LinkedIn Insight tag and other advertising objections are possible in the settings for advertisements under Manage your advertising preferences | LinkedIn Help and additionally under Ads unsubscribe (Ads unsubscribe (linkedin.com). Further setting options and information can be found in the LinkedIn Privacy Center: Privacy Center (Datenschutz (linkedin.com).
The legal basis for the processing of your data is Art. 6(1)(a) GDPR, i.e. the integration only takes place with your consent. You can revoke your consent at any time, the easiest way is via our cookie manager. LinkedIn also processes your personal data in the USA and, according to its own information, has submitted to the EU-U.S. Data Privacy Framework (EU/EEA, UK, and Swiss data transfers | LinkedIn Help).
Further information on data processing by LinkedIn can be obtained from the provider, LinkedIn Ireland Unlimited Company, Attn: Legal Dept, Wilton Plaza, Wilton Place, Dublin 2, Ireland; information on the LinkedIn Insight Tag: LinkedIn Insight-Tag | LinkedIn Marketing Solutions; User Agreement | LinkedIn and the data protection information: LinkedIn Privacy Policy.
4.11 Social Media Links
We also use the following social media sites. The integration takes place via a linked graphic of the respective provider. The use of these graphics, which are stored on our own servers, prevents the automatic connection to the servers of the respective provider. You will only be redirected to the service of the respective social network if you click on the corresponding graphic.
As soon as you click on it, the social network can record information about you and your visit to our sqanit website. It cannot be ruled out that this data will be processed in the United States of America.
This includes the following data: Your IP address, the date and time and the page visited. If you are logged into your user account with the provider at the same time, the provider can assign the information collected about your visit to our sqanit website to your personal account. If you interact by clicking on “Like”, “Share”, etc., this information may be stored in your personal user account and possibly published on the respective social network. To prevent this, you must log out of your social media account before clicking on the graphic.
Networks also offer corresponding options in their settings to avoid this or to configure it accordingly.
The following social networks are integrated on our website: YouTube.
Integrated YouTube videos
a. Data processing
We have integrated YouTube videos into our online offering, which are stored on the YouTube platform and can be played directly from our sqanit website. YouTube is a service provided by Google LLC, D/B/A YouTube, 901 Cherry Ave, San Bruno, CA 94066, USA (“Google”). The videos are all integrated using the so-called “2-click mode”, which means that no data about you as a user is transmitted to Google if you do not activate the video function. Before the video function is activated, only a preview image is displayed, which is loaded from our own web server.
Data is only transmitted to Google if you activate this video function. After activation, we no longer have any influence on the data transfer. Data is transferred regardless of whether you are logged into a corresponding user account with Google. If you are logged into your Google account, your data will be assigned directly to your account.
b. Processing purposes and legal basis for processing
We use YouTube videos on our sqanit website so that you can watch YouTube videos easily.
The legal basis for the processing of your personal data is your consent in accordance with Art. 6(1)(a) GDPR. You give this consent by activating the video function. If activated, your personal data will be transferred to Google as described above.
The information collected is stored on Google servers, including in the USA. In these cases, Google has stated that it is subject to the EU-U.S. Data Privacy Framework and has undertaken to comply with applicable data protection laws when transferring data internationally.
If you have given your consent, you have the right to withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can withdraw your consent at any time for the future.
c. Further information
Further information on data processing, in particular on the legal basis and the storage duration by YouTube, can be found in Google’s privacy policy (https://policies.google.com/privacy) and in the privacy policy on the YouTube platform. There you will also find further information about your rights and options for protecting your privacy.
4.12 Newsletter Subscription and Tracking
a) With your consent, you can subscribe to our newsletter, through which we inform you about our latest offers and updates. The specific services or promotions will be detailed in the consent declaration. You may also subscribe via the “Lead Ads” feature provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”).
b) To ensure secure and verified registration, we use the double opt-in procedure. After subscribing, you will receive an email at the address you provided, asking you to confirm your subscription. If you do not confirm within 24 hours, your data will be temporarily blocked and automatically deleted after one month. We also store your IP address and the timestamps of your registration and confirmation to verify your subscription and address any potential misuse of your data.
c) The only required information to receive the newsletter is your email address. Additional details, where requested, are optional and used to personalize the newsletter. After confirming your subscription, your email address will be stored and used exclusively for sending the newsletter. The legal basis for this is Art. 6 para. 1 sentence 1 lit. a GDPR.
d) You can withdraw your consent and unsubscribe from the newsletter at any time. To do so, simply click the unsubscribe link provided in every newsletter or contact us using the information provided in the imprint.
e) Please note that we analyze your interaction with our newsletters to improve their relevance. This analysis is conducted using web beacons or tracking pixels embedded in the emails, which are one-pixel image files stored on our website. For evaluation purposes, we link the data mentioned in Section 3 and the web beacons to your email address and an individual ID. Links within the newsletter also contain this ID. This data allows us to track when you open our emails, which links you click, and your interests, creating a user profile to tailor content to your preferences.
You can disable this tracking at any time by clicking the opt-out link provided in every email or contacting us through other channels. If you unsubscribe from the newsletter, your data will be stored purely for statistical purposes in an anonymized format. Tracking is also disabled if your email client is set to block images by default. However, this may prevent the newsletter from displaying properly or limit its functionality. If you manually enable images, the tracking will resume.
Retention Period: Data collected for newsletter subscriptions or product demonstration requests will be deleted no later than 24 months after the last interaction.
5. RECIPIENTS OF YOUR DATA / THIRD COUNTRY TRANSFERS
5.1
We may also disclose or forward your personal data to IT service providers. We carefully select the IT service providers, and they work for us as data processors.
In order to comply with our statutory obligations regarding accounting and drawing up annual financial reportings, we use third parties who are legally obliged to maintain secrecy (tax consultants, auditors, and attorneys), because we cannot provide these services ourselves (legitimate interest). In the context of their work, they may receive your personal data as required in accordance with Clause 4 or gain access to this personal data (legal basis is Art. 6(1)(f) GDPR).
5.2
Data may be transferred to third countries (i.e. countries that are neither members of the European Union nor of the European Economic Area) if this is necessary to provide services to you, is required by law or if you have given us your consent. In addition, we may also transfer your personal data to processors in third countries.
The European Commission declares that some third countries have a level of data protection comparable to the European Union standard by means of a so-called adequacy decision. A list of these countries and a copy of the adequacy decisions can be found here: Data protection adequacy for non-EU countries (europa.eu). Please note that not all third countries have a level of data protection recognised as adequate by the European Commission. We will only transfer your personal data to third countries to the extent that this is permitted under Art. 44 – 49 GDPR. Insofar as we rely on suitable guarantees in accordance with Art. 46(2) GDPR (e.g. standard contractual clauses or binding corporate rules) when transferring to third countries, we will take additional technical and/or organisational measures insofar as this is necessary to maintain an adequate level of protection for your personal data.
6. DATA SECURITY
We use appropriate technical and organizational security measures in order to protect your data against accidental or intentional manipulations, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in accordance with technological developments.
We use SSL or TLS encryption for our contact form. You can recognize an encrypted connection in that the address line of the browser changes from “http://” to “https://”, and the lock symbol will appear in your browser line. If SSL or TLS encryption is enabled, the data you send to us (e.g. in the context of orders or requests) cannot be read by third parties.
7. YOUR RIGHTS
You have the following rights regarding your personal data (Art. 15 et seqq. GDPR):
- Right of access
- Right to rectification or erasure, as well as to restriction of processing (“blocking”)
- Right to data portability
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
Right to object to further processing:
If we process personal data of you on the basis of Art. 6(1)(f) GDPR (i.e. if we process such data to exercise our legitimate interests), you have the right to object to this processing at any time for reasons arising from your particular situation. We will then no longer process your personal data, unless we can demonstrate compelling protectable reasons for the processing that outweigh your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend our legal claims.
Last updated: Nov2024
Data Processing Agreement
between
the Provider
– hereinafter “Controller“-
and
sqanit GmbH, Balanstraße 71a, 81541 Munich, Germany
- hereinafter “Processor” –
– hereinafter Controller and Processor collectively also “Parties” –
1. GENERAL
1.1
This agreement contains a written order of the Controller to the Processor within the meaning of Article 28 of the Regulation (EU) 2016/679, the European General Data Protection Regulation (GDPR).
1.2
As far as the Federal Data Protection Act (BDSG) is mentioned here, these mentions refer exclusively to the BDSG which will be valid from 25 May 2018.
2. DEFINITIONS
2.1
“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.2
“Processing”/”processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation,structuring, storage, adaptation or alteration, retrieval,consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
3. SUBJECT AND TERM OF THE AGREEMENT
3.1
The subject, type and purpose of processing of Personal Data by the Processor on behalf of the Controller are laid down in the agreement between the Controller and the Processor according to the Processor’s Terms of Use (hereinafter “ToU Agreement“).
3.2
The following types of Personal Data are subject to this agreement:
- Contact details such as names, e-mail-addresses, mail addresses, phone numbers, login data, profession, job title.
- Location data and technical data for devices that can be assigned to a natural person.
- Inquiries and data relating to the processing of orders in connection with devices, in particular communication data. Also information on malfunctions and their rectification, repairs and spare parts requirements, which may also include photos and videos and other files.
- Employees of the Controller
- Contractual partners of the Controller, in particular users.
4. GENERAL DUTIES OF THE PROCESSOR
5. INSTRUCTIONS
5.1
The Processor shall process the Controller’s Personal Data only on documented instructions. Such instructions shall be issued in text form. Oral instructions are permissible in urgent situations as an exception, yet shall be confirmed by the Controller in text form without delay. If such instructions require performance of the Processor that is not included in the ToU Agreement, the Controller shall pay to the Processor a remuneration to be determined by the Processor according to Paragraph 316 German Civil Code (Bürgerliches Gesetzbuch).
5.2
The Processor shall inform the Controller without delay if it perceives that an instruction constitutes a breach of applicable data protection laws or this agreement. The Processor is permitted to suspend execution of the respective instruction until it has been confirmed or modified by the Controller.
6. TECHNICAL AND ORGANISATIONAL MEASURES
The Processor shall take all measures required pursuant to Article 32 of the GDPR.
7. MONITORING RIGHTS OF THE CONTROLLER
The Controller reserves the right to monitor compliance with the statutory provisions on data protection, compliance with the contractual agreements made between the parties and compliance with any additional instructions given by the Controller through the processor. The Processor makes available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller. Implementation of technical and organisational measures may be verified with approved codes of conduct pursuant to Article 40 GDPR or a certificate granted according to an approved certification procedure pursuant to Article 42 GDPR.
8. ADDITIONAL PROCESSORS (SUBCONTRACTORS)
Involving subcontractors is generally permitted. The Processor shall inform the Controller in advance of each subcontractor he intends to involve, giving the Controller the opportunity to object. When the contract is concluded, the Processor shall use the following subcontractors: the Processor shall use the following subcontractors:
Hetzner Online GmbH
Managing Directors:
Martin Hetzner, Stephan Konvickova, Günther Müller
Street / P.O. Box:
Industriestr. 25
Postcode Location:
91710 Gunzenhausen, Germany
Hetzner Online is the datacenter and infrastructure provider of sqanit’s private cloud system, which provides all the related services. A data processing agreement exists.
The Processor shall define the contractual arrangements with the subcontractor(s) in such a way that they comply with the data protection provisions applying between the Controller and the Processor.
In case of subcontracting, the Controller shall be granted control and inspection rights in relation to the subcontractor pursuant to this contract. This includes the right of the Controller to obtain information from the subcontractor on written request about the essential content of the contract and the implementation of the data protection-related obligations in the subcontracting relationship, if necessary by inspecting the relevant contract documents.
For clarification, the parties state that Article 32 (4) GDPR also applies to subcontractors.
Subcontracting relationships within the meaning of this provision shall not be understood to include services the Processor obtains from third parties as ancillary service to assist in fulfilling the order. These include, for example, telecommunication services and services of cleaning staff. However, in order to ensure the Controller’s personal data privacy and security, the Processor is obliged to enter into appropriate contractual arrangements for the safeguarding of personal data in accordance with the law. This also applies to ancillary services.
9. DELETION OF DATA
After completion of the contractually agreed services or at an earlier point in time at the request of the Controller – at the latest at the termination of the ToU Agreement – the Processor shall delete the Controller’s Personal Data, unless the laws of the European Union or the Federal Republic of Germany requires or permits further storage of the Personal Data.
10. OBLIGATIONS TO MAINTAIN CONFIDENTIALITY
The Processor warrants and guarantees that the individuals it employs for the processing of the Personal Data, including of any Subcontractors, have committed themselves to confidentiality or are subject to an adequate statutory professional obligation to confidentiality.
11. REMUNERATION AND LIABILITY
11.1
The remuneration of the Processor is specified in the ToU Agreement.
11.2
The Processor shall be liable to the Controller pursuant to the provisions in Clause 10 of the ToU Agreement.
Stand: April 2024