Data Processing Agreement
according to Art 28 DSGVO
Between
The Owner: User of the Platform
(hereinafter referred to as the Client)
and
The Processor:
linkr GmbH
Siegesstrasse 20
80802 Munich
Germany
(hereinafter referred to as the Contractor)
1. Subject of the agreement
a. The subject of this agreement is the performance of the following tasks:
To support the Client in maintaining defined virtual and/or physical machines in a usable condition, as well as to ensure their availability. In doing so, the Contractor shall provide manufacturer- and product-specific maintenance and support services directly for the Client in its own name. In this context, the Contractor is not aware whether and which personal data are stored in the supported applications and databases.
This agreement is to be understood as a supplement to the following contracts and documents:
- Privacy policy
- General terms and conditions
b. The following categories of data are processed:
The following personal data of the Client will be stored and processed by the Contractor exclusively for the purposes of quoting, invoicing and operational communication:
- Email contacts
- Address data
- Contact data
- Payment conditions
- Pictures / Multimedia
- Cooperation data
- Campaign data
- Social media data
- Order data
- Product data
c. The following categories of data subjects are subject to processing:
- Processors (Influencers)
- Customers
- Visitors to the website
2. Duration of the agreement
The agreement is concluded for an indefinite period and can be terminated by either party with a notice period of 3 months. The possibility of extraordinary termination for cause remains unaffected.
3. Obligations of the Contractor
- The Contractor undertakes to process data and processing results exclusively within the scope of the Client written orders. If the Contractor receives an official order to release data of the Client, the Contractor shall - to the extent permitted by law - immediately inform the Client thereof and refer the authority to the Client. Similarly, any processing of the data for the Contractor's own purposes shall require a written order.
- The Contractor declares in a legally binding manner that it has obligated all persons entrusted with the data processing to maintain confidentiality prior to commencement of the activity or that they are subject to an appropriate legal obligation of confidentiality. In particular, the confidentiality obligation of the persons entrusted with the Data Processing shall remain in force even after termination of their activity and leaving the Contractor.
- The Contractor declares in a legally binding manner that it has taken all necessary measures to ensure the security of the processing in accordance with Art 32 DSGVO (details can be found in Annex ./1).
- The Contractor shall take the technical and organizational measures so that the Client can fulfill the rights of the data subject pursuant to Chapter III of the GDPR (information, access, correction and deletion, data portability, objection, as well as automated decision-making in individual cases) at any time within the statutory time limits and shall provide the Client with all information necessary for this purpose. If a corresponding request is addressed to the Contractor and the Contractor indicates that the applicant mistakenly believes it to be the client of the data application operated by it, the Contractor shall immediately forward the request to the Client and inform the applicant thereof.
- The Contractor shall support the Client in complying with the obligations set forth in Art 32 to 36 GDPR (data security measures, notifications of personal data breaches to the supervisory authority, notification of the person affected by a personal data breach, data protection impact assessment, prior consultation).
- The Contractor is informed that for the present
- 1.1. of this Agreement, the Contractor shall establish a processing directory in accordance with Art. 30 DSGVO.
- With regard to the processing of the data provided by the Client, the Client shall be granted the right to inspect and control the data processing facilities at any time, including by third parties commissioned by the Client. The Contractor undertakes to make available to the Client such information as is necessary to monitor compliance with the obligations set forth in this Agreement.
- After the termination of this Agreement, the Contractor is obliged to hand over to the Client / destroy on the Client behalf all processing results and documents containing data[1]. If the Contractor processes the data in a special technical format, it shall be obliged to hand over the data after the termination of this Agreement either in this format or, at the Client request, in the format in which it received the data from the Client or in another common format.
- The Contractor shall inform the Client without undue delay if it is of the opinion that an instruction of the Client violates data protection provisions of the Union or the Member States.
4. Place of performance of the data processing
The main location of the data processing is Frankfurt, Germany (AWS).
Individual data processing activities are partly also carried out outside the EU or the EEA, namely in the USA, the United Kingdom and Canada - see https://linkr-network.com/en/privacy-policy/.
The adequate level of data protection results from
- An adequacy decision by the European Commission pursuant to Art 45 GDPR.
- an exception for the specific case according to Art 49 (1) DSGVO.
- Binding internal data protection rules pursuant to Art 47 in conjunction with Art 46 (2) (b) of the GDPR.
- standard data protection clauses pursuant to Art 46 (2) (c) and (d) GDPR.
- approved rules of conduct pursuant to Art 46 (2) (e) in conjunction with Art 40 GDPR.
- an approved certification mechanism pursuant to Art 46 (2) (f) in conjunction with Art 42 GDPR.
- contractual clauses approved by the data protection authority pursuant to Art 46 (3) lit a DSGVO.
- a case-by-case exemption pursuant to Art 49 (1) subparagraph 2 GDPR.
5. Sub-processors
The Client shall be notified in writing of any intended changes to the sub-processor in good time so that the Client can prohibit them if necessary. The Contractor shall conclude the necessary agreements within the meaning of Art 28 (4) of the GDPR with the sub-processor. In doing so, it shall be ensured that the sub-processor enters into the same obligations as those incumbent upon the contractor on the basis of this agreement. If the sub-processor fails to comply with its data protection obligations, the contractor shall be liable to the Client for compliance with the obligations of the sub-processor.