If you have any questions about our server infrastructure or privacy, please visit the website of our service provider Amazon Web Services, Inc.
On the subject of data protection, please note the following extract from the current operating agreement:
has·to·be is obliged to only use data and processing results within the realms of system operations for the client authority, and to exclusively return these to the client or only transfer these with the client’s written permission. Similarly, the use of transferred data for has·to·be’s own purposes requires written permission. At the client’s written request, has·to·be shall transfer data evaluations (e.g. request statistics, evaluations of log files etc). has·to·be is permitted to carry out data delivery in exchange for a charge, if the client is able to export this data from the system independently.
has·to·be bindingly declares that all persons tasked with data processing shall be obligated to uphold data secrecy in the sense of the (EU) 2016/679 (EU-GDPR) regulation before undertaking their tasks. In particular, the obligation to confidentiality remains with the persons tasked with data traffic even after the end of their task and departure from has·to·be.
In agreement with the client, has·to·be creates the technical and organisational requirements so that the client can fulfil the provisions of article 15 of the EU-GDPR (affected party’s right to information), article 16 of the EU-GDPR (right to corrections) and
article 17 of the EU-GDPR (right to deletion) with respect to the affected party at any time within the statutory deadline, and shall provide the client with all necessary information.
has·to·be guarantees an export function for the database for the client for further processing in the client’s external systems. The export function delivers data as CSV files (UTF-8 coded) and makes these available for download.
has·to·be bindingly declares that sufficient security measures in the sense of article 32 of the EU-GDPR have been implemented to prevent data being unlawfully used or being made available to third parties without authorisation. The upholding of data security mechanisms is documented in the has·to·be security guidelines. has·to·be guarantees that guidelines shall be implemented in full.
Deleting of data
has·to·be is obliged to delete saved data when requested by the client insofar as there are no legal requirements to be fulfilled regarding the data. Deletion of data can take place in exchange for costs during a proper contractual relationship. The deletion of data by the client via the system as well as the deletion of data after the end of the contractual relationship is free of charge. The hourly administration rate agreed by has·to·be and the client shall apply to the reimbursement of costs.
Use and exploitation of data
has·to·be processes data collected and saved in the application in an anonymised, non-personal form and uses this to, for example, generate automated statistics, carry out analyses or generate forecasts for system usage, use and availability or energy consumption. Furthermore, the client shall provide has·to·be with access to anonymised data required for the estimation of forecasts (predictive analytics, predictive maintenance), unless this is contested e.g. if their customers have not granted consent. However, has·to·be guarantees that personal data cannot be inferred. The use and exploitation of data is based on the provisions of Annex 6 “Agreement to Guarantee Data Protection in Accordance with Article 28 and Onwards of the EU-GDPR”.
has·to·be may involve other companies (“sub-processors”) in accordance with Annex 6 of this contract to carry out processing work insofar as has·to·be has obligated the sub-processors to upholding the provisions of article 28 of the EU-GDPR. The client hereby consents that has·to·be is permitted to commission such sub-processors. The provisions on the assignment of sub-contractor relationships are based on the provisions of Annex 6 “Agreement to Guarantee Data Protection in Accordance with Article 28 and Onwards of the EU-GDPR” §9 Sub-contractor relationships. It is clearly stated that all parties involved in the assignment of sub-contractor relationships must be informed in all cases and that the list of sub-contractors is documented in Annex 6.
(Status: May 24, 2019)