Privacy Policy

Introduction

This External Privacy Policy applies to you when you enter into any Contract with Complianx GmbH (hereinafter: “Complianx”) regarding any Product or when you should want to negotiate or inform yourself on (the details of) such a Contract. In this External Privacy Policy, various terms are noted in bold (only at first use) and capitalized (throughout this whole External Privacy Policy). For the explanation of these definitions, we refer to the Definitions section at the end of this Policy.

Complianx GmbH greatly values the privacy of all individuals (Data Subjects) involved in the sale, use and development of Complianx GmbH Products. This External Privacy Policy informs you on how Complianx GmbH Processes Personal Data.

This External Privacy Policy applies to all legal relationships you may have with Complianx GmbH and to the Personal Data on all Data Subjects involved, unless the Personal Data is related to a Data Subject who seeks to be, is or was employed by Complianx GmbH.

General

This External Privacy Policy does not create upon any individual any rights, or impose on Complianx GmbH any rights or obligations, outside of the applicable Privacy Law and Regulations.

This External Privacy Policy applies to all legal relationships between Complianx GmbH and Customer and is applicable for the term of the duration of the Processing of Personal Data by Complianx GmbH or Customer. The External Privacy Policy is exclusively governed by the laws of the Netherlands. Should any disputes between parties arise, then such disputes shall be brought before the courts of Noord-Holland, location Amsterdam.

Complianx GmbH may amend this External Privacy Policy at any time. In case the Privacy Policy is amended, the amended Policy will be made available to you through the Complianx GmbH website. Should you have any questions regarding the processing of your Personal Data after reading this Policy, please contact Complianx GmbH:

Complianx GmbH

Zum Laurenburger Hof 18

60594 Frankfurt

Germany

Handelsregister des Amtsgerichts Frankfurt am Main:

HRB 137576

Managing Director (Geschäftsführer): Roham Sadough

Processing of Personal Data

As a provider of software, Complianx GmbH may process various data on or originating from customers, suppliers and/or distributors: This data can be divided into three categories, which categories will be further worked out below”:

  1. Customer Data (e.g. contact information)
  2. Third Party Data (data processed on behalf of Customers through Complianx GmbH Products)
  3. Website Data (data on website visitors) Customer Data

Complianx GmbH may as a Data Controller process Customer Data with the purpose of executing the Contract with a Customer or precontractual arrangements thereto. Personal Data contained in Customer Data may among others be data on the contact person or representative of the Customer or any natural person engaged in the execution of the Contract on the behalf of Customer, such contact person, representative or natural person being the Data Subject.

The following Personal Data is collected through Customer Data:

  1. contact information and billing information (name, title, address, email, phone number) *;
  2. Customer employee data of personnel in contact with Complianx GmbH (name, title, email phone number)

* mandatory information.

When Processing Contact Data, Complianx GmbH may engage a Sub-Processor, for example a hosting provider or third-party administrator.

Third Party Data

Third Party Data is all data processed by Complianx GmbH on behalf of the Customer through the Complianx GmbH products. Complianx GmbH acts as a data processor in this regard. The collection and processing purpose for such Customer Data is therefore determined by the Customer. Complianx GmbH only processes such data following the Customer’s instructions, if provided by Customer. The Customer shall inform Complianx GmbH on the purposes of the Processing. Complianx GmbH shall at no time use or Process Customer Data in identifiable form for its own purposes, unless explicitly and in writing agreed otherwise.

When Processing Third Party Data, Complianx GmbH may engage a Sub-Processor, for example a hosting provider, telecommunication service provider or third-party administrator.

Website Data

Website Data is processed by Complianx GmbH as a Data Controller with the purpose of monitoring and ensuring website functionality. The Data Subject in this regard is the visitor of the Complianx GmbH website.

The following Personal Data is collected and Processed by Complianx GmbH:

  1. name, company name, email address and phone-number**

** mandatory information in the event a brochure or call-back/demo is requested.

In Processing Website Data, Complianx GmbH may engage Sub-Processors. Generally, Complianx GmbH will collect Personal Data directly from Data Subjects or automatically through their website use. When we do this, possibly by the means of cookies, Data Subjects are prior informed of the use of such methods and asked for permission where necessary.

Safeguards

When Processing Personal Data, whether this Personal Data is actively collected by Complianx GmbH or is provided to Complianx GmbH by a Data Subject, Complianx GmbH considers the following safeguards to be essential:

  1. Data minimisation: how long can the Personal Data be stored?
  2. Security: what kind of security measures are implemented?
  3. Confidentiality: how do we keep the Personal Data confidential?
  4. Data Processing Agreements: how do we make sure we always know which Data is Processed and by whom?
  5. Security Breaches: what is the procedure when a Security Breach takes place?

Data minimisation

When Processing Personal Data, it is key that this Personal Data is not retained any longer than strictly necessary for the execution of the purpose of Processing. Therefore, Complianx GmbH applies maximum retention periods:

  • Customer Data: Customer Data is retained for as long as this is necessary to execute the Contract with the Customer and to make sure the Customer or Complianx GmbH is duly serviced. Contact Data may be stored after termination of a contract for the benefit of future contracts and maintaining a good relationship with the Customer.
  • Third Party Data: Complianx GmbH retains Third Party Data solely for the execution of the Contract with the Customer. When the Contract is duly executed, the Customer Data shall be handled according to the data retention period and conditions agreed in the Contract and will be automatically deleted upon expiration of the agreed data retention period.
  • Website Data: Website Data is retained in identifiable form for as long as a visitor has an active session. Website Data in aggregated and/or anonymised form may be stored indefinitely.

Security

Complianx GmbH shall implement appropriate safeguards to make sure data is stored and processed in a secure way and expects no less of her Customers. The following details apply to the various types of Data:

  • Customer Data: Complianx GmbH will apply technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. When third parties, such as Sub-Processors, are engaged to support Complianx GmbH, Complianx GmbH will make sure that these third parties implement a level of security that is similar to the level as applied by Complianx GmbH.
  • Third Party Data: Complianx GmbH will apply technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, or access.
  • Website Data: Complianx GmbH will apply technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. When third parties, such as Sub-Processors, are engaged to support Complianx GmbH, Complianx GmbH will make sure that these third parties implement a level of security that is similar to the level as applied by Complianx GmbH.

Confidentiality

Personal Data is to remain confidential at all times. Complianx GmbH shall undertake different steps to ensure this confidentiality. Complianx GmbH shall ensure that its personnel and Sub-Processors engaged in the Processing of Data is informed of the confidential nature of such Personal Data, have received appropriate training on their responsibilities and have executed written confidentiality agreements. Complianx GmbH shall ensure that such confidentiality obligations survive the termination of the agreement between Complianx GmbH and personnel or Sub- Processors. Complianx GmbH shall ensure that Complianx GmbH’s access to Data is limited to those personnel who require access to perform the Contract or who deal with processing of the Website Data.

Data Processing Agreements

When processing Personal Data, the GDPR obliges parties engaged in this Processing to enter into a Data Processing Agreement. For the sake of clarity, this External Privacy Policy shall not be interpreted as a Data Processing Agreement. When entered into, the Data Processing Agreement shall entail at least provisions on the purposes of the Processing, the details of the Processed Personal Data, any data transfer outside the EEA and the possible return and deletion of Personal Data after termination of the Contract

Security Breaches

Complianx GmbH advocates a thorough protection of Personal Data. Complianx GmbH expects no less of Customers. Parties hereby obligate themselves to cooperate in the event of a Security Breach. Any further arrangements on Security Breaches will be addressed in a Data Processing Agreement, where available.

Data Subject Rights

Applicable Data Protection Laws and Regulations guarantee every Data Subject the following rights:

  • Objection: Depending on the situation, a data Subject has the right to consent or object to the Processing of Personal Data and the conditions under which the Processing of Personal Data takes place.
  • Access: Every Data Subject has the right to request from the Data Controller, without constraint, at reasonable intervals and without excessive delay or expense, i) a confirmation as to whether or not Personal Data regarding him or her is being processed, ii) information on the purposes for which Personal Data is processed, iii) the categories of Personal Data concerned, and iv) the recipients or categories of recipients to whom the Personal Data is disclosed. The Data Subject has the right to receive, in an intelligible form, a communication of the Personal Data being Processed and of any available information as to their source. Furthermore, the Data Subject has the right to knowledge of the underlying logic of the automated processing of data relating to the Data Subject.
  • Rectification, erasure, blocking or deletion: The Data Subject, where appropriate, has the right to rectification, erasure, blocking or deletion of Personal Data that is not processed in compliance with Data Protection Laws and Regulations, in particular when the nature of the data is incomplete or inaccurate.
  • Notification: The Data Subject has the right to a notification to third parties to whom the Personal Data has been disclosed, when the Data Subject was granted any rectification, erasure, blocking or deletion , unless such notification proves to be impossible or requires a disproportionate effort from the side of the Data Controller.

In order to fulfil requests of the Data Subject, it may be necessary to request specific information to allow the identification of the Data Subject. This specific Personal Data is solely collected and Processed for the purpose of executing the rights of the Data Subjects.

Compliance to requests of the Data Subject regarding Customer Data

For Customer Data Complianx GmbH shall as a Data Controller ensure the compliance with the Data Protection Laws and Regulations for the Data Subjects that wish to enforce the rights granted to them. Therefore, Complianx GmbH shall at reasonable cost, taking into account the relevant provisions on data access requests in applicable Data Protection Laws and Regulations and limited to the costs capped therein, comply with any reasonable request by the Data Subject to facilitate such assistance to inform the Data Subject, rectify, erase, block or delete Contact Data as required by Data Protection Laws and Regulations and when such is possible, inform any third parties of such actions.

Compliance to requests of the Data Subject regarding Third Party Data

For Third Party Data, the Customer as data controller is responsible for compliance with Data Subject access right requirements. Complianx GmbH shall, when Customer is reasonably not in a position to comply with requests of the Data Subject because the Personal Data is not accessible for Customer, offer reasonable assistance to Customer to grant the Data Subject the aforementioned rights, taking into account the relevant provisions in the applicable Data Protection Laws and Regulations and limited to the costs capped therein.

Compliance to requests of the Data Subject regarding Website Data

For Website Data Complianx GmbH shall as a Data Controller ensure the compliance with the Data Protection Laws and Regulations for Data Subjects that wish to exercise the rights granted to them. Therefore, Complianx GmbH shall at reasonable cost, taking into account the relevant provisions on data access requests in applicable Data Protection Laws and Regulations and limited to the costs capped therein, comply with any reasonable request by the Data Subject to facilitate such assistance to inform the Data Subject, rectify, erase, block or delete Website Data as required by Data Protection Laws and Regulations and when such is possible, inform any third parties of such actions.

Definitions

Contract Any agreement between Customer and Complianx GmbH, including the appendices and documents that are referred to, whether it engages an Complianx GmbH Product or any product or service of the Customer.
Controller The entity which determines the purposes and means of the Processing of Personal Data.
Customer The entity that entered into a Contract with Complianx GmbH, including any prospective customers, distributors or suppliers of Complianx GmbH.
Customer Clients The natural persons that gain access to and/or use the Product.
Customer Infrastructure The infrastructure on which the Product is installed and which is maintained and controlled by Customer.
Data All data that is processed by Complianx GmbH, which may include Personal Data.
Data Processing Agreement The agreement Complianx GmbH and Customer may enter into to further ensure the protection of Personal Data as flows from the obligations of the Data Protection Laws and Regulation.
Data Protection Laws and Regulations

All laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states, applicable to the Processing of Personal Data under the Contract.
Data subject  The individual to whom Personal Data relates.
EEA European Economic Area.
External Privacy Policy  This external privacy policy, as applicable between Customer and Complianx GmbH, including the appendices and documents that are referred to. (also: “Privacy Policy” or “Policy”).
GDPR  General Data Protection Regulation
Personal Data Any information relating to an identified of identifiable natural person.
Processing Any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as but not limited to collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment of combination, blocking, erasure or destruction.
Processor The entity which Processes Personal Data on behalf of the Controller.
Product Any product or service of Complianx GmbH.
Security Breach Any actual or reasonably suspected unauthorised disclosure of Personal Data by Processor or by third parties as appointed by Processor, such as but not limited to Sub-Processors.
Sub-Processor The entity that supports Processor in the Processing of Personal Data.

 

Back to Home Page